Alfaia com Linux

1.Infraestrutura e pré-requisitos 2. Instalação do Elasticsearch 3. Instalação do MongoDB 4. Instalação do Graylog Server 5. Instalação do Graylog Web 6. Configuração dos clientes e envio de Log 6.1 – Configuração do Input de logs 6.2 – Configuração do Firewall 6.3 – Configuração em envio de logs 7. Verificação dos logs na interface Web 8. Graylog via proxy com o Nginx “Open source log management that actually works” – www.graylog.org Neste tutorial vamos instalar e configurar o Graylog para a centralização e análise de logs. É fundamental ter uma ferramenta para análise de logs na sua infraestrutura, isto te possibilita um debug mais apurado do ambiente, melhora a segurança, ajuda a compartilhar informações com os times, auxilia na monitoração com o uso de triggers, centralização de logs, enfim é uma ferramenta estratégica que oferece vários recursos para uma boa análise da sua infraestrutura. Graylog é uma excelente alternativa ao Splunk e Kibana+Lo

The Elastic Stack, consisting of Elasticsearch with Logstash and Kibana, commonly abbreviated "ELK", makes it easy to enrich, forward, and visualize log files.  ELK is especially good for getting the most from your Snort 3.0 logs.  This post will show you how to create a cool dashbaord: The dashboard shows the following: bring_da_heat - a heat map that plots event priority vs classification apple_pie - a pie chart that shows total bytes transferred by app greatest_hits - a data table that shows the rules generating the most events global_hot_spots - a geo plot of the event source address* size_o_gram - a histogram of logged packet / buffer sizes Get Started To get started, you will need to install the following: Snort 3.0 from https://snort.org/downloads/#snort-3.0 or from https://github.com/snortadmin/snort3 snort3-community-rules.tar.gz from https://snort.org/downloads#rules Open App ID from https://snort.org/downloads#openappid Elastic Stack from

Using command in Oracle Linux in the installation Snort 3.0 export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib

The section will walk you through building and running Snort. It is not exhaustive but, once you master this material, you should be able to figure out more advanced usage. Dependencies Required: autotools or cmake to build from source daq from http://www.snort.org for packet IO g++ >= 4.8 or other recent C++11 compiler dnet from https://github.com/dugsong/libdnet.git for network utility functions hwloc from https://www.open-mpi.org/projects/hwloc/ for CPU affinity management LuaJIT from http://luajit.org for configuration and scripting OpenSSL from https://www.openssl.org/source/ for SHA and MD5 file signatures, the protected_content rule option, and SSL service detection pcap from http://www.tcpdump.org for tcpdump style logging pcre from http://www.pcre.org for regular expression pattern matching pkgconfig from https://www.freedesktop.org/wiki/Software/pkg-config/ to locate build dependencies zlib from htt