In the enormous world of Log Collection, quite often customers need to collect logs from various systems in remote locations, like from an office in another country. For Icinga we know that the latest NetEye 4.20 release fully supports distributed monitoring, but what about the Log Manager and SIEM modules? Is it possible to use…
Read MoreWe fixed a bug which prevents the activation of log signature via Icinga Director for hosts with hostname different than FQDN. Another bug we fixed was causing neteye_secure_install to fail in the cluster environment when influxdb was restarted. In addition, we fixed the background of the quick navigation that was transparent in some conditions. For…
Read MoreWe fixed two bugs in Logstash: an issue related to corrupted jvm.options configuration files, which prevents Logstash from starting properly a pipeline bug will cause Logstash to index every time in the same index which will grow up infinitely if a proper rollover template is not defined For NetEye 4.19 we updated the following packages:…
Read MoreWe fixed a bug in Logstash pipelines which causes, in some cases, logs to be written on the day before invalidating the logmanager blockchain. For NetEye 4.19 we updated the following packages: elasticsearch elasticsearch-autosetup elasticsearch-neteye-config elasticsearch-xpack-license elastic-stack-userguide filebeat filebeat-autosetup filebeat-neteye-config kibana kibana-autosetup kibana-neteye-config logstash logstash-autosetup logstash-neteye-config logstash-neteye-config-autosetup to version 7.12.1_neteye3.30.1-1
Read MoreWe have several customers using IBM AS400 whom we’ve helped in the past collect logs of system administrators under NetEye 3. Now with NetEye 4 we’ve improved log collection, making it compliant with the ECS standard and configuring a special internal port (5514) for NetEye to process these logs and syslog logs in general. Let’s…
Read MoreBeginning with NetEye 4.17, the NetEye Log Management module has been able to rely on the new Real Time Log Signing architecture, which aims to overcome some weaknesses in the previous Log Management implementation based on rsyslog. One of the core components of the new architecture is the new El Proxy daemon, whose tasks are…
Read MoreFirst of all, I’d like to explain in simple terms what Elastiflow is all about. ElastiFlow is a NetFlow analyzer that works with the Elastic Stack. The Elastiflow Analyzer can collect various network flows, such as netflow or sflow, and write them to Elastic, taking into account the ECS format. In addition, the Elastiflow Analyzer…
Read MoreSeveral customers have asked us how they can collect DNS logs. In our solution, we proposed a Packetbeat Agent that allows you to collect data and send them to our centralized NetEye SIEM directly, or via a NetEye satellite. The Domain Name System (DNS) provides a hierarchy of names for computers and services on the…
Read MoreWe fixed a bug in the SIEM Module, which prevented Kibana Canvas to work properly. For NetEye 4.17 we updated the following packages: icingaweb2-module-kibana and icingaweb2-module-kibana-autosetup to version 1.17.1-1
Read MoreSIEM Module We fixed a bug in SIEM Module which prevents Kibana to generate reports. For NetEye 4.17 we updated the following packages: elasticsearch elasticsearch-autosetup elasticsearch-neteye-config elasticsearch-xpack-license filebeat filebeat-autosetup filebeat-neteye-config kibana kibana-autosetup kibana-neteye-config logstash logstash-autosetup logstash-neteye-config logstash-neteye-config-autosetup to version 7.10.1_neteye3.22.1-1. Tornado Module We fixed a bug in Tornado which prevented, in cluster installations, the configuration…
Read MoreTornado is an event-driven engine that substitutes the previous engine called Eventhandler. Its use in NetEye is becoming ubiquitous, and this is just the start! One of its main uses in the NetEye ecosystem is to trigger status changes within Icinga (this in turn will usually send emails to stakeholders). However, understanding exactly what is…
Read MoreMeeting the highest security standards is an absolute priority in NetEye. For this reason, in the continuous process of improving security in NetEye 4, we brought an important architectural improvement in the Log Manager module in the NetEye 4.17 release. The new architecture takes the name of Real Time Log Signing and its main focus…
Read MoreI’m writing this article with the goal of summarizing the events of recent days concerning the zero-day vulnerability that has struck Microsoft Exchange installations, and to provide some useful information to help you understand how the attack began, how it developed, and what we should expect in the immediate future. First of all, a quick…
Read MoreWe recently integrated two dashboards into NetEye SIEM to check what is happening within Active Directory, a component that is present in the vast majority of our customer environments. These two dashboards start from the collection of security events that are gathered across the various Windows servers that make up the infrastructure, and are then…
Read MoreIn my previous post I showed you how to make your own alerts on NetEye SIEM by using the Elastic Watcher and Alerts and Actions features. But if we work in production environments, what we really need is an alert that can go directly to NetEye’s Monitoring Overview. How can we manage SIEM alerts and…
Read More