{"id":19846108,"url":"https://github.com/oflore12/elk-stack-deployment","last_synced_at":"2026-03-05T06:31:04.337Z","repository":{"id":92702194,"uuid":"363416629","full_name":"oflore12/ELK-Stack-Deployment","owner":"oflore12","description":"Elk/Github Fundamentals","archived":false,"fork":false,"pushed_at":"2024-07-24T19:40:13.000Z","size":3424,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-28T22:51:54.877Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/oflore12.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-05-01T13:28:13.000Z","updated_at":"2024-07-24T19:40:18.000Z","dependencies_parsed_at":"2024-11-12T13:10:30.104Z","dependency_job_id":"a28d7c8c-117f-4073-9350-c8eb86b24e55","html_url":"https://github.com/oflore12/ELK-Stack-Deployment","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/oflore12/ELK-Stack-Deployment","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oflore12%2FELK-Stack-Deployment","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oflore12%2FELK-Stack-Deployment/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oflore12%2FELK-Stack-Deployment/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oflore12%2FELK-Stack-Deployment/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/oflore12","download_url":"https://codeload.github.com/oflore12/ELK-Stack-Deployment/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/oflore12%2FELK-Stack-Deployment/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30112218,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-05T03:40:26.266Z","status":"ssl_error","status_checked_at":"2026-03-05T03:39:15.902Z","response_time":93,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-12T13:10:27.592Z","updated_at":"2026-03-05T06:31:04.301Z","avatar_url":"https://github.com/oflore12.png","language":null,"readme":"## Automated ELK Stack Deployment\n\nThe files in this repository were used to configure the network depicted below.\n \n![TODO: Path with the name of diagram](Images/Project1.png)\n\nThese files have been tested and used to generate a live ELK deployment on Azure. They can be used to recreate the entire deployment pictured above. Alternatively, select portions of the YML file may be used to install only certain components, such as Filebeat.\n\nFiles:\n- [install-elk](https://github.com/oflore12/ELK-Stack-Deployment/blob/main/Ansible/install-elk.yml)\n- [filebeat-playbook](https://github.com/oflore12/ELK-Stack-Deployment/blob/main/Ansible/filebeat-playbook.yml)\n- [metricbeat-playbook](https://github.com/oflore12/ELK-Stack-Deployment/blob/main/Ansible/metricbeat-playbook.yml)\n\nThis document contains the following details:\n- Description of the Topology\n- Access Policies\n- ELK Configuration\n   - Beats in Use\n   - Machines Being Monitored\n- How to Use the Ansible Playbook\n\n\n### Description of the Topology\nThe main purpose of this network is to expose a load-balanced and monitored instance of DVWA, the D*mn Vulnerable Web Application.\n\nLoad balancing ensures that the application is highly efficient and helps to mitigate DoS attacks on the network.\n\nThe load balancer protects the availability aspect of security by ensuring that traffic is distributed across multiple servers and by mitigating DoS attacks. Some advantages of having a jump-box include the added layer of security for anyone trying to access the servers directly and easier manipulation and configuration of all servers.\n\nIntegrating an ELK server allows users to easily monitor the vulnerable VMs for changes to the jump-box and system networks.\n- What does Filebeat watch for?\n   - Filebeat collects data about the file system. The log files collected are from those generated by Apache, Microsoft Azure tools, the Nginx web server, and MySQL databases.\n- What does Metricbeat record?\n   - Metricbeat collects machine metrics, such as uptime.\n\nThe configuration details of each machine may be found below.\n\n| Name     | Function  | IP Address | Operating System |\n|----------|-----------|------------|------------------|\n| Jump Box | Gateway   | 10.0.0.4   | Linux            |\n| Web-1    | Server    | 10.0.0.5   | Linux            |\n| Web-2    | Server    | 10.0.0.6   | Linux            |\n| ElkVM    |Log Server | 10.1.0.4   | Linux            |\n\n### Access Policies\nThe machines on the internal network are not exposed to the public Internet. Only the ElkVM machine can accept connections from the Internet. Access to this machine is only allowed from the following IP address: 73.212.151.158.\n\nMachines within the network can only be accessed by the jump-box-provisioner. The machines allowed access to the ELK VM are the private workstation with IP address 73.212.151.158 and the jump-box with IP address 10.0.0.4.\n\nA summary of the access policies in place can be found in the table below:\n\n| Name     | Publicly Accessible | Allowed IP Addresses    |\n|----------|---------------------|-------------------------|\n| Jump Box | Yes                 | 73.212.151.158          |\n| Web-1    | No                  | 10.0.0.4                |\n| Web-2    | No                  | 10.0.0.4                |\n| ElkVM    | Yes                 | 73.212.151.158,10.0.0.4 |\n|Load Balancer| Yes              | Any                     |\n\n### Elk Configuration\nAnsible was used to automate the configurations of the ELK machine. No configuration was performed manually, which is advantageous due to its flexibility. Using an Ansible playbook allows for customized configuration based on the server's needs.\n\nThe playbook implements the following tasks:\n- Install Docker\n- Install python3-pip\n- Install Docker modules\n- Increase virtual memory\n- Use more memory\n- Download and launch the Docker ELK container\n- Enable service on boot\nThe following screenshot displays the result of running docker ps after successfully configuring the ELK instance:\n\n![docker ps image](Images/sebp_dockerRunning.png)\n\n### Target Machines \u0026 Beats\nThis ELK server is configured to monitor the following machines:\n- 10.0.0.5\n- 10.0.0.6\n\nWe have installed the following Beats on these machines:\n- Filebeat\n- Metricbeat\n\nThese Beats collect the following information from each machine:\n- Filebeat logs information about the file system, specifically which files have been changed and when.\n- Metricbeat collects metrics from the system and the services running on each server.\n\n### Using the Playbook\nTo use the playbook, you need to have an Ansible control node already configured. Assuming you have such a control node provisioned, follow these steps:\n\n- SSH into the control node.\n- Copy the `filebeat-config.yml` file to the files directory.\n- Update the `filebeat-config.yml` file to include the IP address of the ELK VM.\n- Run the playbook and navigate to Kibana to check that the installation worked as expected.\n\nThe file of playbook is `/etc/ansible/files/filebeat-config.yml` and the file gets copied to `/etc/filebeat/filebeat.yml`\n\nTo update Ansible to run the playbook on a specific machine, edit **filebeat-playbook.yml**. Specify the `hosts` to install the playbook at the beginning of the YML document. Adding `webservers` ensures that the playbook is installed on the web-1 and web-2 servers. To add the ELK machine, add `elk`.\n\n\nTo add a `group`, edit the host file and add the IP address of the machine to the group.\n\n- The URL to check that the ELK-Server is running is:\n   - http://[ELK_MACHINE_PUBLIC_IP_ADDRESS]/app/kibana\n     - (e.g., http://52.188.19.173:5601/app/kibana).\n\n**NOTE:** Update [ELK_MACHINE_PUBLIC_IP_ADDRESS] with your ELK machine's public IP address.\n\n### Bonus: Specific s\nTo download the playbook and update the files, run the following commandss:\n- command: `curl https://gist.githubusercontent.com/slape/5cc350109583af6cbe577bbcc0710c93/raw/eca603b72586fbe148c11f9c87bf96a63cb25760/Filebeat \u003e filebeat-config.yml`\n- command: `nano filebeat-config.yml`\n- update the following lines to include the ELK server IP\n  - `hosts: [\"10.1.0.4:9200\"]` (change line #1106)\n  - `host: \"10.1.0.4:5601\"`(line #1806)\n- command: `nano filebeat-playbook.yml`\n- [Use this yml file to create the filebeat playbook](https://github.com/oflore12/ELK-Stack-Deployment/blob/main/Ansible/filebeat-playbook.yml)\n- save the file\n- command: `ansible-playbook filebeat-playbook.yml`\n\n### Photos\n- Successful Filebeat playbook\n  ![photo of successful filebeat playbook](Images/filebeat-playbook-ansible.png)\n\n- URL used to check if Filebeat is working properly\n  ![photo of filebeat playbook on kibana](Images/kibana1.png)\n\n- Logs reported by the Filebeat playbook\n  ![photo of filebeat logs](Images/kibana2.png)\n\n- Syslog events reported by Filebeat\n  ![photo of successfull filebeat playbook](Images/kibana3.png)\n\nRepeat the steps for Metricbeat using the following URL for the curl : `curl https://gist.githubusercontent.com/slape/58541585cc1886d2e26cd8be557ce04c/raw/0ce2c7e744c54513616966affb5e9d96f5e12f73/metricbeat`\n\n[This project was worked on during enrollment to GW Cybersecurity Boot Camp Program 2021]\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foflore12%2Felk-stack-deployment","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Foflore12%2Felk-stack-deployment","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Foflore12%2Felk-stack-deployment/lists"}