Posts Tagged ‘Splunk’

Netflow and Splunk

Yesterday, I told the tale of getting netflow data out of my EdgeOS router. Once I started actually receiving data, I wanted to get it into Splunk. I figured that I would have to set up a directory for netflow log data from nfdump, then set up a reader to have Splunk ingest the data. After doing some Googling, though, I found the Splunk Add-on for NetFlow, which handles all of that automatically! Once you get it up and running, that is.

Read the rest of this entry »

Monitoring my UPS with Splunk

Last time, I had set up my UPS monitoring software on my CentOS logging server. But I wanted more: what good is having a UPS if I can’t monitor things like voltage, battery charge, and load on an ongoing basis? Of course, the answer to this is to log to Splunk, which is what I ended up doing.

Read the rest of this entry »

Splunk Reporting: Port Scans

It’s been a while since I’ve done some Splunk work on my home network, but lately I’ve been thinking about port scans, specifically about reporting on port scans against my environment. I’m not terribly worried about people scanning my network since it is quite locked down, but why not check on it to see if anything interesting is going on? Before too long I had a new dashboard; details below the jump.

Read the rest of this entry »

Log File Automation

When I set up Splunk reporting for my website, it was a purely manual process, and I left for the future the goal of pulling the logs automatically. Since then, that’s exactly what I’ve done, so now it runs completely automatically. Below is how.

Read the rest of this entry »

Splunk Reporting: Mapping Brute Force Attempts

As part of my home network setup, I talked a bit about how I set up Splunk and used it for metrics on firewall performance. Splunk is an incredibly powerful tool and can be used for much, much more than that. This weekend I pretty easily set up a cool new dashboard to monitor brute-force attempts against my website using Splunk. Below is what I did.

Read the rest of this entry »

Adventures in Networking: Setting Up a Home Network with EdgeOS

As promised, the summary of everything I’ve done to date. I’m still messing with IPv6, and I found my VLAN settings were all messed up, so expect some more updates on this topic. So far, though, here’s what I have, from start to finish:

Adventures in Networking, Part 1: Intro

Adventures in Networking, Part 2: Initial Setup

Adventures in Networking, Part 3: Switch It Up

Adventures in Networking, Part 4: Zone Defense

Adventures in Networking, Part 5: Splunking

Adventures in Networking, Part 6: IPv6

I’ll continue to add more as I play around with my network!

Adventures in Networking, Part 5: Splunking

When I finished part 4, I had a zone-based firewall set up with rules for traffic between each zone. Since I started with a locked-down configuration, how did I know what was getting blocked, especially those services that may run in the background without any user intervention? I solved this, and many other problems, by using Splunk to analyze my firewall rules and figure out what was getting blocked.

Read the rest of this entry »

Adventures in Networking, Part 1: Intro

I’m no CCNA, but computer networking is fun. I’ve always been the kind of person to configure everything by hand, build computers, hack up scripts to get things done, and so on. Years ago, I flashed my Linksys router with dd-wrt in order to get the most out of it (better performance mainly), but I was never really satisfied with that. The biggest gap was the lack of IPv6: because my router only had 4 MB of RAM, it could not load a dd-wrt version with IPv6 support. Once Comcast started handing out IPv6 addresses to my (purchased, not rented) Motorola Surfboard cable mode, which I discovered entirely by accident, I was even more unhappy. Alas, though, I was stuck with what I had for a while.

Read the rest of this entry »

  • Current Mood: Tired