ELK: It's Big Log Season - Infosecon 2015

On this repo are some various configuration files, references, and scripts Brian and I have used to help setup and maintain our ELK instances. These may not necessarily be the best way to do things, but it does get the job done.

Link to the presentation

http://www.slideshare.net/EricLuellen/elk-its-big-log-season

Setting up ELK for Netflow data

http://blogs.cisco.com/security/step-by-step-setup-of-elk-for-netflow-analytics

Predefined grok patterns for Logstash

https://github.com/elastic/logstash/blob/v1.4.0/patterns/grok-patterns

Online Grok debugger

https://grokdebug.herokuapp.com/

Curator download

https://github.com/elastic/curator

How to secure Kibana and ELasticsearch with HTTPS

http://blog.stevenmeyer.co.uk/2014/02/securing-kibana-and-elasticsearch-with-https-ssl.html

OSSEC basic documentation

http://ossec-docs.readthedocs.org/en/latest/manual/

Nxlog download

http://nxlog.org/products/nxlog-community-edition/download

Example of Nxlog config for Windows

https://mbrownnyc.wordpress.com/2012/11/08/nxlog-configure-pattern-matching/

Various sites for ElasticSearch performance tuning

https://blog.codecentric.de/en/2014/05/elasticsearch-indexing-performance-cheatsheet/ https://www.elastic.co/blog/performance-considerations-elasticsearch-indexing https://www.loggly.com/blog/nine-tips-configuring-elasticsearch-for-high-performance/

Comparison between Logstash, Splunk and Sumo

http://blog.takipi.com/log-management-tools-face-off-splunk-vs-logstash-vs-sumo-logic/