Tech notes

Deploy Graylog using SaltStack and supporting formulas I’ve written a formula for deploying Graylog with additional Salt formulas for Elasticsearch and MongoDB, which  support a Graylog install. Currently, this has only been deployed on CentOS 7 so the Salt states are pretty specific to CentOS and RHEL based distros. There are plans to expand support […]

Content Packs for Graylog Lately, I have been working with Graylog a lot so I decided to update a few items on github and update their entries on the Graylog marketplace website. BRO content pack for Graylog The BRO IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog […]

Overview For anyone that doesn’t know, Security Onion is a custom Linux distribution running on Ubuntu that can be used as a Network Intrusion Detection System (NIDS). Security Onion integrates several configurable apps like BRO IDS, Snort, Suricata, and OSSEC to name a few. By default, there is an integrated ELSA Stack that can be […]

This is post 11 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 10 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 9 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 8 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 7 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 6 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]

This is post 5 of 11 in the series “Setting up a multi-tiered log infrastructure” Setting up a multi-tiered log infrastructure Part 1 --- Getting Started Setting up a multi-tiered log infrastructure Part 2 --- System Overview Setting up a multi-tiered log infrastructure Part 3 --- System Build Setting up a multi-tiered log infrastructure Part […]