Instructions for beginners to using OpenSearch.
I have tried following the instructions for using Docker (successfully have OpenSearch docker running with its dashboard). However, I haven’t found the instructions to have agents send System logs, Apache, or NGINX log data into OpenSearch.
I’ve also followed the instructions to install OpenSearch and have it running on a Ubuntu server. Once again, I struggle to find instructions for agent log data into OpenSearch.
As I am a Newbie, I would like to accomplish the following in a test network:
Collect system logs
*Dashboard with alerts when a new user or group is created on any agented system
*Count of users and groups for each agented system
*list of users logging into systems, daily report
*Ability to list sudo commands for XYZ user on xyz date if I think user login is suspect
*Track and alert when a user is added as a sudoer
So, as a newbie, I’d like to start with the above. Once I have that accomplished, I’d like to do the same with Domain Controller and AD privileges. Then, we move into collecting metrics and dashboarding about Apache and NGINX Web servers. However, before accomplishing the above, I need to get agents reporting to OpenSearch, and I’m not getting that accomplished.
It would be a great help if someone could point me to an article that gets me started on getting agents reporting into OpenSearch and properly indexed for System, Apache, and NGINX.
I’d love to be able to write a demo walk-thru that can get a newbie to get this working in a test environment. I’m not trying to get to production yet. Just get a test environment working first.