Question Description
Day 1 Activity File: Red Team
ELK Server Setup Instructions
- As the you attack a web server today, it will send all of the attack info to an ELK server.
- The following setup commands need to be run, before the attack takes place in order to make sure the server is collecting logs.
- Be sure to complete these steps before starting the attack instructions.
Instructions
- Double click on the ‘HyperV Manager’ Icon on the Desktop to open the HyperV Manager.
- Choose the Capstone machine from the list of Virtual Machines and double-click it to get a terminal window.
- Login to the machine using the credentials: vagrant:tnargav
- Switch to the root user with sudo su
Setup Filebeat
Run the following commands:
- filebeat modules enable apache
- filebeat setup
The output should look like this:
Setup Metricbeat
Run the following commands:
- metricbeat modules enable apache
- metricbeat setup
The output should look like this:
Setup Packetbeat
Run the following command:please refer to the web docs