My Elastic Search Projects

 

Back to main page

 

Pihole Configuration Files

 
Configure /etc/filebeat/filebeat.yml as follow:
 
filebeat.inputs:
 
- type: log
  enabled: true
  paths:
    - "/var/log/pihole.log"
  fields_under_root: true
  fields:
    region: Ottawa
 
output.logstash:
  hosts: ["127.0.0.1:5044"]
 
Download the following logstash.yml script to send logs to ELK. Adjust your Elastic IP accordingly.
 
The pihole.conf file was updated using the Elastic Common Schema (ECS) Reference and the dashboard was updated accordingly.
 
Logstash Pihole parser (Updated 20 Feb 2020)
Pihole Dashboard (21 Feb 2020)
 
 
 

tcp-honeypot Configuration Files

 
Configure /etc/filebeat/filebeat.yml as follow:
 
filebeat.inputs:
 
- type: log
  enabled: true
  paths:
    - "/opt/logs/tcp-honeypot-*.log"
  fields_under_root: true
  fields:
    region: Ottawa
 
output.logstash:
  hosts: ["127.0.0.1:5044"]
 
Download the following logstash.yml script to send logs to ELK. Adjust your Elastic IP accordingly. His honeypot script is located here.
 
Logstash tcp-honeypot (20 Jun 2020)
tcp-honeypot Dashboard (20 Jun 2020)