With the release of NetEye 4, we have also redesigned the Log Management module.
In this blog post I would like to briefly discuss the main innovations and
improvements in NetEye 4 Log Management.
First, the management and configuration interface of NetEye 4 Log Manager
appears in the unified NetEye 4 layout. Basically, it has to be said that
configuration is carried out via the central Icinga Director interface. This
has the advantage that all of Icinga Director’s host import functions can be
used. These include the import capabilities of Active Directory, ESX
environments, etc.
With the creation of suitable host templates and apply rules in Icinga
Director, the hosts can be easily imported and activated for log management.
Of course, either the syslog agent must be properly configured on the host side,
or else a suitable agent, such as Würth Phoenix Safed, must be installed. The
Würth Phoenix Safed Agent can also be centrally configured and distributed in
NetEye 4 Log Manager.
NetEye 4 Log Manager already comes pre-installed with the current Elastic
version 6. Thus customers already have the latest features of Elastic. In
my opinion, the most important innovation in NetEye 4 Log Manager is the
integration of Search Guard.
Search Guard is a security plugin for Elasticsearch and the entire ELK stack
that offers encryption, authentication, authorization, audit logging,
multi-tenancy and compliance features.
Search Guard is already installed in NetEye 4 Log Manager and, like NetEye 4,
it integrates Active Directory authentication. By using Search Guard, access to
the log information can be restricted or encrypted depending on the user or
group. As already mentioned, information for certain users or groups can be
completely hidden, or even encrypted, or displayed anonymously.
Search Guard can be configured in three ways, through its GUI, through a REST
API, and through config files that can be modified and reloaded. The Search
Guard GUI is integrated into the Kibana interface. This interface can be used
to create and assign rules and roles.
In conclusion, with NetEye 4 Log Manager and the associated Search Guard
integration, all the requirements of a modern log management system can be met,
from small businesses to multinational holdings. Personally, I can underline
this statement as I have already implemented several of these installations in
small environments as well as in large international settings.
Tobias Goller
Author
