1 Kasım 2021 Pazartesi

Akamai Datastream Logs to ELK Stack via API

 If you are using the security features of Akamai, using web security analytics(WSA) and SIEM log delivery features of Akamai  may be enough for dealing with daily security events. For CDN features there is  traffic and url traffic reports up to 90 days. You can also pull the logs via datastream api  and parse them with a Logstash json filter, output it to a Elasticsearch instance. Finally query, and present the parsed logs in a Kibana  dashboard. 

So to start you should follow the below steps. (Follow the links in the steps)

  • Enable Datastream with the desired fields from Luna Control Center
  • Create api privileged user
  • Test your user with the credential you have created in the above step with an api client like Postman
  • Follow the instructions to become familiar with the datastream api 
  • Now use this python code to fetch logs from a datastream and write the logs to a file that will be parsed via Logstash in the below steps. 
  • Schedule/Cronjob the python script to run in every 5 minutes.
  • Follow the instructions here to install ELK stack but do not configure logstash conf file yet. 
  • Use this logstash config file to parse the datastream pulled json files. 
  • Start all ELK services logstash, elasticsearch, kibana
  • Create Kibana index patttern 
  • Verify that logs are parsed properly and can be seen on Kibana Discovery application
  • Using the Lens app in Kibana create your visualizations to build up a dashboard. 

İzleyiciler