Future Tech Event with our partner – CyberX

We are proud to announce the Future Tech Event conference in Oman, whose platinum sponsor is our partner from the MENA region - CyberX.

Future Tech Event is an event presenting the latest ICT products and services, the latest devices, consumer electronics and the most modern intelligent technology in all sectors - including cybersecurity.

At this event, we will have the opportunity to listen to presentations by the founder of CyberX, Mohannad Alkalash, and our engineer - Szymon Ćwieka.


To sign up for the event and listen to the lectures, please click here: https://www.futuretechevent.com

Continous development of Energy Logserver and ITRS partnership

At Q2 of 2019 Energy Logserver started partnership with globally successful company - ITRS Group. Since then, that partnership evolved every month, creating ITRS Log Analytics dedicated product, which is supplementing ITRS products group.

ITRS Log Analytics, just like Energy Logserver focus on modern, next-gen approach for security. This is combination of multiple data sources with correlation, such SIEM could be delivered to satisfy needs of multiple departments and teams.

More than that, software is delivered with big database of predefined alerts and rules, which allows for seamless integration into existing architecture. Thanks to that, monitoring both IT Operations and security related data is easy.

We recommend reading post on ITRS blog, which is available under this link: https://www.itrsgroup.com/blog/log-analytics-for-security

Energy Logserver – new level of integration

Energy Logserver, as a tool for managing large amounts of data, will always try to integrate with the largest possible amount of devices and data. We present a new solution that allows you to query Elasticsearch documents from the OP5 Monitor and Nagios level. Saved objects and documents can be used.
Thanks to this, we can obtain even more detailed data and make monitoring of IT infrastructure more consistent and readable.

What’s more, the scripts used for integration are issued under the Apache-2.0 license. We encourage you to use the hope that it will improve the quality of monitoring.

Project details and links below:


This plugin check Elasticsearch query total documents. It is aimed to work with Energy Logserver, OP5 Log Analytics and is supposed to work with opensource Elasticsearch and x-pack.

Dependencies for Centos 7:
# yum install perl-Monitoring-Plugin perl-libwww-perl perl-LWP-Protocol-https perl-JSON perl-String-Escape perl-Data-Dumper

$ ./check_elasticquery.pl -U|--url= -i|--index=
[ -q|--query= ]
[ -S|--search= ]
[ -T|--timerange= ]

Usage examples
Total documents in ‘beats*’ index for latest 24 hours. Latest 24 hours is default time range.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*'

Execute saved search named protection for latest 15 minutes. By default it checks @timestamp field, you can change it in –timefield option.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m'

As above plus show one latest document.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1

As above plus filter output to selected fields.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1 -f message,timestamp

As above plus limit output fields value to 100 characters.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1 -f message,timestamp -l 100

Execute lucene query.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -q 'beat.name:example.com' -T 'now:now-15m' -D 1 -f message,timestamp

Execute json query. Time range option wouldn’t work. You should define time range in query.

./check_elasticquery.pl -U 'http://user:password@localhost:9200' -i 'beats*' -j -q ' { "size": 0, "query": { "bool": { "must": [ { "query_string": { "query": "task:\"Special Logon\"", "analyze_wildcard": true, "default_field": "*" } }, { "range": { "@timestamp": { "gte": "now-1d/d", "lte": "now/d" } } } ] } } } '

Energy Logserver major release 7.x

Energy Logserver major release 7.x

The latest Energy Logserver major release is now available. Most important change is that from now on Energy Logserver is based on version 7.3.2 Elasticsearch and Kibana.

We've also added new module - XLSX Import, which allows to import into Energy Logserver any csv or xlsx format file with data directly from GUI. Additional options cover creation of new index with custom mapping based on data in file.

We've also by default added curator into installation package for index management, along with custom icons for modules.

Read more in changelog below or at:

  • migrated features from branch 6 [ latest:6.1.8 ]
  • XLSX import [kibana]
  • curator added to /usr/share/kibana/curator
  • node_modules updated! [kibana]
  • elasticsearch upgraded to 7.3.2
  • kibana upgraded to 7.3.2
  • dedicated icons for all kibana modules
  • eui as default framework for login,raports
  • bugfix: alerts type description fix

FedCSIS 2020 Data Mining Competition

FedCSIS 2020 Challenge: Network Device Workload Prediction

FedCSIS 2020 Data Mining Challenge: Network Device Workload Prediction is the seventh data mining competition organized in association with Conference on Computer Science and Information Systems (https://fedcsis.org/). This time, the considered task is related to the monitoring of large IT infrastructures and the estimation of their resource allocation. The challenge is sponsored by EMCA Software and Polish Information Processing Society (PTI).


By this challenge, we want to  answer the question of whether it is possible to reliably predict workload-related characteristics of monitored devices, based on historical data gathered from such devices. This task is of paramount importance for IT and technical teams that can put their hands on a tool that allows them to manage the capacity of their infrastructure.

An additional difficulty within this challenge, and also the reason why it might be especially interesting for the data science community, arises from the fact that devices considered in the data are not uniform. In essence, logs cover readings from various types of hardware. Some of them are cross-dependent, as they are a part of the same IT system. Moreover, some devices have multiple interfaces for which the data is aggregated.

More details regarding the task and a description of the challenge data can be found in the Task description section (see: https://knowledgepit.ml/fedcsis20-challenge/)

As in previous years, a special session devoted to the competition will be held at the conference. We will invite authors of selected challenge reports to extend them for publication in the conference proceedings (after reviews by Organizing Committee members) and presentation at the conference. The papers will be indexed by the IEEE Digital Library and Web of Science. The invited teams will be chosen based on their final rank, innovativeness of their approach, and quality of the submitted report.

Authors of the top-ranked solutions (based on the final evaluation scores) will be awarded prizes funded by our sponsors:

First Prize: 1500 USD + one free FedCSIS'20 conference registration,
Second Prize: 1000 USD + one free FedCSIS'20 conference registration,
Third Prize: 500 USD + one free FedCSIS'20 conference registration.
The award ceremony will take place during the FedCSIS'20 conference. Please note that the winners will only be eligible for the money prizes only if their final score exceeds the baseline solution score by at least 10%.

For all additional details, see:

Energy Logserver on SEMAFOR 2020

Energy Logserver on SEMAFOR 2020

Energy Logserver continues the tradition from 2 years ago and this year we will also appear at SEMAFOR as one of the patrons of the event. We invite everyone to take part in our lecture, which will be led by EMCA CEO, Artur Bicki. The topic we will face this year is SIEM from Elasticsearch.

The lecture will be devoted to the issues of building the SIEM platform based on project components around Elasticsearch. Based on the Energy Logserver system, the functionalities of analyzing and handling security events will be presented. On a vivid example, we will present the possibilities of analyzing and correlating events from logs and network traffic, as well as managing detected incidents.
Let's meet on March 19 at 12:10.


SEMAFOR is one of the largest cyber security conferences in Poland. For years it has been a place where the most modern and best solutions in the field of IT security are presented. Participants can not only gain extremely valuable knowledge straight from global experts, but also establish partner and business relationships.

The two-day event will be held in Warsaw on March 19-20. Start at 8 am!


6.1.8 New version Energy Logserver!

6.1.8 New version Energy Logserver

The latest Energy Logserver update introduces improvements to existing mechanisms, but adds a number of new tools.
Fully compatible with version 6.x elasticsearch, Energy Logserver introduces, among others:
Logtrail - a tool for analyzing and reading service logs straight from system files that are updated on a regular basis. Clear interface with code coloring and search highlighting.
Cerebro - a graphical interface for working with api elasticsearch without logging in to the system console, available from the browser level.
IP Reputation - a mechanism for verifying IP addressing in IP reputation databases, supporting in the analysis of network traffic. The databases are automatically updated.
A collection of improved and new visualizations and dashboards, available to the user.

Version 6.1.8

Enhancements in Netflow support
Logtrail feature for covering all system components logs [kibana]
Cerebro Management tool support [kibana]
Automation for Bad IP reputation lists
Default Role integrated dynamically when working with AD accounts [elasticsearch-auth]
Explained additional logging class for elasticsearch in log4j
Detailed restore process of functional indexes [elasticsearch-auth]
AD/LDAP/SSO API - new endpoint /role-mapping/_reload [elasticsearch-auth]
License API - new endpoint /license/_reload [elasticsearch-auth]
Better radius integration with NAS-Identifier and NAS-IP-Address [elasticsearch-auth]
Skimmer components updated to 1.0.8
Backup script updated - utils/small_backup.sh
Java environment updated to branch v11
Network graph/corellation - new vizualization type [kibana]


bugfix: CSV Export not working due to wrong binary definition
bugfix: Error when trying to delete alert rule with an apostrophe in the name
bugfix: Reading of configuration variables in the Config tab [kibana]