Yesterday, I told the tale of getting netflow data out of my EdgeOS router. Once I started actually receiving data, I wanted to get it into Splunk. I figured that I would have to set up a directory for netflow log data from nfdump, then set up a reader to have Splunk ingest the data. After doing some Googling, though, I found the Splunk Add-on for NetFlow, which handles all of that automatically! Once you get it up and running, that is.
Posts Tagged ‘Splunk’
Last time, I had set up my UPS monitoring software on my CentOS logging server. But I wanted more: what good is having a UPS if I can’t monitor things like voltage, battery charge, and load on an ongoing basis? Of course, the answer to this is to log to Splunk, which is what I ended up doing.
- Current Mood: Sunday
- Currently Listening To: "Spirit or Radio", Rush
It’s been a while since I’ve done some Splunk work on my home network, but lately I’ve been thinking about port scans, specifically about reporting on port scans against my environment. I’m not terribly worried about people scanning my network since it is quite locked down, but why not check on it to see if anything interesting is going on? Before too long I had a new dashboard; details below the jump.
- Current Mood: Spring
- Currently Listening To: "Kashmir", Led Zeppelin
When I set up Splunk reporting for my website, it was a purely manual process, and I left for the future the goal of pulling the logs automatically. Since then, that’s exactly what I’ve done, so now it runs completely automatically. Below is how.
- Current Mood: Disappointed
- Currently Listening To: "The Times They Are A-Changing'", The Byrds
As part of my home network setup, I talked a bit about how I set up Splunk and used it for metrics on firewall performance. Splunk is an incredibly powerful tool and can be used for much, much more than that. This weekend I pretty easily set up a cool new dashboard to monitor brute-force attempts against my website using Splunk. Below is what I did.
- Current Mood: Splunky
- Currently Listening To: "Bohemian Rhapsody", Queen
As promised, the summary of everything I’ve done to date. I’m still messing with IPv6, and I found my VLAN settings were all messed up, so expect some more updates on this topic. So far, though, here’s what I have, from start to finish:
I’ll continue to add more as I play around with my network!
- Current Mood: Sad
- Currently Listening To: "P.S. I Love You", The Beatles
When I finished part 4, I had a zone-based firewall set up with rules for traffic between each zone. Since I started with a locked-down configuration, how did I know what was getting blocked, especially those services that may run in the background without any user intervention? I solved this, and many other problems, by using Splunk to analyze my firewall rules and figure out what was getting blocked.
- Current Mood: Full
- Currently Listening To: "Lyin' Eyes", The Eagles
I’m no CCNA, but computer networking is fun. I’ve always been the kind of person to configure everything by hand, build computers, hack up scripts to get things done, and so on. Years ago, I flashed my Linksys router with dd-wrt in order to get the most out of it (better performance mainly), but I was never really satisfied with that. The biggest gap was the lack of IPv6: because my router only had 4 MB of RAM, it could not load a dd-wrt version with IPv6 support. Once Comcast started handing out IPv6 addresses to my (purchased, not rented) Motorola Surfboard cable mode, which I discovered entirely by accident, I was even more unhappy. Alas, though, I was stuck with what I had for a while.
- Current Mood: Tired