ELK | RobWillis.info

Everything You Need To Know To Get Started Logging PowerShell

robwillisinfo — Mon, 07 Oct 2019 00:15:30 +0000

Intro Recently, I have been spending a lot of time researching and working with PowerShell logging. Since PowerShell is readily available (built-in to the OS) and has an assortment of functionality that can be used across the entire kill chain right out of the box, it is an ideal candidate for virtually any type of […]

The post Everything You Need To Know To Get Started Logging PowerShell first appeared on RobWillis.info.

Gathering Windows, PowerShell and Sysmon Events with Winlogbeat – ELK 7 – Windows Server 2016 (Part II)

robwillisinfo — Tue, 07 May 2019 02:43:19 +0000

In part I of this series, Installing ELK 7 (Elasticsearch, Logstash and Kibana) on Windows Server 2016, I covered the following: Installing and configuring Elasticsearch, Logstash, and Kibana as Windows services Installing and configuring Winlogbeat to forward logs from the ELK server into ELK Installing and configuring Curator as a scheduled task (optional) Now, in […]

The post Gathering Windows, PowerShell and Sysmon Events with Winlogbeat – ELK 7 – Windows Server 2016 (Part II) first appeared on RobWillis.info.

Installing ELK 7 (Elasticsearch, Logstash and Kibana) – Windows Server 2016 (Part I)

robwillisinfo — Tue, 07 May 2019 02:42:55 +0000

I am a huge fan of the Elastic stack as it can provide a great deal of visibility into even the largest of environments, which can help enable both engineering and security teams rapidly triage technical issues or incidents at scale. There’s also the fact that unlike Splunk, the Elastic software is free to use […]

The post Installing ELK 7 (Elasticsearch, Logstash and Kibana) – Windows Server 2016 (Part I) first appeared on RobWillis.info.

Home Lab Cooling Upgrade!

robwillisinfo — Mon, 29 Oct 2018 03:24:14 +0000

In this video I show off my latest project – Upgrading the cooling system on my home lab in hopes of making it a little more efficient while quieting things down a bit. The original setup consisted of the following: 2 x 6″ Ducts with Fans 6″ Flexible Ducting Originally there was just a single […]

The post Home Lab Cooling Upgrade! first appeared on RobWillis.info.

Home Lab Setup (2017)

robwillisinfo — Sun, 04 Feb 2018 15:51:15 +0000

In this post and video I give a quick run down of my Home Lab – everything from the rack itself, to the hardware and the basics of what everything is being used for. I started this project towards the end of 2012 with a single Dell PowerEdge 2950 GII and was hoping to teach […]

The post Home Lab Setup (2017) first appeared on RobWillis.info.

ELK Stack – Installing and Configuring Curator

robwillisinfo — Thu, 16 Nov 2017 15:42:29 +0000

In this post I am going to quickly cover what is needed to get Curator up and running on the ELK stack. In the last few posts about the ELK stack I covered everything needed to get it installed, configured and ingesting logs reliably. If you missed those posts, you can find them here: ELK […]

The post ELK Stack – Installing and Configuring Curator first appeared on RobWillis.info.

ELK Stack – Tips, Tricks and Troubleshooting

robwillisinfo — Fri, 10 Nov 2017 02:55:43 +0000

This post is going to be a sort of a follow up to my ELK 5 on Ubuntu 16.04 series. I am going to cover some of the lessons I have learned over the last few months of maintaining a running ELK stack instance. I am also going to cover some one liners that can […]

The post ELK Stack – Tips, Tricks and Troubleshooting first appeared on RobWillis.info.

ELK 5: Setting up a Grok filter for IIS Logs

robwillisinfo — Thu, 11 May 2017 14:47:05 +0000

In Pt. 3 of my setting up ELK 5 on Ubuntu 16.04 series, I showed how easy it was to ship IIS logs from a Windows Server 2012 R2 using Filebeat. One thing you may have noticed with that configuration is that the logs aren’t parsed out by Logstash, each line from the IIS log […]

The post ELK 5: Setting up a Grok filter for IIS Logs first appeared on RobWillis.info.

ELK 5 on Ubuntu 16.04

robwillisinfo — Fri, 21 Apr 2017 04:02:27 +0000

In this series of posts I am going to cover everything needed to get Elasticsearch, Logstash and Kibana (ELK) up and running on Ubuntu 16.04. In the videos I use the desktop version of Ubuntu, but the process should be the same on the server version. In addition to the ELK stack I will also […]

The post ELK 5 on Ubuntu 16.04 first appeared on RobWillis.info.

ELK 5 on Ubuntu: Pt. 3 – Installing and Configuring Beats Agents on Windows Clients

robwillisinfo — Fri, 21 Apr 2017 03:41:39 +0000

In the previous two posts I went over everything from installing Ubuntu to getting the ELK stack setup and ingesting logs from itself. Now in this final post in the series I am going to cover collecting Windows Event and IIS logs from remote Windows clients. Here is the quick run down of exactly what […]

The post ELK 5 on Ubuntu: Pt. 3 – Installing and Configuring Beats Agents on Windows Clients first appeared on RobWillis.info.