- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
How to install and use Plaso with Elasticsearch, Kibana and Logstash - Part 1
Big thanks to the Plaso and Elasticsearch, Kibana and Logstash developers for making this great software available for free!
Below you will find the all commands used in the video.
Enjoy.
------------------------------------------------------------------------------------
Hi and welcome to this video tutorial series on how to install and use Plaso together with Elasticsearch and Kibana. Plaso in combination with Elasticsearch and Kibana enables us to do advanced computer forensics timeline analysis. We use Plaso for extracting timestamps of computer systems. Then we use Elasticsearch and Kibana to search through, visualize and analyze the extracted data. It is an amazingly powerful combination for computer forensics purposes!
In this first video I will demonstrate you how to install all the necessary software to get up and running. Let’s get started!
In my opinion, the easiest way to install and use Plaso, Elasticsearch and Kibana is to use Ubuntu version 14.04 as your operating system. So for this example I will use a VMWare Virtual Machine running Ubuntu 14.04 server edition.
To be able to run Elasticsearch and Kibana we need to install Oracle Java 8.
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer
Install Plaso
sudo add-apt-repository ppa:gift/stable
sudo apt-get update
sudo apt-get install python-plaso
sudo apt-get install python-pip
sudo pip install pyelasticsearch
Let’s check if everything is properly installed by running the following commands:
log2timeline.py –V
This should show you the Plaso version, currently being 1.4.0. Second
psort.py –o list
This should show you the option to output to Elasticsearch in the output modules section.
For the current tutorial I will be demonstrating you how to use the Elastic output module and therefore we will Install and use ELasticsearch 1.7 and Kibana 4.1.
Lets install Elasticsearch.
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb http://packages.elastic.co/elasticsearch/1.7/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-1.7.list
sudo apt-get update && sudo apt-get install elasticsearch
sudo update-rc.d elasticsearch defaults 95 10
sudo service elasticsearch start
cd
wget https://download.elastic.co/kibana/kibana/kibana-4.1.6-linux-x64.tar.gz
tar -xvf kibana-4.1.6-linux-x64.tar.gz
sudo mv kibana-4.1.6-linux-x64 /opt/kibana
cd
wget https://raw.githubusercontent.com/rlwmmw/kibana-4.2-init/master/etc/init.d/kibana
change the program path in the script to /opt/kibana/bin
sudo vim kibana
sudo mv kibana /etc/init.d/kibana
sudo chmod +x /etc/init.d/kibana
sudo update-rc.d kibana defaults 96 9
sudo service kibana start
Now to check if everything is running as it should open a web browser and surf to http://yourvmip:5601
You should see the Kibana start screen.
That was it! We finished the first part.
In the next tutorial I will demonstrate you guys on how to use Plaso and output it to Elasticsearch so we can do some great timeline analysis in Kibana.
Thanks for watching!
------------------------------------------------------------------------------------
Видео How to install and use Plaso with Elasticsearch, Kibana and Logstash - Part 1 канала Digital Forensics NL
Below you will find the all commands used in the video.
Enjoy.
------------------------------------------------------------------------------------
Hi and welcome to this video tutorial series on how to install and use Plaso together with Elasticsearch and Kibana. Plaso in combination with Elasticsearch and Kibana enables us to do advanced computer forensics timeline analysis. We use Plaso for extracting timestamps of computer systems. Then we use Elasticsearch and Kibana to search through, visualize and analyze the extracted data. It is an amazingly powerful combination for computer forensics purposes!
In this first video I will demonstrate you how to install all the necessary software to get up and running. Let’s get started!
In my opinion, the easiest way to install and use Plaso, Elasticsearch and Kibana is to use Ubuntu version 14.04 as your operating system. So for this example I will use a VMWare Virtual Machine running Ubuntu 14.04 server edition.
To be able to run Elasticsearch and Kibana we need to install Oracle Java 8.
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer
Install Plaso
sudo add-apt-repository ppa:gift/stable
sudo apt-get update
sudo apt-get install python-plaso
sudo apt-get install python-pip
sudo pip install pyelasticsearch
Let’s check if everything is properly installed by running the following commands:
log2timeline.py –V
This should show you the Plaso version, currently being 1.4.0. Second
psort.py –o list
This should show you the option to output to Elasticsearch in the output modules section.
For the current tutorial I will be demonstrating you how to use the Elastic output module and therefore we will Install and use ELasticsearch 1.7 and Kibana 4.1.
Lets install Elasticsearch.
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb http://packages.elastic.co/elasticsearch/1.7/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch-1.7.list
sudo apt-get update && sudo apt-get install elasticsearch
sudo update-rc.d elasticsearch defaults 95 10
sudo service elasticsearch start
cd
wget https://download.elastic.co/kibana/kibana/kibana-4.1.6-linux-x64.tar.gz
tar -xvf kibana-4.1.6-linux-x64.tar.gz
sudo mv kibana-4.1.6-linux-x64 /opt/kibana
cd
wget https://raw.githubusercontent.com/rlwmmw/kibana-4.2-init/master/etc/init.d/kibana
change the program path in the script to /opt/kibana/bin
sudo vim kibana
sudo mv kibana /etc/init.d/kibana
sudo chmod +x /etc/init.d/kibana
sudo update-rc.d kibana defaults 96 9
sudo service kibana start
Now to check if everything is running as it should open a web browser and surf to http://yourvmip:5601
You should see the Kibana start screen.
That was it! We finished the first part.
In the next tutorial I will demonstrate you guys on how to use Plaso and output it to Elasticsearch so we can do some great timeline analysis in Kibana.
Thanks for watching!
------------------------------------------------------------------------------------
Видео How to install and use Plaso with Elasticsearch, Kibana and Logstash - Part 1 канала Digital Forensics NL
Комментарии отсутствуют
Информация о видео
31 марта 2016 г. 0:56:16
00:08:15
Другие видео канала
