Blog Entries

29. 07. 2020 Michele Santuari Bug Fixes, NetEye

Bug Fixes for NetEye 4.12

We fixed the telegraf package to create the user and group by default. For NetEye 4.12 we updated: Telegraf to version 1.14.1_neteye2.0.1-1

Read More
28. 07. 2020 Michele Santuari Log Management, Log-SIEM

Customizing the Default Permissions in NetEye SIEM

Starting from NetEye 4.12, NetEye SIEM is secured with X-Pack Security. NetEye comes pre-configured with some users and roles (see NetEye User Guide > Log Manager > Elasticsearch Access Control) to grant the Elastic Stack the ability to ingest, manage, and view the logs that you want to collect. For example, NetEye provides: A Kibana…

Read More
31. 03. 2020 Michele Santuari NetEye

How Do We Test NetEye?

Since my latest blog post on the new Front End automated tests, we have improved our Continuous Integration process. In this blog post, I describe, from the developer’s perspective, a couple of important enhancements and what we would like to achieve in the upcoming months. The introduction of pull requests has been the first change:…

Read More
02. 01. 2020 Michele Santuari Log-SIEM, NetEye

Elastic Stack Cluster with NetEye >= 4.8

In a previous blog post, I described how Elastic Stack fits within the High-Available cluster architecture of NetEye 4 and, in particular, how the correct configuration of the Quorum is mandatory to prevent losing your data or even developing inconsistencies. With the upgrade to NetEye 4.8, we updated Elastic Stack to the new major version…

Read More
23. 12. 2019 Michele Santuari Unified Monitoring

Research & Development – Sprint (Part 4)

In a series of blog posts (1, 2, 3), I described how the R&D Team development process has changed to meet new requirements, to improve delivery time and quality, and to increase adaptation. As mentioned, the R&D Team development activities are planned and prioritized for each NetEye release. The main problem of such an approach…

Read More
16. 10. 2019 Michele Santuari Bug Fixes, NetEye

Bug Fixes for NetEye 4.8

We fixed a bug where the Elasticsearch exists query does not properly work because a Search Guard role applies restricted access to one or more fields. For NetEye 4.8 we updated: searchguard-plugin-common searchguard-plugin-common-autosetup elasticsearch-plugin-searchguard elasticsearch-plugin-searchguard-autosetup elasticsearch-plugin-searchguard kibana-plugin-searchguard kibana-plugin-searchguard-autosetup kibana-plugin-searchguard updated to version: 8.0.2-1

Read More
15. 10. 2019 Michele Santuari Bug Fixes, NetEye

Bug Fixes for NetEye 4.8

We fixed the Logstash configurations to allow a template to be applied to Elasticsearch during Logstash’s startup. Moreover, we created a Logstash template to configure the Logstash replica that applies to both single instances and clusters. The new indices matching the pattern logstash-* will automatically configure the replica with the range 0-1 using the index.auto_expand_replicas setting. For NetEye 4.8 we updated: elasticsearch, elasticsearch-autosetup,…

Read More
02. 10. 2019 Michele Santuari Log-SIEM, NetEye

How to Solve a Full Elasticsearch Disk

In a previous Blog, I described some basic steps to debug problems with the Elastic Stack. In this blog post, I want to highlight another behavior that might occur when your Elastic Stack cluster is in a green state, but it is not able to write new logs. This situation usually happens when there is…

Read More
30. 09. 2019 Michele Santuari Downloads / Release Notes, Log-SIEM, NetEye

NetEye 4.7 Log Manager: Elastic 6.8.2 Update

Elastic 7.3 is coming to NetEye 4.8. In order to prepare for this significant change, you must first update Log Manager on NetEye 4.7 to receive the Elastic 6.8.2 update that will set up the necessary migrations for updating Elasticsearch, Logstash and Kibana. In addition to the ELK stack, SearchGuard will also be updated to…

Read More
09. 08. 2019 Michele Santuari Bug Fixes, NetEye

Bug Fixes for NetEye 4.7

Allow overriding the Elasticsearch quorum (e.g., minimum_master_nodes). Documentation can be found in User Guide -> Log Manager -> Elasticsearch Clusters. For NetEye 4.7 we updated: icingaweb2-module-logmanager to version: 0.26.3-1 elasticsearch-neteye-config to version: 1.7.4-1

Read More
28. 06. 2019 Michele Santuari Log Management

How to Debug NetEye Log Management

In a previous blog post I presented how the Log Management architecture fits in a NetEye cluster, and now I want to summarize my recent experiences to help you diagnose Elasticsearch health issues. Elasticsearch provides a set of APIs which help to identify and debug a number of potential causes. But NetEye Log Management is…

Read More
05. 04. 2019 Michele Santuari Bug Fixes

Bug fixes for NetEye 4.4

The Elasticsearch searchguard.nodes_dn configuration was incorrect for cluster environments.For NetEye 4.4 we updated: elasticsearch-neteye-config to version 1.5.1-1 elasticsearch-plugin-searchguard to version and elasticsearch-plugin-searchguard-autosetup to version 6.5.4_24.0_neteye0.5.2-1 searchguard-plugin-common and searchguard-plugin-common-autosetup to version 0.6.1-1 neteye-setup to version 1.7.3-1

Read More
03. 04. 2019 Michele Santuari Log Management, NetEye

How to Manage Permissions in Log Analytics with NetEye 4

NetEye 4 Log Manager, as already presented in this blog post, allows you to easily manage the collection, navigation, visualization and analysis of large numbers of logs. For many reasons, I as a user may want to limit log access to a subset of users. For example a network administrator should only see the logs…

Read More
27. 12. 2018 Michele Santuari NetEye, Unified Monitoring

Research & Development – Planning Poker (Part 3)

I described in a prior blog post the so-called Backlog which is used not only by the Research & Development team but also by the other teams in the System Integration unit. The Backlog Refinement meeting is focused on the prioritization and re-ordering of tasks, and this activity cannot be achieved without properly estimating effort. In this…

Read More
05. 12. 2018 Michele Santuari NetEye, Unified Monitoring

Research & Development – Backlog (Part 2)

We described in a prior blog post how the Research & Development team has adopted a full Agile approach.  Although the basic principles remain unchanged and all team members have embraced a mindset of self-organization and team collaboration, in recent years new challenges have arisen that require continuous improvements in our methodologies. In particular, in this blog post we…

Read More