
BLACK ESK SIEM is a SIEM platform built with Elasticsearch, Syslog-Ng and Kibana

Primary LanguageShell


  • Clone the repo and run the installer
sh install.sh <single-node|multi-node>
  • Go have some coffee !
  • Access Kibana Interface at https://hostnameOrIP:5601
  • Read the output of install script for credentials :)


  • TLS Enabled Communication between syslog-ng , kibana and elasticsearch.
  • User Roles and Authentication for Kibana Access.
  • Alerting Enabled in Kibana.
  • Syslog-ng performs GEOIP Lookup.
  • Patterndb Parsers for common applications.
  • Windows Log Ready
  • Wazuh Integration Ready.

Future Enhancements

  • Implement Reusable blocks in syslog-ng
  • Implement configuration variables in syslog-ng
  • Automatically create syslog-ng user via API
  • Implement Letsencrypt for certficates
  • Add wazuh integration

Learn More

Watch my videos at https://www.youtube.com/playlist?list=PL5PZjrSldZ81vy_pQV-hFy5F7S4JnAVqN

Need Help ?

Open an issue in github.

Buy me Coffee

Buy Me A Coffee

Youtube Demo and Tutorial

Alt text