Centralized logging is a fantastic tool, especially if you are able to take it from collection-only, to realtime action. The tools that enable realtime alerting, such as Watcher and ElastAlert, haven’t been easy to use as it is focused on file based configuration.
BitSensor now open-sources our ElastAlert plugin, that enables realtime alerting on top of ElasticSearch and is fully integrated into Kibana. It takes under 5 minutes to setup, as we have packed everything for you.
Even better: read the updated blogpost with Rule Templates!
CD to your Kibana folder. Then:
*Installing ElastAlert plugin into Kibana* ./bin/kibana plugin -i elastalert -u https://git.bitsensor.io/front-end/elastalert-kibana-plugin/builds/5251/artifacts/file/build/elastalert-0.0.6.zip Clone into ElastAlert Server with the Docker container git clone https://git.bitsensor.io/back-end/elastalert.git cd elastalert Build the container locally docker build . -t elastalert Run the container, map the configuration files and folders, and expose port 3030 to our host docker run -d \ -p 3030:3030 \ -v `pwd`/config/elastalert.yaml:/opt/elastalert/config.yaml \ -v `pwd`/config/elastalert-server.json:/opt/elastalert-server/config/config.json \ -v `pwd`/rules:/opt/elastalert/rules \ --net="host" \ elastalert:latest Start kibana cd ../ ./bin/kibana
Depending on the location of the ElasticSearch cluster, you might have to change configurations files accordingly.
Feel free to share your results, open a PR, and open issues on https://git.bitsensor.io/front… and https://git.bitsensor.io/back-…. (or https://github.com/bitsensor/e… and https://github.com/bitsensor/e… on GitHub)
Just an example
Send a Slack alert on every attack on your application. It will tell you who is attacking you, the tools used, and the application that is under threat.