ELK configuration files for Forensic Analysts and Incident Handlers.
For more information, screenshots and HOWTO's read:
- Setting up a single ELK node in 20 minutes
- Mactime magic with ELK
- BlueCoat Proxy log search and analytics
- http://christophe.vandeplas.com/search/label/elk
apt-get install git-core
git clone https://github.com/cvandeplas/ELK-forensics
That will create a directory - ELK-forensics - holding the configuration files.
- Open your Kibana web interface
- Right upper corner, Load -> Advanced -> Browse
- Load the desired json template(s)
- Copy the .conf file to your /etc/logstash/conf.d directory
- Restart the logstash service
- Feed your logs
Make sure you also look at the documentation provided in the .conf files.
Do not hesitate to contribute ! All feedback is appreciated !
Thanks Christophe
- License: AGPL v3 - http://www.gnu.org/copyleft/gpl.html
- Copyright: Christophe Vandeplas [email protected]