Cool Solution - Kibana
From Univention Wiki
Kibana is a data virtualization tool which allows you to view the content of your ElasticSearch database. It is especially useful for viewing aggregated log files and metrics of your domain.
Kibana uses Elasticsearch as a Backend. Please install ElasticSearch according to our Article. We assume that you have the repository set from that article.
Kibana utilizes the same repositories as ElasticSearch. Thus it can be installed directly. Furthermore enable Kibana as an autostarting service
univention-install kibana systemctl enable kibana.service systemctl start kibana.service
Open the Firewall Ports
To Access Kibana, you need to open the port in the firewall. Set the respective UCR variables to open them
ucr set security/packetfilter/tcp/5601/all=ACCEPT \ ucr set security/packetfilter/tcp/5601/en="Kibana" service univention-firewall restart
Most default values for Kibana are sufficient. However, to access it from remote, the server name has to be set. Open the config file /etc/kibana/kibana.yml and find the line starting with
Uncomment the line and insert the correct fully qualified server name.
Restart Elasticsearch and Kibana
systemctl restart elasticsearch.service systemctl restart kibana.service
You can access Kibana using the name of your server and port 5601:
http://<ip of your server>:5601
Afterward please set the Discovery patterns according to the beats used within the web interface and configure the matching visualization.