A while ago I switched from NXLog to Winlogbeat. One of the things I was missing: Plain ASC File parsing to the appender!
With NXLog it was easy to parse plain log files and ship them towards my Graylog Server!
Luckily, my mate @Mokkujin asked: “Why not use Filebeat? I use that all the time when I need to parse and ship plain ASC logs?”
As I mentioned before, I use use Graylog to centrally capture and store many logfiles. I collect and ship logfiles from many systems, like Linux servers and network elements, which is easy with Syslog. But I also have some Windows systems, and I want to have the event logs collected and shipped to my Graylog server.
I used the NXLog Community Edition for a long time to do that! And NXLog did an excellent job! But there was on drawback: NXLog required me to use a dedicated configuration for each system, what I did with included. I couldn’t establish a universal “one size fits all” configuration approach. Then I found Winlogbeat from elastic!
And with Winlogbeat I was able to create a universal config that I can initially deploy to all Windows based servers! Yes, there are still some tweaks that you might want for each system (based on the role and use case of the system), but the universal approach worked very well for me.
I use Graylog to centrally capture and store many logfiles. The multi-tier solution based on Elasticsearch and MongoDB is awesome!
I also use Nginx a lot. In this case, I use it as reverse proxy to provide a secure access to Graylog. The web-frontend of Graylog works like a charm if you follow the instructions in the Graylog documentation here.
Here is a collection of a good practice ruleset of Office 365 Protection Alert’s.
A while ago I published an article about Office 365 minimum security baseline, based on some feedback and questions, I decided to create a good practice Ruleset of Office 365 Activity Alert’s.
Here is a collection of a good practice ruleset of Office 365 Activity Alert’s.
A while ago I published an article about Office 365 minimum security baseline, based on some feedback and questions, I decided to create a good practice Ruleset of Office 365 Activity Alert’s.
I decided to use embedded Gist Source code in the future. I used my own HTML style (based on hilite.me) in the past to prevent user tracking and unnecessary cookie usage.
I figured out a way to prevent any unnecessary cookie usage for most embedded content (like embedding Gist Source code).
In September 2019, IBM-owned Red Hat announced CentOS Stream. It is a rolling release version of CentOS.
Doesn’t sound like a big deal, but CentOS Stream is no longer a full-blown clone of the very stable Red Hat Enterprise Linux (RHEL), the development is now a parallel thing, and the upstream is now Fedora and not RHEL.
Since a while, some Windows 10 installations report “No Internet” even if the device has a working internet connection.
That is annoying and sometimes only irritating, but some systems have significant issues with it.
I had to do a lot of debugging with PowerShell based WebRequest’s the last few days.
One issue I had: I saved the Cookie that a call returned. Now the Call returned two cookies instead of one, and my call didn’t handle that correctly.
I use PowerShell to access a lot of API’s! Since a while some calls that are correct get the error: “The remote server returned an error: (401) Unauthorized.”.
In my case, this was only the case when I used Windows PowerShell (e.g., PowerShell 5.x)! PowerShell Core (7.x) worked fine.
