The Elastic Stack Ability Test To Monitor Slowloris Attack on Digital Ocean Server


Servers have a central role in computer network. The server is in charge of serving user requests with various types of services. Every server activity in handling these things will generate different types of logs. Information from this large amount of logs is often ignored and has not been widely used as material for analyzing the performance of the server itself. In this study, Elastic Stack is functioned as a system that handles upstream to downstream processes starting from collection, transformation, and storage as well as graphical visualization of the Nginx web server given an attack scenario in the form of massive incoming connection requests and server login access attempts. The Elastic Stack components used as log collectors are Filebeat and Metricbeat for system metric data. For testing attacks using the Slowloris tool which will consume web server resources. The results of the research that have been carried out are when there are 500 incoming connections, the web server can serve requests normally, at 1000 connections there are some packets that are not served, the server becomes unable to access when it reaches a total of 2000 incoming connections. Metric data in the form of CPU Usage and Memory Usage are affected, although not significantly. Identification of IP Address shows the source of the attack comes from Singapore, according to the domicile of the attacker's computer. All access data in the form of username, time, origin of region trying to enter the server are recorded by the system.


Download data is not yet available.
How to Cite
Mardianto, I., Sugiarto, D., & Ashari, K. (2022). The Elastic Stack Ability Test To Monitor Slowloris Attack on Digital Ocean Server. Ultimatics : Jurnal Teknik Informatika, 13(2), 120-126.