“It’s in the body right above the signature” 
Which is worst?
- Bible quotes in signature
- Comic sans
- Bottom-quoting
- CCing everybody in the world “just FYI”
- Any person guilty of any of the above offenses should be stood up against the wall and put down, two in the heart one in the head, execution-style
0 voters
2 Likes
Anyone have any good suggestions for a centralized logging server?
I’m looking for something that does syslog/Windows event log monitoring. Preferably something that is open source and easily maintainable.
This will primarily be used for networking equipment and Windows hosts. I’ve seen some suggest SolarWinds Kiwi, but that doesn’t seem to do analytics without Log Analyzer. I’ve also seen GrayLog and Splunk suggested a lot as well.
RIP, but who cares, its a company not the government
but it cost $$$
2 Likes
There was just a long thread about this. Let me find it.
Here:
For me, Elk and Graylog were the most compelling options.
2 Likes
pepperidge farm remembers when snort (and nessus) was free
2 Likes
I just wish they had free tier options (they might never looked into it)
Post on reddit complaining that bible quotes in email signatures are inappropriate/out of place.
Thread is shut down for being inappropriate/out of place.
lol
4 Likes
Ha! Yeah, valid point. In the past they seem to let things slide beyond the point of no return. Perhaps they (the mods) don’t sit and babysit the sub. 
Yes, I have learned much today and have a stronger faith in internet message boards. I can’t believe, today was a good day.
In other news, I have spun up an ELK stack at home and I’m running Fedora and Kubuntu on my workstations. Nginx is load balancing my portfolio page between two FreeBSD servers, and I’m completely redoing the site in Python + HTML.
I will soon have the ultimate self host box 
Also, ESO worked really well on Kubuntu 
2 Likes
Anyone have CISSP on my list of certs to pick up.
2 Likes
If you want to move into I.T. Leadership go for it. Otherwise, pass, imo. Get CCNA Security or RHCE.
Quick question about ELK and maybe modern log aggregators in general.
Do you deploy that on top of a basic syslog server (or does it include one), or how does it scrape logs out of hosts?
Have CCNA Sec already
2 Likes
If only that would help you fix your ubiquiti ap.
1 Like
LOL the cost of ubiquiti is throw away not repair XD on the real aparently the CCNA Cyber Ops Fundamentals i passed should renew my CCNA/CCNA Sec so might have some more time on the horizon ( makes CCNA Cyber Ops test not due till like Jan next year)
2 Likes
I mirrored my companies setup:
Elasticsearch01 + Elasticsearch02 + Elasticsearch03 = Elasticsearch Cluster
Linux hosts run filebeat and metricbeat agents and forward to Logstash01
Logstash01 => Elasticsearch Cluster => Elasticsearch indexes logs
Kibana01 provides a dashboard to filter and view the logs files and metrics
Filebeat, Metricbeat, Winlogbeat, etc. are agents on the hosts that forward the requests to Logstash.
Out of the box, it will pick up Apache, IIS, syslog, and a few other things. We “programmed it” to grab our custom logs.
4 Likes
How does this work on things like routers or appliances where you are limited in what you can install on them?
Oh I see, so the path-of-least-resistance in a lot of configs is probably just to point the syslog to it?
1 Like
That’s a good question, I will ask the team. My domain is just in AWS with a handful of VMware VMs (out of my control, I just control the server and the software on the server).
However, Logstash and Elasticsearch have their standard ports they listen on. You just point the *beat config to the server. Technically, you don’t have to have Logstash. You can throw it directly into Elasticsearch. But EK sounds stupid.
Yeah, it picked up Apache and IIS immediately. You can write some custom patterns in a Ruby DSL.
1 Like