Security, Logs and the ELK Stack

Monitoring logs is an intrinsic part of maintaining control over the security of your infrastructure. As DevOps, we are on the front line for intrusion protection, often the first responders to an incident, and an integral part of the post-mortem process. SIEM and security solutions can be expensive and complex to deploy. The ELK stack is a free, open-source solution which allows users to analyze logs generated by systems, networking and applications. The modularity allows easy iteration in response to the latest threats to network security. By rolling out even a simple security-based logging analysis as part of typical deployments, DevOps can be proactive in protecting the infrastructure and able to react more efficiently by mining forensic log data to connect relevant events.

In this presentation, Kurt will present an overview of Elasticsearch, Logstash, and Kibana and the various duties they perform in the ELK stack. Each of these tools has an important role in introspecting your logs, in order to surface critical information in an automated system. By configuring certain event traps, the ELK stack can trigger notifications or action items based on conditional logic. The ELK stack also provides a convenient mechanism for recording significant events and securing them for later forensic analysis. Learn about best practices for logging with regards to security, and configuring the system to optimally ingest and react to suspicious events.

Kurt Hurtado is an Elasticsearch Logstash core developer.