jisosomppi / log-analysis Goto Github PK
View Code? Open in Web Editor NEWCentralized logging and analysis of security logs in a network
License: BSD 3-Clause "New" or "Revised" License
Centralized logging and analysis of security logs in a network
License: BSD 3-Clause "New" or "Revised" License
Not a bug as much as an idea, would it be possible to add the minion ID in the Kibana log feed events? Now the minions are recognizable by their IP addresses, but it may add clarity.
//Ubuntu 16.04
After running server installation, networking service is failed
ID: networking
Function: service.running
Result: False
Comment: The named service networking is not available
Started: 10:42:29.597023
Duration: 10.751 ms
Changes:
This becomes also after
$ sudo salt '*' state.highstate --state-output terse
Instruct users not to run scripts on same machine.
Issue also solved by simply being smarter
Not sure if I should be worried. But after running
After the installation finishes I receive the error message:
Everything works fine otherwise so I think this isn't a serious issue. But I'd find it helpful if there was something telling the user that the failure isn't critical.
Also all the previous steps were completed. So the issue isn't about missing files.
The log-analysis/salt readme file in my opinion could use an overview on what the salt states/scripts do before any lines of code. That way it is easier to see if this project is of any use to potential clients.
The info for this part should have a path to where the creation of the new index is found, for example like commented in the right spot:
The logging frontend is Kibana, which is automatically set up and started on the master.
The interface can be accessed either locally on the server (http://localhost) or from any salt minion (http://logserver.local). Kibana requires minimal setup after the initial scripts:
**Add: Go to Discover-page found on the left side-bar.**
Create new index (the easiest index pattern for this is " * "), choose @timestamp as the time filter
Go to the Discover tab to see log entries
Apache logs are not in master
Apache is installed in minion, and locally there are log events at minion.
I didn't see any Firewall setup for Master server.
Centralized logs might require good security.
If Master is a droplet in DigitalOcean, how can I use Kibana from there?
Error when installing master on DigitalOcean. Droplet is new and made only for this test.
Report:
root@ubuntu-s-1vcpu-1gb-ams3-01:~# ./serversetup.sh
Updating packages...
Installing git and salt...
Cloning repository...
Cloning into 'log-analysis'...
remote: Enumerating objects: 122, done.
remote: Counting objects: 100% (122/122), done.
remote: Compressing objects: 100% (121/121), done.
remote: Total 2793 (delta 72), reused 0 (delta 0), pack-reused 2671
Receiving objects: 100% (2793/2793), 16.53 MiB | 7.24 MiB/s, done.
Resolving deltas: 100% (1666/1666), done.
Running automated setup... (This will take a while)
file_ignore_glob: []
Rendering SLS 'base:nginx' failed: Jinja variable str object has no element 0
Server setup is now complete!
You can access the Kibana logging frontend at http://localhost
Collected client logs will be found in /var/log/client_logs
Direct your clients to this servers IP address:
142.93.234.33 10.18.0.5
Run 'sudo salt srv01 state.apply fixperms' when new
host directories or log files are created
./serversetup.sh: line 33: firefox: command not found
Serversetup.sh does not work properly if there is no /srv/ directory. Example:
xubuntu@xubuntu:~$ ./serversetup.sh
Updating packages...
Installing git and salt...
Cloning repository...
Cloning into 'log-analysis'...
remote: Enumerating objects: 65, done.
remote: Counting objects: 100% (65/65), done.
remote: Compressing objects: 100% (65/65), done.
remote: Total 2736 (delta 38), reused 0 (delta 0), pack-reused 2671
Receiving objects: 100% (2736/2736), 16.52 MiB | 17.48 MiB/s, done.
Resolving deltas: 100% (1632/1632), done.
Running automated setup... (This will take a while)
mkdir: cannot create directory ‘/srv/salt’: No such file or directory
mkdir: cannot create directory ‘/srv/pillar’: No such file or directory
cp: target '/srv/salt' is not a directory
cp: target '/srv/pillar' is not a directory
file_ignore_glob: []
local:
Name: states - Function: no.None - Result: Failed
Summary for local
------------
Succeeded: 0
Failed: 1
------------
Total states run: 1
Total run time: 0.000 ms
Server setup is now complete!
Access the Kibana logging frontend at http://localhost
Client logs will be found in /var/log/client_logs
Direct your clients to this servers IP address:
172.28.171.14 2001:708:b1:1ab::1:158
Run 'sudo salt srv01 state.apply fixperms' when new
host directories or log files are created
Quick solution -> add these three lines at the start of serversetup.sh
if [ ! -d "/srv/" ]; then
sudo mkdir /srv/
fi
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.