Building a Logging Forensics Platform using ELK (Elasticsearch, Logstash, Kibana)

Posted on by David Vassallo

During a recent project we were required to build a "Logging Forensics Platform", which is in essence a logging platform that can consume data from a variety of sources such as windows event logs, syslog, flat files and databases. The platform would then be used for queries during forensic investigations and to help follow up … Continue reading Building a Logging Forensics Platform using ELK (Elasticsearch, Logstash, Kibana)

Tips / programs for manual log analysis

Posted on by David Vassallo

Any troubleshooting techie will tell you that most of his / her time is spent analysing megabytes of log files trying to figure out what happened, what went wrong and so on. Log files are usually about the only thing left in the aftermath of an incident. In the mad rush to bring systems back … Continue reading Tips / programs for manual log analysis