[BBLISA-announce] September BBLISA meeting: Trying to Outpace Log Collection with ELK

John P. Rouillard rouilj at cs.umb.edu
Sat Dec 20 21:29:24 EST 2014


Hello all:

Our September speaker is Neil Schelly from Dyn talking about
the work he is doing to centralizing log data with the ELK
stack: Elasticsearch, Logstash, and Kibana.

So plan on attending:

  Trying to Outpace Log Collection with ELK

tonight Wednesday, September 10, 2014 at 7PM. Room MIT E-51, Room 149.

This talk will detail the adventures of centralizing log data with the
ELK stack: Elasticsearch, Logstash, and Kibana. We wanted to
centralize logs from many very separate networks because it's a really
good idea to look at logs more than you probably are. The adventures
in this project include building concurrent prototypes with Logstash,
Graylog2, and Splunk. There's a bit of layer 7 routing and buffering
with RabbitMQ. I might get a bit DevOps-y in the description of using
Chef to deploy all the systems in this project. And finally, there are
some lessons learned about running distributed magical databases like
ElasticSearch in Amazon AWS. tldr; Lots of stuff only breaks when it
gets big enough to break.

Neil Schelly has been a sysadmin, developer, or consultant for most of
the last 20 years. Currently, he's a Principle Security Administrator
at Dyn, Inc in Manchester, NH. Lately, there's been more of a
security, auditing, and monitoring focus to the projects he is working
on.

I hope to see you there.

--
				-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.



More information about the bblisa-announce mailing list