02. 10. 2014 Thomas Forrer NetEye

NetEye: Integrazione Logstash/Elasticsearch/Kibana

Dai log attraverso Logstash e Elasticsearch a Kibana

Dai log attraverso Logstash e Elasticsearch a Kibana

Per migliorare la visualizzazione dei log raccolti da NetEye abbiamo integrato tre progetti open source: Logstash, Elasticsearch e Kibana.

Logstash legge ed analizza i log raccolti da NetEye e li trasmette ad Elasticsearch (una full-text search engine basata su Lucene che mette a disposizione un’interfaccia web RESTful e documenti schema-free JSON) che li salva come dati strutturati. Dopo questo processo di raccolta, Kibana illustra i dati raccolti all’interno del modulo Syslog View di NetEye.

Con Logstash e Elasticsearch e’ possibile visualizzare i log in tempo reale, in questo esempio possiamo notare un utente ‘pb00170’ che effettua dei LOGON tramite il DC:

NetEye logs in tempo reale

logs in tempo reale

Grazie a Kibana3 tutti gli utenti NetEye hanno la possibilità di creare dei cruscotti personalizzati per visualizzare i dati aggregati con diversi modi di rappresentazione.

NetEye creare un cruscotto personalizzato grazie a Kibana

creare un cruscotto personalizzato

L’esempio sottostante mostra un cruscotto che visualizza il numero di utenti che hanno eseguito programmi MS Office attraverso Citrix. (Questo può essere utile per decidere quante licenze sono effettivamente necessarie.)

NetEye Kibana Esempio: accessi via Citrix

Esempio: accessi via Citrix

 

 Un esempio ulteriore e’ il seguente cruscotto che mostra le statistiche riguardanti gli accessi ai siti web sul webserver locale.

NetEye Kibana Esempio: accessi sito web

Esempio: accessi sito web

 

Thomas Forrer

Thomas Forrer

Team Leader Research & Development at Würth Phoenix
Hi folks! I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie. Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =) I love everything that is connected to some network, especially in a security perspective. My motto is: "With motivation, nothing is impossibile. It only requires more time."

Author

Thomas Forrer

Hi folks! I began loving computer since 1994, it was still the time of windows 3.1. Immediately I learned starting DOS games from the command promt, and while typing some white text on black background I felt like some hackish dude in a hollywoodian movie. Later during the studies at the university, I discovered the magic world of opensource, and it was love at first sight. Finally I got rid of BSOD's =) I love everything that is connected to some network, especially in a security perspective. My motto is: "With motivation, nothing is impossibile. It only requires more time."

Latest posts by Thomas Forrer

13. 12. 2021 Bug Fixes, NetEye
NetEye 4 APM, Log and SIEM Module – Security Advisory
20. 09. 2021 ctf-writeups, SEC4U
RomHack CTF 2021: Table of Contents Writeup
02. 08. 2021 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.19 Release Notes
03. 06. 2021 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.18 Release Notes
01. 04. 2021 Downloads / Release Notes, NetEye, Unified Monitoring
NetEye 4.17 Release Notes
See All

Related Content

Tags:

30. 03. 2015 Log Management, NetEye

[Update] Patch Released ! – LogManager (ex. SysLogView) zipping error of archived logfiles

To avoid a similar problem the next time change from winter to summer time ( i.e. CET to CEST )  a fix release has been published, backported for NetEye release 3.4. Update for NetEye 3.4 will be neteye-syslogview 2.1.9 Users Read More
02. 10. 2014 Log Management, Log-SIEM, NetEye

NetEye: Integration Logstash/Elasticsearch/Kibana

[caption id="attachment_10209" align="aligncenter" width="2342"] From the logs to Kibana[/caption] You probably already heard about Elasticsearch and its potential. Elasticsearch is a full-text search engine based on Lucene. It provides a RESTful web interface and schema-free JSON documents. To be able to better display Read More
25. 06. 2013 Log Management

SyslogView: Windows Eventlog integration into the MessageConsole

The SyslogView module is the log and events collector for activities on remote hosts. Log messages or Eventlog entries of a Microsoft server are collected with this tool and stored for later auditing or search. A recent customer request was Read More
09. 05. 2011 Downloads / Release Notes, Log Management

Neteye SyslogView Search 1.0.3

Changelog 1.0.3 - Fixed issue with date generation - now parser stops execution (with error) if no date is correctly generated.
26. 10. 2010 Log Management

Centralized syslog agent configuration for SAFED

Today's blog article will highlight the latest news from the Syslog Server development area. The focus lays on the integration of the distributed syslog agents into the SyslogView module of the NetEye server. The motivation for this strategic implementation is Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive