document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #26164 from geekpi/translating

Browse Source 
Translating
This commit is contained in:
geekpi 2022-06-22 08:43:42 +08:00 committed by GitHub
commit 01475445cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 144 additions and 142 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sources/tech/20210809 How to Enable Minimize, Maximize Window Buttons in elementary OS.md
View File

@ -2,7 +2,7 @@
[#]: via: "https://www.debugpoint.com/2021/08/enable-minimize-maximize-elementary/"
[#]: author: "Arindam https://www.debugpoint.com/author/admin1/"
[#]: collector: "lkxed"
[#]: translator: " "
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "

141
sources/tech/20220607 Integrating Zeek with ELK Stack.md
View File

@ -1,141 +0,0 @@
[#]: subject: "Integrating Zeek with ELK Stack"
[#]: via: "https://www.opensourceforu.com/2022/06/integrating-zeek-with-elk-stack/"
[#]: author: "Tridev Reddy https://www.opensourceforu.com/author/tridev-reddy/"
[#]: collector: "lkxed"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
Integrating Zeek with ELK Stack
======
Zeek is an open source network security monitoring tool. This article discusses how to integrate Zeek with ELK.
![Integrating-Zeek-with-ELK-Stack-Featured-image][1]
In the article titled Network Security Monitoring Made Easy with Zeek published in the March 2022 edition of this magazine, we looked into the capabilities of Zeek and learned how to get started with it. We will now take our learning experience a bit further and see how to integrate it with ELK (also know as Elasticsearch, Kibana, Beats, and Logstash).
For this, we will use a tool called Filebeat, which monitors, collects and forwards the logs to Elasticsearch. We will configure Filebeat with Zeek, so that the data collected by the latter will be forwarded and centralised in our Kibana dashboard.
### Installing Filebeat
Lets first set up Filebeat with Zeek. To install Filebeat using *apt*, give the following command:
```
sudo apt install filebeat
```
Next, we need to configure the *.yml* file, which is present in the etc*/filebeat/* folder:
```
sudo nano /etc/filebeat/filebeat.yml
```
We need to configure only two things here. In the *Filebeat* Input section, change the type to log and uncomment the *enabled*: false and change it to true. We also need to specify the path of where the logs are stored, i.e., we need to specify */opt/zeek/logs/current/*.log*
Once this is done, the first part of the settings should look similar to whats shown in Figure 1.
![Figure 1: Filebeat config (a)][2]
The second thing to be changed in the Elasticsearch output section is under *Outputs.* Uncomment the output.elasticsearch and hosts. Make sure the URL of the host and port number are similar to what you configured while installing ELK. We kept it as localhost with port number 9200.
In the same section, uncomment the user name and password at the bottom, and enter the user name and password of the elastic user that you generated while configuring ELK after installation. Once this is done, refer to Figure 2 and check the settings.
![Figure 2: Filebeat config (b)][3]
Now that we have completed installing and configuring , we need to configure Zeek so that it stores the logs in JSON format. For that, ensure your Zeek instance is stopped. If its not, execute the command given below to stop it:
```
cd /opt/zeek/bin
./zeekctl stop
```
Now we need to add a small line in the local.zeek, which is present in the *opt/zeek/share/zeek/site/* directory.
Open the file as root and add the following line:
```
@load policy/tuning/json-logs.zeek
```
Refer to Figure 3 and make sure the settings are done correctly.
![Figure 3: local.zeek file][4]
As we have changed a few configurations of Zeek, we need to re-deploy it, which can be done by executing the following command:
```
cd /opt/zeek/bin
./zeekctl deploy
```
Now we need to enable the Zeek module in Filebeat so that it forwards the logs from Zeek. Execute the following command:
```
sudo filebeat modules enable zeek
```
We are almost ready; in the last step, configure the *zeek.yml* file to mention what type of data is to be logged. This can be done by modifying the */etc/filebeat/modules.d/zeek.yml* file.
In this *.yml file*, we must mention the directory where these specified logs are stored. We know that the logs are stored in the current folder, which has several files like *dns.log*, *conn.log, dhcp.log,* and many more. We need to mention each path in each section. You can leave unwanted files by changing the enabled value to false, if and only if you dont want logs from that file/program.
For example, for *dns*, make sure the enabled value is true and the path is mentioned as:
```
var.paths: [ “/opt/zeek/logs/current/dns.log”, “/opt/zeek/logs/*.dns.json” ]
```
Repeat this for the rest of the files. We did this for a few that we needed. We added everything that was mainly required. You can do the same. Refer to Figure 4.
![Figure 4: zeek.yml configuration][5]
Now its time to start the Filebeat. Execute the following commands:
```
sudo filebeat setup
sudo service filebeat start
```
Now that everything is done, lets move to our Kibana dashboard and check whether we are receiving the data from Zeek via Filebeat or not.
![Figure 5: Dashboard of Kibana (Destination Geo)][6]
Navigate to the dashboard; you can see a clear statistical analysis of the data it has captured (Figure 5 and Figure 6).
![Figure 6: Dashboard of Kibana (Network)][7]
Now lets move to the Discover tab and check the results by filtering using the query:
```
event.module: “zeek”
```
This query will filter all the data it received in a certain time and show us only the data from the module named Zeek (Figure 7).
![Figure 7: Filtered data by event.module query][8]
### Acknowledgements
*The authors are grateful to Sibi Chakkaravarthy Sethuraman, Sudhakar Ilango, Nandha Kumar R. and Anupama Namburu at the School of Computer Science and Engineering, VIT-AP for their continuous guidance and support. A special thanks to the Center for Excellence in Artificial Intelligence and Robotics (AIR).*
--------------------------------------------------------------------------------
via: https://www.opensourceforu.com/2022/06/integrating-zeek-with-elk-stack/
作者:[Tridev Reddy][a]
选题:[lkxed][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.opensourceforu.com/author/tridev-reddy/
[b]: https://github.com/lkxed
[1]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Integrating-Zeek-with-ELK-Stack-Featured-image.jpg
[2]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-1-Filebeat-config-a.jpg
[3]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-2-Filebeat-config-b.jpg
[4]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-3-local.zeek-file-1.jpg
[5]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-4-zeek.yml-configuration.jpg
[6]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-5-Dashboard-of-Kibana-Destination-Geo.jpg
[7]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-6-Dashboard-of-Kibana-Network-1.jpg
[8]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-7-Filtered-data-by-event.jpg

143
translated/tech/20220607 Integrating Zeek with ELK Stack.md Normal file
View File

@ -0,0 +1,143 @@
[#]: subject: "Integrating Zeek with ELK Stack"
[#]: via: "https://www.opensourceforu.com/2022/06/integrating-zeek-with-elk-stack/"
[#]: author: "Tridev Reddy https://www.opensourceforu.com/author/tridev-reddy/"
[#]: collector: "lkxed"
[#]: translator: "geekpi"
[#]: reviewer: " "
[#]: publisher: " "
[#]: url: " "
将 Zeek 与 ELK 栈集成
======
Zeek 是一个开源的网络安全监控工具。本文讨论了如何将 Zeek 与 ELK 集成。
![Integrating-Zeek-with-ELK-Stack-Featured-image][1]
在本杂志 2022 年 3 月版发表的题为“用 Zeek 轻松实现网络安全监控”的文章中,我们研究了 Zeek 的功能,并学习了如何开始使用它。现在我们将把我们的学习经验再进一步,看看如何将其与 ELK也称为 Elasticsearch、Kibana、Beats 和 Logstash整合。
为此,我们将使用一个叫做 Filebeat 的工具,它可以监控、收集并转发日志到 Elasticsearch。我们将把 Filebeat 和 Zeek 配置在一起,这样后者收集的数据将被转发并集中到我们的 Kibana 仪表盘上。
### 安装 Filebeat
让我们首先将 Filebeat 与 Zeek 安装在一起。使用 *apt* 来安装 Filebeat使用以下命令
```
sudo apt install filebeat
```
接下来,我们需要配置 *.yml* 文件,它位于 /etc*/filebeat/* 文件夹中:
```
sudo nano /etc/filebeat/filebeat.yml
```
我们只需要在这里配置两件事。在 *Filebeat* 输入部分,将类型改为 log并取消对 *enabled*:false 的注释,将其改为 true。我们还需要指定存储日志的路径也就是说我们需要指定*/opt/zeek/logs/current/\*.log*。
完成这些后,设置的第一部分应该类似于图 1 所示的内容。
![Figure 1: Filebeat config (a)][2]
在 Elasticsearch 输出部分,第二件要修改的事情是在 *Outputs*下,取消对 output.elasticsearch 和 hosts 的注释。确保主机的 URL 和端口号与你安装 ELK 时配置的相似。我们把它保持为 localhost端口号为 9200。
在同一部分中,取消底部的用户名和密码,输入安装后配置 ELK 时生成的弹性用户的用户名和密码。完成这些后,参考图 2检查设置。
![Figure 2: Filebeat config (b)][3]
现在我们已经完成了安装和配置,我们需要配置 Zeek使其以 JSON 格式存储日志。为此,确保你的 Zeek 实例已经停止。如果没有,执行下面的命令来停止它:
```
cd /opt/zeek/bin
./zeekctl stop
```
现在我们需要在 local.zeek 中添加一小行,它存在于 *opt/zeek/share/zeek/site/* 目录中。
以 root 身份打开该文件,添加以下行:
```
@load policy/tuning/json-logs.zeek
```
参考图 3确保设置正确。
![Figure 3: local.zeek file][4]
由于我们改变了 Zeek 的一些配置,我们需要重新部署它,这可以通过执行以下命令来完成:
```
cd /opt/zeek/bin
./zeekctl deploy
```
现在我们需要在 Filebeat 中启用 Zeek 模块,以便它转发 Zeek 的日志。执行下面的命令:
```
sudo filebeat modules enable zeek
```
我们几乎要好了。在最后一步,配置 *zeek.yml* 文件要记录什么类型的数据。这可以通过修改 */etc/filebeat/modules.d/zeek.yml* 文件完成。
在这个 *.yml 文件*中,我们必须提到这些指定的日志存放在哪个目录下。我们知道,这些日志存储在当前文件夹中,其中有几个文件,如 *dns.log*、*conn.log、dhcp.log* 等等。我们需要在每个部分提到每个路径。如果而且只有在你不需要该文件/程序的日志时,你可以通过把启用值改为 false 来舍弃不需要的文件。
例如,对于 *dns*,确保启用值为 “true”并且路径被配置
```
var.paths: [ “/opt/zeek/logs/current/dns.log”, “/opt/zeek/logs/*.dns.json” ]
```
对其余的文件重复这样做。我们对一些我们需要的文件做了这个处理。我们添加了所有主要需要的文件。你也可以这样做。请参考图 4。
![Figure 4: zeek.yml configuration][5]
现在是启动 Filebeat 的时候了。执行以下命令:
```
sudo filebeat setup
sudo service filebeat start
```
现在一切都完成了,让我们移动到 Kibana 仪表板,检查我们是否通过 Filebeat 接收到来自 Zeek 的数据。
![Figure 5: Dashboard of Kibana (Destination Geo)][6]
进入仪表板。你可以看到它所捕获的数据的清晰统计分析(图 5 和图 6
![Figure 6: Dashboard of Kibana (Network)][7]
现在让我们进入发现选项卡,通过使用查询进行过滤来检查结果:
```
event.module: “zeek”
```
这个查询将过滤它在一定时间内收到的所有数据,只向我们显示名为 Zeek 的模块的数据(图 7
![Figure 7: Filtered data by event.module query][8]
### 鸣谢
*作者感谢 VIT-AP 计算机科学与工程学院的 Sibi Chakkaravarthy Sethuraman、Sudhakar Ilango、Nandha Kumar R.和Anupama Namburu 的不断指导和支持。特别感谢人工智能和机器人技术卓越中心AIR。*
--------------------------------------------------------------------------------
via: https://www.opensourceforu.com/2022/06/integrating-zeek-with-elk-stack/
作者:[Tridev Reddy][a]
选题:[lkxed][b]
译者:[geekpi](https://github.com/geekpi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://www.opensourceforu.com/author/tridev-reddy/
[b]: https://github.com/lkxed
[1]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Integrating-Zeek-with-ELK-Stack-Featured-image.jpg
[2]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-1-Filebeat-config-a.jpg
[3]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-2-Filebeat-config-b.jpg
[4]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-3-local.zeek-file-1.jpg
[5]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-4-zeek.yml-configuration.jpg
[6]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-5-Dashboard-of-Kibana-Destination-Geo.jpg
[7]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-6-Dashboard-of-Kibana-Network-1.jpg
[8]: https://www.opensourceforu.com/wp-content/uploads/2022/04/Figure-7-Filtered-data-by-event.jpg