ELK server is up, now how do I use it.
-
Alright, so using Scott's script, i have an ELK server up and running.
I also popped onto an ownCloud server and setup logstash to ship the basic logs per Scott's other post on that subject.
Now how do I begin to make use of it?
When I log in I see this and have no obvious instruction on where to go next.
-
All of my upvotes for this post - very curious to see how to harvest and then graph logs from various sources (firewall, servers, UPS units, printers, etc etc)
-
I also need to know this as well
-
I just have to toss this out there - RTFM?
-
i have been.
-
-
You have to select FileBeat and set it to be the default. It won't let you do anything till you do that. Once you do that you can go to the Discover page. At least in theory.
If that works (it should be blank) then we can start sending in logs. I've got that on the list to get documented. Haven't had a spare moment today but will have that soon(ish).
-
@scottalanmiller said:
You have to select FileBeat and set it to be the default. It won't let you do anything till you do that. Once you do that you can go to the Discover page. At least in theory.
If that works (it should be blank) then we can start sending in logs. I've got that on the list to get documented. Haven't had a spare moment today but will have that soon(ish).
Well, I can also read up on that myself now that I know what it is.
-
I've got a working filebeat and topbeat process. I'll try to get it up tonight, hopefully.
-
@scottalanmiller said:
I'll try to get it up tonight, hopefully.
Make sure this doesn't get taken out of context, it has a complete different meaning that way.
-
@JaredBusch did you ever get your machines logging to the ELK stack?
-
@coliver said in ELK server is up, now how do I use it.:
@JaredBusch did you ever get your machines logging to the ELK stack?
No. I have some half baked setup. I need to spend time on that project.
-
@JaredBusch said in ELK server is up, now how do I use it.:
@coliver said in ELK server is up, now how do I use it.:
@JaredBusch did you ever get your machines logging to the ELK stack?
No. I have some half baked setup. I need to spend time on that project.
I'm going to have to tackle something very similar later this summer / fall - would highly appreciate any notes or thoughts you have on your journey.
Like yourself, I can (probably) follow all SAM's steps to make it chooch but after that I'm a bit lost... I can direct my firewalls to spew logs at it but how do I search them? Make them pretty? Setup alerts for important things?
-
Searching... that is a MAJOR undertaking in any of these systems. It is exhausting.
-
I was playing a little bit with LOGG.LY today and I think I fried my brain.
I'm trying to get my logs off my XS USB boot device see it doesn't get its brain fried.
I'll be watching this ELK discussion to see how everyone does.
