Collecting Modsecurity logs with Elasticsearch

ModSecurity is a web application firewall for the Apache web server. In addition to providing logging capabilities, ModSecurity can monitor HTTP traffic in real-time in order to detect attacks. ModSecurity also operates as an intrusion detection tool, allowing you to react to suspicious events that take place on your web systems.

(more…)

Using GeoIP with Logstash and ElasticSearch

GeoIP is a filter in Logstash that can collect information about the geographical location of the IP Address.

(more…)