How Do You Install Splunk in a Docker Container?

Problem scenario
You want to run Splunk from a Docker container. What do you do?

Solution
Prerequisites
Install Docker. If you need assistance, see this posting.

Procedures
1. Run this command: docker pull splunk/splunk:latest

2. Run this command, but replace “simpleword” with the password that you want the administrator account for the web UI to have:

docker run -d -p 8000:8000 -e ‘SPLUNK_START_ARGS=–accept-license’ -e ‘SPLUNK_PASSWORD=simpleword’ splunk/splunk:latest

3.

 » Read more..

Which Log File Shows a Record of Web Traffic on an Nginx Web Server Running on a Linux?

Problem scenario
You configured Nginx on a Linux server. You want to see if there has been activity on the website (e.g., via a web browser). What log file, visible on the back-end, has records of web browsing activity?

Solution
It is often here: /var/log/nginx/access.log

For general Nginx purposes, the nginx.conf file specifies the location of the Nginx logs and the names of the log files themselves.

 » Read more..

How Do You Quickly Add a New Event to the Windows Logs Using PowerShell?

Problem scenario
You like adding logging messages manually in Linux/Unix. You do it from the command prompt with “# write a cool message here”. You review the messages with a “history” command. You also append messages to log files in /var/log/foorbar.d with ‘echo “note this” ‘. How do you introduce your own messages into Windows event log?

Solution
Run a command like this but change “Application” to “Security” or whichever log category you want:

Write-EventLog -LogName Application -EventId 3 -Message “Continual Integration helps!” -Source “Windows Error Reporting”

# Note that “Windows Error Reporting” is just one of several valid sources.  » Read more..

How Do You Get the Kibana Web UI to Work?

Problem scenario
You want to try out he Kibana web UI. You are using Linux. How do you get Kibana to work?

Solution
Prerequisites

Install the ElasticStack. If you need assistance, see “How Do You Install the Elastic Stack on Any Type of Linux?

Procedures

1. Install nginx. If you need assistance,

 » Read more..

How Do You Install the Elastic Stack on Any Type of Linux?

Updated on 9/24/19

Problem scenario
You want to install Elastic Stack on different distributions of Linux with the same exact script.  What should you do?

Solution
Prerequisites
i. You should have at least 3 GB of total memory (a combination of virtual memory and RAM) allocated to the server. If you need to add memory,

 » Read more..

How Do You Troubleshoot the Logstash (or Elastic Stack) Error “logging.log4j.core.appender.RollingFileAppender”?

Problem scenario
You try to start Logstash but you get this error: “main ERROR Could not create plugin of type class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile: “

What should you do?

Solution
Do one of the two options below.

#1  Solution (rather simple, for a one-time fix)
Do not start the process with the root or some other regular user. 

 » Read more..

How Do You Capture Error Messages in a File of Your Choice Using Python Rather Than Have Them Printed to the Screen?

Problem scenario
You have a Python program that displays urllib3 (or some other type) of message to the screen.  You do not want them echoed there cluttering the screen.  You want them permanently stored in a log file.  How do you get a Python program to write to a log file?

Solution
Use these three lines, but replace “contint” with the name of your choice:

import logging

logging.basicConfig(filename=’contint.log’,

 » Read more..

How Do You Troubleshoot the Error “We are experiencing problems connecting to the Graylog server running on http://127.0.0.1:9000/api”?

Updated on 1/22/19

Problem scenario
You installed Graylog in a Docker container.  You open the URL for the server in a web browser.  You see this message:

” Server currently unavailable

We are experiencing problems connecting to the Graylog server running on http://127.0.0.1:9000/api. Please verify that the server is healthy and working correctly.

You will be automatically redirected to the previous page once we can connect to the server.

 » Read more..

How Do You Deploy Graylog in a Docker Container?

Problem scenario
You want to set up (install and configure) Graylog from a Docker container.  What do you do?

Solution
1.  Verify you have a least two processors with this command:  cat /proc/cpuinfo | grep -ic processor

Was the output two or more?  If so, proceed.  If not, get a server with two processors.  If you are using an AWS EC-2 instance, see this link to add a processor. 

 » Read more..

A List of Elastic Stack (Elasticsearch, Logstash, Beat, and Kibana) Books

The Elastic Stack used to be called the ELK Stack; this link provides more information. 

Applied Network Security Monitoring: Collection, Detection, and Analysis by Chris Sanders and Jason Smith
The Art of Monitoring by James Turnbull
ElasticSearch 5.0 Cookbook – Third Edition by Alberto Paro
Elasticsearch Blueprints by Vineeth Mohan
Elasticsearch: A Complete Guide by Bharvi Dixit,

 » Read more..