How to Monitor Syslog Data with Sumo Logic

If you are reading this article, you’re probably familiar with syslog, a logging tool that has been around since the 1980s. It is a daemon present in most Linux-based operating systems. By default, syslog (and variants like rsyslog) on Linux systems can be used to forward logs to central syslog servers or monitoring platforms where further analysis can be conducted. That’s useful, but to make the very most of syslog, you also want to be able to analyze log data.

power admin

How to Choose a Linux Distro for Your Server

By Des Nnochiri Whether it’s for network and system administration, database management, web services, or other business functions, chances are you’ll need robust servers as part of your IT infrastructure armory. Traditionally, a server running a Linux operating system has been the preferred option for enterprise use. But which Linux distribution (or distro) is the right one for your particular use case?


Seccomp in the Elastic Stack

After giving a presentation about what is done in Elasticsearch to improve out-of-the-box security, safety and usability and engaging in a couple of follow-up discussions at different events, I decided to dig a little bit deeper into the topic of Linux’s seccomp. The idea of seccomp is to prevent the execution of certain system calls by a given application.


How to manually build a Ubuntu 18.04 Virtual Machine server with Oracle VirtualBox

This post will describe how to manually build a Ubuntu 18.04 Virtual Machine (VM) server using Oracle’s VirtualBox virtualisation software. Being able to build simple, expendable VMs is extremely useful, whether you’re writing software, building websites or just wanting to learn about Linux servers. We need to be able to SSH onto the server from our host machine to make access easier. To gain SSH access we therefore need to forward SSH’s port to our host.


Analysing Linux auditd anomalies with Auditbeat and machine learning

Auditbeat is an extremely popular Beat that allows you to collect Linux audit framework data to monitor processes running on Linux systems. It has the ability to stream a multitude of information — from security-related system information, to file integrity data, to process information — from the Linux auditd framework.


Linux Kernel Observability through eBPF

Recent Linux kernel releases are coming weaponized with built-in instrumentation framework that has its roots in what historically was approached as BPF (Berkeley Packet Filter) – a very efficient network packet filtering mechanism which aims to avoid unnecessary user space allocations and operate on packet’s data directly in kernel land. The most familiar application of BPF powers is related to filter expressions used in tcpdump tool.