Alejandro Baez<p>I been messing around trying self hosted options for logs. Mostly to scratch an itch, but also to know what is available in the market.</p><p><a href="https://fosstodon.org/tags/openObserve" class="mention hashtag" rel="tag">#<span>openObserve</span></a> is nice, but feels pretty clunky for what I want. Found this thing called <a href="https://fosstodon.org/tags/seq" class="mention hashtag" rel="tag">#<span>seq</span></a>, which is kind of brilliant. But right now, I've settled with <a href="https://fosstodon.org/tags/victorialogs" class="mention hashtag" rel="tag">#<span>victorialogs</span></a> from <a href="https://fosstodon.org/tags/victoriametrics" class="mention hashtag" rel="tag">#<span>victoriametrics</span></a>. </p><p>It can ingest <a href="https://fosstodon.org/tags/elasticsearch" class="mention hashtag" rel="tag">#<span>elasticsearch</span></a> formatted logs. But you get the ease that <a href="https://fosstodon.org/tags/loki" class="mention hashtag" rel="tag">#<span>loki</span></a> was trying to do. I have to say, I'm impressed. 😄</p><p><a href="https://docs.victoriametrics.com/victorialogs/logsql/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">docs.victoriametrics.com/victo</span><span class="invisible">rialogs/logsql/</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
10Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#OpenObserve
0 posts · 0 participants · 0 posts today
MalwareLab<p>During the <a href="https://infosec.exchange/tags/SharkBytes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SharkBytes</span></a> session at <a href="https://infosec.exchange/tags/SharkFest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SharkFest</span></a> conference I had an opportunity to present a lightning talk about my pet project called IDS Lab.<br>It is a lab infrastructure deployable as docker containers, which simulates the small company network.</p><p>The IDS Lab consists of web webserver with <a href="https://infosec.exchange/tags/Wordpress" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wordpress</span></a>, <a href="https://infosec.exchange/tags/MySQL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MySQL</span></a> database, <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> desktop with RDP, the <a href="https://infosec.exchange/tags/WireGuard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WireGuard</span></a> VPN for "remote" workers and for connecting another virtual or physical machines into the lab network.<br>This part of infrastructure can be used for attack simulations.</p><p>There are additional components for playing with logs and detections, too: <a href="https://infosec.exchange/tags/Fluentbit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fluentbit</span></a>, <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suricata</span></a> and <a href="https://infosec.exchange/tags/OpenObserve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenObserve</span></a> as lightweight SIEM. </p><p>In the <a href="https://infosec.exchange/tags/SIEM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SIEM</span></a> we already have preconfgured dashboards for alerts, netflows, web logs and logs from windows machines, if present.</p><p>Using the provided setup script, the whole lab can be up and running in up to 5 minutes. For more info, please check my GitHub repository with the IDS Lab:</p><p><a href="https://github.com/SecurityDungeon/ids-lab/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/SecurityDungeon/ids</span><span class="invisible">-lab/</span></a></p><p><a href="https://infosec.exchange/tags/sf24eu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sf24eu</span></a> <a href="https://infosec.exchange/tags/wireshark" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>wireshark</span></a> <span class="h-card" translate="no"><a href="https://ioc.exchange/@wireshark" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>wireshark</span></a></span></p>
farcaller<p>Lol. Their docs can't decide on the port they use. <a href="https://hdev.im/tags/openobserve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openobserve</span></a></p>
Özkan Pakdil 🦖<p>Since morning I am searching for a nice free log analyzer, I used <a href="https://techhub.social/tags/splunk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>splunk</span></a> around 12 years just wanted to search quickly on some application logs, most probably log4j or log4net logs. I tried <br>- <a href="https://techhub.social/tags/ELK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ELK</span></a><-too hard to install configure<br>- <a href="https://techhub.social/tags/graylog" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>graylog</span></a><-too complex or non working docs<br>- <a href="https://techhub.social/tags/jaeger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>jaeger</span></a><-wanted json format<br>- <a href="https://techhub.social/tags/openobserve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openobserve</span></a><-does not have simple log upload or file path provider, needs fluentd or kubectl</p><p>I did not know splunk is this good, now I am convinced it is super product. Feel free to tell if you have a good suggestion and boost please for reach.</p>
Andy Blyler<p>I created an addon for <a href="https://hachyderm.io/tags/homeassistant" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homeassistant</span></a> last night that allows you to ship logs from your <a href="https://hachyderm.io/tags/hassio" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hassio</span></a> instance to somewhere else via <a href="https://hachyderm.io/tags/fluentbit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fluentbit</span></a>: <a href="https://github.com/ablyler/ha-addon-fluent-bit" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/ablyler/ha-addon-fl</span><span class="invisible">uent-bit</span></a></p><p>I am personally using this to send my logs to a local <a href="https://hachyderm.io/tags/openobserve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openobserve</span></a> instance: <a href="https://openobserve.ai" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">openobserve.ai</span><span class="invisible"></span></a></p>
atareao 🦀🐍🐋🐧<p>577 - El cron lo carga el diablo<br>Realizar copias de <a href="https://mastodon.social/tags/seguridad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>seguridad</span></a> en <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> y <a href="https://mastodon.social/tags/Docker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Docker</span></a> utilizando <a href="https://mastodon.social/tags/cron" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cron</span></a> o <a href="https://mastodon.social/tags/systemd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>systemd</span></a> y como monitorizar la actividad con herramientas como <a href="https://mastodon.social/tags/OpenObserve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenObserve</span></a></p><p>El día que se me ocurrió la idea de levantar OpenObserve para controlar los contenedores Docker y otros procesos en mi VPS principal, me tenía que haber dado un premio. Con el paso del tiempo esta herramienta se ha convertido en una fuente increíble de reso<br><a href="https://mastodon.social/tags/atareaoConLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>atareaoConLinux</span></a><br><a href="https://www.youtube.com/watch?v=vYJRmsWuGGc" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=vYJRmsWuGG</span><span class="invisible">c</span></a></p>
Peter Czanik<p>The February <a href="https://fosstodon.org/tags/syslog_ng" class="mention hashtag" rel="tag">#<span>syslog_ng</span></a> newsletter is now available:</p><p>- <a href="https://fosstodon.org/tags/OpenObserve" class="mention hashtag" rel="tag">#<span>OpenObserve</span></a> <a href="https://fosstodon.org/tags/JSON" class="mention hashtag" rel="tag">#<span>JSON</span></a> API support</p><p>- Syslog-ng PE can now send logs to <a href="https://fosstodon.org/tags/Google" class="mention hashtag" rel="tag">#<span>Google</span></a> <a href="https://fosstodon.org/tags/BigQuery" class="mention hashtag" rel="tag">#<span>BigQuery</span></a></p><p>- syslog-ng can now do a full configuration check</p><p>- How build services make life easier for upstream developers</p><p><a href="https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2024-02-openobserve-configuration-check-build-services" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">syslog-ng.com/community/b/blog</span><span class="invisible">/posts/the-syslog-ng-insider-2024-02-openobserve-configuration-check-build-services</span></a></p>
ItzTrain<p>I remember someone mentioning <a href="https://hachyderm.io/tags/OpenObserve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenObserve</span></a> here sometime ago and decided to give it a go in the <a href="https://hachyderm.io/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homelab</span></a> it's a binary which is easy enough to get going. Documentation is garbage tho. It was easy enough to start ingesting logs and it uses an OTEL collector which I guess is in the spirit and all that.</p>
Peter Czanik<p>The December syslog-ng newsletter is now out:</p><p>- Compressing HTTP traffic</p><p>- Why is a feature not available in the <a href="https://fosstodon.org/tags/syslog_ng" class="mention hashtag" rel="tag">#<span>syslog_ng</span></a> package?</p><p>- Sending logs to <a href="https://fosstodon.org/tags/OpenObserve" class="mention hashtag" rel="tag">#<span>OpenObserve</span></a></p><p>- Removing duplicate messages with syslog-ng in a redundant logging environment</p><p><a href="https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2023-12-compressed-http-packages-openobserve-duplicates" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">syslog-ng.com/community/b/blog</span><span class="invisible">/posts/the-syslog-ng-insider-2023-12-compressed-http-packages-openobserve-duplicates</span></a></p>
Peter Czanik<p>Version 4.5.0 of syslog-ng is now available with <a href="https://fosstodon.org/tags/OpenObserve" class="mention hashtag" rel="tag">#<span>OpenObserve</span></a> JSON API support:</p><p><a href="https://www.syslog-ng.com/community/b/blog/posts/version-4-5-0-of-syslog-ng-is-now-available-with-openobserve-json-api-support" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">syslog-ng.com/community/b/blog</span><span class="invisible">/posts/version-4-5-0-of-syslog-ng-is-now-available-with-openobserve-json-api-support</span></a></p><p><a href="https://fosstodon.org/tags/LogManagement" class="mention hashtag" rel="tag">#<span>LogManagement</span></a></p>
Peter Czanik<p>Version 4.5.0 of <a href="https://fosstodon.org/tags/syslog_ng" class="mention hashtag" rel="tag">#<span>syslog_ng</span></a> is now available with <a href="https://fosstodon.org/tags/OpenObserve" class="mention hashtag" rel="tag">#<span>OpenObserve</span></a> <a href="https://fosstodon.org/tags/JSON" class="mention hashtag" rel="tag">#<span>JSON</span></a> API support, and many other smaller features. My blog shows you how to get up-to-date installers, and a sample syslog-ng configuration for OpenObserve.</p><p><a href="https://www.syslog-ng.com/community/b/blog/posts/version-4-5-0-of-syslog-ng-is-now-available-with-openobserve-json-api-support" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">syslog-ng.com/community/b/blog</span><span class="invisible">/posts/version-4-5-0-of-syslog-ng-is-now-available-with-openobserve-json-api-support</span></a></p><p><a href="https://fosstodon.org/tags/LogManagement" class="mention hashtag" rel="tag">#<span>LogManagement</span></a></p>
Peter Czanik<p><a href="https://fosstodon.org/tags/OpenObserve" class="mention hashtag" rel="tag">#<span>OpenObserve</span></a> has an <a href="https://fosstodon.org/tags/Elasticsearch" class="mention hashtag" rel="tag">#<span>Elasticsearch</span></a> compatible API for log ingestion, but syslog-ng is not mentioned in the documentation. Luckily, as it turned out, OpenObserve has a ready to use <a href="https://fosstodon.org/tags/syslog_ng" class="mention hashtag" rel="tag">#<span>syslog_ng</span></a> configuration example in the web UI.</p><p><a href="https://www.syslog-ng.com/community/b/blog/posts/sending-logs-to-openobserve-using-syslog-ng" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://www.</span><span class="ellipsis">syslog-ng.com/community/b/blog</span><span class="invisible">/posts/sending-logs-to-openobserve-using-syslog-ng</span></a></p><p><a href="https://fosstodon.org/tags/LogManagement" class="mention hashtag" rel="tag">#<span>LogManagement</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload