-
Notifications
You must be signed in to change notification settings - Fork 373
Scripts
Marc Smeets edited this page Mar 18, 2021
·
2 revisions
This page is not up to date with version 2 of RedELK
If you want to take a look under the hood on the ELK server, take a look at the redelk cron file in /etc/cron.d/redelk. It starts several scripts in /usr/share/redelk/bin/. Some scripts are for enrichment, others are for alarming. The configuration of these scripts is done with the config files in /etc/redelk/.
There is also heavy enrichment done (including the generation of hyperlinks for screenshots, etc) in logstash. You can check that out directly form the logstash config files in /etc/logstash/conf.d/.