Elastalert Kibana plugin: Centralized logging with integrated alerting

Centralized logging is a fantastic tool, especially if you are able to take it from collection-only, to realtime action. The tools that enable realtime alerting, such as Watcher and ElastAlert, haven’t been easy to use as it is focused on file based configuration.

BitSensor now open-sources our ElastAlert plugin, that enables realtime alerting on top of ElasticSearch and is fully integrated into Kibana. It takes under 5 minutes to setup, as we have packed everything for you.

Even better: read the updated blogpost with Rule Templates!

Installation

CD to your Kibana folder. Then:

*Installing ElastAlert plugin into Kibana*
    ./bin/kibana plugin -i elastalert -u 
    https://git.bitsensor.io/front-end/elastalert-kibana-plugin/builds/5251/artifacts/file/build/elastalert-0.0.6.zip


Clone into ElastAlert Server with the Docker container
    git clone https://git.bitsensor.io/back-end/elastalert.git 
    cd elastalert

Build the container locally
    docker build . -t elastalert

Run the container, map the configuration files and folders, and expose port 3030 to our host
    docker run -d \
    -p 3030:3030 \
    -v `pwd`/config/elastalert.yaml:/opt/elastalert/config.yaml \
    -v `pwd`/config/elastalert-server.json:/opt/elastalert-server/config/config.json \
    -v `pwd`/rules:/opt/elastalert/rules \
    --net="host" \
    elastalert:latest

Start kibana
    cd ../
    ./bin/kibana

Depending on the location of the ElasticSearch cluster, you might have to change configurations files accordingly.

That’s it!

Feel free to share your results, open a PR, and open issues on https://git.bitsensor.io/front… and https://git.bitsensor.io/back-…. (or https://github.com/bitsensor/e… and https://github.com/bitsensor/e… on GitHub)

Just an example

Send a Slack alert on every attack on your application. It will tell you who is attacking you, the tools used, and the application that is under threat.