\u05e2\u05dc \u05de\u05e0\u05ea \u05dc\u05d4\u05ea\u05e7\u05d9\u05df \u05d0\u05ea Elasticsearch, Logstash, Kibana \u05d5\u05dc\u05e9\u05dc\u05d5\u05d7 \u05dc\u05d5\u05d2\u05d9\u05dd \u05de-Windows \u05e2\u05dc \u05d1\u05e1\u05d9\u05e1 NXLOG \u05d5-Sysmon \u05d9\u05e9 \u05dc\u05d1\u05e6\u05e2 \u05d0\u05ea \u05d4\u05e9\u05dc\u05d1\u05d9\u05dd \u05d4\u05d1\u05d0\u05d9\u05dd:<\/p>\n
# On a fresh Ubuntu 16.04 server VM with at least 4GB RAM
\n# Refresh the APT cache
\nsudo apt-get update<\/p>\n
# Install default Java runtime
\nsudo apt-get install default-jre<\/p>\n
# Download all the components
\nwget\u00a0https:\/\/artifacts.elastic.co\/downloads\/logstash\/logstash-5.5.0.deb
\nwget\u00a0https:\/\/artifacts.elastic.co\/downloads\/elasticsearch\/elasticsearch-5.5.0.deb
\nwget\u00a0https:\/\/artifacts.elastic.co\/downloads\/kibana\/kibana-5.5.0-amd64.deb<\/p>\n
# Install all components
\nsudo dpkg -i\u00a0logstash-5.5.0.deb
\nsudo dpkg -i\u00a0elasticsearch-5.5.0.deb
\nsudo dpkg -i\u00a0kibana-5.5.0-amd64.deb<\/p>\n
# Configure kibana to listen on 0.0.0.0 (all interfaces)
\n# Replace the line '#server: "localhost"' to 'server: "0.0.0.0"'
\nsudo nano \/etc\/kibana\/kibana.yml<\/p>\n
# Enable services
\nsudo systemctl enable\u00a0kibana
\nsudo systemctl enable elasticsearch
\nsudo systemctl enable logstash<\/p>\n
# Configure logstash to listen on 5555\/tcp
\necho '
\ninput {
\ntcp {
\nport => 5555
\n}
\n}
\noutput {
\nelasticsearch {
\n}
\n}' | sudo tee \/etc\/logstash\/conf.d\/logstash.config<\/p>\n
# On a fresh Windows machine download and install NXLOG –\u00a0https:\/\/nxlog.co\/system\/files\/products\/files\/1\/nxlog-ce-2.9.1716.msi
\n# Configure NXLOG by writing the following into the C:\\Program Files (x86)\\nxlog\\conf\\nxlog.conf file:<\/p>\n
## This is a sample configuration file. See the nxlog reference manual about the
\n## configuration options. It should be installed locally and is also available
\n## online at http:\/\/nxlog.org\/docs\/<\/p>\n
## Please set the ROOT to the folder your nxlog was installed into,
\n## otherwise it will not start.<\/p>\n
define ROOT C:\\Program Files\\nxlog
\n#define ROOT C:\\Program Files (x86)\\nxlog<\/p>\n
Moduledir %ROOT%\\modules
\nCacheDir %ROOT%\\data
\nPidfile %ROOT%\\data\\nxlog.pid
\nSpoolDir %ROOT%\\data
\nLogFile %ROOT%\\data\\nxlog.log<\/p>\n
<Extension _syslog>
\nModule xm_syslog
\n<\/Extension><\/p>\n
<Input in>
\nModule im_msvistalog
\n# For windows 2003 and earlier use the following:
\n# Module im_mseventlog
\n<\/Input><\/p>\n
<Output out>
\nModule om_tcp
\nHost 192.168.243.128
\nPort 5555
\n# Exec to_syslog_snare();
\n<\/Output><\/p>\n
<Route 1>
\nPath in => out
\n<\/Route><\/p>\n
# Start the nxlog service via services.msc<\/p>\n
\u05e7\u05d9\u05e9\u05d5\u05e8\u05d9\u05dd \u05e9\u05d9\u05de\u05d5\u05e9\u05d9\u05d9\u05dd:<\/p>\n
https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/output-plugins.html<\/a> – \u05e4\u05d9\u05e8\u05d5\u05d8 \u05dc\u05d2\u05d1\u05d9 \u05d4-Output plugins \u05e9-Logstash \u05de\u05db\u05d9\u05e8<\/p>\n https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/input-plugins.html<\/a> – \u05e4\u05d9\u05e8\u05d5\u05d8 \u05dc\u05d2\u05d1\u05d9 \u05d4-Input plugins \u05e9-Logstash \u05de\u05db\u05d9\u05e8<\/p>\n