HomeCase StudiesNHS Elastic Stack: Access Control and Log Rotations

NHS Elastic Stack: Access Control and Log Rotations

Penntech held discussions with the NHS Trust and agreed to implement Elastic Stack (ELK) which consisted of Elastic Search, Beats, Logstash and Kibana.

The problem faced

NHS Digital had reported that this particular NHS Trust did not have sufficient Log Rotations in place for their servers.

Penntech held discussions with the NHS Trust and agreed to implement Elastic Stack (ELK) which consisted of Elastic Search, Beats, Logstash and Kibana.

The Solution

ELK Stack

These ELK products were installed onto new Windows 2019 servers and provided the necessary logs for the Trust to have across DHCP, DNS, and Security logs.

The Beats product that was used to distribute the DHCP logs was called Filebeat, as this was able to capture the DHCP log file on the Active Directory servers and push the information contained through to Logstash > Elastic > Kibana.

Winlogbeat was used to push the security logs from the DNS servers to Kibana, via the same pipeline method as Filebeat.

The outcome

The use of ELK was expanded to analyse data shares within the Trust and assist with share access reporting. Penntech then applied the reported data to lock down the shares to enhance security.

Penntech installed and configured Beats (Winlogbeat and Filebeat) on each file server to push relevant data from the file servers to the dashboard.

A technical report was provided to enable the Trust to understand the works carried out. As a result of Penntech’s technical expertise, the Trust can now self-manage the system internally.

Benefits realised

  • Ability to self-managed reducing costs
  • Enhanced security
  • No interruption to business as usual

Geographical area

Similar projects have been carried out across UK-wide NHS Trusts

Service type

The Trust used Penntech’s Consultancy Service to realise the benefits.

Related case studies

View all Case Studies

Menu