Building a Logging Forensics Platform using ELK (Elasticsearch, Logstash, Kibana)

During a recent project we were required to build a "Logging Forensics Platform", which is in essence a logging platform that can consume data from a variety of sources such as windows event logs, syslog, flat files and databases. The platform would then be used for queries during forensic investigations and to help follow up … Continue reading Building a Logging Forensics Platform using ELK (Elasticsearch, Logstash, Kibana)

Advertisements

Tips / programs for manual log analysis

Any troubleshooting techie will tell you that most of his / her time is spent analysing megabytes of log files trying to figure out what happened, what went wrong and so on. Log files are usually about the only thing left in the aftermath of an incident. In the mad rush to bring systems back … Continue reading Tips / programs for manual log analysis

Cisco ACL debugging – ip ACL logs do not show ports

During most cisco firewall or router troubleshooting, it is often necessary to trace or log which traffic is traversing the Cisco. Cisco includes a feature called "IP accounting" which is quite useful, but only to report on amount of traffic between two endpoints, or access list violations. Normal IP access lists are much more useful … Continue reading Cisco ACL debugging – ip ACL logs do not show ports