Skip to content
This repository has been archived by the owner on Dec 6, 2023. It is now read-only.

Latest commit

 

History

History
41 lines (29 loc) · 1.31 KB

README.md

File metadata and controls

41 lines (29 loc) · 1.31 KB

ELK-forensics

-- Note: This repository is not maintained anymore. --

ELK configuration files for Forensic Analysts and Incident Handlers.

For more information, screenshots and HOWTO's read:

How to use

 apt-get install git-core
 git clone https://github.com/cvandeplas/ELK-forensics

That will create a directory - ELK-forensics - holding the configuration files.

  • Open your Kibana web interface
  • Right upper corner, Load -> Advanced -> Browse
  • Load the desired json template(s)
  • Copy the .conf file to your /etc/logstash/conf.d directory
  • Restart the logstash service
  • Feed your logs

Make sure you also look at the documentation provided in the .conf files.

Do not hesitate to contribute ! All feedback is appreciated !

Thanks Christophe

License