Monitoring your Infrastructure with Elasticsearch and Elastalert

this tutorial shows how to

  • setup Elasticsearch stack (ELK stack) on a server,
  • install Metricbeat, Filebeat and Auditbeat agents on an endpoint
  • install Elastalert plugin that will alert you on events

As a sysadmin I have a medium-sized infra environment (less than 200 servers, both physical and AWS instances), and I need a way to keep an eye on them in case there’s any form of intrusion, system changes, permission changes, or any kind of…