====== Centralized Logging ======

Centralized logging can be very useful when attempting to identify problems with servers or applications, as it allows you to search through all of your logs in a single place. It is also useful because it allows you to identify issues that span multiple servers by correlating their logs during a specific time frame.

This solution uses the ELK stack, which has three main components:
  * [[elasticsearch|Elasticsearch]]: Stores all of the logs
  * [[logstash|Logstash]]: The server component of Logstash that processes incoming logs
  * [[kibana|Kibana]]: Web interface for searching and visualizing logs, which will be proxied through Nginx

On the Servers that I want to combine the logs for I install the following:
  * [[https://www.elastic.co/products/beats/filebeat|Filebeat]]: Offers a lightweight way to forward and centralize logs and files.
  * [[https://www.elastic.co/products/beats/metricbeat|Metricbeat]]: Collect metrics from your systems and services.
  * [[https://www.elastic.co/products/beats/packetbeat|Packetbeat]]: Network packet analyzer that sends data to Logstash.
  * [[https://www.elastic.co/products/beats/winlogbeat|Winlogbeat]]: Streams Windows event logs to Logstash.