Elasticsearch

testsoft.net soc monitor view (kibana)

LOGSTASH PATTERNS AND CONFIG
1. Logstash filter and patterns for syslog and filebeat logs receive. Full config.
1.1 – Input config to logstash.
1.2 – Output config to elasticsearch.
1.3 – Syslog main filter.
1.4 – Syslog ssh patterns.
1.5 – Syslog http patterns.
1.6 – Syslog modsecurity patterns.
1.7 – Filebeat nginx filter.
1.8 – Filebeat ssh filter.

2. Simple example multiple logstash input.

INSTALL AND SETUP FOR BEGINNERS
CHAPTER 1. INSTALL AND CONFIG ELASTICSEARCH, LOGSTASH, KIBANA
Part 1.1. Install elastic search
Part 1.2. Install kibana and nginx proxy
Part 1.3. Install logstash on local ELK server
Part 1.4. Install filebeat for local ELK loging
Part 1.5. Create index for filebeat

CHAPTER 2. REMOTE SERVER CONFIG FOR LOG SHIPING (FILEBEAT)
Part 2.1. Filebeat install and config build-in modules for remote log shipping
Part 2.2. Filebeat setup for custom file read and log shipping