Monitoring

Monitor your hardware and services.

Network monitoring : log DNS queries with bind

Recording the DNS queries perform by devices on your network is a simple and efficient way of monitoring your network. In this blog post we show how to configure the bind DNS server to log these...

Read more
Deploy Loki on Kubernetes, and monitor the logs of your pods

Loki is a log database developed by Grafana Labs. In a previous blog post we have shown how to run Loki with docker-compose. In this blog post we will deploy Loki on a Kubernetes cluster, and we will use it to monitor the log of our pods.

Read more
Log management with Loki : getting started

Loki is a log database developed by Grafana Labs. It's similar to Elasticsearch, with some major conceptual differences:

Read more
Fixing "[circuit_breaking_exception] [parent] Data too large, data for [<http_request>]" ELK Stack error

Recently I have encountered an error I wasn't too familiar with how to resolve, working with the ELK Stack. This specific error is the "[circuit_breaking_exception] [parent] Data too large, data for [<http_request>]". It is not directly visible where the error originates from, but with some sleuthing I discovered that it is caused by Elasticsearch preventing some requests from executing to avoid possible out of memory errors, as detailed in Elasticsearch Circuit Breaker documentation.

Read more
Collecting data with Filebeat

In modern network infrastructures, there are a lot of sources of data, that can be of interest for collection and analysis, to see if possible suspicious activity is present in the network. More often than not, this data is collected and send to a Security Information and Event Management (SIEM) tool, running on the network, where it can be processed and reviewed by domain specialists.

Read more
The ELK Stack and how to use it

Managing big networks can be quite complicated- many inbound and outbound requests, network traffic, email correspondence and other activities that need to be monitored. It is quite easy for an attacker to obfuscate his actions, when we are confronted with large amounts of network data to analyze. Luckily there are ways to aggregate all this data and store it so it can be reviewed and hopefully discover any abnormal activity. Of course, I am talking about the use of a Security Information and Event Management (SIEM) framework. One such framework that has gained a lot of popularity, because of its modularity and open-source nature, is the ElasticSearch/Logstash/Kibana framework.

Read more
Security Onion : Getting started

Security Onion is a great tool that combines full packet capture, intrusion detection (snort and bro) and the elasticsearch-logstash-kibana (ELK) stack to store and visualize your security data. Let's see how to get started...

Read more