Analysis of Logs by Using Logstash
The key functionality of this proposed system is its ability to handle, collect and analysis huge volume of different kinds of log data. When deployed in a network would facilitate collection of logs from different nodes across the network. This paper exp
- PDF / 319,845 Bytes
- 7 Pages / 439.37 x 666.142 pts Page_size
- 101 Downloads / 251 Views
Abstract The key functionality of this proposed system is its ability to handle, collect and analysis huge volume of different kinds of log data. When deployed in a network would facilitate collection of logs from different nodes across the network. This paper explains the proposed system which collects the logs using Logstash which is having a capability of handling the many types of Logs data which helps to identify the malicious activity in the network.
⋅
Keywords Logstash management Syslog
⋅
Nx-log
⋅
Raw logs
⋅
Security information event
1 Introduction In the field of computer security, Security Information and Event Management produces and facilities combine security information management (SIM) and security event management (SEM). A SEM system merges a storage and explanation of logs and in the real-time analysis [1]. The system collects the information into a vital source for analysis and provides manual writing for submission and centralized reporting. The combining both SIEM systems provide documentation, analysis and retrieval of security events. A SIEM system collects the logs and security-related documentation for analysis. Security information and event management (SIEM) systems are to collect security log events for huge amount of data. By passing the logs data, SIEM products allow central analysis and reporting for an organization’s security events S. Sanjappa (✉) Department of Information Science and Engineering, Dayananda Sagar College of Engineering, Bengaluru, India e-mail: [email protected] M. Ahmed Jain University, Bengaluru, India e-mail: [email protected] © Springer Nature Singapore Pte Ltd. 2017 S.C. Satapathy et al. (eds.), Proceedings of the 5th International Conference on Frontiers in Intelligent Computing: Theory and Applications, Advances in Intelligent Systems and Computing 516, DOI 10.1007/978-981-10-3156-4_61
579
580
S. Sanjappa and M. Ahmed
Fig. 1 Flow diagram of analysis of logs
[2]. The analysis may result in the detection of attacks and some SIEM products have the capabilities to attempt to stop attacks in the network. Logstash is a tool for managing events and logs in a larger system of log collection, processing, storage and searching activities. Logstash alone does not have exact meaning and centralized management of log files. Collection is accomplished via configuration are Input plugin. Once input plugin has collected data it can be processed by number of bits which modify and annotate the event data [3]. Logstash it has three stages: Input, Filter, Output. Inputs logs can be collected from windows, Linux, TCP, UDP, Filter is used to modify the inputs data transformable can be done easily. Any modification can be done by using the configuration, not required the code [4]. Outputs can be written in file, Database, Karfka. It is also having an Extra features that logs data can also write in own custom modification in filter stage. The entire analysis of logs can be shown below figure (Fig. 1). The logs are collected from windows by using Nxlog and in Linux machine
Data Loading...
