Blog entries by technology: elastic

21. 02. 2020 TobiasGoller Log Management, NetEye

Tornado Use Case with Elastic

Before I tell you about one of my latest customer requirements, I would like to briefly explain what our NetEye Tornado module is. In our user guide you will see it written that Tornado is the successor to NetEye’s Event Handler. It is a plugin-based, stateless, scalable rule matching engine written in Rust, based on…

Read More
09. 01. 2020 Damiano Chini Log-SIEM, NetEye

Support for Elasticsearch-only Nodes

Until NetEye 4.8, customers who needed to expand the capacity of their Elasticsearch cluster running alongside their Red Hat cluster could add new standard nodes to NetEye clusters. This meant, however, that the new nodes would dedicate their resources not just to improving the capacity of the Elasticsearch cluster, but also to maintaining all services…

Read More
02. 01. 2020 Michele Santuari Log-SIEM, NetEye

Elastic Stack Cluster with NetEye >= 4.8

In a previous blog post, I described how Elastic Stack fits within the High-Available cluster architecture of NetEye 4 and, in particular, how the correct configuration of the Quorum is mandatory to prevent losing your data or even developing inconsistencies. With the upgrade to NetEye 4.8, we updated Elastic Stack to the new major version…

Read More
30. 12. 2019 Franco Federico Log-SIEM, NetEye

Graph in NetEye with Elastic Stack

In the past I’ve written in this blog post about Elastic Stack and its features. Here I’d like to show you more in depth the functionality of Graph analytics. The Graph analytics features enable you to discover how items in an Elasticsearch index are related. It’s possible to explore the connections between indexed terms and…

Read More
17. 10. 2019 TobiasGoller ITOA, Log-SIEM, Machine Learning, NetEye

Experiences with Netflow and Machine Learning in Elastic

Some time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data. In my particular case, I loaded Netflow data into the Elastic database. I wanted to use this data to evaluate…

Read More
02. 10. 2019 Michele Santuari Log-SIEM, NetEye

How to Solve a Full Elasticsearch Disk

In a previous Blog, I described some basic steps to debug problems with the Elastic Stack. In this blog post, I want to highlight another behavior that might occur when your Elastic Stack cluster is in a green state, but it is not able to write new logs. This situation usually happens when there is…

Read More
30. 09. 2019 Michele Santuari Downloads / Release Notes, Log-SIEM, NetEye

NetEye 4.7 Log Manager: Elastic 6.8.2 Update

Elastic 7.3 is coming to NetEye 4.8. In order to prepare for this significant change, you must first update Log Manager on NetEye 4.7 to receive the Elastic 6.8.2 update that will set up the necessary migrations for updating Elasticsearch, Logstash and Kibana. In addition to the ELK stack, SearchGuard will also be updated to…

Read More
17. 09. 2019 Angelo Rosace Log-SIEM, NetEye

How To: Using the Elastic Watcher Feature to React to Failed Login Attempts (Part 2)

Our continued development of the Tornado event processing module has led to a new set of functionalities and capabilities. Among these is the possibility of altering host and service statuses as the result of a certain event. Let’s look at a typical use case for this feature. Suppose you want to trigger a webhook that…

Read More
09. 08. 2019 Andrea Avancini Log-SIEM, NetEye

Automatic Load Test of Rsyslog, Logstash, and Elasticsearch

At Würth Phoenix we take testing very seriously. NetEye 4 is a sophisticated product that operates in complex and business-critical environments, so it requires lots of tests before being released. One challenging part of the testing phase is load testing, where the functionalities of a system are subject to predetermined levels of load. NetEye customers…

Read More
30. 07. 2019 Angelo Rosace Log-SIEM, NetEye, Unified Monitoring

How To: Using the Elastic Watcher Feature to React to Failed Logon Attempts (Part 1)

The introduction of the new Elastic Features (formerly, X-Pack packages) for the Elastic Stack added many new functionalities to the previous implementation in Net-Eye. One of them is the Watcher feature. Let’s discuss a use case based on this feature. Imagine you as a user want to somehow trigger a webhook alert every time something…

Read More
24. 07. 2019 Franco Federico Anomaly Detection, Log-SIEM, NetEye

Welcoming Elastic Stack X-Pack to NetEye 4

On June 13, we announced a new OEM Partnership with Elastic, and Elastic updated its relationship with OEM, MSP and CSP partners, with the result that in NetEye 4 we now have some new features. Starting with NetEye 4.6, you can now activate the X-Pack feature. After I activate X-Pack and open NetEye, I see:…

Read More
13. 06. 2019 NetEye Blog Admin Log-SIEM, NetEye

OEM Partnership with Elastic

Magic happens when collaboration really works and community spirit grows. This month, Würth Phoenix announced the expansion of its partnership with Elastic to make it faster and easier for users to deploy Elasticsearch within NetEye 4. Elastic is the company behind Elasticsearch, Kibana, Beats, and Logstash, an ecosystem of Open Source-based search and analytics tools….

Read More
04. 04. 2019 Gianluca Piccolo Downloads / Release Notes, Log-SIEM, NetEye

Updated neteye, neteye-setup, elasticsearch-neteye-config, eventhandler and auditlog for NetEye 4.5

Updated neteye to version 4.5.1-1: Define neteye-cluster-local.target Updated neteye-setup to version 1.7.1-1: Manage target neteye single instance and cluster Update creation of icingaweb2 DB resource with dynamic creation of DB hostname Updated elasticsearch-neteye-config to version 1.5.0-1: Relate elasticsearch.service to neteye-cluster-local.target Updated eventhandler to version 1.7.6-1: Fix module DB hostname for cluster environment Updated auditlog to…

Read More
03. 12. 2018 Michele Santuari Downloads / Release Notes

Updated icinga2, icingaweb2, neteye, neteye-setup, elasticsearch-neteye-config, elasticsearch-plugin-searchguard, searchguard-plugin-common for NetEye 4.3

Updated icinga2 to version 2.10.1_neteye1.4.8-1, icingaweb2 to version 2.6.1_neteye1.20.1-1, neteye to version 4.3.0-8, and neteye-setup to version1:1.0.0-1 for NetEye 4.3: Fixed:  A cluster’s external and internal hostnames must be configurable (NET4-100) Updated elasticsearch-neteye-config to version 1.3.2-1, elasticsearch-plugin-searchguard to version 0.3.1-1, and searchguard-plugin-common to version 0.3.1-1 for NetEye 4.3: Fixed: Adapt the configuration to use the internal hostname…

Read More
21. 11. 2018 Michele Santuari Downloads / Release Notes

Updated elasticsearch-neteye-config and icingaweb2-module-update for NetEye 4.3

Updated elasticsearch-neteye-config to version 1.3.1-1 for Neteye 4.3: Fixed: Config file is recreated and Elasticsearch is restarted during each execution of the neteye_secure_install script in a cluster environment. Updated icingaweb2-module-update to version 0.4.1-1 for Neteye 4.3: Fixed: Notification for the update is present in brand new installations.

Read More

Archive