Operations | Monitoring | ITSM | DevOps | Cloud

Graylog

Planning Your Log Collection

Whether you are planning to use Graylog for security and threat hunting, IT Operations analysis and reporting, or any other use case, getting your logs into Graylog is essential. The process of log collection is sometimes a daunting task, especially if you are planning to collect massive amounts of data. But if you take a minute to answer some key questions before you begin, you can transform the log collection task from daunting to smooth sailing. Here we go with the questions...

Cyber Security: Understanding the 5 Phases of Intrusion

Here at Graylog, we have recently had an increase in conversations with security teams from leading companies. We want to share our key findings with the Graylog community. The good thing is that cybercriminals use a methodical approach when planning an attack. By understanding their process and knowing your network, you will be better prepared and able to stay one step ahead.

Importance of System Resource Monitoring on Graylog, Elasticsearch, and MongoDB Servers

The first thing we tell Graylog users is, “Monitor your disk space.” The core set of metrics discussed below should always be in acceptable parameters and never grow over extended periods without going back to normal levels. This is why it is critical to monitor metrics that come directly from the hosts running your Graylog infrastructure.

Announcing Graylog Illuminate for Authentication

Graylog Illuminate for authentication is a brand new offering designed by our Enterprise Intelligence team. It eliminates the manual setup necessary to detect, monitor, and analyze authentication activities and issues across your IT infrastructure by providing pre-built Dashboards, Alerts, and data enrichment. Initially, Graylog Illuminate for Authentication will address Windows authentication issues and activities. We will release additional data sources in the coming weeks so stay tuned!

Security Log Monitoring and DNS Request Analysis

Monitoring all DNS requests in your network, including those that were blocked by (e.g., by a firewall) is a great way to increase visibility, enforce compliance and detect threats. A common problem with collecting DNS logs is that DNS server logs are notoriously hard to parse. Also, parsing only the logs of your DNS servers leaves a blind spot when it comes to usage of, or the attempt to use, an external DNS server like Google's 8.8.8.8.