Hi Miguel, thank you for your thread, it will be very helpful for me in an important task. I would like to ask, can ELK (Elasticsearch, Logstash, Kibana) be installed on a different operating system than Zeek and Suricata? And what about installing Filebeat, should it be installed on the operating system with IDS or the one with ELK? Thanks a lot
Elasticsearch you can install multiple instances in order to search faster.Logstash and Kibana only one instance. All can be on different machines and OS (Linux is faster than Windows). On each instance that you are running Suricata/Zeek, you also have to install filebeat to get the logfiles in Logstash.
