Blog Entries

28. 12. 2023 Enrico Alberti Log Management, Log-SIEM, NetEye

Monitor Fleet Elastic Agents with NetEye Extension Packs (NEP)

With the latest version of NetEye 4.33, the Fleet Server and ElasticAgent officially join the NetEye Elastic Stack (see NetEye 4.33 Release Notes ) Related to this new big feature, within the NetEye Extension Packs project we have provided new monitoring checks that can help customers and consultants who use NetEye to keep these new…

Read More
29. 08. 2023 Enrico Alberti Log Management, Log-SIEM, NetEye

Configuring the New Fleet Server on Elastic 8

The Fleet Management feature was automatically enabled with NetEye release 4.30, and with the current 4.31 version all the Elastic Stack packages will be upgraded to major version 8. These two milestones will permit us to centrally manage log ingestion using the new Elastic Agents (the evolutions of Beats Agents) and forget all the custom…

Read More
28. 10. 2022 Enrico Alberti Log Management, Log-SIEM, NetEye

Syslog Collection with Elastic under Distributed NetEye Monitoring

Anyone who has joined the beautiful world of logging has collided, sooner or later, with the collection via syslog protocol. More than 40 years have passed since syslog was invented, and in that time there have been several attempts by the IETF to create a standard around this world (RFC 3164 and RFC 5424). Even…

Read More
19. 07. 2022 Enrico Alberti Contribution, NetEye, Unified Monitoring

Integration of Centreon Plugins into NetEye Extension Packs

With the end of 2021 we’ve release the first version of the NetEye Extension Packs project that helps customers and consultants on their monitoring implementations and more (see Introducing NetEye Extension Packs | www.neteye-blog.com for details). Now our focus is to extend the ouf of box infrastructure coverage of our monitoring plugins. With this target…

Read More
11. 03. 2022 Enrico Alberti Log-SIEM, NetEye

NetEye for Data Protection Officers

With NetEye 4.22 we released a feature awaited for years: the ability to reach the Elasticsearch API externally, thanks to our NGINX proxy under NetEye. This new feature brings with it a lot of use cases, but what was turning over and over in my head was the automatic process for verification of the blockchains…

Read More
24. 12. 2021 Enrico Alberti Log Management, NetEye

Log Management through NetEye Satellites

In the enormous world of Log Collection, quite often customers need to collect logs from various systems in remote locations, like from an office in another country. For Icinga we know that the latest NetEye 4.20 release fully supports distributed monitoring, but what about the Log Manager and SIEM modules? Is it possible to use…

Read More
02. 07. 2021 Enrico Alberti Icinga Web 2, NetEye

Monitor Services Automatically with Icinga Director Automation

In recent months many enterprise customers have asked me for a solution to create services on their monitored Icinga hosts automatically. They want a single point of insertion (like a list) for all services on the host as well as for the NetEye system to do all the work managing their creation and deletion. How…

Read More
30. 06. 2021 Enrico Alberti Icinga Web 2, NetEye

Monitoring Windows Systems through Icinga Powershell Plugins

During migrations from NetEye 3 to NetEye 4, I often run into really outdated monitoring checks in the Windows world, where the last update was more than 10 years ago… and whose logic is therefore now completely obsolete! The time for change is now!!! In the last year Icinga released a really interesting project that…

Read More
11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Tornado Webhooks and Smart Monitoring (part 2)

In my previous post I showed you how to make your own alerts on NetEye SIEM by using the Elastic Watcher and Alerts and Actions features. But if we work in production environments, what we really need is an alert that can go directly to NetEye’s Monitoring Overview. How can we manage SIEM alerts and…

Read More
11. 01. 2021 Enrico Alberti Log-SIEM, NetEye

Alerting on NetEye SIEM: Watcher & ‘Alerts and Actions’ (Part 1)

The main goal of a monitoring system like NetEye is to alert and notify you when something noteworthy happens in your environment. All the logs coming in to NetEye SIEM can be analyzed, and could raise one or more alerts in the Elastic Stack, such as detection, machine learning anomalies, etc. How can you make…

Read More
02. 10. 2020 Enrico Alberti Log-SIEM, NetEye

NetEye Ingest Pipelines – How to Modify and Enrich SIEM Data

Is it possible to add Geo IP information automatically to my events even if it’s not present in the original log? How can I automatically decode a URL to dissect all its components? How can I convert a human readable byte value (e.g., 1KB) to its value in bytes (e.g., 1024) so I can use…

Read More
29. 05. 2020 Enrico Alberti Log-SIEM, NetEye

Icinga DSL: How to Enrich SIEM Logs with Icinga Custom Vars

Over the past few months, I’ve received multiple client requests to export custom fields (custom variables or data lists) present in Icinga Director in order to enrich logs on Logstash or to make specific changes to the indexing process. The solution that I am going to explain in this article uses the Icinga DSL check…

Read More
09. 03. 2020 Enrico Alberti Log-SIEM, NetEye

Store Years of NetFlow Historical Data with Elastic Rollup on NetEye 4.9

Keeping historical data around for analysis is extremely useful but often avoided due to the financial cost of archiving massive amounts of data. Retention periods are thus driven by financial realities rather than by the usefulness of extensive historical data. The Elastic Stack data rollup features provide a means to summarize and store historical data…

Read More

Archive