I'm trying to use the ealstic stack as a SIEM (Security Information and Event Management) solution and came across a lot of issues that I couldn't solve:
1 - with the new elastic 8.5 is the logstach still part of the stack or can I replace it with the elasticsearch ingest pipelines and the elastic agent which push the logs directly to ealsticsearch ?
2 - is the new version of elastic security good enough as a SIEM solution or do i need to integrate another open source security solution ? if so which ones could help me for optimal performance ?
as elastic documentation is a bit complicated if there is any other useful content and resources please share with me
Related
I need some help on finding a way to manage my log information.
I have 20 windows servers build with application on glassfish which generate logs everyday, so to manage these log in case i need to find something specific from all my servers im trying to group all these data on a single server (windows or linux) and filter them according to my specs.
Best regard Egis
It's too broad question but a common solution it's ELK Stack
elasticsearch - to store the data
logstash - to process the data, installing it on servers that generate log to send they to elasticsearch server
kibana - visualize the data
An article explaining the stack solution
https://www.guru99.com/elk-stack-tutorial.html
I´m planning a new web-project and want to implement node.js microservices. Now I´ve read a lot and found out that it will be a recommended way to do that with docker/kubernetes for availability and scaling.
It will be my first project and a have a lot of question now. Hopefully the community helps me out a bit with it:
Kubernetes-Cluster:
One of my first questions is the cluster. What is the best way to start with the cluster? Azure AKS is mostly used in web-tutorials, but isn´t it possible to start with an own server installing Docker and Kubernetes via a webhosting?
My biggest problem is that I don´t know to to calculate prices on Azure. For me it is clear that the cluster hasn´t any costs, but how do I calculate VM and Traffic.
And what about having a lot of API´s, should be each API an own AKS-Service on Azure = 1 VM which is 24 hours up and running?
It should be a webproject, all API´s must be available 24 hours.
Has anyone experiences with using Azure AKS with an similar project and has some explanations for me.
If it is possible with an webhosting package, has someone a tutorial how to start with it?
Thanks to all for help, hopefully there is someone to clarify some points for me.
According to #Bricktop -Please start using Kubernetes to get practice:
Locally:
Minikube
Kubeadm
In cloud (please create free account) you can find more details below:
Gcloud
Azure
AWS
After getting some knowledge about your solution, how it works what resources are necessary (related to this project - please use monthly billings provided by the Cloud-provider of your choice. You can use also "Pricing Calculator" from the official websites.
Hope this help
Compared to plain vanilla PhP/MySQL, what's the upside of Cloud?
A typical block of contents would be approximately 30,000 snippets of text, each 300 characters or less in length.
I'm looking at some good documents on buckets and objects and wondering if there's any reason for me to dive into all that.
Just a rough idea would be appreciated. Am I barking up the wrong tree even thinking of Cloud for this?
p.s. just guessing: is the way to go to run MySQL in the Cloud?
It will depend on the cloud service you choose. On the cloud you can choose between an IaaS, a PaaS or a SaaS.
On an IaaS you will get an infrastructure as a service where you need to install MySQL, the web server, ...
On a PaaS, all these services could be enabled just with click of your mouse and you will just use the service without taking care of the config or the installation process.
This blog article will give you an idea about how to use a MySQL database on a PaaS.
Regarding the web server, for PHP could be something really easy like zip your project and use a command to deploy your application without any config. See here an example.
I am developing a site using following technologies,
Ruby on Rails,(ruby 1.8.7,rails 2.3.5)
Cassandra 0.6.8,
I want to index the Cassandra Database using Lucandra,
How do I do this?
Is there any RESTful APIs or any web services available for this, so
that I can push the data to index database?
Please share if any ROR example using Lucandra, that really help us to
move forward.
Or Guide me some steps to achieve this.
I am googling for 3 days and I am not getting any examples using
Lucandra in ROR.
Your help will be appreciated in advance
The Solandra project which is replacing Lucandra no longer uses
thrift, only Solr. http://github.com/tjake/Lucandra
This means you can use any of the Solr supported gems like
acts_as_solr
I'm recommending elasticsearch. It has rest api, ruby & rails clients.
https://github.com/angelf/escargot
https://github.com/grantr/rubberband
Elasticsearch is the most advanced free search solution in the world today. It's based on lucene, has High Availability, fault tolerant, partitioned, high performance, scalable, state of art technologhy , open source, more simple than solr... It's success belongs to it's author Shay Banon. He has years of experience as an architect in this field. Solr (and solandra) is nowhere near of it. Simply investigate both, you'll see yourself.
my best
Serdar
We are finding it very hard to monitor the logs spread over a cluster of four managed servers. So, I am trying to build a simple log4j appender which uses solrj api to store the logs in the solr server. The idea is to use leverage REST of solr to build a better GUI which could help us
search the logs and the display the previous and the next 50 lines or so and
tail the logs
Being awful on front ends, I am trying to cookup something with GWT (a prototype version). I am planning to host the project on googlecode under ASL.
Greatly appreciate if you could throw some insights on
Whether it makes sense to create a project like this ?
Is using Solr for this an overkill?
Any suggestions on web framework/tool which will help me build a tab-based front end for tailing.
You can use a combination of logstash (for shipping and filtering logs) + elasticsearch (for indexing and storage) + kibana (for a pretty GUI).
The loggly folks have also built logstash, which can be backed by quite a few things, including lucene via elastic search. It can forward to graylog also.
Totally doable thing. Many folks have done the roll your own. A couple of useful links.. there is an online service, www.loggly.com that does this. They are actually based on Solr as the core storage engine! Obviously they have built a proprietary interface.
Another option is http://www.graylog2.org/. It is opensource. Not backed by Solr, but still very cool!