Collecting Modsecurity logs with Elasticsearch

ModSecurity is a web application firewall for the Apache web server. In addition to providing logging capabilities, ModSecurity can monitor HTTP traffic in real-time in order to detect attacks. ModSecurity also operates as an intrusion detection tool, allowing you to react to suspicious events that take place on your web systems.

(more…)

Using GeoIP with Logstash and ElasticSearch

GeoIP is a filter in Logstash that can collect information about the geographical location of the IP Address.

(more…)

Logstash multiple input output

When you have multiple input and want to create multiple output based on index, you cannot using default config in Logstash.

(more…)

Creating Elasticsearch Cluster

Elasticsearch is a search engine based on the Lucene library. It provides a distributed, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. Elasticsearch is developed in Java. This tutorial guides you on how to build the cluster.

(more…)

Setup EFK (elasticsearch fluent-bit kibana) Stack in Kubernetes

EFK stack is stack to collect log data and analysis. EFK stack can be install in top of Kubernetes to collect log from kubernetes, virtual machine, or baremetal server.

(more…)