EFK
Definition
EFK stands for Elasticsearch, Fluentd, and Kibana, which together form a popular stack used for logging and monitoring in cloud-native environments. Elasticsearch is a search and analytics engine, Fluentd is a data collector that unifies logging layers, and Kibana provides a visualization layer for data stored in Elasticsearch. The EFK stack is commonly used to aggregate, search, and visualize logs from various sources in real-time, aiding in troubleshooting and performance monitoring.
Secure Settings Example
# Fluentd configuration with secure settings
<match **>
@type elasticsearch
host elasticsearch.example.com
port 9200
scheme https
ssl_verify true
user fluentd_user
password ${FLUENTD_PASSWORD} # Use environment variables for sensitive data
buffer_type file
buffer_path /var/log/fluentd-buffers
flush_interval 5s
retry_limit 17
<buffer>
@type file
path /var/log/fluentd-buffers
flush_interval 5s
retry_forever true
retry_max_interval 30
</buffer>
</match>
Insecure Settings Example
# Fluentd configuration with insecure settings
<match **>
@type elasticsearch
host elasticsearch.example.com
port 9200
scheme http # Insecure: using HTTP instead of HTTPS
ssl_verify false # Insecure: disabling SSL verification
user admin # Insecure: using a default or privileged user
password admin # Insecure: hardcoding sensitive data
buffer_type memory # Insecure: using memory buffer can lead to data loss
flush_interval 60s # Insecure: long flush interval can delay log processing
</match>