BSides Austin 2018 has ended
Back To Schedule
Friday, March 9 • 1:30pm - 2:30pm
ELK - Not Just for Application Logging

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The ELK stack (Elasticsearch, Logstash, Kibana) is an open source centralized logging stack. However, it can do so much more. Any file or event can be sent to ELK and then searched using Kibana. ELK can easily be stood up on one system in a few minutes. If you can write something to STDOUT you can send to ELK for searching and storage. If you've ever needed to show or demonstrate findings from scripts or logs ELK can easily do it. I will go through the installation and configuration of ELK and Filebeats and then show some demos on how easy it is to get events into Elasticsearch as well as searching in Kibana. ELK can be set up in a very simple and easy manner but can also be extended to enrich data in a multitude of ways. You should be able to leave with all the knowledge you need to get started with your own ELK stack and some ideas on how to use it.


Mark McLauchlin

I am a security enthusiast ever since taking an Ethical Hacking Class. I have an MS in IT from Southern Polytechnic State University in Marietta. Georgia.  I was an Atlanta OWASP Chapter Co-Lead from 2013 to 2015 before moving to Austin. I also enjoy playing with Pi's and Arduin... Read More →

Friday March 9, 2018 1:30pm - 2:30pm CST