Blog Entries

07. 03. 2018 Juergen Vigna NetEye, Syslog

Analyze your OpenLDAP Logs

Suppose you have an OpenLDAP Server and you want to analyze what it does.  A good way to do this is to send the logs to NetEye’s LogServer.  Some elements you will see include: – Returned Entries! (ENTRY) – Search Operations! (SEARCH) – Total Connections! (BIND) To do this you need to add a new… Read More

07. 02. 2018 Juergen Vigna NetEye, Syslog

Harmonize Your Monitoring with Your Elasticsearch Database Entries

If you have an Elasticsearch Database like the one in the NetEye Elastic Stack Module then you are surely interested in integrating this information into your Monitoring environment.  To do this, use this new plugin: check_elasticsearch_query # /data/neteye/usr/lib/nagios/plugins/local/check_elasticsearch_query –help Check a count of number of events fount in elasticsearch over a query and timeframe Usage:… Read More

31. 10. 2017 Juergen Vigna Log Auditing, NetEye, Syslog

Sending Cisco Syslogs to Elasticsearch: A simple guide

Do you use Cisco’s network infrastructure? Would you like to view its logs through the syslog protocol in an Elasticsearch database? Find out below about the filters and templates needed for the Logstash setup. As you probably already know, you need a Logstash instance in order to get indexed data into the Elasticsearch database. Cisco… Read More

06. 06. 2017 Giuseppe Di Garbo Log Auditing, NetEye, Syslog

How to send logs from servers in the cloud to NetEye?

Keeping an offline copy of your logs does not only provide better visibility from the system management point of view, but also turns out to be extremely precious in case of a security incident during which your local copies have been affected. As many of you might know, the Log Management module of NetEye offers… Read More

15. 12. 2015 Patrick Zambelli Asset Management, Development, Log Auditing, NetEye, Real User Experience Monitoring, Release Notes, Syslog

NetEye 3.6 and RUE 1.9 Have Been Released!

Effective log auditing, meaningful reports and better integration of the single modules The new version NetEye 3.6 provides some substantial improvements, to respond to specific customer needs, as well as to satisfy the continuously growing requirements in the complex world of IT monitoring. Major investments were made in the fields of reporting and SLA measurement…. Read More

03. 12. 2015 MarinovMihail Log Auditing, NetEye, Syslog

Trace Windows Administrators Login Activities with Safed

Sometimes it is required to trace login/logoff activities of the administrator in order to be compliant with legal guidelines or simply for security reasons (see also our article “What to do with all those logs“). The Safed agent for Windows can be easily configured to collect administrator’s login/logoff. The agent is deployed with some administrator discovery commands,… Read More

12. 08. 2015 Thomas Forrer Log Auditing, NetEye, NetEye Updates, Syslog

Updated Safed Agent v1.8.1

08. 01. 2015 Patrick Zambelli NetEye, NetEye Updates, Syslog

Rsyslog open FileHandler control with SyslogView 2.1.8

To keep the number of open TCP connections of the Log Auditing server under control, the SyslogView version 2.1.8 contains a control in the daily archiviation script, to check the number of currently open connections. This issue could be found in particular situations, where SAFED or other Audit agents might send across a routing device … Read More

09. 10. 2014 Thomas Forrer Log Auditing, NetEye, Syslog, Uncategorized

NetEye: New MySQL Audit Plugin for SyslogView

In a standard MySQL setup, the logging of user logins/logouts is done by enabling the “general_log” logfile, which forces the MySQL process to log EVERYTHING. This can clearly produce bad performances under heavy load. To avoid such performance restrictions we added a new MySQL Audit Plugin to the Syslog View of NetEye.

02. 10. 2014 Thomas Forrer Log Auditing, NetEye, Syslog, Uncategorized

NetEye: Integration Logstash/Elasticsearch/Kibana

You probably already heard about Elasticsearch and its potential. Elasticsearch is a full-text search engine based on Lucene. It provides a RESTful web interface and schema-free JSON documents. To be able to better display logs collected by NetEye, we integrated three open source projects: Logstash, Elasticsearch and Kibana. Logstash parses logs and submits them to Elasticsearch, which saves them… Read More

25. 09. 2014 Patrick Zambelli NetEye Updates, Syslog

Update of SyslogView 2.1.7 available

For the current NetEye 3.4 release, has been released an update of SyslogView. This version comes with these new features: Version 2.1.7: Add of new option -T to This option check the TCP Socket 514 to be available on the local Rsyslog server For now it is better to make use of -T and… Read More

06. 12. 2013 MarinovMihail NetEye, Syslog

Windows process tracking with Safed

As well known, the Safed agent for Windows can collect events from the event log, filters them and forward the matched records to a centralized syslog server. There are some preconfigured set of events concerning basic activities that have to be tracked. The first one, and probably the most famous due to existing law conformity… Read More

29. 11. 2013 MarinovMihail NetEye Updates, Syslog

Safed 1.6.7

The new version of Safed 1.6.7 comes with a new system administrator discovery executable based on .Net. This version is compatible with old version configurations ( < 1.6.5). Pay attention, the 1.6.6 version that came few days ago had had the same feature but when upgrading an old installation, the system admnistrator discovery configuration of… Read More

25. 06. 2013 Patrick Zambelli Log Auditing, Syslog

SyslogView: Windows Eventlog integration into the MessageConsole

The SyslogView module is the log and events collector for activities on remote hosts. Log messages or Eventlog entries of a Microsoft server are collected with this tool and stored for later auditing or search. A recent customer request was to make these incoming events more transparent for monitoring. What if the remote SAFED agent… Read More

15. 03. 2013 Patrick Zambelli NetEye Updates, Syslog

SyslogView Fix release 2.0.8 – Search 1.2.6

– Added additional Syslog Agent definition for every supported operating system. Each additional definition is customizable and provides compatibility towards older versions of SAFED before 1.6 and possible custom port and communication settings. – FIX: The Syslog Search Statistic:  ( configuration -> search ) is not showing the indexing statistic. – FIX: Syslog Search Statistic:… Read More