aws: What is the difference between Container Insights and ELK (Elasticsearch)?

To my knowledge, both Container Insights and managed ELK (Elasticsearch) are AWS services designed to record / monitor EKS. My question is, why would I choose to go with one over the other? It seems that Container Insights would be easier to manage and possibly less expensive, but I would like to hear from those who have really worked with both services.

dnd 5e: Can an elk make an attack of opportunity with his hooves when an adjacent creature rises from being prone?

The rule book says that an attack of opportunity can be made against an enemy that leaves reach zone without disconnecting. My thinking is kind of reminiscent of the old wording "leaving a threatened area ", but anyway, here it is:

The description of the "hoof" attack action is as follows:

Hooves Melee weapon attack: +5 to hit, reach 5 feet, a prone creature. Impact: 8 (2d4 + 3) blunt damage.

(emphasis added; quotation slightly modified for clarity)

Technically, could the hoof attack range be considered 5 feet of ground, causing a standing character with 5 feet of a moose's hoof to fire an attack of opportunity?


Note: this question is not a duplicate. It is specific to the Hooves attack that has a very limited use. The target must be pointed and within 5 feet. This question is not about "how to make an attack of opportunity", but rather IF it can be done with a hoof attack under certain conditions.

Kafka mirror for aggregation of records at AWS ELK facilities

I need to pump all my records to AWS ELK from local servers (via direct connection). For that I will use Kafka to store messages. We are planning to apply the QoS rules and ensure that these log messages consume a given percentage of the network bandwidth (to avoid affecting the other important messages; it is okay to have some delay in the synchronization of the log between the facilities and AWS ), therefore, I am thinking of having a Kafka mirror between the facilities and AWS to allow log messages to synchronize slowly with the given bandwidth

My question is whether it is a good idea to use a Kafka mirror for this. Is that an exaggeration?

Appreciate any comments about the overall architecture too

Thank you

Email: how to detect strange behaviors in the network through SIEM compilation (ELK + PFSENE + Zeek / bro)

Finally I managed to build SIEM in my lap. I receive records of all the machines in my network, including network traffic.
I wonder how I can control if an employee sends private data by email. or share confidential data on different networks? or an insecure network?

I want to create an alert when this happens.
I am using BRO as IDS and ELK to filter, store and visualize.
I'm not so sure where to start.

ELK – web page load time

I need to do an analysis on the web pages stored on the httpd server, I am using ELK with filebeat and metricbeat but I can't find any way to display the page load time in kibana.

Is there any way to do that with ELK or not?

Thank you.

ubuntu – How to configure ELK on one server and Filebeat on another server?

I have 2 servers with Ubuntu 18.04:

  • tracking.example.com with ELK
  • www.example.com with my production site and Filebeat

Here is the configuration of the ELK server:

https://docs.google.com/document/d/15B5m3fsjoWTe1F4ZnurpMo-mJ_nRBGbZKcxCsRRcE6o/edit

https://pastebin.com/Bnz0bbMr

Here is the Filebeat server configuration:

https://docs.google.com/document/d/1uP4m5PBKiO2VD5oskJKYQ4OlKg24SICbBxjfhicVXx4/edit

https://pastebin.com/C2cz6RVa

Here is the result when I test the port:

https://pastebin.com/JyuKWWCp

How to configure ELK on one server and Filebeat on another server?

ubuntu – How to configure mutual SSL authentication between an ELK server (Logstash) and a remote Filebeat server?

I have 2 servers with Ubuntu 18.04:

  • Monitoring.example.com (with ELK on a single server)
  • www.example.com (with Filebeat)

Here is the configuration file /etc/logstash/conf.d/logstash.conf on the Monitoring.example.com server:

entry {
beats {
Port => 5044
}
}
exit {
elasticsearch {
hosts => ["localhost:9200"]
    manage_template => false
index => "% {[@metadata][beat]} -% {[@metadata][version]} -% {+ YYYY.MM.dd} "
}
}

Here is the configuration file /etc/filebeat/filebeat.yml on the server www.example.com:

# ----------------------------- Logstash output ----------------- - --------------
output.logstash:
# The hosts of logstash
Hosters: ["monitoring.example.com:5044"]

  # SSL optional. By default it is deactivated.
# List of root certificates for HTTPS server verifications
# ssl.certificate_authorities: ["/etc/ca.crt"]

  # Certificate for SSL client authentication
# ssl.certificate: "/etc/client.crt"

# Client certificate key
# ssl.key: "/etc/client.key"

Currently ELK works and receives the files of Filebeat. But the exchanges are not safe.

How to configure mutual SSL authentication between an ELK server (Logstash) and a remote Filebeat server?

I found this documentation:

https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ssl-logstash.html

But, how to create the certificates and on what server should I create them?

TO UPDATE

I started changing my settings, but I am waiting for an answer to generate the certificates.

Here is the configuration file /etc/logstash/conf.d/logstash.conf on the Monitoring.example.com server:

entry {
beats {
Port => 5044
ssl => true
ssl_certificate_authorities => ["/etc/ca.crt"]
    ssl_certificate => "/etc/server.crt"
ssl_key => "/etc/server.key"
ssl_verify_mode => "force_peer"
}
}
exit {
elasticsearch {
hosts => ["localhost:9200"]
    manage_template => false
index => "% {[@metadata][beat]} -% {[@metadata][version]} -% {+ YYYY.MM.dd} "
}
}

Here is the configuration file /etc/filebeat/filebeat.yml on the server www.example.com:

# ----------------------------- Logstash output ----------------- - --------------
output.logstash:
# The hosts of logstash
Hosters: ["monitoring.example.com:5044"]

  # SSL optional. By default it is deactivated.
# List of root certificates for HTTPS server verifications
ssl.certificate_authorities: ["/etc/ca.crt"]

  # Certificate for SSL client authentication
ssl.certificate: "/etc/client.crt"

# Client certificate key
ssl.key: "/etc/client.key"

logstash – Pm2, Nginx registers in ELK with filebeat and logstatsh

I have a single elk in which I want the pm2 and nginx records to be inserted.

For nginx I followed the following tutorial worked perfectly.

[https://pawelurbanek.com/elk-nginx-logs-setup][1]

Now my question is of a single server where the registers pm2 and nginx are located, how to send the registers pm2 together with nginx and how to separate them with the index in ELasticsearch.

Please, give me some ideas.

I searched the internet but I could not find a useful resource.