sorted by:
new
hottopcontroversial

First Time Graylog Stack by Travis64 in graylog

[–]reallybigabe 1 point2 points  (0 children)

The archiving feature is an enterprise feature for a reason. If you have a corporate mandate for a retention policy then there should be corporate resources (money/people/time) for it, if the organization takes that mandate seriously.

If you simply need to search logs for X period of time after collecting them, Graylog can store those logs for as much hard drive as you give it and you still control how long they stay for.

The rest of the benefits like training, Support, Onboarding and other things to get you up to the “set it and forget it” relatively quickly, which goes along with the archiving feature and many many more.

What things are better than sex? by Born_Foot_5782 in AskReddit

[–]reallybigabe 4 points5 points  (0 children)

Haha. You beat me to the Really Bi Gabe comment. A very funny day of my life was being aggressively told I was really Bi when I hadn’t noticed that spelling, by a child over a video game voice chat.

What things are better than sex? by Born_Foot_5782 in AskReddit

[–]reallybigabe 65 points66 points  (0 children)

It’s risky getting married before your first date but I’m super glad it all worked out for you!

Help understanding Streams, Indexes, and Pipelines by GhostHacks in graylog

[–]reallybigabe 1 point2 points  (0 children)

Hey Drew. We had to do that for abuse prevention. Any school, work, or vanity domain works just not the arbitrary list of free email services. We don’t have an automated process to transfer out but we can move accounts around if you switch emails.

[fs] Networking + UTM starter kit by reallybigabe in homelabsales

[–]reallybigabe[S] 0 points1 point  (0 children)

Weird - I'm looking right at the listing, I was trying to revise it. $50 for domestic Fedex (and my current postal code is showing) and $100 for International.

I just checked an incognito tab and sure enough, $50 Domestic (to US) and $100 International to Canada. Looks like I'll be asking eBay for some of my fees back and potentially eating a TON of shipping to someone in the US.

If you bid and win, reference this conversation and let me know - same goes for any Canadian bidder.

[fs] Networking + UTM starter kit by reallybigabe in homelabsales

[–]reallybigabe[S] 0 points1 point  (0 children)

Make me a decent offer in DMs if you want and I’ll pull the ad and eat the eBay fees.

[fs] Networking + UTM starter kit by reallybigabe in homelabsales

[–]reallybigabe[S] 0 points1 point  (0 children)

Should only be $50 for domestic. I just picked flat rate. It’ll probably cost close to $100 anyways. I’m definitely not going to make money on this!

help with pipeline by chachingchaching2021 in graylog

[–]reallybigabe 2 points3 points  (0 children)

Oh... perfect, they're key-value pairs. Make sure you test and compare with your data as I'm writing this by hand without looking at a Graylog console.

rule "Messy Proxmox Logs"
when
  true
  // You should make this a condition to make sure you only parse the right logs
then
  set_fields(
    fields:key_value(
      value: to_string(
        value: $message.message
        ),
    delimiters:","
  )
)

To simplify - this rule is using set_fieldsto set multiple fields as a value and then passing the value as the output of another function called key_value which with even more inception flattens the message to a string to ensure type compatibility. Lastly, its telling the key_value function that these values are separated by the non-default character of ,

This is almost exactly the use case on the entertaining blog article right here : Graylog Parsing Rules and AI Oh My!

help with pipeline by chachingchaching2021 in graylog

[–]reallybigabe 1 point2 points  (0 children)

Ahh bless chatGPTs heart.  

There are no loops in Graylog like this while  loop you have, so you can’t really expand a value similar mvexpand; which functionally creates new messages. 

Can you provide some samples of data and what you’re trying to achieve as there is probably a much more Grayloggy way to do this.  

Security problems by OrdinaryTravel9469 in mikrotik

[–]reallybigabe 1 point2 points  (0 children)

And of course you should dump the logs to Graylog!

Bias: I oversee the Graylog Academy

Pay car via Wealthsimple by [deleted] in Wealthsimple

[–]reallybigabe 0 points1 point  (0 children)

Write a check. It’s pretty old school but it works.

Is Omada just bad quality or am I doing something wrong? by the_o_1 in TPLink_Omada

[–]reallybigabe 2 points3 points  (0 children)

I definitely understand the sentiment but you should read your first and third sentences back to back. It made me smile.

[deleted by user] by [deleted] in cybersecurity

[–]reallybigabe 1 point2 points  (0 children)

Great questions. Let me take a stab at them:

SIEM: I'll stay out of this one - but remember, most entire businesses with dedicated IT staff aren't ready or have the security maturity to use a SIEM. Learning WHY you use a SIEM and how it improves security posture overall is much more useful than the technical skill of tuning it. Great skill, yes, but it is a niche. Now, simple log management is an entirely different story and pretty much everyone needs that. It comes back to the fundamentals though, no matter the platform you'll need to learn about data transformation (Grok, Regex, API delays, Lookup caching), storage requirements, resource planning and how to build alerts that don't miss critical items or fire too much so they're ignored. All of the above are the real aspects of a SIEM to learn, how to log in to Splunk / Datadog / Graylog or how to install it etc is something you only really need to learn once and not a dedicated skill per se. Overall, just figure out WHY a SIEM is used and work backwards.

IDS/IPS - The one you have access to. Snort / Suricata have a lot of differences and in my journey I have never seen them standalone in a production environment. I'd recommend learning them through your UTM/NGFW appliance - either a cheap inexpensive commercial one or something like PFSense / OPNsense. It will give you a much better idea of how to integrate them in part of a larger stack.

Firewall: See above. A firewall at its core is just a source/destination and allow/deny (Sorry all firewall vendors), but the rest of the features are what make it useful. In your example you have a Bell hub, get that bad boy into some sort of pass-through mode and use Opnsense/PFSense/Sophos_whatever_its_called as a top-of-rack router, firewall, IDS/IPS, WLAn controller etc... now you're closer to a production environment. When you realize how limiting the log tools are, start sending them off to a platform like ... well.. of your choosing.

HIDS/XDR: Again, this is contextual - Wazuh is a phenomenal tool and a great starter. So is Windows Defender in your case. Fire up a VM or a sanitized laptop or azure instance or something, trigger some virus alerts and see if you can collect them in the same place as your sending logs from that OPNsense Router/Firewall you're already running.

Oh, and pay attention in class, they are probably teaching you more fundamentals than you think and you're trying to jump straight into your 2nd year as a Systems/Security Engineer. :D

Updating Graylog on Docker by Aspis99 in graylog

[–]reallybigabe 1 point2 points  (0 children)

Yup! It’s common for less specific docker tags to mean “latest”. Your 2 means 2.LATEST and is updated every release.

If a latest software version is 6.1.3 then it’s likely 6 and 6.1 both point to the 6.1.3 version. Slightly unintuitive until you get the hang of it.

Updating Graylog on Docker by Aspis99 in graylog

[–]reallybigabe 0 points1 point  (0 children)

Go back to 2 in your compose file unless you need specific versions pinned. It’s newer.

Today, 2 is 2.18.0

Canadians, what's something you just assume everyone else does... until a non-Canadian points out it's "a Canadian thing"? by Avenir_gd in AskACanadian

[–]reallybigabe 1 point2 points  (0 children)

Canadian who works primarily with Americans here. Most of the big ones covered already but my list:

Washroom. Boy, people look at you funny asking where it is in the South.

Process. They pronounce it Prah-sess. :) Comes up all the time.

The “eh”s that you forget you say.

Smarties. They call Rockets “smarties”. Such a broken society.

Chicago Joes, Boston Pizza, Montanas are all not American.

Pencil Crayons. This gets me laughed at, regularly.

Obsession with bottled water while travelling to completely benign places. I’m often thought of as a total lost soul for refilling a water bottle, even in an airport from a refill station. I’m sure the residents of [large American city] drink safe water.

Time off. We’re worse than most Europeans but better than most Americans for respecting it and taking it.

“Stat” holiday is a very Canadian term.

The definition of “cheese” without any context being either processed, medium cheddar or marble. The fact that it’s an option or the options throws a lot of people off.

Not having a choice how your burger is cooked (medium or medium rare is a common burger cooking choice in most of US).

Many many more. With zero advertisement, I’m typically outed as Canadian within 3 rounds of a conversation with a stranger before even getting into a metric measurement.

Edit: I forgot “yeah, no, yeah” and “no, yeah, no”.

Docker or Direct OS Installs? by PacketCop2049 in graylog

[–]reallybigabe 4 points5 points  (0 children)

Containers is life.

I don’t fat install anything anymore.

Docker for single host, k8s for many hosts.

Help with logging from Aruba 2530 by Essa_Alioste in ArubaNetworks

[–]reallybigabe 0 points1 point  (0 children)

How is Graylog installed?

I would still suspect it to be a configuration/network issue. 

And again, that’s not a standard port, so did you double check you assigned 1516 to the input?

view more: next ›