diff --git a/files/conf.maldet b/files/conf.maldet
index d595b11..4b4690b 100644
--- a/files/conf.maldet
+++ b/files/conf.maldet
@@ -258,3 +258,28 @@ inotify_verbose="0"
 # [ string length in characters, default = 150000 ]
 string_length_scan="0"		# [ 0 = disabled, 1 = enabled ]
 string_length="150000"		# [ max string length ]
+
+##
+# [ STATISTICAL ELK COLLECT ]
+##
+
+# Enable statistic to bring it into ELK stack
+# Before enable it, you should verify your firewall settings
+# with nc $elk_host $elk_port 
+# to avoid timeout
+enable_statistic="0"
+
+# The host definition for the TCP input
+# Must be define if enable_statistic=1
+# Example : 192.168.1.1
+elk_host=""
+
+# The port definition for the TCP input
+# Must be define if enable_statistic=1
+# Example : 12345
+elk_port=""
+
+# The timeout of the TCP sender
+# via netcat 
+# Example : 1
+nc_timeout="1"
diff --git a/files/internals/scan.etpl b/files/internals/scan.etpl
index e99c8e4..85fa528 100644
--- a/files/internals/scan.etpl
+++ b/files/internals/scan.etpl
@@ -68,6 +68,13 @@ if [ ! "$tot_hits" == "0" ]; then
  if [ -f "$hitlist_file" ]; then
  	echo "FILE HIT LIST:" >> $tmpf
 	cat $hitlist_file | column -t >> $tmpf
+	if [ "$enable_statistic" == "1" ]; then
+                export IFS=$(echo -en "\n\b")
+                for showhit in `cat $hitlist_file`; do
+                        echo $showhit|awk -v date=$(date +%s) -v hostname=$(hostname) '{print "{\"date\" : \""date"\", \"hit\" : \""$1"\", \"file\" : \""$3"\", \"hostname\" : \""hostname"\"}"}'|nc $elk_host $elk_port -w $nc_timeout
+                done
+                export IFS=' '
+        fi
  fi
 fi