Marc Smeets

Thanks, this is something we can work with. A few quick questions: 1. In the webserver.log I see a lot of URIs, but none of them relate to the data...

Ah great, thanks for clearing up the terminal/tmux setup! I believe I understand enough to get going. Few remaining things: 1. the "�[0m", "�[92m" thing is important to understand. Filebeat...

Are these colouring characters really present in the raw log file, or is this an interpretation by Jimmy's terminal. Jikes, server time... Any way to make that UTC? Clear on...

Thanks for the offer! The roadmap to have this included is listed above (https://github.com/outflanknl/RedELK/issues/22#issuecomment-586966496). Looking at my agenda for the next 1-2 weeks I don't see enough time to have...

For the record (I previously commented on the PR not on the issue, my bad): I've included the pull request into the maindev branch that will become version2 in the...

Gents, gentle request to test with latest RedELK version 2 BETA 1 release. There was significant overhauling of field names. We believe we got them all. But it couldn't hurt...

Yes I agree that the logging is not that helpful. I just changed this a bit in commit 4a71fc7d0ab6bdb99f8b1d20b72ef255d44ab427 (not part of a new beta release yet) That having said,...

fyi, the v2.0.0-beta.3 release is out. This release has the elkserver side entirely overhauled into a docker-compose setup. Should make your life easier (although its still is beta, )

Better use the latest release, beta3 in this case. Also, in your case as you are developing, you may want to pass the dev parameter to the install-elkserver.sh script. This...

The question is what do we check and compare to the blacklist. Right now, RedELK has no clear view on what IPs are part of the red team infra, e.g....