15. 10. 2018 TobiasGoller Log Auditing, NetEye, Syslog

NetEye 4 Log Management with Search Guard

With the release of NetEye 4, we have also redesigned the Log Management module.
In this blog post I would like to briefly discuss the main innovations and
improvements in NetEye 4 Log Management.

First, the management and configuration interface of NetEye 4 Log Manager
appears in the unified NetEye 4 layout. Basically, it has to be said that
configuration is carried out via the central Icinga Director interface. This
has the advantage that all of Icinga Director’s host import functions can be
used. These include the import capabilities of Active Directory, ESX
environments, etc.

With the creation of suitable host templates and apply rules in Icinga
Director, the hosts can be easily imported and activated for log management.
Of course, either the syslog agent must be properly configured on the host side,
or else a suitable agent, such as Würth Phoenix Safed, must be installed. The
Würth Phoenix Safed Agent can also be centrally configured and distributed in
NetEye 4 Log Manager.

NetEye 4 Log Manager already comes pre-installed with the current Elastic
version 6. Thus customers already have the latest features of Elastic. In
my opinion, the most important innovation in NetEye 4 Log Manager is the
integration of Search Guard.

Search Guard is a security plugin for Elasticsearch and the entire ELK stack
that offers encryption, authentication, authorization, audit logging,
multi-tenancy and compliance features.

Search Guard is already installed in NetEye 4 Log Manager and, like NetEye 4,
it integrates Active Directory authentication. By using Search Guard, access to
the log information can be restricted or encrypted depending on the user or
group. As already mentioned, information for certain users or groups can be
completely hidden, or even encrypted, or displayed anonymously.

Search Guard can be configured in three ways, through its GUI, through a REST
API, and through config files that can be modified and reloaded. The Search
Guard GUI is integrated into the Kibana interface. This interface can be used
to create and assign rules and roles.

In conclusion, with NetEye 4 Log Manager and the associated Search Guard
integration, all the requirements of a modern log management system can be met,
from small businesses to multinational holdings. Personally, I can underline
this statement as I have already implemented several of these installations in
small environments as well as in large international settings.

TobiasGoller

TobiasGoller

Consultant at Würth Phoenix
I’m Tobias and work as SI Consultant on different fields, for commercial products like VMware, Microsoft, Citrix but also for opensource projects like Nagios, OCS Inventory, GLPI NagVis, ntop and the best practice standard ITIL. I have also some certifications for this kind of activities which helps me to improve my activity on the job. I like to introduce the best solutions for the customer necessaries independently if it is a commercial or free product. One of my favorite hobbies is playing in the local music for wind band. As I live in the mountains I love hiking and last but not least I try to spend much of my free time with my family.

Author

TobiasGoller

I’m Tobias and work as SI Consultant on different fields, for commercial products like VMware, Microsoft, Citrix but also for opensource projects like Nagios, OCS Inventory, GLPI NagVis, ntop and the best practice standard ITIL. I have also some certifications for this kind of activities which helps me to improve my activity on the job. I like to introduce the best solutions for the customer necessaries independently if it is a commercial or free product. One of my favorite hobbies is playing in the local music for wind band. As I live in the mountains I love hiking and last but not least I try to spend much of my free time with my family.

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive