How to send logs from servers in the cloud to NetEye?

Posted by on Jun 6, 2017 in Log Auditing, NetEye, Syslog | 0 comments

LogManagement_03

Keeping an offline copy of your logs does not only provide better visibility from the system management point of view, but also turns out to be extremely precious in case of a security incident during which your local copies have been affected.

As many of you might know, the Log Management module of NetEye offers a complete solution to manage logs, in line with the obligations intended by the data protection authority. Moreover, it provides a handy way to centrally manage logs from various sources. (see also on our blog: “What to do with all those logs?” and “NetEye Log Management on the official Elastic blog” ).

NetEyeSyslog

Architecture of the Log Management module:

  • Log auditing and data collection system, based on rsyslog
  • Agent (Safed) for sending logs over the syslog protocol (RFC 3164 – configured by default to send over TCP on port 514 to guarantee the correct receiving of the sent logs)

It is crucial that the communication between the Safed agents and NetEye on the TCP port 514 is always guaranteed.

During one of my latest customer projects, I was asked to implement a possibility for collecting logs from remote systems in the cloud. The main challenge was that accessing the systems was possible just via SSH.

Now I will show you how I resolved this problem by using a reverse SSH tunnel and a Safed agent on a Linux/Unix machine.

Read More

NetEye as essential component of a Security Operations Centers

Posted by on May 22, 2017 in Log Auditing, NetEye | 0 comments

cyber-security-2296269_1280

During my last projects I noticed that the implementation of a „Security Operations Center“ (in short SOC) is becoming increasingly important, especially for our enterprise customers.

Mainly for big companies that are of public interest like banks, energy providers, assurances etc. the topic of cyber threats is getting more actual and requires special attention. This has been reinforced not at least by the fact that some of these companies already have felt victim to cyber-attacks.

Many companies are planning to introduce a Security Operations Center to prevent and combat cyber threats. (Security Operations Center on Wikipedia) Certainly, such a SOC has to be adapted to the requirements of the company, however, at the same time it has to be flexible enough to face challenges like rapid growth and continuously changing requirements.

The implementation of our Unified Monitoring solution NetEye supports the successful realization of a SOC in the following areas:

Read More

Some Words about Logstash Filters and Dates

Posted by on Nov 25, 2016 in Log Auditing, NetEye | 0 comments

date

Some time ago I published an article about how to store the NetEye SMS Protocol log into an ELK environment. Now, after using it some times, I discovered that it was not completely correct as the time/date functions for the Logstash filters are a bit more complicated. In particular, it was that the date was written in the SMS protocol file in this way:

June 29th 2016, 10:30:22 CEST 2016

And we used this Logstash date filter to convert it:

date {
          locale = "en"
          match  = [ "sms_timestamp_text", "EEE MMM dd HH:mm:ss" ]
      }

Now it seemed that it would work, but after some time (some days until the start of the next month) we discovered that the date in the first days of the month would look like:

Read More

Practical Application of the NetEye Log Management Module to visualize SMS Notifications

Posted by on Jul 5, 2016 in Log Auditing, NetEye | 0 comments

Sometimes it is not so visible how many SMS are sent by a NetEye Server and to whom. So it could be a good idea to give the sms-send-protocol file to the Log Management and to include it into the Elasticsearch Index. Then you may create a Dashboard in Kibana to show the usage of your SMS Modems, something like this:

SMS-Protocol-Kibana4

How to realize this?

Read More

Disk Space Optimization for the Index Database of NetEye Log Management

Posted by on Apr 29, 2016 in Log Auditing, NetEye | 0 comments

Disk Space 1

As you already know, from version 3.6 we’ve integrated the Elastic Stack (consisting of Elasticsearch, Logstash and Kibana) to the NetEye Log Management.

This integration provides a lot of additional possibilities for log analysis, log correlation, dashboard creations, etc.

Furthermore, it allows to store the collected logs for different periods, which wasn’t possible on prior NetEye versions.

Your NetEye Log Management receives all logs created in your company (Windows Eventlog, Linux Syslogs, Firewall Access logs, VPN logs, etc.). With its filters, Logstash indexes all data and writes them into the Elasticsearch Index Database of the NetEye Log Management.

Now imagine you are collecting logs of 95 systems and together they produce an average of 1000 events per second with peaks of nearly 3000 events per second. These systems produce every day at least 90 GByte of index data on your disk. I think I don’t have to go into further detail to show the importance of optimizing the disk space from time to time =)

Read More

NetEye Log Management on the official Elastic Blog

Posted by on Jan 29, 2016 in Log Auditing, NetEye | 0 comments

NetEye Elastic Story

Thanks to the integration of the Elastic Stack to our NetEye Log Management, we established a professional relationship to Elasticsearch BV. Today we are very proud to announce that the history behind our NetEye Log Management was published on the official Elastic blog.

Our business unit manager Georg Kostner, describes the market requirements, which led us to the development of the NetEye Log Management, and explains how it was extended over the years. Furthermore, he provides a detailed description to the role of Elasticsearch, Logstash and Kibana (Elastic Stack) and a first insight developments planned for the future.

Check out the full article on the Elastic blog.

Read More