Quick OSSEC + ELK + App servers Setup.

To get this running quickly running locally, you need to do few things.

1. Ensure you have ansible, Virtualbox and vagrant installed on your local machine
2. Clone the Repo to your preffered location git clone https://github.com/Skanyi/OSSEC-ELK-Application-Servers-Setup.git
3. Change directory cd OSSEC-ELK-Application-Servers-Setup
4. Generate ssh key. You can save it in your prefferd file. ssh-keygen
5. Update the Vagrantfile with the right path of the ssh key you generated above. On line 19(the private key) and line 20(the public key). I save my file as ossec on ~/.ssh/ directory. If you save your file with the same name, you don't need to update the Vagrantfile.
6. Start up the servers with vagrant up If you have any errors when running this command, please double check you did the above steps correctly.
7. Run the ansible-playbook to configure the servers ansible-playbook -i inventory/hosts site.yml This might take a while for the first time. (Go grab a cup of coffee)

Double Check if everything went to plan

Try accessing the application 192.168.33.12 should say Hello World

Access Kibana on 192.168.33.11. Creds:ou might want to change this or even use ansible vault to pass senstive info like usernames and password. (It is on my to do)

On Kibana, for the first time, you should be able to see two indices, ossec* and app*. Under index patterns, Click on create index pattern. Create two index patters, ossec* and app*. The application logs will be under the app* index and the ossec logs will be under the ossec* index.

After here, you are all set and can play around the Kibana to explore its capabilities. You can start by creating a dashboard.

To Do List

1. Integrate Ansible Vault.