forked from cvandeplas/ELK-forensics
-
Notifications
You must be signed in to change notification settings - Fork 0
/
plaso.conf
21 lines (15 loc) · 961 Bytes
/
plaso.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# vim: syntax=python
# Please check https://github.com/cvandeplas/ELK-forensics for more information.
# Created by Christophe Vandeplas <[email protected]>
# Inspired from http://blog.kiddaland.net/2013/11/visualize-output.html
# Make sure you are using plaso v1.1 or higher.
# Before using plaso with elasticsearch you first need to install some python bindings.
# sudo pip install pyelasticsearch
#
# log2timeline.py plaso.dump /path/to/disk/image
# psort -o elastic plaso.dump
# There is no need to use logstash as data is directly stored in elasticsearch
# A simple dashboard is provided here: https://plaso.googlecode.com/git/extra/plaso_kibana_example.json
# More dashboard love will come in the near future.
# You can also export to l2tcsv and then import the csv using logstash. However you will loose some data.
# If you choose the l2tcsv export, check out the other configuration and dashboard provided in this ELK-forensics repository