Blog Entries

16. 02. 2024 Reinhold Trocker Log-SIEM, NetEye

Enabling Elastic Agents Upgrades in Restricted or Closed Networks

In this article, we’ll explore how to configure the “Agent Binary Download” setting and set up your own artifact registry for binary downloads within a NetEye cluster. Prerequisites Before we begin, ensure you have the following prerequisites in place: Configuring the “Agent Binary Download” Setting Hosting Your Own Artifact Registry If routing traffic through a proxy server…

Read More
19. 10. 2023 Reinhold Trocker Log Management, Log-SIEM

Integration of Elasticsearch Clients without Authentication and without TLS

Introduction Let’s say… you have a product that has some Elasticsearch output, which deals with parsing and indexes, and also comes with a nice dashboard, etc., and let’s suppose… you would like to use this built-in functionality. And let’s say… the product in question wants to connect to Elasticsearch in an unauthenticated manner over HTTP….

Read More
12. 10. 2023 Reinhold Trocker Log Management, Log-SIEM

stunnel TCP keepalive Settings Preventing Firewall from Blocking Log Traffic

Infrastructure Scenario An image says more than 1000 words 😉 Basically, the log source continuously sends log messages encrypted via TLS to the NetEye server. TLS is handled by stunnel and then content is internally forwarded unencrypted to an Elastic Agent Integration “Custom TCP Logs” inside the NetEye server. Cause: Logs lost due to firewall…

Read More

Archive