Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Logging and analysis of security data in a network

Jussi Isosomppi, Eino Kupias, Saku Kähäri
ICT Infrastructure Project, fall 2018
Haaga-Helia University of Applied Sciences
Course details:


Project description

Our aim with this project is to create a centralized logging solution, created with ease of use and data security in mind. Our solution relies on Saltstack for centralized management, and on encryption and SSL certificates for data security. We wrote scripts to make the setup process easy and consistent, so that each installation would lead to the same end result.

Table of Contents

Installation/setup instructions

For our testing, we used Xubuntu 16.04 as our base operating system. The setup works with a live USB as well as on an installed OS. For the client, we verified VM functionality with Vagrant/Virtualbox and the bento/ubuntu-16.04 box.

Server install

chmod +x
sudo ./

Once the server setup script has completed its task, it will open a new firefox window (or tab) showing the Kibana dashboard at https://logserver.local. To make the page display without errors, add the ~/localCA.pem file to the authorized certificates (On Firefox: Preferences -> Privacy and Security -> View Certificates -> Import...).

Client install

If you want to use Vagrant as your test client, run this script to set it up:

chmod +x
sudo ./

Run the following on your client:

chmod +x
sudo ./

Enter your master's IP address (displayed at the end of the master setup script) and choose a name for your minion.


After both the minion and master are set up properly, run the following command on your master:
sudo salt-key -A -y && sleep 5 && sudo salt '*' state.highstate --state-output terse
This makes sure that all of the salt minions (including the server) are in the correct state.

To generate log data for Kibana to display, run the command logtest on the minion. You can leave the script running and access Kibana with the username and password you chose during the server setup. The log file permissions are updated every minute on the server, but if you want to view your results quicker you can just run the Salt state fixperms again (sudo salt 'srv*' state.apply fixperms).

You can add our premade dashboard by going to Management -> Saved Objects -> Import in Kibana. The dashboard can be found at /tmp/default_dashboard.json.

Further reading

Check out our additional documentation for more information on module contents, customization, research documentation and more!