SIEM – Log Management
JVM Configurations
We fixed some bugs related to the Elastic JVM configurations, that was duplicating log files in the default directory. The JVM configurations are now up to date and the organization of configuration files has been improved.
El Proxy
We fixed a bug in El Proxy related to the retry strategy for sending signed logs to Elasticsearch. Previously, after a document has been rejected from the Elasticsearch ingest pipeline, all non-signed logs were deleted during the retry phase including the mandatory “timestamp” field. Our solution now ensures that all mandatory fields remain intact during the retry strategy. Additionally, we enhanced the logging of El Proxy errors in the DLQ logs for easier debugging.
Logstash Elastic Agent input port
We fixed a bug for which the port, used by Logstash to listen from events coming from Elastic Agent, was not opened on the firewall of some of the Operative Nodes.
NetEye Setup
During new cluster installations, the /etc/neteye-cluster configuration file was missing a field indicating the creation timestamp of the cluster. We fixed this bug by reintroducing the missing field in new cluster installations.
Upgrade Manager
We fixed a bug in the upgrade procedure related to fencing. The procedure now, whenever an update of pacemaker or corosync is present, ensures fencing is disabled to prevent possible issues when nodes are put in standby.
Furthermore, we fixed an issue related with the check of missing updates, which may have given an error in case a change of RedHat Release.
Updated packages
We updated the following packages:
- elastic-agent, elastic-agent-neteye-config, elastic-stack-configurator, elasticsearch, elasticsearch-neteye-config, elasticsearch-xpack-license, filebeat, filebeat-neteye-config, kibana, kibana-neteye-config, logstash, logstash-neteye-config to version 8.11.3_neteye3.63.5-1
- neteye-setup, neteye-setup-configurator to version 1.127.1-1
- elastic-blockchain-proxy, elastic-blockchain-proxy-autosetup, elastic-blockchain-proxy-configurator to version 1.2.5-1
- neteye-upgrade-manager to version 0.58.1-1
Emil Fazzi
Software Developer, R&D Team in the "IT System & Service Management Solutions" group at Würth Phoenix.
Author
Latest posts by Emil Fazzi
17. 01. 2025
Automation, Development, Documentation, Log-SIEM
Elasticsearch Magic: Achieving Zero Downtime during User Guide Updates