So I've been given a task to monitor a whole lot of logs of some servers (whole university ~ 10+ departments). The technologies are diverse so I'm cramming everything into elasticsearch via logstash (and filebeat), viewing it into kibana. Any recommendations for what should be the 'useful' stuff to be viewed into dashboard? I guess:
- Overall traffic wtih respect to previous days/weeks
- Most viewed domains
- 200
- 404
- 503
- Failed logins?
- Dropped connections?
- Critical-load of systems? 90%+

  • 1
    Shutdowns (if they happen)
    Program installs/uninstalls (logwatch does the job ;))
    Maybe file changes?
    List of open ports?
  • 1
    Well, you are doing the right thing. What reports to give, should come from professor / manager. As long g as it's in ES, you've done well
Add Comment