Funny thing...

For many weeks I couldn't power off my work laptop. For some reasons system (it's Ubuntu there) didn't shut down and I always had to use power button. I blamed snap nonsense (which frequently generates other problems) or keeping Yubikeys inserted too much time.

Today I tried to check memory usage and ran #htop. I was surprised when I found many background processes from services I tested long time ago, mostly related to #Logstash. It reminded me I experimented with data transfer between remote systems and set my computer to send data to development server. Later I disabled services on that server and forgot about these tests. And my computer tried to send data for more than 3 months and didn't let turn system off unless it will be successfully sent :blobcatjoy:​
Of course I disabled all remained services.

Today I could turn off my laptop without using power button first time since December :blobcatjoy:​

#it #sysadmin #Linux

Ingest data from #Logstash to @AzDataExplorer
#365daysofADX Day60

#AzureDataExplorer (#ADX) Logstash plugin enables you to process events from Logstash into an Azure Data Explorer database for later analysis.

Learn More
[1] https://learn.microsoft.com/en-us/azure/data-explorer/ingest-data-logstash
[2] https://learn.microsoft.com/en-us/azure/data-explorer/connector-overview

we're currently also working on re-using the same ingest pipelines on logstash. because that is a common transition. also bringing logstash to the #kubernetes operator
so #logstash is very much alive. but probably not what you want for starters

worth repeating, since this is such a common question: is #logstash "going to be dropped/replaced"?

yes and no :)
I'd only start using logstash when you need it (JDBC input, multiple outputs, DNS lookups,...). otherwise agent / beats + #elasticsearch ingest should be simpler to get started and potentially slimmer
but for large users, many use logstash. both for features and scale

I think it is amazing when I try to configure #rsyslog to accept #tls via #gtls via #imtcp with #certs on a #ubuntu server. Then when I configure a rsyslog client without any certs configuration, I see this loglines on the rsyslog with certs passing. Weird. Next attempt is to deliver from rsyslog with certs to #logstash with certs. As last option switch to #filebeat

wrote a quick blog post on: "did a #git(hub) pull request / commit make the release?"
example from #logstash where it got trickier than normal: https://xeraa.net/blog/2023_pull-request-commit-release/

I just deployed the #ELK stack to demonstrate log analysis to an audience of IT Ops engineers 👨‍💻. It was easy to ingest #MongoDB ‘s logs and process them through #LogStash ‘s JSON filter and to get #Kibana to show a count of connections from each client node. Before the demo, I looked at using #FluentD which RedHat uses in #OpenShift as the #EFK stack.

New from me: #DISHMedia swaps #observability sprawl for @elastic #cloud service, as the vendor looks to start a new chapter in its relationship with Amazon Web Services (#AWS) under new executive leadership.

https://www.techtarget.com/searchitoperations/news/252528605/Dish-Media-swaps-observability-sprawl-for-Elastic-Stack-SaaS

#amazon #ITmonitoring #elasticstack #elasticcloud #vulnerabilitymanagement #incidentresponse #dataanalytics #AIOps #elasticsearch #kibana #logstash

New from me: #DISHMedia swaps #observability sprawl for @elastic #cloud service, as the vendor looks to start a new chapter in its relationship with Amazon Web Services (#AWS) under new executive leadership.

https://www.techtarget.com/searchitoperations/news/252528605/Dish-Media-swaps-observability-sprawl-for-Elastic-Stack-SaaS

#amazon #ITmonitoring #elasticstack #elasticcloud #vulnerabilitymanagement #incidentresponse #dataanalytics #AIOps #elasticsearch #kibana #logstash

Microsoft Sentinel’s Technical Playbook for MSSPs is out.
Some of these updates in this version include:

- Repositories to deploy custom content
- Codeless connector platform
- Ingestion time transformation
- Normalization and ASIM
- Sentinel health
- New long term storage using Archive
- Search and Restore for Archived logs
- Basic logs tier

To download the latest updates to the MSSP playbook version click here https://aka.ms/mssentinelmssp

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/update-to-microsoft-sentinel-s-technical-playbook-for-mssps-is/ba-p/3670838

#microsoft #sentinel #mssp #microsoftsentinel #siem #soar #asim #pipelines #repositories #automation #devops #bicep #api #CIDC #json #github #azuredevops #pipelinetransformation #enrichment #azure #threatintelligence #azurelighthouse #basiclogs #correlation #ama #logstash #normalization #architecture #soc #globalsoc

@mhamzahkhan ELK is heavy weight. If all you want is centralised logging, you might be able to just leverage the L in #ELK. #LogStash will consolidate your logs, but without the bells and whistles provided by #ElasticSearch and #Kibana.

Alright #SOC fellas, #threathunting folks and #blueteam friends - I am revamping my SIEM setup - moving to #cloud next month; also evaluating in last couple of years how is #ELK holding up against #Wazuh

Would you recommend to update ELK & continue with improving it, or it’s a good time to dip my toe in the world of Wazuh?

Expected log sources/ purpose:
Few HTTP #honeypot (Nginx, nix), 1 vulnerable server (nix) , may be pi-hole (not yet setup), home IOT and daily drivers (max and windows)

Tags: #SIEM #logstash #kibana #ioc #threatintel
%toot_23%

Does anyone here use #logstash and have you found a way to do proper load balancing across a large fleet of Logstash servers? We’ve tried DNS, HAProxy, and Netscalers, the clienrs continue to stick to the servers they initially connected to and will not let go until to force kill those connections, so the load doesn’t get evenly distributed. #elastic #elasticsearch

Spent more time than I'd care to admit today playing around with the #Elasticsearch and #Logstash components of the "ELK" stack. Because I'd heard that Logstash was the toughest to get running, I started there. And it really wasn't bad to get installed and set up (just some weird permissions issues on #Debian).

However, I didn't realize that there's just no way to run Elasticsearch on a 32b kernel. Fail.

Anyone know any drop-in alternatives to ELK's Elasticsearch that are lighter-weight?

#logstash
Если DLQ очень резво забивается, куда тыкать? Очистка помогает, но не панацея совсем.

Just added: YAML Config with Event IDs of Active Directory Domain Service Events with Criticality Info https://hannahsuarez.github.io/2021/Active_Directory/ #logging #logstash #yml #elasticsearch #elk

Now updated with #Elastic #Kibana #Logstash #logging and pretty pictures #Stratum1 #GNSS #GPS #NTP #Server on #pcengines #APU4C4 in @NTPPool https://blog.infosecworrier.dk/2020/04/stratum-1-ntp-server-ntppoolorg.html

Want to parse out domain tld info in #logstash and can't get logstash-filter-tld installed
https://blog.infosecworrier.dk/2019/08/installing-logstash-filter-tld-plugin.html
#Elastic #Logging #Domain #DNS #FQDN

https://blog.infosecworrier.dk/2019/08/installing-logstash-filter-tld-plugin.html
#ElasticStack #ELK #Logstash #DGA #FQDN #Analysis

Installing logstash-filter-tld plugin on newer Logstash versions
#ElasticStack #ELK #Logstash #DGA #FQDN #Analysis

https://www.peerlyst.com/posts/installing-logstash-filter-tld-plugin-for-newer-logstash-versions-martin-boller