Blog Entries

25. 10. 2024 Tobias Goller Log-SIEM

Enhancing Cybersecurity with Elastic Defend: A Technical Consultant’s Perspective

In today’s digital landscape, cybersecurity is paramount. As a technical consultant, I’ve seen firsthand how organizations struggle to keep up with evolving threats. One tool that’s consistently stood out in the fight against cyber threats is Elastic Defend. In this blog post, I’ll delve into what Elastic Defend is, its key features, and how it…

Read More
28. 08. 2024 Tobias Goller Unified Monitoring

ntopng Updates

On 14.08.2024 ntopng released its latest version 6.2. I’d like to use this post to emphasize some of the key innovations it brings. There were many changes and bug fixes in this release. Some major improvements and enhancements are as follows: Furthermore, ntopng is now cloud-aware. Over the ntop cloud you’ll be able to control…

Read More
08. 07. 2024 Tobias Goller Unified Monitoring

Collecting Netflows – ntopng vs. ElastiFlow

In order to be able to carry out detailed network monitoring, an IT administrator naturally wants to know what is happening in his or her network. To obtain this information, the network flows must of course be analyzed. Many network devices offer the option of creating netflows, which are sent to a recipient who can…

Read More
06. 05. 2024 Tobias Goller Unified Monitoring

QUIC, What’s That?

As you may know, I do ntopng consulting, and support companies in their implementation of ntop solutions. For some time now, ntopng users have noticed a high amount of QUIC traffic in their respective networks. Most people don’t really know what QUIC is, which is why I’d like to take this as an opportunity to…

Read More
05. 03. 2024 Tobias Goller Unified Monitoring

nBox Mini

Every now and then I like to keep you up to date about news in the ntop environment. This time it’s not news about analysis methods or software, but about a new hardware solution. If you’re someone looking for a hardware-based, scalable, optimized, and purpose-built solution, without the hassle of software installation, chances are you’re…

Read More
13. 02. 2024 Tobias Goller NetEye, Unified Monitoring

SNMP Trap Archiving in Elastic via Tornado

First of all, I’ll briefly explain what the “Tornado” in NetEye actually is. Tornado is a Complex Event Processor that receives reports of events from data sources such as monitoring, email, and SNMP Traps, matches them against rules you’ve configured, and executes the actions associated with those rules, which can include sending notifications, logging to…

Read More
18. 10. 2023 Tobias Goller Unified Monitoring

ntopng – Display Multiple Metrics in One Graph

After my last ntopng trainings, which I taught as an instructor, I noticed that many ntopng users were not familiar with the display of multiple time series charts overlapping in one graphic. Since I believe that this is one of the most important display options, I’ll use this blog post to show you how to…

Read More
25. 09. 2023 Tobias Goller NetEye, Unified Monitoring, Visual Synthetic Monitoring

Alyvix Modules in NetEye

Today I want to report on my first experience with the new Alyvix integration in NetEye. At the same time as NetEye version 4.30, another revised update of the Alyvix module was released for NetEye. And just recently in August I had my first opportunity to install and operate this revised module together with its…

Read More
10. 07. 2023 Tobias Goller Unified Monitoring

ntop News in the Next Release

At the end of June, Luca Deri gave a webinar presenting the new features of the next ntopng release. I’d like to take this opportunity now to present these innovations to all of you. The main enhancements of the new release have been made in the following areas: Extension of the ntopng functionalities for the…

Read More
27. 04. 2023 Tobias Goller Anomaly Detection, Unified Monitoring

Alerting on Network Traffic Anomalies with ntopng

Today I’d like to tell you about the possibility of alerting when anomalies in network traffic are encountered. I use ntopng to generate, evaluate and forward these alerts. If you don’t know about ntopng, let me briefly describe for you what it does. According to its creator, ntopng is a High-Speed Web-based Traffic Analysis and…

Read More
01. 03. 2023 Tobias Goller NetEye

Enable DNS Caching on RedHat 8

I was recently with a customer when he pointed out to me that his NetEye 4 system with its RedHat 8 operating system was sending an extremely large number of DNS queries to the DNS servers. After quickly analyzing the situation I found that RHEL does not cache DNS queries by default. Obviously the customer…

Read More
21. 10. 2022 Tobias Goller NetEye

GlusterFS on NetEye 4 and RedHat 8

As you’ve probably read in a previous blog by my colleague Jürgen Vigna, we use GlusterFS for particular requirements in our NetEye 4 cluster environments. After we completed the migration from the operating system CentOS 7 to RedHat 8, a few small things have changed or been updated. For all those who are new to…

Read More
22. 08. 2022 Tobias Goller NetEye

NetEye Upgrade to RedHat 8 – My Experience

As you probably all know, a new NetEye version is released every two months. For this reason I’d like to emphasize that we recommend regular updating of your NetEye system. In particular with version 4.23 we released a major update of the operating system from CentOS 7 to RedHat 8. Since we’re doing a lot…

Read More
12. 04. 2022 Tobias Goller Unified Monitoring

News from nBox and ntopng

In the last few weeks I installed and configured some nBoxes with the new ntopng version 5.2. Now I’d like to briefly tell you all about it. For all of you who don’t know what an nBox is, I’ll relay the official definition here: nBox Recorder is a network traffic disk recorder application. With nBox…

Read More
22. 03. 2022 Tobias Goller Icinga Web 2, Machine Learning, NetEye

Performance Metrics Collection from NetEye to Elastic

Today my objective is to collect the performance metrics from various NetEye Icinga checks and write them out to Elasticsearch so I can apply Machine Learning (ML) algorithms to identify potential anomalies. This is a task that’s not possible with the open-source version of InfluxDB installed in NetEye. Moreover, this data in Elastic is used…

Read More

Archive