Vulnerability Scanner integration
Vulnerabilities are common problem in IT community. Some are serious, other – not so much. Most important is to know if any vulnerabilities are present in our systems, how critical they are and how they can be fixed. There are tools that can help you do get that information, called vulnerability scanners. Vulnerability scanners check […]
Newsletter 7.0.4 and Webinar: archive mdoule
Welcome. Happy New Year from Energy Logserver Team We are glad to announce that Energy Logserver is currently at version 7.0.4. This version brings some amazing changes along with new module – archive, which lets you manage automatic archiving data. More about it below. First thing. If you are interested in seeing new features in […]
Detecting and alerting user login events after office hour
This is one of most common alerts and is easily done with use of Energy Logserver. Even more – such alert is already predefined and placed in installation package by default. For Windows users we detect night logons. This has been applied in our previous deployments for Linux users or users from dedicated services which […]
Detecting and alerting Abnormal Network Traffic Pattern
For monitoring anomalies in traffic we are using multiple approaches. Of course we can support Energy Logserver with dedicated network probe, which is equipped with Netflow Analazing module and is detecting anomalies by default. Such probes is receiving netflow from selected span port and can be also used as virtual appliance. Other than that we […]
Detecting and alerting DDoS attacks in Energy Logserver
DDoS attack can be detected with Energy Logserver by few approaches, which we did in previous deployments with multiple customers. In all scenarios we are interested in getting notification or taking specific action based on detection, that is why we are using alerting. We can either integrate with firewall software, which is capable of detecting […]
Webinar: Incident management in Energy Logserver – from SOC to Analytics
Welcome. We hope that you are all staying safe and healthy in these interesting times. At Energy Logserver we are working non-stop to deliver best quality features for you. That is why we would like to share with you what is new. Energy Logserver is currently at 7.0.3 version. In this version we strongly focused […]
How to remove duplicated or not important messages from syslog?
Issue description we all know this entry in the syslog: ... last message repeated ... times can it somehow be easily ruled out? Issue solution Yes, they can. There are many ways to do so and below is only one such example: filter {   if [source] == "/ var / log / messages" {     if […]
DNS logstash filter is slow
Issue description I've used the DNS filter on the logstash, but i can clearly see that the indexing speed has decreased by adding resolve. Does it have to be so slow? Logstash config from documentation: filter {   dns {     reverse => [ "source_host", "field_with_address" ]     resolve => [ "field_with_fqdn" ]     action => "replace"   } […]
How to deal with oversized Kafka documents in Logstash?
Issue description Kafka does not accept documents because the documents are too large. Increasing the limits does not help, because I have reached the level of 10MB and still some logstash events are still not sent to kafka. After some time this results in the logstash queue being full, which in turn leads to […]
Future Tech Event with our partner – CyberX
We are proud to announce the Future Tech Event conference in Oman, whose platinum sponsor is our partner from the MENA region - CyberX. Future Tech Event is an event presenting the latest ICT products and services, the latest devices, consumer electronics and the most modern intelligent technology in all sectors - including cybersecurity. At […]