Abstract:
Now a days, almost every device including computer, routers, switches, firewalls,
software and services generate logs continuously. As number of devices in any large
network are large and grow with every new installation, it is administratively becoming
less feasible to do monitoring and analysis of each device.
With the growing trend of big data of logs, companies tend to rely more on expensive
SIEM solutions for log analysis. However, with the introduction of open source,
lightweight and rich featured Search Engine Database models the approaches towards
searching data content have become ubiquitous. Proposed System uses open source
Generic search engine Elastic Search with other components in order to process large
amount of logs and detect attacks via developed IDS signatures through Attack
Signature Framework.
