NGINX Log Analysis with Elasticsearch, Logstash, and Kibana

http://logz.io/blog/nginx-log-analysis/ According to Netcraft’s latest web server survey last month, NGINX is the second-most widely used web server (after Apache) among the one million busiest sites worldwide. NGINX is popular because of its focus on concurrency, high performance, and low memory usage. It serves dynamic HTTP content and is used to handle requests, caching, and […]

OSSEC rule to detect new run keys added to the registry

https://groups.google.com/forum/#!topic/ossec-list/xgkBnuyJ6ek Q: I’m wondering if anyone has created (or could help me) create an OSSEC rule to detect new additions to the “run” keys in the registry. The goal is to detect malware and fileless malware adding run keys to the registry. If anyway has started creating rules for fileless malware detection that would be great […]

5 Logstash Pitfalls You Need to Avoid

http://logz.io/blog/5-logstash-pitfalls-and-how-to-avoid-them/ Although Logstash is great, no product is flawless. Below are the top five pitfalls that we’ve encountered in our journey working with Logstash users. 1. Key-Value Filter (KV Plugin) Key-values is a filter plug-in that extracts keys and values from a single log using them to create new fields in the structured data format. […]

How to develop Logstash configuration files

http://blog.comperiosearch.com/blog/2015/04/10/how-to-develop-logstash-configuration-files/ Installing logstash is easy. Problems arrive only once you have to configure it. This post will reveal some of the tricks the ELK team at Comperio has found helpful. Write configuration on the command line using the -e flag If you want to test simple filter configurations, you can enter it straight on the […]

Configure elasticsearch logstash filebeats with shield to monitor nginx access.log

https://z0z0.me/configure-elasticsearch-logstash-filebeats-with-shield/ In this post I will show how to install and configure elasticsearch for authentication with shield and configure logstash to get the nginx logs via filebeat and send it to elasticsearch. Why we do need filebeat when we have packetbeat? It is a good question. The short answer it is that packetbeat does not […]