Where to start about managing network device logs

Blason · August 5, 2017, 3:11am

Hi Guys.

I am complete beginner of ELK and just going through the documents. I am network administrator and are managing Firewalls, Proxy, dozens of Linux servers comprises of DNS, Reverse Proxy, Web servers and many other.

I am keen in ELK as log management solution and creating those dashboards. Can someone please help me about getting started? I do have many questions and hope you guys dont mind answering those?

Is there any such basic tutorial available for gathering logs from Firewall, Linux servers/Windows Destkops/Servers and creating dashboards in Kibana from Security perspective?

warkolm · August 5, 2017, 5:24am

FYI we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out

Your best bet is to start with installing and getting the core parts running - https://www.elastic.co/guide/en/elastic-stack/current/index.html

For files, on any OS, check out filebeat. For Windows event logs, winlogbeat. For network devices it'll depend on how they do logging, if they can send via rsyslog then you can use Logstash to receive them.

Topic		Replies	Views
New Here - Question Elasticsearch	3	381	July 5, 2017
Security Logs Elasticsearch	5	1138	July 5, 2017
Understanding sending data to ELK Elasticsearch	4	2361	July 16, 2017
Simple Central log monitoring with ELK Logstash	21	2943	September 13, 2021
Newbie in ELK Elasticsearch	2	340	September 17, 2019

Where to start about managing network device logs

Related topics