Logs, logs, logs, as far as the eye can see. Web logs, SQL logs, application logs, firewall and event logs. In today’s world of “log everything”, how can a forensic analyst quickly ingest, index, and visualize the data within their logs to rapidly gain insight and knowledge? Quickly responding to events can be the difference between data about to walk out the door, and data long gone. In a world of big data and large clustered systems, sometimes even the smallest forensic shop can build a powerful, nimble log analytics engine.
In this presentation, we’ll walk through setting up a standalone, powerful log analytics stack in 10 minutes using the free and open-source trio Logstash, Elasticsearch, and Kibana. Attendees will learn how to leverage these tools to generate valuable metadata about their log contents, such as performing on-the-fly geolocation of IP addresses and building analysis dashboards to share with their teams. Attendees will also learn how to use the Kibana visualization tool to quickly transition through their various sets of data without skipping a beat. Lastly, via quick, interchangeable configuration files, attendees will see how to swiftly navigate between various types of logs, regardless of the source.
Are you ready logs? Start talking...