Abstract: A centralized logging system for collection, aggregation, monitoring and analysis of log data from various data points leveraging open-source Elasticsearch (ELK) stack. ELK is comprised of three different tools Elasticsearch, Logstash, and Kibana.  We are developing easily deployable automation script to remotely install required monitoring tools on endpoints. Tool offers Host Intrusion Detection System (HIDS) with threat hunting capabilities using Wazuh and Network Intrusion Detection System (NIDS) capabilities using Suricata, Zeek, and Snort. We are using machine learning models for threat detection. It comes with various deployment options (on-prem/cloud). Offering functionality to develop custom monitoring rules based on various signature heuristics. Because of the capabilities we are offering and the fact that storage is the only charge, it is a more cost-effective replacement for current systems.

Keywords: Elasticsearch stack (ELK stack), Network Intrusion Detection System (NIDS), Network Intrusion Detection System (NIDS), Firewall


Downloads: PDF | DOI: 10.17148/IJARCCE.2024.13608

How to Cite:

[1] Amit Patne, Soham Sabale, Lokesh Mane, Anurag Sagare, Deep Palekar, Pranali Tilak, Tarannum Sayyad, "Centralized IT Logging System," International Journal of Advanced Research in Computer and Communication Engineering (IJARCCE), DOI: 10.17148/IJARCCE.2024.13608

Open chat
Chat with IJARCCE