Attack Infrastructure Logging – Part 4: Log Event Alerting

Attack Infrastructure Logging Series: Part 1: Logging Server Setup Part 2: Log Aggregation Part 3: Graylog Dashboard 101 Part 4: Log Event Alerting Quick recap; we setup a Graylog logging server, configured it to collect logs from multiple attack infrastructure assets and visualised some of this log data on a custom dashboard. I’ll be wrapping up this…

Attack Infrastructure Logging – Part 3: Graylog Dashboard 101

Attack Infrastructure Logging Series: Part 1: Logging Server Setup Part 2: Log Aggregation Part 3: Graylog Dashboard 101 Part 4: Log Event Alerting The last 2 posts of this blog series had us setting up a logging server and aggregating logs into it from our various attack infrastructure assets. This brief post will go over setting up a…

Attack Infrastructure Logging – Part 2: Log Aggregation

Attack Infrastructure Logging Series: Part 1: Logging Server Setup Part 2: Log Aggregation Part 3: Graylog Dashboard 101 Part 4: Log Event Alerting In my previous post I covered setting up a Graylog2 logging server. In this post, we’re going to start getting some logs from our infrastructure assets into our Graylog installation. The number and type of…

Attack Infrastructure Logging – Part 1: Logging Server Setup

Background: One of my goals this year was to improve my infrastructure log management procedures during engagements. Up until quite recently my log management technique was opening a couple of terminal tabs, SSH-ing into all my infrastructure assets and cat-ing, tailf-ing and grepping the log files I was interested in. As you can imagine this…