ELK Stack

“ELK” is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana.
Elasticsearch is a search and analytics engine based on Lucene library. The open source, distributed, RESTful, multitenant-capable full-text search engine with an HTTP web interface and schema-free JSON documents. Elasticsearch is developed in Java. Easy to use, scalable and flexible.
Logstash is a tool to collect, process, and forward events and log messages. Collection is accomplished via configurable input plugins including raw socket/packet communication, file tailing, and several message bus clients. Once an input plugin has collected data it can be processed by any number of filters which modify and annotate the event data. Finally logstash routes events to output plugins which can forward the events to a variety of external programs including Elasticsearch, local files and several message bus implementations. Kibana lets users visualize data with charts and graphs in Elasticsearch.

[Expirience with ELK Stack]

• Collect, process and analyze logs from Pfsense
• Collect, process and analyze logs from Juniper Firewall
• Collect, process and analyze logs from Mail Servers
• Collect, process and analyze logs from Barracuda Web Security Gateway
• Collect, process and analyze logs from Unbound
• Use clustering of nodes for Logstash and Elasticsearch
• Create custom templates and grok filters for processing data on Logstash
• Send alerts to Zabbix