Blog Entries

20. 03. 2019 MarinovMihail Log Auditing, NetEye Updates, Syslog

Updated Safed Agent v1.10.1

– Retrieved events from eventlog (win 2008 +) starts from bookmark but should not be older than defined cache days

Read More
15. 10. 2018 TobiasGoller Log Auditing, NetEye, Syslog

NetEye 4 Log Management with Search Guard

With the release of NetEye 4, we have also redesigned the Log Management module. In this blog post I would like to briefly discuss the main innovations and improvements in NetEye 4 Log Management. First, the management and configuration interface of NetEye 4 Log Manager appears in the unified NetEye 4 layout. Basically, it has…

Read More
25. 09. 2018 Gianluca Piccolo Linux, Log Auditing, NetEye, Syslog

NetEye 4 Log Management: Rsyslog and the Elastic Stack

When you need to manage and collect large amounts of data, there can be a lot of hard tasks to do.  So we decided to take some of the best Open Source tools to help us do it in the best possible way.  Let me introduce you to Rsyslog and the Elastic Stack implementation for…

Read More
07. 03. 2018 Juergen Vigna NetEye, Syslog

Analyze your OpenLDAP Logs

Suppose you have an OpenLDAP Server and you want to analyze what it does.  A good way to do this is to send the logs to NetEye’s LogServer.  Some elements you will see include: – Returned Entries! (ENTRY) – Search Operations! (SEARCH) – Total Connections! (BIND) To do this you need to add a new…

Read More
07. 02. 2018 Juergen Vigna NetEye, Syslog

Harmonize Your Monitoring with Your Elasticsearch Database Entries

If you have an Elasticsearch Database like the one in the NetEye Elastic Stack Module then you are surely interested in integrating this information into your Monitoring environment.  To do this, use this new plugin: check_elasticsearch_query # /data/neteye/usr/lib/nagios/plugins/local/check_elasticsearch_query –help Check a count of number of events fount in elasticsearch over a query and timeframe Usage:…

Read More
31. 10. 2017 Juergen Vigna Log Auditing, NetEye, Syslog

Sending Cisco Syslogs to Elasticsearch: A simple guide

Do you use Cisco’s network infrastructure? Would you like to view its logs through the syslog protocol in an Elasticsearch database? Find out below about the filters and templates needed for the Logstash setup. As you probably already know, you need a Logstash instance in order to get indexed data into the Elasticsearch database. Cisco…

Read More
06. 06. 2017 Giuseppe Di Garbo Log Auditing, NetEye, Syslog

How to send logs from servers in the cloud to NetEye?

Keeping an offline copy of your logs does not only provide better visibility from the system management point of view, but also turns out to be extremely precious in case of a security incident during which your local copies have been affected. As many of you might know, the Log Management module of NetEye offers…

Read More
15. 12. 2015 Patrick Zambelli Asset Management, Development, Log Auditing, NetEye, Real User Experience Monitoring, Release Notes, Syslog

NetEye 3.6 and RUE 1.9 Have Been Released!

Effective log auditing, meaningful reports and better integration of the single modules The new version NetEye 3.6 provides some substantial improvements, to respond to specific customer needs, as well as to satisfy the continuously growing requirements in the complex world of IT monitoring. Major investments were made in the fields of reporting and SLA measurement….

Read More
03. 12. 2015 MarinovMihail Log Auditing, NetEye, Syslog

Trace Windows Administrators Login Activities with Safed

Sometimes it is required to trace login/logoff activities of the administrator in order to be compliant with legal guidelines or simply for security reasons (see also our article “What to do with all those logs“). The Safed agent for Windows can be easily configured to collect administrator’s login/logoff. The agent is deployed with some administrator discovery commands,…

Read More
12. 08. 2015 Thomas Forrer Log Auditing, NetEye, NetEye Updates, Syslog

Updated Safed Agent v1.8.1

Read More
08. 01. 2015 Patrick Zambelli NetEye, NetEye Updates, Syslog

Rsyslog open FileHandler control with SyslogView 2.1.8

To keep the number of open TCP connections of the Log Auditing server under control, the SyslogView version 2.1.8 contains a control in the daily archiviation script, to check the number of currently open connections. This issue could be found in particular situations, where SAFED or other Audit agents might send across a routing device …

Read More
09. 10. 2014 Thomas Forrer Log Auditing, NetEye, Syslog, Uncategorized

NetEye: New MySQL Audit Plugin for SyslogView

In a standard MySQL setup, the logging of user logins/logouts is done by enabling the “general_log” logfile, which forces the MySQL process to log EVERYTHING. This can clearly produce bad performances under heavy load. To avoid such performance restrictions we added a new MySQL Audit Plugin to the Syslog View of NetEye.

Read More
02. 10. 2014 Thomas Forrer Log Auditing, NetEye, Syslog, Uncategorized

NetEye: Integration Logstash/Elasticsearch/Kibana

You probably already heard about Elasticsearch and its potential. Elasticsearch is a full-text search engine based on Lucene. It provides a RESTful web interface and schema-free JSON documents. To be able to better display logs collected by NetEye, we integrated three open source projects: Logstash, Elasticsearch and Kibana. Logstash parses logs and submits them to Elasticsearch, which saves them…

Read More
25. 09. 2014 Patrick Zambelli NetEye Updates, Syslog

Update of SyslogView 2.1.7 available

For the current NetEye 3.4 release, has been released an update of SyslogView. This version comes with these new features: Version 2.1.7: Add of new option -T to This option check the TCP Socket 514 to be available on the local Rsyslog server For now it is better to make use of -T and…

Read More
06. 12. 2013 MarinovMihail NetEye, Syslog

Windows process tracking with Safed

As well known, the Safed agent for Windows can collect events from the event log, filters them and forward the matched records to a centralized syslog server. There are some preconfigured set of events concerning basic activities that have to be tracked. The first one, and probably the most famous due to existing law conformity…

Read More