The Linux Audit framework is a kernel feature (paired with userspace tools) that can log system calls. For example, opening a file, killing a process or creating a network connection. These audit logs can be used to monitor systems for suspicious activity.

Scenario Linux has a number of built-in tools, commands and files which can track and store information about every user activity. These tools are common in most Linux distributions and can be used to investigate suspicious logins or failed login attempts into the system. In this article, we will talk about some of the initial methods to identify possible security breaches. We will use an Amazon EC2 instance to show these commands.

AWS offers a plethora of log and metric data but in order to extract meaningful insights and react to production issues on a dime, a centralized logging solution is critical. Today we’re excited to announce the availability of Coralogix on the AWS Marketplace for the first time. You can now get our advanced machine learning log insights directly in your AWS cloud account for full-stack log aggregation, convenient billing, tighter security with your AWS infrastructure, and faster deployment.

If you look around the Serverless Application Repository console, you will find a number of applications that can help you ship logs from CloudWatch Logs to external services. One such example is the LogzioCloudWatchShipper application below.

All businesses today are built on layers of platforms. The app running your business is built on top of the Kubernetes application deployment platform, running on the AWS cloud platform. AWS is built on top of platforms such as the Linux operating system and the Intel X86 processor architecture. Smartly managed, a good product evolves into a platform for users to extract value and for developers to create new products and platforms. We all stand on the shoulders of giants.

If you liked Sematext Docker Agent you’ll love our new agent for Docker monitoring that provides you with even more insight into your Docker, Kubernetes, and Swarm clusters. Because of its power, small footprint, and ease of installation the old Sematext Docker Agent enjoyed high adoption by the Docker DevOps community.

The ELK Stack (Elasticsearch, Logstash and Kibana) is the weapon of choice for many Kubernetes users looking for an easy and effective way to gain insight into their clusters, pods and containers. The “L” in “ELK” has gradually changed to an “F” reflecting the preference to use Fluentd instead of Logstash and making the “EFK Stack” a more accurate acronym for what has become the de-facto standard for Kubernetes-native logging.

Today we are releasing Graylog v3.0.1 with a few bug fixes. Many thanks to our community for reporting issues and contributing fixes!

Cloud Foundry Application Runtime is an open source platform as a service (PaaS) for running applications and services. Frequently called simply “Cloud Foundry,” the Cloud Foundry Application Runtime (CFAR) is one of many interoperable projects within the Cloud Foundry family. For the purposes of this post, “Cloud Foundry” refers to the Application Runtime.

Everyone’s infrastructure is growing – today mostly in the container space. As we learned in Part 1 of this series – Docker Container Monitoring and Management Challenges, monitoring for containers is different from traditional server monitoring. In Part 2 we had a glance at key container metrics and in Part 3 we compared several open source tools for container monitoring.