Unifying logs and metrics data with Elastic Beats. Monica Sarbu Team lead, Elastic Beats
|
|
- Darren Williamson
- 6 years ago
- Views:
Transcription
1 Unifying logs and metrics data with Elastic Beats Monica Sarbu Team lead, Elastic Beats #
2 Who am I Team lead at Elastic Beats Software engineer Joined Elastic 1 year 2
3 Beats are lightweight shippers that collect and ship all kinds of operational data to Elasticsearch 3
4 Beats are lightweight shippers that collect and ship all kinds of operational data to Elasticsearch 4
5 Lightweight shippers Lightweight application Written in Golang Install as agent on your servers No runtime dependencies Single purpose 5
6 Beats are lightweight shippers that collect and ship all kinds of operational data to Elasticsearch 6
7 All kinds of operational data Filebeat collects logs Winlogbeat collects Windows event logs Packetbeat collects insides from the network packets Topbeat collects system statistics like CPU usage, disk usage, memory usage per process, etc Metricbeat not released collects metrics by interrogating periodically external services 7
8 Beats are lightweight shippers that collect and ship all kinds of operational data to Elasticsearch 8
9 In Elasticsearch.. you are storing the raw value You have the ability to ask and answer questions that you didn t think about when the data was stored! Felix Barnsteiner #
10 The Elastic Stack 10
11 #
12 Packetbeat Captures insights from network packets 12
13 Sniffing the network traffic Client Server sniff sniff Copy traffic at OS or hardware level ZERO latency overhead Not in the request/response path, cannot break your application 13
14 Sniffing use cases Security Intrusion Detection Systems Troubleshooting network issues Troubleshooting applications Performance analysis 14
15 Monitor the network traffic with OSS tools ssh to each of your server start a trace using tcpdump on each of your server download trace from each server to a common location merge all traces analyze it with Wireshark 15
16 The Problem you have lots of servers challenging to see the traffic exchanged between your servers Packetbeat makes it easy 16
17 Packetbeat overview It does all of this in real time directly on the target servers capture network traffic decodes network traffic correlates request & response into transactions extract measurements send data to Elasticsearch 17
18 Packetbeat: Available decoders HTTP MySQL Thrift-RPC Memcache DNS (community) AMQP (community) PostgreSQL MongoDB (community) NFS (community) Redis ICMP (community) + Add your own 18
19 Packetbeat: Configuration # Network interfaces where to sniff the data interfaces: device: any # Specify the type of your network data protocols: dns: ports: [53] http: ports: [80, 8080, 8081, 5000, 8002] mysql: ports: [3306] 19
20 20
21 21
22 22
23 23
24 24
25 25
26 26
27 27
28 28
29 29
30 30
31 Packetbeat flows flows: # network flow timeout timeout: 30s # reporting period period: 10s Look into data for which we don t understand the application layer protocol TLS Protocols we don t yet support Get data about IP / TCP / UDP layers number of packets retransmissions inter-arrival time # 31
32 32
33 33
34 34
35 Filebeat Collects log lines 35
36 Filebeat overview Simple log forwarder that sends the log lines to Elasticsearch Successor of Logstash Forwarder It remembers how far it read, so it never loses log line Reads the log files line by line It doesn t parse the log lines! 36
37 Filebeat: Parse logs with Logstash Filebeat Elasticsearch Logstash Other systems Filebeat sends out unparsed log lines Use filters like Grok, mutate, geoip to parse the log lines Combine the filters with conditionals or create custom filters in ruby Forward data to other systems using the Logstash output plugins 37
38 Filebeat: Parse logs with Ingest Node Filebeat Elasticsearch Ingest node plugin is available starting with Elasticsearch alpha1 Filebeat sends out unparsed log lines directly to Elasticsearch Use Ingest Node processors to parse the log lines Easier to setup 38
39 Filebeat: Configuration Configure prospectors to forward the log lines filebeat: # List of prospectors to fetch data. prospectors: # Type of files: log or stdin - input_type: log # Files that should be crawled and fetched. paths: - /var/log/apache2/* # File encoding: plain, utf-8, big5, gb18030, encoding: plain 39
40 40
41 41
42 Filebeat extra power Multiline multiline: # Sticks together all lines # that don t start with a [ pattern: ^\[ negate: true match: after Sticks together related log lines in a single event For all those long exceptions Can also be done by Logstash, but it s sometimes easier to configure the patterns closer to the source # 42
43 43
44 #
45 Filebeat extra power JSON logs json: keys_under_root: false message_key: message overwrite_keys: false add_error_key: false application logs in JSON format you don t have to choose what data to include in the log line don t need to use grok filters from Logstash to parse the application logs # 45
46 46
47 47
48 Filebeat extra power Basic filtering # Only send lines starting with # ERR or WARN include_lines: [ ^ERR, ^WARN ] # Exclude lines containing # a keyword exclude_lines: [ Request received ] # Exclude files all together exclude_files: [.gz$ ] Because removing stuff at the source is more efficient Flexible Whitelist + Blacklist regexp log line filtering Efficient log files filtering (excluded files are never opened) Works on multiline too # 48
49 Winlogbeat Collects Windows Event logs 49
50 Winlogbeat overview Sends out unparsed Windows event logs Remembers how far it read, so it never loses any Windows event logs Use Ingest Node or Logstash to parse the Windows event logs 50
51 Winlogbeat: Configuration Specify the event logs that you want to monitor winlogbeat: #list of event logs to monitor event_logs: - name: Application - name: Security - name: System 51
52 52
53 Topbeat Collects system statistics 53
54 Topbeat overview Like the Unix top command but instead of printing the system statistics on the screen it sends them periodically to Elasticsearch Works also on Windows 54
55 Topbeat: Exported data System wide Per process Disk usage system load total CPU usage CPU usage per core Swap, memory usage state name command line pid CPU usage memory usage available disks used, free space mounted points 55
56 Topbeat configuration Specify the system statistics that you want to monitor topbeat: # how often to send system statistics period: 10 # specify the processes to monitor procs: [".*"] # Statistics to collect (all enabled by default) stats: system: true process: true filesystem: true 56
57 57
58 #
59 #
60 #
61 #
62 #
63 #
64 #
65 #
66 Metricbeat in progress Collects periodically metrics from external systems. 66
67 Metricbeat: how it works Periodically polls monitoring APIs of various services Groups performance data into documents Ships them to Elasticsearch 67
68 Metricbeat: A module for each metric type apache module mysql module redis module system + module Metricbeat 68
69 Metricbeat: It is also a library! df module Metricbeat Use the Metricbeat infrastructure, to create a standalone Beat You can create a Beat with a single module that exports your custom data Can use the built in Metricbeat modules github.com/ruflin/df2beat 69
70 Metricbeat module vs standalone Beat Metricbeat module Standalone Beat Contributed via PR to the elastic/beats Github repository Officially supported Supports common systems Docker based integration tests In a separate Github repository Supported by the community Supports specialized systems Optional Docker based integration tests 70
71 Provide a platform to make it easier to build custom Beats on top of it 71
72 Beats platform Beat 1 Beat 2 Beat 3 + libbeat 72
73 libbeat libbeat Outputs Written in Go Provide common functionality for reading configuration files, for handling CLI arguments, for logging Makes sure reliably send the data out Provide things like encryption, authentication with certificates Has support for different outputs: Elasticsearch, Logstash, Redis, Kafka 73
74 # Community Beats
75 Community Beats Elastic Beats Community Beats libbeat Standalone projects Written in Go Use libbeat Concentrate only on collecting the data Solve a specific use case Collect, Parse & Ship 75
76 Official vs Community Beats Official Beats Community Beats In the elastic/beats Github repository In another Github repository Officially supported Synced releases with the whole stack Supported by the community Releases at any time 76
77 20 COMMUNITY BEATS Sending all sorts of data to Elasticsearch 1 Apachebeat 2 Dockerbeat 3 Elasticbeat 4 Execbeat 5 Factbeat 6 Hsbeat 7 Httpbeat 8 Nagioscheckbeat 9 Nginxbeat 10 Phpfpmbeat Pingbeat 12 Redisbeat 13 Unifiedbeat 14 Uwsgibeat 15 Flowbeat 16 Lmsensorsbeat 17 Twitterbeat 18 Upbeat 19 Wmibeat 20 Packagebeat
78 Pingbeat input: # Loop every 5 seconds period: 5 # Use raw sockets for ping # Requires root! privileged: true # Whether to perform IPv4/v6 pings useipv4: true useipv6: false # List targets under the tag # you want assigned to targets: # tag: google google: - google.com.au - google.com You know, for pings Sends ICMP (v4 or v6) pings periodically to a list of hosts Can send also UDP pings (no root required) Resolves DNS Records RTT # 78
79 Pingbeat output { } "@timestamp": " T11:02:22.675Z", "beat": { "hostname": "Tudors-MBP", "name": "Tudors-MBP" }, "count": 1, "rtt": , "tag": "google", "target_addr": " ", "target_name": "google.com.au", "type": "pingbeat" 79
80 Execbeat execbeat: execs: # Each - Commands to execute. - # Cron expression # Default is every 1 minute. cron: "@every 10s" # The command to execute command: echo args: "Hello World" document_type: jolokia Run any command Accepts cron expressions Sends stdout and stderr to Elastic search Use Logstash and Grok to further parse the output fields: host: test2 # 80
81 Execbeat output { } "@timestamp": " T11:59:36.007Z", "beat": { "hostname": "Tudors-MBP", "name": "Tudors-MBP" }, "exec": { "command": "echo", "stdout": "Hello World\n" }, "fields": { "host": "test2" }, "type": "jolokia" 81
82 Dockerbeat input: # In seconds, defines how often to # read server statistics period: 5 # Define the docker socket path # By default, this will get the # unix:///var/run/docker.sock socket: Docker Monitoring Uses the Docker API Exports per container stats about: CPU Memory Disk Network IO access Log # 82
83 Dockerbeat output { "@timestamp": " T12:44:56.136Z", "containerid": "17021c571d69fe4e93ee395b129c0f073d8aed6d618c9d0d805f68e0b66b2c3f", "containername": "kibana", "memory": { "failcnt": 0, "limit": , "maxusage": , "usage": , "usage_p": }, "type": "memory" } 83
84 Nagioscheckbeat input: checks: - name: "disks" cmd: "plugins/check_disk" args: "-w 80 -c 90 -x /dev" period: "1h" - name: "load" cmd: "plugins/check_load" args: "-w 5 -c 10" period: "1m" Run Nagios checks Can execute any Nagios plugin Execution period configurable per check Sends alerts (Warning/Critical) to Elasticsearch Sends performance data to Elasticsearch # 84
85 Nagioscheckbeat output { } "@timestamp": " T18:56:33.933Z", "args": "-w 5 -c 10", "cmd": "/usr/lib64/nagios/plugins/check_load", "count": 1, "message": "OK - load average: 0.16, 0.05, 0.06", "status": "OK", "took_ms": 14, "type": "nagioscheck" 85
86 Provide a platform to make it easier to build custom Beats on top of it 86
87 Beat generator Generate the boilerplate code for you $ pip install cookiecutter $ cookiecutter project_name [Examplebeat]: Mybeat github_name [your-github-name]: monicasarbu beat [examplebeat]: mybeat beat_path [github.com/your-github-name]: github.com/ monicasarbu full_name [Firstname Lastname]: Monica Sarbu 87
88 Beats Packer Cross-compiles to all our supported platforms Produces RPMs, DEBs, Same tools that we use to build the official Elastic Beats Can be executed from Travis CI 88
89 Multiple data types, one view in Kibana metrics logs transactions logs flows system stats logs transactions metrics flows logs metrics system stats flows metrics 89
90 Monitor MySQL with Elastic Stack stats Kibana Elasticsearch queries slow queries mysql log mysql Metricbeat Filebeat Packetbeat 90
91 Monitor web server with Elastic Stack mysql & apache stats Kibana Elasticsearch queries & HTTP transactions slow queries apache logs mysql apache log mysql http Metricbeat Filebeat Packetbeat 91
92 # Thank you
93 Want to hear more about Logstash? Don t miss Ingest Logs with Style by Pere Urbon-Bayes Thursday 12:00pm - 1:00pm in MOA 05 # 93
94 Q&A Find us on: github.com/elastic/beats #elasticbeats #beats on freenode Or Here. In Real Life! #
95 Please attribute Elastic with a link to elastic.co Except where otherwise noted, this work is licensed under Creative Commons and the double C in a circle are registered trademarks of Creative Commons in the United States and other countries. Third party marks and brands are the property of their respective holders. # 95
Monitor your containers with the Elastic Stack. Monica Sarbu
Monitor your containers with the Elastic Stack Monica Sarbu Monica Sarbu Team lead, Beats team monica@elastic.co 3 Monitor your containers with the Elastic Stack Elastic Stack 5 Beats are lightweight shippers
More informationMonitor your infrastructure with the Elastic Beats. Monica Sarbu
Monitor your infrastructure with the Elastic Beats Monica Sarbu Monica Sarbu Team lead, Beats team Email: monica@elastic.co Twitter: 2 Monitor your servers Apache logs 3 Monitor your servers Apache logs
More informationApplication monitoring with BELK. Nishant Sahay, Sr. Architect Bhavani Ananth, Architect
Application monitoring with BELK Nishant Sahay, Sr. Architect Bhavani Ananth, Architect Why logs Business PoV Input Data Analytics User Interactions /Behavior End user Experience/ Improvements 2017 Wipro
More informationIngest. David Pilato, Developer Evangelist Paris, 31 Janvier 2017
Ingest David Pilato, Developer Evangelist Paris, 31 Janvier 2017 Data Ingestion The process of collecting and importing data for immediate use in a datastore 2 ? Simple things should be simple. Shay Banon
More informationIngest. Aaron Mildenstein, Consulting Architect Tokyo Dec 14, 2017
Ingest Aaron Mildenstein, Consulting Architect Tokyo Dec 14, 2017 Data Ingestion The process of collecting and importing data for immediate use 2 ? Simple things should be simple. Shay Banon Elastic{ON}
More informationNinja Level Infrastructure Monitoring. Defensive Approach to Security Monitoring and Automation
Ninja Level Infrastructure Monitoring Defensive Approach to Security Monitoring and Automation 1 DEFCON 24 06 th August 2016, Saturday 10:00-14:00 Madhu Akula & Riyaz Walikar Appsecco.com 2 About Automation
More informationBUILDING HA ELK STACK FOR DRUPAL
BUILDING STACK FOR DRUPAL Marji Cermak DevOps track, Experience level: Intermediate Marji Cermak Systems Engineer at @cermakm Scope of this presentation technical talk targeting sysadmins and systems savvy
More informationIngesting Logs with style. What has been cooking lately in Logstash world.
Ingesting Logs with style What has been cooking lately in Logstash world. # $whoami Pere Urbon-Bayes (Software Engineer since ever) Have always worked with databases, data and analytics. GraphDevRoom@FOSDEM
More informationSecuring the Elastic Stack
Securing the Elastic Stack Jay Modi, Security Software Engineer Tim Vernum, Security Software Engineer Elastic March 1st, 2018 @jaymode2001 @TimVernum Authentication Who are you? 3 Built-in Users elastic
More informationEveBox Documentation. Jason Ish
Jason Ish May 29, 2018 Contents: 1 Installation 1 2 Server 3 2.1 Running................................................. 3 2.2 Oneshot Mode.............................................. 4 2.3 Authentication..............................................
More informationAbout the Tutorial. Audience. Prerequisites. Copyright and Disclaimer. Logstash
About the Tutorial is an open-source, centralized, events and logging manager. It is a part of the ELK (ElasticSearch,, Kibana) stack. In this tutorial, we will understand the basics of, its features,
More informationEveBox Documentation. Release. Jason Ish
EveBox Documentation Release Jason Ish Jan 25, 2018 Contents: 1 Installation 1 2 Server 3 2.1 Running................................................. 3 2.2 Oneshot Mode..............................................
More informationP:\filebeat.yml 18 October :55
######################## Filebeat Configuration ############################ # This file is a full configuration example documenting all non-deprecated # options in comments. For a shorter configuration
More informationThe State Of Open Source Logging
The State Of Open Source Logging Rashid Khan (@rashidkpc) Shay Banon (@kimchy) Rashid Khan Developer @ elasticsearch Operations guy Logging Nerd Kibana project IRC/Twitter: rashidkpc Logs suck. 3am What
More informationServices: Monitoring and Logging. 9/16/2018 IST346: Info Tech Management & Administration 1
Services: Monitoring and Logging 9/16/2018 IST346: Info Tech Management & Administration 1 Recall: Server vs. Service A server is a computer. A service is an offering provided by server(s). HTTP 9/16/2018
More informationTAKE CONTROL OF LOGS WITH ELASTICSEARCH
TAKE CONTROL OF LOGS WITH ELASTICSEARCH AGENDA Benefits of Collec;ng Log Data Why Use Elas;csearch (and the Elas;c Stack) Using the Elas;c Stack to Collect Logs Learning about your System Why Collect Log
More informationInfrastructure at your Service. Elking your PostgreSQL Database Infrastructure
Infrastructure at your Service. About me Infrastructure at your Service. Arnaud Berbier Senior Consultant +41 79 128 91 45 arnaud.berbier@dbi-services.com Page 2 Agenda 1.Playground Infrastructure 2.Elastic
More informationLog Analysis When CLI get's complex. ITNOG3 Octavio Melendres Network admin - Fastnet Spa
Log Analysis When CLI get's complex ITNOG3 Octavio Melendres Network admin - Fastnet Spa Introduction Network engineer at Fastnet Spa from 2003 Fastnet Spa is an ISP from Marche Region located in Ancona
More informationThe webinar will start soon... Elasticsearch Performance Optimisation
The webinar will start soon... Performance Optimisation 1 whoami Alan Hardy Sr. Solutions Architect NEMEA 2 Webinar Housekeeping & Logistics Slides and recording will be available following the webinar
More informationAmazon Elasticsearch Service
Amazon Elasticsearch Service Fully managed, reliable, and scalable Elasticsearch service. Have Your Frontend & Monitor It Too Scalable Log Analytics Inside a VPC Lab Instructions Contents Lab Overview...
More informationThe Art of Container Monitoring. Derek Chen
The Art of Container Monitoring Derek Chen 2016.9.22 About me DevOps Engineer at Trend Micro Agile transformation Micro service and cloud service Docker integration Monitoring system development Automate
More informationOverview. SUSE OpenStack Cloud Monitoring
Overview SUSE OpenStack Cloud Monitoring Overview SUSE OpenStack Cloud Monitoring Publication Date: 08/04/2017 SUSE LLC 10 Canal Park Drive Suite 200 Cambridge MA 02141 USA https://www.suse.com/documentation
More informationIngest Node: (re)indexing and enriching documents within
Ingest Node: (re)indexing and enriching documents within Elasticsearch @lucacavanna # Agenda 1 Why ingest node? 2 How does it work? 3 Where can it be used? 2 # Why ingest node? # I just want to tail a
More informationAre you visualizing your logfiles? Bastian Widmer
Are you visualizing your logfiles? Bastian Widmer / @dasrecht Visualizing Logfiles with ELK Stack Bastian Widmer / @dasrecht Hola Com estàs? Bastian Widmer @dasrecht / bastianwidmer.ch DrupalCI: Modernizing
More informationHarvesting Logs and Events Using MetaCentrum Virtualization Services. Radoslav Bodó, Daniel Kouřil CESNET
Harvesting Logs and Events Using MetaCentrum Virtualization Services Radoslav Bodó, Daniel Kouřil CESNET Campus network monitoring and security workshop Prague 2014 Agenda Introduction Collecting logs
More informationFilebeat is able to do multiline while collecting logs from the container. you can use autodiscover to configure it in many ways
elasticguest8086 Since k8 by default is using the json log file driver which will not support call trace (multi-line log).. Any solution for it with ELK? like using logstash as a logging driver? Filebeat
More informationTagalog Documentation
Tagalog Documentation Release 0.3.1 Government Digital Service July 09, 2014 Contents 1 Documentation index 3 1.1 Tagalog commands............................................ 3 1.2 tagalog Package.............................................
More informationELK Stack Elasticsearch, Logstash, Kibana
www.netways.de ELK Stack Elasticsearch, Logstash, Kibana Munich 19.10.2015 INTRODUCTION Bernd Erk CEO at NETWAYS GmbH Co-Founder Icinga @gethash info@netways.de NETWAYS GmbH Open Source Service Provider
More informationDatasheet FUJITSU Software Cloud Monitoring Manager V2.0
Datasheet FUJITSU Software Cloud Monitoring Manager V2.0 Cloud Monitoring Manager supports DevOps teams to keep maximum control of their OpenStack Cloud OpenStack is complex and highly distributed. Gaining
More informationPCP: Ingest and Export
PCP: Ingest and Export pcp-conf2018 Mark Goodwin mgoodwin@redhat.com @goodwinos PCP Ingest / Export Ingest Standard Agents Specialized agents: MMV BCC Trace Prometheus.. many others LOGIMPORT(3) Ingest
More informationThink Small to Scale Big
Think Small to Scale Big Intro to Containers for the Datacenter Admin Pete Zerger Principal Program Manager, MVP pete.zerger@cireson.com Cireson Lee Berg Blog, e-mail address, title Company Pete Zerger
More informationThe ELK Stack. Elastic Logging. TPS Services Ltd. Copyright 2017 Course Title
The ELK Stack Elastic Logging Content 1.Log analysis 2.The ELK stack 3.Elasticsearch Lab 1 4.Kibana phase 1 Lab 2 5.Beats Lab 3 6.Kibana Lab 4 7.Logstash & Filebeat Lab 5 8.Enhanced Logstash Lab 6 9.Kibana
More informationCHALLENGES IN A MICROSERVICES AGE: MONITORING, LOGGING AND TRACING ON OPENSHIFT. Martin Etmajer Technology May 4, 2017
CHALLENGES IN A MICROSERVICES AGE: MONITORING, LOGGING AND TRACING ON OPENSHIFT Martin Etmajer Technology Lead @Dynatrace May 4, 2017 WHY A CHALLENGE? Microservice A Microservice B Microservice C Microservice
More informationWrangling Logs with Logstash and ElasticSearch
Wrangling Logs with Logstash and ElasticSearch Nate Jones & David Castro Media Temple OSCON 2012 Why are we here? Size Quantity Efficiency Access Locality Method Filtering Grokability Noise Structure Metrics
More informationMongoDB for a High Volume Logistics Application. Santa Clara, California April 23th 25th, 2018
MongoDB for a High Volume Logistics Application Santa Clara, California April 23th 25th, 2018 about me... Eric Potvin Software Engineer in the performance team at Shipwire, an Ingram Micro company, in
More informationImproving Drupal search experience with Apache Solr and Elasticsearch
Improving Drupal search experience with Apache Solr and Elasticsearch Milos Pumpalovic Web Front-end Developer Gene Mohr Web Back-end Developer About Us Milos Pumpalovic Front End Developer Drupal theming
More informationcontainerization: more than the new virtualization
containerization: more than the new virtualization Jérôme Petazzoni (@jpetazzo) Grumpy French DevOps - Go away or I will replace you with a very small shell script Runs everything in containers - Docker-in-Docker
More informationFUJITSU Software ServerView Cloud Monitoring Manager V1.0. Overview
FUJITSU Software ServerView Cloud Monitoring Manager V1.0 Overview J2UL-2073-01ENZ0(00) November 2015 Trademarks Copyright FUJITSU LIMITED 2015 LINUX is a registered trademark of Linus Torvalds. The OpenStack
More informationWhatsConnected v3.5 User Guide
WhatsConnected v3.5 User Guide Contents Table of Contents Welcome to WhatsConnected Finding more information and updates... 5 Installing and Configuring WhatsConnected System requirements... 6 Installation
More informationFirefox Crash Reporting.
Firefox Crash Reporting laura@ mozilla.com @lxt Webtools @ Mozilla Crash reporting Localization Performance measurement Code search and static analysis Other stuff: product delivery and updates, plugins
More informationTable 1 The Elastic Stack use cases Use case Industry or vertical market Operational log analytics: Gain real-time operational insight, reduce Mean Ti
Solution Overview Cisco UCS Integrated Infrastructure for Big Data with the Elastic Stack Cisco and Elastic deliver a powerful, scalable, and programmable IT operations and security analytics platform
More informationTwo-Tier Oracle Application
Two-Tier Oracle Application This tutorial shows how to use ACE to analyze application behavior and to determine the root causes of poor application performance. Overview Employees in a satellite location
More informationConfiguring the Cisco NAM 2220 Appliance
CHAPTER 5 This section describes how to configure the Cisco NAM 2220 appliance to establish network connectivity, configure IP parameters, and how to perform other required administrative tasks using the
More informationTake Your SIEM to the Next Level with 3rd Party Tools and Scripts
Take Your SIEM to the Next Level with 3rd Party Tools and Scripts SIEM & Tactical Analytics SUMMIT November 2017 Who Am I? Austin Taylor Chief Security Research Engineer @ IronNet Cybersecurity Cyber Warfare
More informationPost-Exploitation Hunting with ATT&CK & Elastic
Post-Exploitation Hunting with ATT&CK & Elastic John Hubbard @SecHubb SOC Lead at GlaxoSmithKline SANS Author & Instructor SEC455: SIEM Design & Implementation SEC511: Continuous Monitoring & Security
More informationRed Hat OpenStack Platform 12
Red Hat OpenStack Platform 12 Monitoring Tools Configuration Guide A guide to OpenStack logging and monitoring tools Last Updated: 2018-05-24 Red Hat OpenStack Platform 12 Monitoring Tools Configuration
More informationIntroduction to ELK stack
Introduction to ELK stack 巨量資料處理 搜尋 及分析工具介紹 計資中心網路組邵喻美 madeline@ntu.edu.tw 1 Topics Why big data tool for network traffic and log analysis What is ELK stack, and why choose it ELK stack intro ELK use cases
More informationForescout. Configuration Guide. Version 3.5
Forescout Version 3.5 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134 USA https://www.forescout.com/support/ Toll-Free (US): 1.866.377.8771 Tel (Intl): 1.408.213.3191
More informationPSOACI Tetration Overview. Mike Herbert
Tetration Overview Mike Herbert Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion
More informationwith ElasticSearch, Logstash and Kibana
Analyse logs with ElasticSearch, Logstash and Kibana Clément OUDOT @clementoudot Founded in 1999 >100 persons Montréal, Quebec City, Ottawa, Paris ISO 9001:2004 / ISO 14001:2008 contact@savoirfairelinux.com
More informationUsing Diagnostic Tools
Using Diagnostic Tools The Tools System Diagnostics page on the INVESTIGATE view provides several diagnostic tools that help troubleshoot various kinds of network problems and process monitors. Tech Support
More informationManaging GSS User Accounts Through a TACACS+ Server
CHAPTER 4 Managing GSS User Accounts Through a TACACS+ Server This chapter describes how to configure the GSS, primary GSSM, or standby GSSM as a client of a Terminal Access Controller Access Control System
More informationNFS around the world Tigran Mkrtchyan for dcache Team dcache User Workshop, Umeå, Sweden
NFS around the world Tigran Mkrtchyan for dcache Team dcache User Workshop, Umeå, Sweden The NFS community History v1 1984, SUN Microsystems intern 16 ops, 1:1 mapping to vfs 1986 First Connectathon! v2
More informationAvi Deployment Guide for Google Cloud Platform (GCP)
Page 1 of 14 Avi Deployment Guide for Google Cloud Platform (GCP) view online This article describes the process of provisioning and configuring Avi Vantage with Google Cloud Platform (GCP). I. INTRODUCTION
More informationDatasheet FUJITSU Software ServerView Cloud Monitoring Manager V1.1
Datasheet FUJITSU Software ServerView Cloud Monitoring Manager V1.1 Datasheet FUJITSU Software ServerView Cloud Monitoring Manager V1.1 A Monitoring Cloud Service for Enterprise OpenStack Systems Cloud
More informationAvi Deployment Guide for Google Cloud Platform (GCP)
Page 1 of 14 Avi Deployment Guide for Google Cloud Platform (GCP) view online This article describes the process of provisioning and configuring Avi Vantage with Google Cloud Platform (GCP). I. Introduction
More information416 Distributed Systems. RPC Day 2 Jan 11, 2017
416 Distributed Systems RPC Day 2 Jan 11, 2017 1 Last class Finish networks review Fate sharing End-to-end principle UDP versus TCP; blocking sockets IP thin waist, smart end-hosts, dumb (stateless) network
More informationConfiguring Cisco IOS IP SLA Operations
CHAPTER 58 This chapter describes how to use Cisco IOS IP Service Level Agreements (SLA) on the switch. Cisco IP SLA is a part of Cisco IOS software that allows Cisco customers to analyze IP service levels
More informationECE 697J Advanced Topics in Computer Networks
ECE 697J Advanced Topics in Computer Networks Network Measurement 12/02/03 Tilman Wolf 1 Overview Lab 3 requires performance measurement Throughput Collecting of packet headers Network Measurement Active
More informationMongoDB Backup and Recovery Field Guide. Tim Vaillancourt Sr Technical Operations Architect, Percona
MongoDB Backup and Recovery Field Guide Tim Vaillancourt Sr Technical Operations Architect, Percona `whoami` { name: tim, lastname: vaillancourt, employer: percona, techs: [ mongodb, mysql, cassandra,
More informationFoundations of Python
Foundations of Python Network Programming The comprehensive guide to building network applications with Python Second Edition Brandon Rhodes John Goerzen Apress Contents Contents at a Glance About the
More informationData Onboarding. Where Do I begin? Luke Netto Senior Professional Services Splunk. September 26, 2017 Washington, DC
Data Onboarding Where Do I begin? Luke Netto Senior Professional Services Consultant @ Splunk September 26, 2017 Washington, DC Forward-Looking Statements During the course of this presentation, we may
More informationMonitoring MySQL Performance with Percona Monitoring and Management
Monitoring MySQL Performance with Percona Monitoring and Management Santa Clara, California April 23th 25th, 2018 MIchael Coburn, Product Manager Your Presenter Product Manager for PMM (also Percona Toolkit
More informationFUJITSU Software ServerView Cloud Monitoring Manager V1.1. Release Notes
FUJITSU Software ServerView Cloud Monitoring Manager V1.1 Release Notes J2UL-2170-01ENZ0(00) July 2016 Contents Contents About this Manual... 4 1 What's New?...6 1.1 Performance Improvements... 6 1.2
More informationBest Practices for a Mission- Critical Jenkins
Best Practices for a Mission- Critical Jenkins Mike Rooney Jenkins Connoisseur http://linkedin.com/in/mcrooney Jenkins Uses! Genius.com staging deployment, code reviews, automated branching and merging,
More informationDEVOPS COURSE CONTENT
LINUX Basics: Unix and linux difference Linux File system structure Basic linux/unix commands Changing file permissions and ownership Types of links soft and hard link Filter commands Simple filter and
More informationWeb Mechanisms. Draft: 2/23/13 6:54 PM 2013 Christopher Vickery
Web Mechanisms Draft: 2/23/13 6:54 PM 2013 Christopher Vickery Introduction While it is perfectly possible to create web sites that work without knowing any of their underlying mechanisms, web developers
More informationControl Center Planning Guide
Control Center Planning Guide Release 1.4.2 Zenoss, Inc. www.zenoss.com Control Center Planning Guide Copyright 2017 Zenoss, Inc. All rights reserved. Zenoss, Own IT, and the Zenoss logo are trademarks
More information416 Distributed Systems. RPC Day 2 Jan 12, 2018
416 Distributed Systems RPC Day 2 Jan 12, 2018 1 Last class Finish networks review Fate sharing End-to-end principle UDP versus TCP; blocking sockets IP thin waist, smart end-hosts, dumb (stateless) network
More informationGetting started with System Center Essentials 2007
At a glance: Installing and upgrading Configuring Essentials 2007 Troubleshooting steps Getting started with System Center Essentials 2007 David Mills System Center Essentials 2007 is a new IT management
More informationMcAfee Network Security Platform 9.2
McAfee Network Security Platform 9.2 (9.2.7.22-9.2.7.20 Manager-Virtual IPS Release Notes) Contents About this release New features Enhancements Resolved issues Installation instructions Known issues Product
More informationntopng A Web-based Network Traffic Monitoring Application
ntopng A Web-based Network Traffic Monitoring Application New York City, NY June 14th, 2017 Simone Mainardi linkedin.com/in/simonemainardi Agenda About ntop Network traffic monitoring
More informationLogging and Monitoring in CORD. Zack Williams -
Logging and Monitoring in CORD Zack Williams - zdw@opennetworking.org Goals Answers the operational question: What is the system doing? Collects statistics, actionable items, and other monitoring data
More informationWhatsConfigured v3.1 User Guide
WhatsConfigured v3.1 User Guide Contents Table of Contents Welcome to WhatsConfigured v3.1 Finding more information and updates... 1 Sending feedback... 2 Deploying WhatsConfigured STEP 1: Prepare the
More informationPolaris Under the Hood. Prepared by: Wes Osborn
Polaris Under the Hood Prepared by: Wes Osborn Overview Client Communication Kerberos Authentication SQL Profiler SIP Service !! WARNING!! Help -> About Where to start Click on the Application Server link
More informationUsing DC/OS for Continuous Delivery
Using DC/OS for Continuous Delivery DevPulseCon 2017 Elizabeth K. Joseph, @pleia2 Mesosphere 1 Elizabeth K. Joseph, Developer Advocate, Mesosphere 15+ years working in open source communities 10+ years
More informationDistributed CI: Scaling Jenkins on Mesos and Marathon. Roger Ignazio Puppet Labs, Inc. MesosCon 2015 Seattle, WA
Distributed CI: Scaling Jenkins on Mesos and Marathon Roger Ignazio Puppet Labs, Inc. MesosCon 2015 Seattle, WA About Me Roger Ignazio QE Automation Engineer Puppet Labs, Inc. @rogerignazio Mesos In Action
More informationOverview of the Cisco NCS Command-Line Interface
CHAPTER 1 Overview of the Cisco NCS -Line Interface This chapter provides an overview of how to access the Cisco Prime Network Control System (NCS) command-line interface (CLI), the different command modes,
More informationContainer 2.0. Container: check! But what about persistent data, big data or fast data?!
@unterstein @joerg_schad @dcos @jaxdevops Container 2.0 Container: check! But what about persistent data, big data or fast data?! 1 Jörg Schad Distributed Systems Engineer @joerg_schad Johannes Unterstein
More informationConfiguring Cisco IOS IP SLAs Operations
CHAPTER 50 This chapter describes how to use Cisco IOS IP Service Level Agreements (SLAs) on the switch. Cisco IP SLAs is a part of Cisco IOS software that allows Cisco customers to analyze IP service
More informationTurbocharge your MySQL analytics with ElasticSearch. Guillaume Lefranc Data & Infrastructure Architect, Productsup GmbH Percona Live Europe 2017
Turbocharge your MySQL analytics with ElasticSearch Guillaume Lefranc Data & Infrastructure Architect, Productsup GmbH Percona Live Europe 2017 About the Speaker Guillaume Lefranc Data Architect at Productsup
More informationControl Center Planning Guide
Release 1.2.0 Zenoss, Inc. www.zenoss.com Copyright 2016 Zenoss, Inc. All rights reserved. Zenoss and the Zenoss logo are trademarks or registered trademarks of Zenoss, Inc., in the United States and other
More informationPrometheus. A Next Generation Monitoring System. Brian Brazil Founder
Prometheus A Next Generation Monitoring System Brian Brazil Founder Who am I? Engineer passionate about running software reliably in production. Based in Ireland Core-Prometheus developer Contributor to
More informationCisco WAAS Software Command Summary
2 CHAPTER This chapter summarizes the Cisco WAAS 4.0.7 software commands. lists the WAAS commands (alphabetically) and indicates the command mode for each command. The commands used to access modes are
More informationControl Center Release Notes
Release 1.4.1 Zenoss, Inc. www.zenoss.com Copyright 2017 Zenoss, Inc. All rights reserved. Zenoss, Own IT, and the Zenoss logo are trademarks or registered trademarks of Zenoss, Inc., in the United States
More informationOutline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack
Attacks on TCP Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack TCP Protocol Transmission Control Protocol (TCP) is a core protocol
More informationRethinking monitoring with Prometheus
Rethinking monitoring with Prometheus Martín Ferrari Štefan Šafár http://tincho.org @som_zlo Who is Prometheus? A dude who stole fire from Mt. Olympus and gave it to humanity http://prometheus.io/ What
More informationMonitoring MySQL with Prometheus & Grafana
Monitoring MySQL with Prometheus & Grafana Julien Pivotto (@roidelapluie) Percona University Belgium June 22nd, 2017 SELECT USER(); Julien "roidelapluie" Pivotto @roidelapluie Sysadmin at inuits Automation,
More informationSecuring the Frisbee Multicast Disk Loader
Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah 1 What is Frisbee? 2 Frisbee is Emulab s tool to install whole disk images from a server to many clients using
More informationRed Hat JBoss Middleware for OpenShift 3
Red Hat JBoss Middleware for OpenShift 3 OpenShift Primer Get started with OpenShift Last Updated: 2018-01-09 Red Hat JBoss Middleware for OpenShift 3 OpenShift Primer Get started with OpenShift Legal
More informationCNIT 50: Network Security Monitoring. 6 Command Line Packet Analysis Tools
CNIT 50: Network Security Monitoring 6 Command Line Packet Analysis Tools Topics SO Tool Categories Running Tcpdump Using Dumpcap and Tshark Running Argus and the Ra Client SO Tool Categories Three Types
More informationMonitoring MySQL Performance with Percona Monitoring and Management
Monitoring MySQL Performance with Percona Monitoring and Management Your Presenters Michael Coburn - PMM Product Manager Working at Percona for almost 5 years Consultant, Manager, TAM, now Product Manager
More informationZumobi Brand Integration(Zbi) Platform Architecture Whitepaper Table of Contents
Zumobi Brand Integration(Zbi) Platform Architecture Whitepaper Table of Contents Introduction... 2 High-Level Platform Architecture Diagram... 3 Zbi Production Environment... 4 Zbi Publishing Engine...
More informationRed Hat Mobile Application Platform 4.2 Operations Guide
Red Hat Mobile Application Platform 4.2 Operations Guide For Red Hat Mobile Application Platform 4.2 Red Hat Customer Content Services Red Hat Mobile Application Platform 4.2 Operations Guide For Red
More informationBeBanjo Infrastructure and Security Overview
BeBanjo Infrastructure and Security Overview Can you trust Software-as-a-Service (SaaS) to run your business? Is your data safe in the cloud? At BeBanjo, we firmly believe that SaaS delivers great benefits
More informationMicroservices log gathering, processing and storing
Microservices log gathering, processing and storing Siim-Toomas Marran Univeristy of Tartu J.Liivi 2 Tartu, Estonia siimtoom@ut.ee ABSTRACT The aim of this work is to investigate and implement one of the
More informationProtocol Buffers, grpc
Protocol Buffers, grpc Szolgáltatásorientált rendszerintegráció Service-Oriented System Integration Dr. Balázs Simon BME, IIT Outline Remote communication application level vs. transport level protocols
More informationIntroduction to OSI model and Network Analyzer :- Introduction to Wireshark
Sungkyunkwan University Introduction to OSI model and Network Analyzer :- Introduction to Wireshark Syed Muhammad Raza s.moh.raza@gmail.com Copyright 2000-2014 Networking Laboratory 1/56 An Overview Internet
More informationAdvanced Continuous Delivery Strategies for Containerized Applications Using DC/OS
Advanced Continuous Delivery Strategies for Containerized Applications Using DC/OS ContainerCon @ Open Source Summit North America 2017 Elizabeth K. Joseph @pleia2 1 Elizabeth K. Joseph, Developer Advocate
More informationRunning MongoDB in Production, Part I
Running MongoDB in Production, Part I Tim Vaillancourt Sr Technical Operations Architect, Percona Speaker Name `whoami` { name: tim, lastname: vaillancourt, employer: percona, techs: [ mongodb, mysql,
More information