Elasticsearch is a storage and search engine built on Java and Apache Lucene, while Logstash serves as a converter between text data formats. Kibana provides a web GUI for visualizing Elasticsearch data, and all three tools are commonly used together in data processing architectures. The document also mentions the use of Suricata as an open-source IDS/IPS system for network traffic analysis and defense.

1. ElasticSearch Kibana Logstash

2. What is it?
l
ElastiSearch — Store and Search engine
l
Logstash — Converter between text data
formats
l
Kibana — Web Gui for visualize ES data

3. ElasticSearch
l
Writen on Java working on Apache Lucene.
l
Apache Lucene - high-performance, full-
featured text search engine library

4. ElasticSearch: Index
Shard 1 Shard 2 Shard N
Shard 1
Replica
Shard 2
Replica
Shard N
Replica
Index

5. ElasticSearch: Cluster
ES
Node 1
ES
Node 2
ES
Node N

6. Logstash
l
Writen on Java & Ruby
l
Can filter/edit/collect data, based on cool,
simple and powerfull language for writing rules.

7. Kibana
l
NodeJS + JS client for ES
l
Can visualize data from ES

9. Common architecture
DATA
SOURCE
logstash
ES
Node
Kibana 4

10. Log collection

11. Linux
rsyslog1
logstash
ES
Node
Kibana 4
rsyslog2
rsyslogN
ES
Node
ES
Node

12. Windows
Windows 1
NXLog
logstash
ES
Node
Kibana 4
Windows 2
NXLog
Windows n
NXLog
ES
Node
ES
Node

13. IDS System: Suricata
OpenSource IDS & IPS System like snort
Can sniff, analize and trasparent edit traffic
Also detect network attack, and defend network
from it.
Like very powerfull firewall

14. IDS
IDS 1
logstash
ES
Node
Kibana 4
IDS 2
ES
Node
ES
Node