This entry will cover the basics of setting up the Cowrie SSH honeypot and Filebeat to export Cowrie's logs to Elasticsearch, so we can use Kibana to visualize them in charts.
We will have 2 servers with private networking between them. One will host the ELK stack and the other one Cowrie + Filebeat.
The ELK server will receive and store the logs in ElasticSearch, so we can easily search and visualize them using Kibana, the ElasticSearch front-end.
The honeypot will just give it service and ship logs to the ELK server.
- A working ELK installation. Which you can