Process and Visualize ModSecurity Logs on ELK Stack

0
In this tutorial, you will learn how to process and visualize ModSecurity Logs on ELK Stack. ModSecurity is an open source, cross-platform web application firewall (WAF) module developed by Trustwave’s SpiderLabs. Known as the “Swiss Army Knife” of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to...

Install and Configure Filebeat on CentOS 8

0
In this tutorial, we are going to learn how to install and configure Filebeat on CentOS 8. Filebeat is one of the Elastic Stack beats, the data shippers for Elasticsearch. Filebeat is a lightweight shipper for forwarding and centralizing log data. Installed as an agent on your servers, Filebeat monitors the log...

Install ELK Stack on Ubuntu 20.04

2
Welcome to our guide on how to install ELK Stack on Ubuntu 20.04. ELK, currently known as Elastic Stack, is the acronym for open source projects comprising; Elasticsearch: a search and analytics engineKibana: a data visualization and dash-boarding tool that enables you to analyze data stored on Elasticsearch.Logstash: a...

Send Windows logs to Elastic Stack using Winlogbeat and Sysmon

0
In this guide, we are going to learn how to send Windows logs to Elastic Stack using Winlogbeat and Sysmon. Winlogbeat is an Elastic Beat that is used to collect windows system application, security, system or hardware events. Sysmon (System Monitor) on the other hand is a windows application that is used to monitor and log system...

Setup Multi-node Elasticsearch 7.x Cluster on Fedora 30/Fedora 29/CentOS 7

0
In this guide, we are going to learn how to setup multi-node Elasticsearch 7.x cluster on Fedora 30/Fedora 29/CentOS 7. So what is Elasticsearch cluster? An Elasticsearch cluster is a group of nodes that have the same cluster.name attribute. As nodes join or leave a cluster, the cluster automatically reorganizes itself to evenly distribute the data across...

Install and Configure Elastic Auditbeat on Ubuntu 18.04

0
In this guide, we are going to learn how to install and configure Elastic Auditbeat on Ubuntu 18.04. Auditbeat is a lightweight data shipper that is used to collect audit events for users and system processes. It can also be used to detect changes to critical files, like binaries and configuration files, and identify potential security policy...

Install Filebeat on Fedora 30/Fedora 29/CentOS 7

0
In this guide, we are going to learn how to install Filebeat on Fedora 30/Fedora 29/CentOS 7. Filebeat is a lightweight shipper for collecting, forwarding and centralizing event log data. It is installed as an agent on the servers you are collecting logs from. It can forward the logs it is collecting to either Elasticsearch or Logstash...

How to Debug Logstash Grok Filters

0
Welcome to our guide on how to debug Logstash Grok filters. Grok filter uses regular expressions to parse unstructured event data into fields. It is perfect for syslog logs, Apache and other web server logs, MySQL logs or any human readable log format. This comes so handy if you want to extract different fields...

Install Logstash 7 on Fedora 30/Fedora 29/CentOS 7

0
This guide will focus on how to install Logstash 7 on Fedora 30/Fedora 29/CentOS 7 as a continuation of our guide on how to setup Elastic Stack 7 on Fedora 30/Fedora 29/CentOS 7. The installation of the first two components of ELastic Stack, Elasticsearch and Kibana have been discussed in our previous guides;

Install Elastic Stack 7 on Fedora 30/Fedora 29/CentOS 7

0
In this guide, we are going to learn how to install Elastic Stack 7 on Fedora 30/Fedora 29/CentOS 7. Elastic Stack comprises of: Elasticsearch is a search and analytics engineKibana is a data visualization and dash-boarding tool that enables you to analyze data stored on Elasticsearch.Logstash is a server‑side data processing pipeline that ingests...