Where to start about managing network device logs


(R) #1

Hi Guys.

I am complete beginner of ELK and just going through the documents. I am network administrator and are managing Firewalls, Proxy, dozens of Linux servers comprises of DNS, Reverse Proxy, Web servers and many other.

I am keen in ELK as log management solution and creating those dashboards. Can someone please help me about getting started? I do have many questions and hope you guys dont mind answering those?

Is there any such basic tutorial available for gathering logs from Firewall, Linux servers/Windows Destkops/Servers and creating dashboards in Kibana from Security perspective?


(Mark Walkom) #2

FYI we’ve renamed ELK to the Elastic Stack, otherwise Beats feels left out :wink:

Your best bet is to start with installing and getting the core parts running - https://www.elastic.co/guide/en/elastic-stack/current/index.html

For files, on any OS, check out filebeat. For Windows event logs, winlogbeat. For network devices it'll depend on how they do logging, if they can send via rsyslog then you can use Logstash to receive them.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.