Blog Entries

28. 12. 2020 Michele Santuari Development

Research & Development – Spike (Part 4)

In a series of blog posts (1, 2, 3), I have described how we have incrementally improved our Agile process since I joined the team. In the last post, I highlighted how we estimate the development efforts for each task in order to be able to prioritize our various activities. We have already seen how…

Read More
23. 12. 2020 Michele Santuari Development

RPM/ISO Repository: Disk Space Optimization

Our NetEye Unified Monitoring Solution is distributed and maintained via ISO images and RPM Packages. In the past, we used the mrepo tool to manage our RPMs/ISO repositories, and during the current year we migrated to Pulp, as my colleague Andrea has already described. As an R&D team, we continuously release new features in development…

Read More
05. 10. 2020 Michele Santuari Development, NetEye

Research Activities: A Fully Distributed NetEye

During the NetEye User Group in November 2019, I presented the future vision of a new, completely distributed architecture to allow more flexibility, performance and scalability. In particular, a more flexible and scalable architecture is helpful for large environments such as Managed Service Provider infrastructures or for monitoring solutions as a service (i.e., NetEye 4…

Read More
29. 07. 2020 Michele Santuari Bug Fixes, NetEye

Bug Fixes for NetEye 4.12

We fixed the telegraf package to create the user and group by default. For NetEye 4.12 we updated: Telegraf to version 1.14.1_neteye2.0.1-1

Read More
28. 07. 2020 Michele Santuari Log Management, Log-SIEM

Customizing the Default Permissions in NetEye SIEM

Starting from NetEye 4.12, NetEye SIEM is secured with X-Pack Security. NetEye comes pre-configured with some users and roles (see NetEye User Guide > Log Manager > Elasticsearch Access Control) to grant the Elastic Stack the ability to ingest, manage, and view the logs that you want to collect. For example, NetEye provides: A Kibana…

Read More
31. 03. 2020 Michele Santuari NetEye

How Do We Test NetEye?

Since my latest blog post on the new Front End automated tests, we have improved our Continuous Integration process. In this blog post, I describe, from the developer’s perspective, a couple of important enhancements and what we would like to achieve in the upcoming months. The introduction of pull requests has been the first change:…

Read More
02. 01. 2020 Michele Santuari Log-SIEM, NetEye

Elastic Stack Cluster with NetEye >= 4.8

In a previous blog post, I described how Elastic Stack fits within the High-Available cluster architecture of NetEye 4 and, in particular, how the correct configuration of the Quorum is mandatory to prevent losing your data or even developing inconsistencies. With the upgrade to NetEye 4.8, we updated Elastic Stack to the new major version…

Read More
23. 12. 2019 Michele Santuari Unified Monitoring

Research & Development – Sprint (Part 4)

In a series of blog posts (1, 2, 3), I described how the R&D Team development process has changed to meet new requirements, to improve delivery time and quality, and to increase adaptation. As mentioned, the R&D Team development activities are planned and prioritized for each NetEye release. The main problem of such an approach…

Read More
16. 10. 2019 Michele Santuari Bug Fixes, NetEye

Bug Fixes for NetEye 4.8

We fixed a bug where the Elasticsearch exists query does not properly work because a Search Guard role applies restricted access to one or more fields. For NetEye 4.8 we updated: searchguard-plugin-common searchguard-plugin-common-autosetup elasticsearch-plugin-searchguard elasticsearch-plugin-searchguard-autosetup elasticsearch-plugin-searchguard kibana-plugin-searchguard kibana-plugin-searchguard-autosetup kibana-plugin-searchguard updated to version: 8.0.2-1

Read More
15. 10. 2019 Michele Santuari Bug Fixes, NetEye

Bug Fixes for NetEye 4.8

We fixed the Logstash configurations to allow a template to be applied to Elasticsearch during Logstash’s startup. Moreover, we created a Logstash template to configure the Logstash replica that applies to both single instances and clusters. The new indices matching the pattern logstash-* will automatically configure the replica with the range 0-1 using the index.auto_expand_replicas setting. For NetEye 4.8 we updated: elasticsearch, elasticsearch-autosetup,…

Read More
02. 10. 2019 Michele Santuari Log-SIEM, NetEye

How to Solve a Full Elasticsearch Disk

In a previous Blog, I described some basic steps to debug problems with the Elastic Stack. In this blog post, I want to highlight another behavior that might occur when your Elastic Stack cluster is in a green state, but it is not able to write new logs. This situation usually happens when there is…

Read More
30. 09. 2019 Michele Santuari Downloads / Release Notes, Log-SIEM, NetEye

NetEye 4.7 Log Manager: Elastic 6.8.2 Update

Elastic 7.3 is coming to NetEye 4.8. In order to prepare for this significant change, you must first update Log Manager on NetEye 4.7 to receive the Elastic 6.8.2 update that will set up the necessary migrations for updating Elasticsearch, Logstash and Kibana. In addition to the ELK stack, SearchGuard will also be updated to…

Read More
09. 08. 2019 Michele Santuari Bug Fixes, NetEye

Bug Fixes for NetEye 4.7

Allow overriding the Elasticsearch quorum (e.g., minimum_master_nodes). Documentation can be found in User Guide -> Log Manager -> Elasticsearch Clusters. For NetEye 4.7 we updated: icingaweb2-module-logmanager to version: 0.26.3-1 elasticsearch-neteye-config to version: 1.7.4-1

Read More
28. 06. 2019 Michele Santuari Log Management

How to Debug NetEye Log Management

In a previous blog post I presented how the Log Management architecture fits in a NetEye cluster, and now I want to summarize my recent experiences to help you diagnose Elasticsearch health issues. Elasticsearch provides a set of APIs which help to identify and debug a number of potential causes. But NetEye Log Management is…

Read More
05. 04. 2019 Michele Santuari Bug Fixes

Bug fixes for NetEye 4.4

The Elasticsearch searchguard.nodes_dn configuration was incorrect for cluster environments.For NetEye 4.4 we updated: elasticsearch-neteye-config to version 1.5.1-1 elasticsearch-plugin-searchguard to version and elasticsearch-plugin-searchguard-autosetup to version 6.5.4_24.0_neteye0.5.2-1 searchguard-plugin-common and searchguard-plugin-common-autosetup to version 0.6.1-1 neteye-setup to version 1.7.3-1

Read More