elasticsearch-on-kubernetes-225x225

Running Elasticsearch on Kubernetes

Kubernetes gives you the capabilities to easily spin up clusters to run your Docker application containers. As such, Kubernetes is an ideal environment for running Elasticsearch clusters in the cloud.   I’ve been working with Elasticsearch on Kubernetes quite a bit lately so I thought I’d share with you how you can deploy your own…

pcap_elasticsearch-225x225

Packet Capture with Pyshark and Elasticsearch

Network packet capture and analysis are commonly done with tools like tcpdump, snort, and Wireshark. These tools provide the capability to capture packets live from networks and store the captures in PCAP files for later analysis. A much better way to store packets is to index them in Elasticsearch where you can easily search for packets based on…

kibana4ossec-225x225

Create an OSSEC Log Management Console with Kibana 4

It’s been awhile since Kibana 4 was released, so I figured it was about time I updated my OSSEC Log Management Console to use the latest and greatest Kibana. The look and feel of Kibana has changed quite a bit, with a new data discovery mode that let’s you browse your data quickly before you create…

elasticsearch-snapshots-225x225

Creating Elasticsearch Snapshots

Benjamin Franklin once wrote “…in this world nothing can be said to be certain, except death and taxes”. In this computerized world of ours, I would add having to backup your data to free up disk space to that list of eventualities. For Elasticsearch users, backups are done using the Elasticsearch snapshot facility. In this…

logstash-ossec-225x225

Improved OSSEC Log Parsing with Logstash

The ELK stack (Elasticsearch-Logstash-Kibana) provides a cost effective alternative to commercial SIEMs for ingesting and managing OSSEC alert logs. Previously I wrote a blog – OSSEC Log Management with Elasticsearch – that discusses the design of an ELK based log system. Since then some readers have asked for and suggested ways to parse additional fields…