Webinar: Incident management in Energy Logserver – from SOC to Analytics

Welcome.

We hope that you are all staying safe and healthy in these interesting times. At Energy Logserver we are working non-stop to deliver best quality features for you. That is why we would like to share with you what is new.

Energy Logserver is currently at 7.0.3 version. In this version we strongly focused on event correlation and alerting along improved internal auditing. We want to highlight most interesting aspects of this version.

 

Major changes

Improved types of alerts:

  • Chain – possibility to tailor each individual rules one after another. The rule is triggered when threshold is met and the expected data sequence occurs. Example: detection of failed logins followed by success.
  • Logical – activates when selected alerts are triggered with defined logic. Example: detection of at least 3 failed logins OR root login AND 2 service configuration changes.

Agent module:

With Energy Logserver 7.0.3 expect new look of Agents Module, responsible for central management. We’ve improved reliability, better control for agents state and others – all available from user interface.

Skimmer:

Familiar with Skimmer, our internal monitoring process? New version provides more cluster health-check metrics, like:

  • Indexing rate – shows EPS in the system
  • Expected data nodes – Energy Logserver measures its performance and calculates how much data nodes it requires for optimal workflow.
  • Heap usage – shows assigned memory usage for every component group in Energy Logserver infrastructure
  • Disc space – monitor disc space usage, so you can see how much space is left for the data and you’ll never run into troubles.
  • and others..

If you are not familiar with Skimmer, then you definitely should check it out!

https://kb.energylogserver.pl/en/latest/21-00-00-Monitoring/21-00-00-Monitoring.html#skimmer

 

Our community is giving us new challenging questions, which we are addressing. We are happy to work along those who share love for monitoring software. Solving issues together is very satisfying. Here are some highlights:

How to deal with oversized Kafka documents in Logstash?

https://energylogserver.pl/en/how-to-deal-with-oversized-kafka-documents-in-logstash/

How to remove duplicated or not important messages from syslog?

https://energylogserver.pl/en/how-to-remove-duplicated-or-not-important-messages-from-syslog/

Why processing time of logstash DNS filter is slow?

https://energylogserver.pl/en/dns-logstash-filter-is-slow/

 

Webinars coming soon:

Incident management in Energy Logserver - from SOC to Analytics

03.12.2020 starting 11 AM CET

Click here to register: https://zoom.us/webinar/register/WN_r8Qzg_vPRd-Vhk5pT4L9kQ

Description:

During this webinar we will look at how to search data for errors and anomalies. We will create incidents and look at how to work with Energy Logserver from two perspectives - operational and analytical with dashboards.

 

Stay safe and happy searching!

Energy Logserver team