It’s the seemingly simple things that seem to eat into meaningful productivity, and for me, I’ve struggled on multiple times with Fluentd’s parsers related to non-standard time formats. This post is an attempt to share what I’ve worked through in an attempt to help any others who might be faced with the same issues that …
Wazuh provides and extremely valuable view into the security health of your systems. However, there are times where the default, out-of-the-box rules don’t work well for you. There’s a nice tutorial on custom rules in the Wazuh documentation, however, it wasn’t apparently clear to me the hierarchical nature of these rules. As a consequence, when …
There are many common approaches to logging. However, since my home environment is running SecurityOnion (SO), I’m going to focus on three common ones and show how to do an end-to-end configuration with SO. If you’re curious about Filebeat, I’ve already written about it here. Fluentd Fluentd is extremely popular, while providing many options and …