Suricata JSON logs and 480 bytes max
- Details
Beginning to receive logs from pfSense/Suricata and noticed something was off. When trying to parse the JSON messages, very few messages would actually pass. Nothing wrong with Graylog JSON parser, but simply that pfSense syslog daemon will automatically truncate exported messages to 480 bytes max. 480 bytes is a fair bit, but not enough when outputting in JSON format from Suricata. So this is a bit marginal use case; exporting JSON formatted logs from Suricata in pfSense :)
Graylog on Raspberry Pi 4
- Details
Project: Have to know my openwrt access point a little better. I.e. gather logs from the access point and point these logs to a central location and somehow display and search the logs. Possible even an alert, when something bad is happening. On the backburner is adding other devices and adding some fancy displays.
ESXi 5.0/GhettoVCB with NFS on FreeNAS 8.2
- Details
Basically a very simple setup, but have eluded me for some time now: Simply backup some running VM's on a ESXi 5.x to a FreeNAS NFS service. I'm running FreeNAS 8.2 (FreeNAS update routine is also give me some strange access rights errors lately, so never got round to updating the bugger) Shouldn’t be a problem with version 8.1 or 8.3.
Things might be done differently with better preference/lesser work. I'm no expert, so please let me know if your setup performs better, or to point out some stupid mistakes I have made. But the following will get backups of your VM's to a FreeNAS box.
I'm still struggling with some kind of synchronisation with Amazon S3 from FreeNAS. If you have done any kind of progress along offsite sync from FreeNAS or any throughs on this, please let me know.
All glory is going to William Lam (www.virtuallyghetto.com) for his work on ghettoVCB script. There is nothing original here, I just put some snips together.