It’s been nearly two years since I started working in the cybersecurity field, the culmination of two and a half years of study and learning before that. Before getting a job in cybersecurity I’d spend hours working through online training, often late into the night. Once I started work, though, I eased off, finding that 8+ hours a day was plenty of cybersecurity to keep me happy.
Every so often I get a crackpot idea that turns into an obsession. Just recently I had to replace my broadband router after the old one started to drop the connection frequently. As I was playing around with the new router, I discovered it had the ability to forward logs to a remote server. This gave me the idea to set up my own Security Incident and Event Monitoring (SIEM) system.
This is an idea I’ve been toying with for some time but haven’t followed through with due to lack of appropriate network hardware. However, a bit of research suggested that I could use the ElasticStack (a combination of open-source tools such as ElasticSearch, LogStash and Kibana, also known as ELK) to process the logs coming from my router. As a bonus I could configure agents for the computers on the network to forward events for additional information.
I have a couple of options to get ELK up and running. I could try setting it up manually on an old laptop I have that’s currently running Manjaro Linux. Or, as an alternative, there is the possibility of using the Security Onion Linux distro, which includes ELK already configured. Because I’m a sick puppy I actually gave setting up ELK under Manjaro a go, and was able to get it ingesting logs from my router.
Even with a working ELK system, I was finding the amount of work I needed to do to get things working the way I wanted was more than I really wanted to do for a fun project on the side. So, I downloaded the Security Onion iso file, and prepared to set up a shiny new standalone SIEM system. Not having blogged about anything in recent memory, I figured I’d record my efforts going forward.
Just a collection of protons, neutrons and electrons…