Alejandro Baez<p>I been messing around trying self hosted options for logs. Mostly to scratch an itch, but also to know what is available in the market.</p><p><a href="https://fosstodon.org/tags/openObserve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openObserve</span></a> is nice, but feels pretty clunky for what I want. Found this thing called <a href="https://fosstodon.org/tags/seq" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>seq</span></a>, which is kind of brilliant. But right now, I've settled with <a href="https://fosstodon.org/tags/victorialogs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>victorialogs</span></a> from <a href="https://fosstodon.org/tags/victoriametrics" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>victoriametrics</span></a>. </p><p>It can ingest <a href="https://fosstodon.org/tags/elasticsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>elasticsearch</span></a> formatted logs. But you get the ease that <a href="https://fosstodon.org/tags/loki" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>loki</span></a> was trying to do. I have to say, I'm impressed. 😄</p><p><a href="https://docs.victoriametrics.com/victorialogs/logsql/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.victoriametrics.com/victo</span><span class="invisible">rialogs/logsql/</span></a></p>
photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto
Please refer to the site rules before posting.
Administered by:
Server stats:
238active users
photog.social: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#openobserve
0 posts · 0 participants · 0 posts today
MalwareLab<p>During the <a href="https://infosec.exchange/tags/SharkBytes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharkBytes</span></a> session at <a href="https://infosec.exchange/tags/SharkFest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SharkFest</span></a> conference I had an opportunity to present a lightning talk about my pet project called IDS Lab.<br>It is a lab infrastructure deployable as docker containers, which simulates the small company network.</p><p>The IDS Lab consists of web webserver with <a href="https://infosec.exchange/tags/Wordpress" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wordpress</span></a>, <a href="https://infosec.exchange/tags/MySQL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MySQL</span></a> database, <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> desktop with RDP, the <a href="https://infosec.exchange/tags/WireGuard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WireGuard</span></a> VPN for "remote" workers and for connecting another virtual or physical machines into the lab network.<br>This part of infrastructure can be used for attack simulations.</p><p>There are additional components for playing with logs and detections, too: <a href="https://infosec.exchange/tags/Fluentbit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fluentbit</span></a>, <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Suricata</span></a> and <a href="https://infosec.exchange/tags/OpenObserve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenObserve</span></a> as lightweight SIEM. </p><p>In the <a href="https://infosec.exchange/tags/SIEM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIEM</span></a> we already have preconfgured dashboards for alerts, netflows, web logs and logs from windows machines, if present.</p><p>Using the provided setup script, the whole lab can be up and running in up to 5 minutes. For more info, please check my GitHub repository with the IDS Lab:</p><p><a href="https://github.com/SecurityDungeon/ids-lab/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/SecurityDungeon/ids</span><span class="invisible">-lab/</span></a></p><p><a href="https://infosec.exchange/tags/sf24eu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sf24eu</span></a> <a href="https://infosec.exchange/tags/wireshark" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>wireshark</span></a> <span class="h-card" translate="no"><a href="https://ioc.exchange/@wireshark" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>wireshark</span></a></span></p>
Özkan Pakdil 🦖<p>Since morning I am searching for a nice free log analyzer, I used <a href="https://techhub.social/tags/splunk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>splunk</span></a> around 12 years just wanted to search quickly on some application logs, most probably log4j or log4net logs. I tried <br>- <a href="https://techhub.social/tags/ELK" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ELK</span></a><-too hard to install configure<br>- <a href="https://techhub.social/tags/graylog" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>graylog</span></a><-too complex or non working docs<br>- <a href="https://techhub.social/tags/jaeger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jaeger</span></a><-wanted json format<br>- <a href="https://techhub.social/tags/openobserve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>openobserve</span></a><-does not have simple log upload or file path provider, needs fluentd or kubectl</p><p>I did not know splunk is this good, now I am convinced it is super product. Feel free to tell if you have a good suggestion and boost please for reach.</p>
Live feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload