Index: /branches/amp_4_0/platform/tools/README.md
===================================================================
--- /branches/amp_4_0/platform/tools/README.md	(revision 2548)
+++ /branches/amp_4_0/platform/tools/README.md	(working copy)
@@ -10,10 +10,18 @@
 * Logstash -> 1:8.18.0-1
 * Kibana -> 8.18.0-1
 * MetricBeats -> 8.18.0-1
+* Filebeat -> 8.18.0-1
 * InfluxDB -> 2.7.11-1
 * InfluxDB-CLI -> 2.7.5-1
 * Telegraf -> 1.34.1-1
 
+### Installation order
+1. Python
+2. PSQL
+3. ELK
+   1. Configure ELK
+4. INFLUX
+5. TELEGRAF
 
 ### ToDo (Best practices)
 
Index: /branches/amp_4_0/platform/tools/configure_elk.sh
===================================================================
--- /branches/amp_4_0/platform/tools/configure_elk.sh	(revision 0)
+++ /branches/amp_4_0/platform/tools/configure_elk.sh	(working copy)
@@ -0,0 +1,168 @@
+#!/bin/bash
+set -e
+
+if [[ "$EUID" -ne 0 ]]; then
+  echo "Please run as root"
+  exit 1
+fi
+
+# --- File Configuration ---
+LOG_FILE="/var/log/configure_elk.log"
+SYSTEM_MODULE_FILE="/etc/filebeat/modules.d/system.yml"
+
+# --- Host & Credentials ---
+KIBANA_HOST="http://localhost:5601"
+
+ELASTIC_SUPER_USER="elastic"
+ELASTIC_PASSWORD="Arr@y2050"
+
+# --- Logging Helpers ---
+log_info() {
+  echo "[INFO] $(date +'%Y-%m-%d %H:%M:%S') $1" | tee -a "$LOG_FILE"
+}
+
+log_error() {
+  echo "[ERROR] $(date +'%Y-%m-%d %H:%M:%S') $1" >&2 | tee -a "$LOG_FILE"
+}
+
+create_dashboard_index_patterns() {
+  local service="$1"
+  log_info "setting up the dashboards & index management for - '$service'..."
+  sudo "$service" setup --dashboards --index-management\
+  -E setup.ilm.overwrite=true \
+  -E setup.kibana.host="$KIBANA_HOST" \
+  -E setup.kibana.username="$ELASTIC_SUPER_USER" \
+  -E setup.kibana.password="$ELASTIC_PASSWORD" \
+  -E output.elasticsearch.username="$ELASTIC_SUPER_USER" \
+  -E output.elasticsearch.password="$ELASTIC_PASSWORD" \
+   | tee -a "$LOG_FILE"
+}
+
+create_data_view_logstash() {
+  log_info "Creating Kibana data view for Logstash..."
+
+  local response
+  response=$(curl -s -X POST "$KIBANA_HOST/api/saved_objects/index-pattern" \
+    -u "$ELASTIC_SUPER_USER:$ELASTIC_PASSWORD" \
+    -H 'Content-Type: application/json' \
+    -H 'kbn-xsrf: true' \
+    -d "{
+      \"attributes\": {
+        \"title\": \"logstash-*\",
+        \"timeFieldName\": \"@timestamp\"
+      }
+    }")
+
+  echo "$response" >> "$LOG_FILE"
+
+  if echo "$response" | jq . >/dev/null 2>&1; then
+    log_info "✅ Successfully created Logstash data view."
+  else
+    log_error "❌ Failed to create Logstash data view. Raw output: $response"
+    exit 1
+  fi
+}
+
+clean_start_filebeat() {
+  log_info "Cleaning up and safely starting Filebeat..."
+
+  systemctl stop filebeat || true | tee -a "$LOG_FILE"
+
+  LOCK_FILE="/var/lib/filebeat/filebeat.lock"
+  if [[ -f "$LOCK_FILE" ]]; then
+    log_info "Removing stale lock file: $LOCK_FILE"
+    rm -f "$LOCK_FILE" | tee -a "$LOG_FILE"
+  fi
+
+  SYSTEM_YML="/etc/filebeat/modules.d/system.yml"
+
+  log_info "Overwriting $SYSTEM_YML with valid configuration..."
+  tee "$SYSTEM_YML" > /dev/null <<EOF
+- module: system
+  syslog:
+    enabled: true
+  auth:
+    enabled: true
+EOF
+
+  log_info "Starting Filebeat..."
+  systemctl start filebeat | tee -a "$LOG_FILE"
+  systemctl enable filebeat | tee -a "$LOG_FILE"
+}
+
+
+clean_start_metricbeat() {
+  log_info "Starting Metricbeat..."
+  systemctl enable --now metricbeat | tee -a "$LOG_FILE"
+  sleep 5
+
+  # Just ensure system module is enabled for filebeat-like logs
+  SYSTEM_MODULE_FILE="/etc/filebeat/modules.d/system.yml"
+  if [[ -f "$SYSTEM_MODULE_FILE" ]]; then
+    sed -i 's/enabled: false/enabled: true/g' "$SYSTEM_MODULE_FILE" | tee -a "$LOG_FILE"
+  fi
+
+  systemctl restart metricbeat | tee -a "$LOG_FILE"
+}
+
+enable_start_beats() {
+  log_info "Setting up Filebeat and Metricbeat..."
+
+  # Filebeat
+  sudo filebeat modules enable system | tee -a "$LOG_FILE"
+  clean_start_filebeat
+
+  # Metricbeat
+  clean_start_metricbeat
+
+  create_data_view_logstash
+}
+
+configure_elk() {
+  # Configure Filebeat
+  create_dashboard_index_patterns "filebeat"
+
+  # Configure Metricbeat
+  create_dashboard_index_patterns "metricbeat"
+
+  # Enable & Start Beats
+  enable_start_beats
+}
+
+restart_elk_services() {
+  local services=("elasticsearch" "logstash" "kibana" "filebeat" "metricbeat")
+
+  for service in "${services[@]}"; do
+    echo "Restarting $service..."
+    systemctl restart "$service"
+
+    # Wait a bit for the service to settle (especially for elasticsearch)
+    sleep 5
+
+    # Check status
+    status=$(systemctl is-active "$service")
+    if [[ "$status" == "active" ]]; then
+      echo "$service restarted successfully ✅"
+    else
+      echo "❌ Failed to restart $service. Status: $status"
+    fi
+  done
+  configure_elk
+}
+
+if systemctl is-active --quiet elasticsearch && \
+   systemctl is-active --quiet logstash && \
+   systemctl is-active --quiet kibana && \
+   systemctl is-active --quiet filebeat && \
+   systemctl is-active --quiet metricbeat; then
+    echo "✅ All ELK services are running. Proceeding with setup..."
+    configure_elk
+else
+    echo "❌ One or more ELK services are not running. Aborting setup."
+    echo "Elasticsearch: $(systemctl is-active elasticsearch)"
+    echo "Logstash:      $(systemctl is-active logstash)"
+    echo "Kibana:        $(systemctl is-active kibana)"
+    echo "Filebeat:        $(systemctl is-active filebeat)"
+    echo "Metricbeat:        $(systemctl is-active metricbeat)"
+    restart_elk_services
+fi
Index: /branches/amp_4_0/platform/tools/install_elk.sh
===================================================================
--- /branches/amp_4_0/platform/tools/install_elk.sh	(revision 2548)
+++ /branches/amp_4_0/platform/tools/install_elk.sh	(working copy)
@@ -1,22 +1,38 @@
 #!/bin/bash
 set -e
 
+if [[ "$EUID" -ne 0 ]]; then
+  echo "Please run as root"
+  exit 1
+fi
+
 # --- Log File Configuration ---
-LOG_FILE="/var/log/elk_install.log"
+LOG_FILE="/var/log/install_elk.log"
 
 # --- Version Configuration ---
 ELASTIC_MAJOR="8.x"
 KIBANA_MAJOR="8.x"
 BEATS_MAJOR="8.x"
 LOGSTASH_MAJOR="8.x"
+FILEBEAT_MAJOR="8.x"
 
 # --- Credentials ---
+ELASTIC_SUPER_USER="elastic"
 ELASTIC_PASSWORD="Arr@y2050"
-KIBANA_SYSTEM_PASSWORD="KArr@y2050"
-METRICBEAT_ELASTIC_PASSWORD="$ELASTIC_PASSWORD"
-LOGSTASH_SYSTEM_PASSWORD="LArr@y2050"
-ADMIN_PASSWORD="Array@123"
-DATA_READER_ROLE="data_reader"
+
+KIBANA_ELASTIC_USERNAME="kibana_internal"
+KIBANA_ELASTIC_PASSWORD="KArr@y2050"
+ES_DATA_READER_ROLE="data_reader"
+ES_USERNAME_1="admin"
+ES_PASSWORD_1="Array@123"
+METRICBEAT_ELASTIC_USERNAME="metricbeat_internal"
+METRICBEAT_ELASTIC_PASSWORD="MArr@y2050"
+FILEBEAT_ELASTIC_USERNAME="filebeat_internal"
+FILEBEAT_ELASTIC_PASSWORD="FArr@y2050"
+LOGSTASH_ELASTIC_USERNAME="logstash_internal"
+LOGSTASH_ELASTIC_PASSWORD="LArr@y2050"
+
+KIBANA_HOST="http://localhost:5601"
 
 # --- Server IP Configuration ---
 # Get the primary IP address
@@ -43,16 +59,9 @@
     exit 1
   fi
 }
-# --- Repository Check ---
-check_repo() {
-    if ! dnf repolist enabled | grep -q "$1"; then
-        log_error "Repository '$1' is not enabled."
-        exit 1
-    fi
-}
 
 log_info "Verifying required commands..."
-for cmd in curl sudo rpm tee dnf sed systemctl ip firewall-cmd jq; do check_command "$cmd"; done #Added firewall-cmd
+for cmd in curl sudo rpm tee dnf sed systemctl ip firewall-cmd jq; do check_command "$cmd"; done
 
 # --- Add 8.x Repositories ---
 log_info "Adding Elastic 8.x repositories..."
@@ -98,15 +107,17 @@
 KIBANA_VERSION="$ELASTIC_VERSION"
 BEATS_VERSION="$ELASTIC_VERSION"
 LOGSTASH_VERSION="$ELASTIC_VERSION"
+FILEBEAT_VERSION="$ELASTIC_VERSION"
 log_info "Using version $ELASTIC_VERSION for all components"
 
 # --- Install Components ---
-log_info "Installing Elasticsearch, Kibana, Metricbeat, and Logstash..."
+log_info "Installing Elasticsearch, Kibana, Metricbeat, Logstash, and Filebeat..."
 sudo dnf install -y \
   elasticsearch-${ELASTIC_VERSION} \
   kibana-${KIBANA_VERSION} \
   metricbeat-${BEATS_VERSION} \
-  logstash-${LOGSTASH_VERSION} | tee -a "$LOG_FILE" # Install Logstash
+  logstash-${LOGSTASH_VERSION} \
+  filebeat-${FILEBEAT_VERSION} | tee -a "$LOG_FILE"
 
 # --- Configure Elasticsearch ---
 ES_YML="/etc/elasticsearch/elasticsearch.yml"
@@ -162,7 +173,7 @@
 DUPLICATES=$(grep -E '^[a-zA-Z0-9_.-]+:' "$ES_YML" | sed 's/:.*//' | sort | uniq -d)
 if [[ -n "$DUPLICATES" ]]; then
   log_error "Found duplicate keys:" && echo "$DUPLICATES" | tee -a "$LOG_FILE"
-  exit 1 # Exit if duplicates are found.
+  exit 1
 else
   log_info "No duplicate keys found."
 fi
@@ -220,79 +231,165 @@
 INITIAL_PW=$(sudo grep "The generated password for the elastic built-in superuser is" "$LOG_FILE" | awk -F': ' '{print $2}')
 
 if [[ -n "$INITIAL_PW" ]]; then
-  log_info "Setting password for elastic user..."
-  ELASTIC_PW_RESULT=$(curl -s -X POST -u elastic:"$INITIAL_PW" -H 'Content-Type: application/json' \
+  log_info "Setting password for $ELASTIC_SUPER_USER user..."
+  ELASTIC_PW_RESULT=$(curl -s -X POST -u $ELASTIC_SUPER_USER:"$INITIAL_PW" -H 'Content-Type: application/json' \
     -d "{ \"password\": \"$ELASTIC_PASSWORD\" }" \
-    http://localhost:9200/_security/user/elastic/_password)  | tee -a "$LOG_FILE"
+    http://localhost:9200/_security/user/$ELASTIC_SUPER_USER/_password)
+  echo "$ELASTIC_PW_RESULT" | tee -a "$LOG_FILE"
   echo "$ELASTIC_PW_RESULT" | jq . >/dev/null 2>&1 #check the json
   if [[ $? -ne 0 ]]; then
-    log_error "Failed to set elastic password.  Output: $ELASTIC_PW_RESULT"
+    log_error "Failed to set $ELASTIC_SUPER_USER password.  Output: $ELASTIC_PW_RESULT"
     exit 1
   fi
 
-  log_info "Setting password for kibana_system user..."
-  KIBANA_PW_RESULT=$(curl -s -X POST -u elastic:"$ELASTIC_PASSWORD" -H 'Content-Type: application/json' \
-    -d "{ \"password\": \"$KIBANA_SYSTEM_PASSWORD\" }" \
-    http://localhost:9200/_security/user/kibana_system/_password) | tee -a "$LOG_FILE"
-  echo "$KIBANA_PW_RESULT" | jq . >/dev/null 2>&1 #check the json
+  log_info "Creating metricbeat writer role"
+  METRICBEAT_WRITER_ROLE_RESULT=$(curl -s -X PUT "http://localhost:9200/_security/role/metricbeat_writer" \
+  -H "Content-Type: application/json" \
+  -u "$ELASTIC_SUPER_USER:$ELASTIC_PASSWORD" \
+  -d '{
+    "cluster": [ "monitor", "manage_ilm", "manage_ingest_pipelines", "manage_index_templates"],
+    "indices": [
+      {
+        "names": [ "metricbeat-*" ],
+        "privileges": [ "write", "create_index", "auto_configure", "view_index_metadata"]
+      }
+    ]
+  }')
+  echo "$METRICBEAT_WRITER_ROLE_RESULT" | tee -a "$LOG_FILE"
+  echo "$METRICBEAT_WRITER_ROLE_RESULT" | jq . >/dev/null 2>&1 #check the json
     if [[ $? -ne 0 ]]; then
-    log_error "Failed to set kibana_system password. Output: $KIBANA_PW_RESULT"
+    log_error "Failed to create metricbeat_writer. Output: $METRICBEAT_WRITER_ROLE_RESULT"
     exit 1
   fi
 
-  log_info "Setting password for logstash_system user..."
-  LOGSTASH_PW_RESULT=$(curl -s -X POST -u elastic:"$ELASTIC_PASSWORD" -H 'Content-Type: application/json' \
-    -d "{ \"password\": \"$LOGSTASH_SYSTEM_PASSWORD\" }" \
-    http://localhost:9200/_security/user/logstash_system/_password) | tee -a "$LOG_FILE"
-  echo "$LOGSTASH_PW_RESULT" | jq . >/dev/null 2>&1 #check the json
+  log_info "Creating filebeat writer role"
+  FILEBEAT_WRITER_ROLE_RESULT=$(curl -s -X PUT "http://localhost:9200/_security/role/filebeat_writer" \
+  -H "Content-Type: application/json" \
+  -u "$ELASTIC_SUPER_USER:$ELASTIC_PASSWORD" \
+  -d '{
+    "cluster": [ "monitor", "manage_ilm", "manage_ingest_pipelines", "manage_index_templates"],
+    "indices": [
+      {
+        "names": [ "filebeat-*" ],
+        "privileges": [ "write", "create_index", "auto_configure", "view_index_metadata" ]
+      }
+    ]
+  }')
+  echo "$FILEBEAT_WRITER_ROLE_RESULT" | tee -a "$LOG_FILE"
+  echo "$FILEBEAT_WRITER_ROLE_RESULT" | jq . >/dev/null 2>&1
     if [[ $? -ne 0 ]]; then
-    log_error "Failed to set logstash_system password. Output: $LOGSTASH_PW_RESULT"
+    log_error "Failed to create filebeat_writer. Output: $FILEBEAT_WRITER_ROLE_RESULT"
     exit 1
   fi
 
-else
-  log_error "Failed to extract initial password from logs."
-  exit 1
-fi
-
-# --- Create the custom 'data_reader' role with necessary privileges ---
-log_info "Creating the '$DATA_READER_ROLE' role with necessary data access privileges..."
-DATA_READER_ROLE_RESULT=$(curl -s -X PUT "http://localhost:9200/_security/role/$DATA_READER_ROLE" \
+  log_info "Creating logstash writer role"
+  LOGSTASH_WRITER_ROLE_RESULT=$(curl -s -X PUT "http://localhost:9200/_security/role/logstash_writer" \
   -H "Content-Type: application/json" \
-  -u "elastic:$ELASTIC_PASSWORD" \
-  -d "{
-    \"indices\": [
+  -u "$ELASTIC_SUPER_USER:$ELASTIC_PASSWORD" \
+  -d '{
+    "cluster": [ "monitor", "manage_ilm", "manage_ingest_pipelines", "manage_index_templates", "manage_pipeline" ],
+    "indices": [
       {
-        \"names\": [\"*\"],
-        \"privileges\": [\"read\", \"view_index_metadata\"]
+        "names": [ "logstash-*" ],
+        "privileges": [ "write", "create_index", "view_index_metadata" ]
       }
-    ],
-    \"run_as\": [],
-    \"cluster\": []
-  }") | tee -a "$LOG_FILE"
-echo "$DATA_READER_ROLE_RESULT" | jq . >/dev/null 2>&1
-if [[ $? -ne 0 ]]; then
-  log_error "Failed to create the '$DATA_READER_ROLE' role. Output: $DATA_READER_ROLE_RESULT"
-  exit 1
-fi
-log_info "Successfully created the '$DATA_READER_ROLE' role."
+    ]
+  }')
+  echo "$LOGSTASH_WRITER_ROLE_RESULT" | tee -a "$LOG_FILE"
+  echo "$LOGSTASH_WRITER_ROLE_RESULT" | jq . >/dev/null 2>&1
+    if [[ $? -ne 0 ]]; then
+    log_error "Failed to create filebeat_writer. Output: $LOGSTASH_WRITER_ROLE_RESULT"
+    exit 1
+  fi
 
-# --- Create the 'admin' user ---
-log_info "Creating the 'admin' user for Kibana..."
-ADMIN_USER_RESULT=$(curl -s -X POST "http://localhost:9200/_security/user/admin" \
-  -H "Content-Type: application/json" \
-  -u "elastic:$ELASTIC_PASSWORD" \
-  -d "{
-    \"password\" : \"$ADMIN_PASSWORD\",
-    \"roles\" : [ \"kibana_admin\", \"$DATA_READER_ROLE\" ],
-    \"full_name\" : \"Admin User\"
-  }") | tee -a "$LOG_FILE" # Log the curl command and its output
-echo "$ADMIN_USER_RESULT" | jq .  >/dev/null 2>&1
-if [[ $? -ne 0 ]]; then
-  log_error "Failed to create the 'admin' user. Output: $ADMIN_USER_RESULT"
+  log_info "Creating $KIBANA_ELASTIC_USERNAME user..."
+  KIBANA_PW_RESULT=$(curl -s -X PUT -u $ELASTIC_SUPER_USER:"$ELASTIC_PASSWORD" -H 'Content-Type: application/json' \
+    -d "{ \"password\": \"$KIBANA_ELASTIC_PASSWORD\", \"roles\": [\"kibana_system\"]}" \
+    http://localhost:9200/_security/user/$KIBANA_ELASTIC_USERNAME)
+  echo "$KIBANA_PW_RESULT" | tee -a "$LOG_FILE"
+  echo "$KIBANA_PW_RESULT" | jq . >/dev/null 2>&1
+    if [[ $? -ne 0 ]]; then
+    log_error "Failed to set $KIBANA_ELASTIC_USERNAME password. Output: $KIBANA_PW_RESULT"
+    exit 1
+  fi
+
+  log_info "Creating $LOGSTASH_ELASTIC_USERNAME user..."
+  LOGSTASH_PW_RESULT=$(curl -s -X PUT -u $ELASTIC_SUPER_USER:"$ELASTIC_PASSWORD" -H 'Content-Type: application/json' \
+    -d "{ \"password\": \"$LOGSTASH_ELASTIC_PASSWORD\", \"roles\": [\"logstash_writer\"], \"full_name\": \"Internal Logstash User\" }" \
+    http://localhost:9200/_security/user/$LOGSTASH_ELASTIC_USERNAME)
+  echo "$LOGSTASH_PW_RESULT" | tee -a "$LOG_FILE"
+  echo "$LOGSTASH_PW_RESULT" | jq . >/dev/null 2>&1
+    if [[ $? -ne 0 ]]; then
+    log_error "Failed to set $LOGSTASH_ELASTIC_USERNAME password. Output: $LOGSTASH_PW_RESULT"
+    exit 1
+  fi
+
+  log_info "Creating $FILEBEAT_ELASTIC_USERNAME user..."
+  FILEBEAT_PW_RESULT=$(curl -s -X PUT -u $ELASTIC_SUPER_USER:"$ELASTIC_PASSWORD" -H 'Content-Type: application/json' \
+    -d "{ \"password\": \"$FILEBEAT_ELASTIC_PASSWORD\", \"roles\" : [ \"filebeat_writer\" ], \"full_name\" : \"Internal Filebeat User\"}" \
+    http://localhost:9200/_security/user/$FILEBEAT_ELASTIC_USERNAME)
+  echo "$FILEBEAT_PW_RESULT" | tee -a "$LOG_FILE"
+  echo "$FILEBEAT_PW_RESULT" | jq . >/dev/null 2>&1
+    if [[ $? -ne 0 ]]; then
+    log_error "Failed to create $FILEBEAT_ELASTIC_USERNAME user. Output: $FILEBEAT_PW_RESULT"
+    exit 1
+  fi
+
+  log_info "Creating $METRICBEAT_ELASTIC_USERNAME user..."
+  METRICBEAT_PW_RESULT=$(curl -s -X PUT -u $ELASTIC_SUPER_USER:"$ELASTIC_PASSWORD" -H 'Content-Type: application/json' \
+    -d "{ \"password\": \"$METRICBEAT_ELASTIC_PASSWORD\", \"roles\" : [ \"metricbeat_writer\" ], \"full_name\" : \"Internal Metricbeat User\"}" \
+    http://localhost:9200/_security/user/$METRICBEAT_ELASTIC_USERNAME)
+  echo "$METRICBEAT_PW_RESULT" | tee -a "$LOG_FILE"
+  echo "$METRICBEAT_PW_RESULT" | jq . >/dev/null 2>&1
+    if [[ $? -ne 0 ]]; then
+    log_error "Failed to create $METRICBEAT_ELASTIC_USERNAME user. Output: $METRICBEAT_PW_RESULT"
+    exit 1
+  fi
+
+  # --- Create the custom 'data_reader' role with necessary privileges ---
+  log_info "Creating the '$ES_DATA_READER_ROLE' role with necessary data access privileges..."
+  DATA_READER_ROLE_RESULT=$(curl -s -X POST "http://localhost:9200/_security/role/$ES_DATA_READER_ROLE" \
+    -H "Content-Type: application/json" \
+    -u "$ELASTIC_SUPER_USER:$ELASTIC_PASSWORD" \
+    -d "{
+      \"indices\": [
+        {
+          \"names\": [\"*\"],
+          \"privileges\": [\"read\", \"view_index_metadata\"]
+        }
+      ],
+      \"run_as\": [],
+      \"cluster\": [\"monitor\", \"manage_ilm\", \"manage_ingest_pipelines\", \"manage_index_templates\"]
+    }")
+  echo "$DATA_READER_ROLE_RESULT" | tee -a "$LOG_FILE"
+  echo "$DATA_READER_ROLE_RESULT" | jq . >/dev/null 2>&1
+  if [[ $? -ne 0 ]]; then
+    log_error "Failed to create the '$ES_DATA_READER_ROLE' role. Output: $DATA_READER_ROLE_RESULT"
+    exit 1
+  fi
+  log_info "Successfully created the '$ES_DATA_READER_ROLE' role."
+
+  # --- Create the 'admin' user ---
+  log_info "Creating the '$ES_USERNAME_1' user for Kibana..."
+  ADMIN_USER_RESULT=$(curl -s -X POST "http://localhost:9200/_security/user/$ES_USERNAME_1" \
+    -H "Content-Type: application/json" \
+    -u "$ELASTIC_SUPER_USER:$ELASTIC_PASSWORD" \
+    -d "{
+      \"password\" : \"$ES_PASSWORD_1\",
+      \"roles\" : [ \"kibana_admin\", \"$ES_DATA_READER_ROLE\" ],
+      \"full_name\" : \"Admin User\"
+    }")
+  echo "$ADMIN_USER_RESULT" | tee -a "$LOG_FILE"
+  echo "$ADMIN_USER_RESULT" | jq .  >/dev/null 2>&1
+  if [[ $? -ne 0 ]]; then
+    log_error "Failed to create the '$ES_USERNAME_1' user. Output: $ADMIN_USER_RESULT"
+    exit 1
+  fi
+  log_info "Successfully created the '$ES_USERNAME_1' user."
+else
+  log_error "Failed to extract initial password from logs."
   exit 1
 fi
-log_info "Successfully created the 'admin' user."
 
 # --- Configure Kibana ---
 KB_YML="/etc/kibana/kibana.yml"
@@ -307,8 +404,8 @@
 # Append to the file.
 echo "server.host: 0.0.0.0" | sudo tee -a "$KB_YML"
 echo "elasticsearch.hosts: ['http://localhost:9200']" | sudo tee -a "$KB_YML"
-echo "elasticsearch.username: 'kibana_system'" | sudo tee -a "$KB_YML"
-echo "elasticsearch.password: '$KIBANA_SYSTEM_PASSWORD'" | sudo tee -a "$KB_YML"
+echo "elasticsearch.username: '$KIBANA_ELASTIC_USERNAME'" | sudo tee -a "$KB_YML"
+echo "elasticsearch.password: '$KIBANA_ELASTIC_PASSWORD'" | sudo tee -a "$KB_YML"
 
 cat "$KB_YML" | tee -a "$LOG_FILE" # Log the content of the file
 
@@ -324,8 +421,16 @@
 #append
 echo "output.elasticsearch:" | sudo tee -a "$MB_YML"
 echo "  hosts: ['localhost:9200']" | sudo tee -a "$MB_YML"
-echo "  username: 'elastic'" | sudo tee -a "$LOG_FILE"
-echo "  password: '$METRICBEAT_ELASTIC_PASSWORD'" | sudo tee -a "$LOG_FILE"
+echo "  username: '$METRICBEAT_ELASTIC_USERNAME'" | sudo tee -a "$MB_YML"
+echo "  password: '$METRICBEAT_ELASTIC_PASSWORD'" | sudo tee -a "$MB_YML"
+
+# Add systemd metricset
+echo "metricbeat.modules:" | sudo tee -a "$MB_YML"
+echo "- module: system" | sudo tee -a "$MB_YML"
+echo "  metricsets: [cpu, load, memory, network, process, process_summary, socket_summary, uptime, filesystem, diskio]" | sudo tee -a "$MB_YML"
+echo "  enabled: true" | sudo tee -a "$MB_YML"
+echo "  period: 10s" | sudo tee -a "$MB_YML" # Collect every 10 seconds
+
 cat "$MB_YML" | tee -a "$LOG_FILE" # Log the content of the file
 
 # --- Configure Logstash ---
@@ -345,12 +450,12 @@
 # Add the configuration settings
 echo "xpack.monitoring.enabled: true" | sudo tee -a "$LS_YML"
 echo "xpack.monitoring.elasticsearch.hosts: ['http://localhost:9200']" | sudo tee -a "$LS_YML"
-echo "xpack.monitoring.elasticsearch.username: 'logstash_system'" | sudo tee -a "$LOG_FILE"
-echo "xpack.monitoring.elasticsearch.password: '$LOGSTASH_SYSTEM_PASSWORD'" | sudo tee -a "$LOG_FILE"
+echo "xpack.monitoring.elasticsearch.username: '$LOGSTASH_ELASTIC_USERNAME'" | sudo tee -a "$LS_YML"
+echo "xpack.monitoring.elasticsearch.password: '$LOGSTASH_ELASTIC_PASSWORD'" | sudo tee -a "$LS_YML"
 
 cat "$LS_YML" | tee -a "$LOG_FILE"
 
-# Create a basic Logstash pipeline configuration
+# --- Create a basic Logstash pipeline configuration ---
 log_info "Creating a basic Logstash pipeline configuration..."
 LS_PIPELINE_CONFIG=$(cat <<EOF
 input {
@@ -360,8 +465,8 @@
   elasticsearch {
     hosts => ["http://localhost:9200"]
     index => "logstash-%{+YYYY.MM.dd}"
-    user => "logstash_system"
-    password => "$LOGSTASH_SYSTEM_PASSWORD"
+    user => "$LOGSTASH_ELASTIC_USERNAME"
+    password => "$LOGSTASH_ELASTIC_PASSWORD"
   }
   stdout { codec => rubydebug }
 }
@@ -369,20 +474,39 @@
 )
 echo "$LS_PIPELINE_CONFIG" | sudo tee "$LS_PIPELINE_CONF" | tee -a "$LOG_FILE"
 
-# --- Open Firewall for Kibana and Logstash ---
+# --- Configure Filebeat ---
+FB_YML="/etc/filebeat/filebeat.yml"
+log_info "Backing up and updating Filebeat config..."
+sudo cp "$FB_YML" "${FB_YML}.bak" | tee -a "$LOG_FILE"
+
+# use sed to remove
+sudo sed -i '/^output.elasticsearch/d' "$FB_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^  hosts:/d' "$FB_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^  username:/d' "$FB_YML" | tee -a "$LOG_FILE"
+sudo sed -i '/^  password:/d' "$FB_YML" | tee -a "$LOG_FILE"
+
+# Add filebeat config
+echo "output.elasticsearch:" | sudo tee -a "$FB_YML"
+echo "  hosts: ['localhost:9200']" | sudo tee -a "$FB_YML"
+echo "  username: '$FILEBEAT_ELASTIC_USERNAME'" | sudo tee -a "$FB_YML"
+echo "  password: '$FILEBEAT_ELASTIC_PASSWORD'" | sudo tee -a "$FB_YML"
+
+cat "$FB_YML" | tee -a "$LOG_FILE"
+
+# --- Open Firewall for Kibana, Logstash, and Filebeat ---
 if systemctl is-active --quiet firewalld; then
-  log_info "Opening firewall for Kibana (port 5601) and Logstash (port 9600)..."
-  sudo firewall-cmd --permanent --add-port=5601/tcp --add-port=9600/tcp | tee -a "$LOG_FILE"
+  log_info "Opening firewall for Kibana (port 5601), Logstash (port 9600), and Filebeat (port 5601)..."
+  sudo firewall-cmd --add-port={5601,9200,5044}/tcp --permanent | tee -a "$LOG_FILE"
   sudo firewall-cmd --reload | tee -a "$LOG_FILE"
 fi
 
-# --- Start Elasticsearch, Kibana, Metricbeat, and Logstash ---
-log_info "Enabling and starting Elasticsearch, Kibana, Metricbeat, and Logstash..."
-sudo systemctl enable --now elasticsearch kibana metricbeat logstash | tee -a "$LOG_FILE"
+# --- Start Elasticsearch, Kibana, Metricbeat, Logstash, and Filebeat ---
+log_info "Enabling and starting Elasticsearch, Kibana, Metricbeat, Logstash, and Filebeat..."
+sudo systemctl enable --now elasticsearch kibana metricbeat logstash filebeat | tee -a "$LOG_FILE"
 
 # --- Final Verification ---
 log_info "Verifying services..."
-for svc in elasticsearch kibana metricbeat logstash; do
+for svc in elasticsearch kibana metricbeat logstash filebeat; do
   if systemctl is-active --quiet "$svc"; then
     log_info "$svc is running."
   else
@@ -392,6 +516,6 @@
 
 log_info "✅ ELK Stack 8.x single-node setup complete."
 log_info "Installation logs are available in $LOG_FILE."
-log_info "Access Kibana at http://${SERVER_IP}:5601 (admin / ${ADMIN_PASSWORD})"
+log_info "Access Kibana at http://${SERVER_IP}:5601 (admin / ${ES_PASSWORD_1})"
 
 exit 0
Index: /branches/amp_4_0/platform/tools/install_influx.sh
===================================================================
--- /branches/amp_4_0/platform/tools/install_influx.sh	(revision 2548)
+++ /branches/amp_4_0/platform/tools/install_influx.sh	(working copy)
@@ -16,11 +16,11 @@
 exec > "$LOG_FILE" 2>&1
 
 log_info() {
-  echo "[INFO] $1"
+  echo "[INFO] $(date +'%Y-%m-%d %H:%M:%S') $1" | tee -a "$LOG_FILE"
 }
 
 log_error() {
-  echo "[ERROR] $1" >&2
+  echo "[ERROR] $(date +'%Y-%m-%d %H:%M:%S') $1" >&2 | tee -a "$LOG_FILE"
 }
 
 check_command() {
Index: /branches/amp_4_0/platform/tools/install_python.sh
===================================================================
--- /branches/amp_4_0/platform/tools/install_python.sh	(revision 2548)
+++ /branches/amp_4_0/platform/tools/install_python.sh	(working copy)
@@ -23,7 +23,7 @@
 tar xzf Python-3.13.0.tgz
 cd Python-3.13.0
 
-./configure --enable-optimizations
+./configure --enable-optimizations --enable-shared
 make altinstall
 
 echo "🔗 Creating symbolic links for 'python3.13' and 'python'..."
@@ -38,6 +38,9 @@
 
 ln -sf /usr/local/bin/python3.13 /usr/bin/python
 
+echo 'export PATH=$PATH:/usr/local/bin' >> ~/.bashrc
+source ~/.bashrc
+
 echo "🐍 Verifying Python installation..."
 python --version