Skip to content

simao-silva/elk-stack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

elasticsearch/config

elasticsearch/config

 
 

filebeat

filebeat

 
 

imgs

imgs

 
 

kibana/config

kibana/config

 
 

logstash

logstash

 
 

metricbeat

metricbeat

 
 

nginx

nginx

 
 

nodes

nodes

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

docker-compose.yml

docker-compose.yml

 
 

Repository files navigation

[CC4081] Security Operations - ELK stack

Details

Deployment:

  • Server 
    docker-compose up -d
  • Nodes 
    cd nodes && docker-compose up -d

Use

  • To access both ElasticSearch and Kibana add to your /etc/hosts the following: 
    127.0.0.1	elastic.secop.edu
127.0.0.1	kibana.secop.edu
  • Test it:

Kibana visualisation

  • Eval time difference of log arriving

    • Add script field with the follow settings:

      • Name: Time diff
      • Language: painless
      • Type: number
      • Format: duration
      • Input format: seconds
      • Output format: seconds
      • Script: 
        if(!doc['filebeattimestamp'].empty) { 
  return (doc['@timestamp'].value.millis - doc['filebeattimestamp'].value.millis) / 1000
}

    • In Discover tab filter the logs by the new variable Time diff time diff

    • For a graphic with the average time go to visualize and fill the settings:

      • Metrics
        • Y-axis 
          Aggregation: Average
Field: Time diff
        • X-axis 
          Aggregation: Terms
Field: agent.hostname.keyword
Order by: Metric: Average Time diff
Order: Ascending

      graphic

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages