15. 10. 2018 Tobias Goller Log Management, NetEye

NetEye 4 Log Management with Search Guard

With the release of NetEye 4, we have also redesigned the Log Management module.
In this blog post I would like to briefly discuss the main innovations and
improvements in NetEye 4 Log Management.

First, the management and configuration interface of NetEye 4 Log Manager
appears in the unified NetEye 4 layout. Basically, it has to be said that
configuration is carried out via the central Icinga Director interface. This
has the advantage that all of Icinga Director’s host import functions can be
used. These include the import capabilities of Active Directory, ESX
environments, etc.

With the creation of suitable host templates and apply rules in Icinga
Director, the hosts can be easily imported and activated for log management.
Of course, either the syslog agent must be properly configured on the host side,
or else a suitable agent, such as Würth Phoenix Safed, must be installed. The
Würth Phoenix Safed Agent can also be centrally configured and distributed in
NetEye 4 Log Manager.

NetEye 4 Log Manager already comes pre-installed with the current Elastic
version 6. Thus customers already have the latest features of Elastic. In
my opinion, the most important innovation in NetEye 4 Log Manager is the
integration of Search Guard.

Search Guard is a security plugin for Elasticsearch and the entire ELK stack
that offers encryption, authentication, authorization, audit logging,
multi-tenancy and compliance features.

Search Guard is already installed in NetEye 4 Log Manager and, like NetEye 4,
it integrates Active Directory authentication. By using Search Guard, access to
the log information can be restricted or encrypted depending on the user or
group. As already mentioned, information for certain users or groups can be
completely hidden, or even encrypted, or displayed anonymously.

Search Guard can be configured in three ways, through its GUI, through a REST
API, and through config files that can be modified and reloaded. The Search
Guard GUI is integrated into the Kibana interface. This interface can be used
to create and assign rules and roles.

In conclusion, with NetEye 4 Log Manager and the associated Search Guard
integration, all the requirements of a modern log management system can be met,
from small businesses to multinational holdings. Personally, I can underline
this statement as I have already implemented several of these installations in
small environments as well as in large international settings.

Tobias Goller

Tobias Goller

NetEye Solution Architect at Würth Phoenix
I started my professional career as a system administrator. Over the years, my area of responsibility changed from administrative work to the architectural planning of systems. During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye. In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.

Author

Tobias Goller

I started my professional career as a system administrator. Over the years, my area of responsibility changed from administrative work to the architectural planning of systems. During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye. In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive