SlideShare a Scribd company logo

Listen to your_data!

Mohammed Al_Maraghy
Mohammed Al_Maraghy

Centralized Log Server On RedHat Enterprise Linux 6!

Technology
1 of 12
Download to read offline
Overview  What is “Centralized Log Server” ? ● ● Why we need Centralized Log Server ? ● Importance of using Centralized Log Server ● Easily of getting logs! ● SPLUNK!!! ● DEMO
What is “Centralized Log Server” ?
What is “Centralized Log Server” ? It is a normal workstation with free RedHat Linux 6 Installed without any additional software installed It uses basic Linux Knowledge to collect the logs from all clients through TCP & UDP connections to one centralized machine
Why we need Centralized Log Server ?
Importance of Using C. Log Server - Collect security logs from all workstations and servers to one machine - Monitor the network & respond to attacks - Show password changes for all users - Show when ANY workstation reboot or shutdown
Easily of getting logs! “/var/log/” User “root” changed his password: Mar 23 14:57:20 localhost passwd: pam_unix(passwd:chauthtok): password changed for root Local Authentication Failure: Mar 23 14:58:46 localhost login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty3 ruser= rhost= user=root Poweroff or Reboot: Mar 22 15:58:01 localhost init: tty (/dev/tty2) main process (1896) killed by TERM signal SSH Authentication Failure: Mar 18 01:13:18 rhel5.vmz sshd[2793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.2 user=root
SPLUNK!! - Graphical User Interface application to view system logs - Free & Open Source project -Quick Search, saved search, alerting,scheduling, and dashboard creation - Make graphical reports
Any Questions ?!!
THANK YOU ! By: Mohammed Al­Maraghy RedHat Certified Engineer             Twitter: @MohammedMaraghy Maraghy@fedoraproject.org

Recommended

My work
My workMy work
My workantmanlinux
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your networkBrandon DeVault
 
Access control
Access controlAccess control
Access controlVarnish Software
 
/etc/rc.d配下とかのリーディング勉強会
/etc/rc.d配下とかのリーディング勉強会/etc/rc.d配下とかのリーディング勉強会
/etc/rc.d配下とかのリーディング勉強会Naoya Nakazawa
 
Infrastructure management using a VPN Concentrator
Infrastructure management using a VPN ConcentratorInfrastructure management using a VPN Concentrator
Infrastructure management using a VPN ConcentratorRonald Bartels
 
Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0Dhruv Sharma
 
OSPF Authentication
OSPF Authentication OSPF Authentication
OSPF Authentication NetProtocol Xpert
 
IOS-Basic Configuration
IOS-Basic ConfigurationIOS-Basic Configuration
IOS-Basic ConfigurationHaitham El-Ghareeb
 

Recommended

My work
My workMy work
My workantmanlinux
 
How Microsoft will MiTM your network
How Microsoft will MiTM your networkHow Microsoft will MiTM your network
How Microsoft will MiTM your networkBrandon DeVault
 
Access control
Access controlAccess control
Access controlVarnish Software
 
/etc/rc.d配下とかのリーディング勉強会
/etc/rc.d配下とかのリーディング勉強会/etc/rc.d配下とかのリーディング勉強会
/etc/rc.d配下とかのリーディング勉強会Naoya Nakazawa
 
Infrastructure management using a VPN Concentrator
Infrastructure management using a VPN ConcentratorInfrastructure management using a VPN Concentrator
Infrastructure management using a VPN ConcentratorRonald Bartels
 
Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0Factory setup wsa_9.2_v1.0
Factory setup wsa_9.2_v1.0Dhruv Sharma
 
OSPF Authentication
OSPF Authentication OSPF Authentication
OSPF Authentication NetProtocol Xpert
 
IOS-Basic Configuration
IOS-Basic ConfigurationIOS-Basic Configuration
IOS-Basic ConfigurationHaitham El-Ghareeb
 
UDP Hunter
UDP HunterUDP Hunter
UDP HunterSavan Gadhiya
 
Jenkins without Install
Jenkins without InstallJenkins without Install
Jenkins without InstallHirokazu Tokuno
 
Managing Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous FleetManaging Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous Fleetandyhky
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)Andrew Denner
 
Salt Stack pt. 2 : Configuration Management
Salt Stack pt. 2 : Configuration ManagementSalt Stack pt. 2 : Configuration Management
Salt Stack pt. 2 : Configuration ManagementUmberto Nicoletti
 
第2章 プロトコル
第2章 プロトコル第2章 プロトコル
第2章 プロトコルShuya Osaki
 
How to shut down Netapp san 9.2 cluster mode version1
How to shut down Netapp san 9.2 cluster mode version1How to shut down Netapp san 9.2 cluster mode version1
How to shut down Netapp san 9.2 cluster mode version1Saroj Sahu
 
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesIETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesMark Smith
 
How to shutdown the Netapp SAN 8.3 and 9.2 version
How to shutdown the Netapp SAN 8.3 and 9.2 versionHow to shutdown the Netapp SAN 8.3 and 9.2 version
How to shutdown the Netapp SAN 8.3 and 9.2 versionSaroj Sahu
 
G meteo Weather station code
G meteo Weather station code G meteo Weather station code
G meteo Weather station code Dimitrios Nikolaidis
 
Nagios intro
Nagios intro Nagios intro
Nagios intro Hsi-Kai Wang
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case studyDusan Klinec
 
How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -Naoto MATSUMOTO
 
Intro to Exploitation
Intro to ExploitationIntro to Exploitation
Intro to ExploitationUTD Computer Security Group
 
Basic command for Time sync (Domain Controllers)
Basic command for Time sync (Domain Controllers)Basic command for Time sync (Domain Controllers)
Basic command for Time sync (Domain Controllers)Naseem Khoodoruth
 
In depth understanding network security
In depth understanding network securityIn depth understanding network security
In depth understanding network securityThanawan Tuamyim
 
Volume migration from one aggregate to other without impacting the applicatio...
Volume migration from one aggregate to other without impacting the applicatio...Volume migration from one aggregate to other without impacting the applicatio...
Volume migration from one aggregate to other without impacting the applicatio...Saroj Sahu
 
How to shutdown and power up of the netapp cluster mode storage system
How to shutdown and power up of the netapp cluster mode storage systemHow to shutdown and power up of the netapp cluster mode storage system
How to shutdown and power up of the netapp cluster mode storage systemSaroj Sahu
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
RedHat Cluster!
RedHat Cluster!RedHat Cluster!
RedHat Cluster!Mohammed Al_Maraghy
 
Odoo maroc tech_it_2017
Odoo maroc tech_it_2017Odoo maroc tech_it_2017
Odoo maroc tech_it_2017RACHAD ABDELHADI
 

More Related Content

What's hot

Managing Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous FleetManaging Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous Fleetandyhky
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)Andrew Denner
 
Salt Stack pt. 2 : Configuration Management
Salt Stack pt. 2 : Configuration ManagementSalt Stack pt. 2 : Configuration Management
Salt Stack pt. 2 : Configuration ManagementUmberto Nicoletti
 
第2章 プロトコル
第2章 プロトコル第2章 プロトコル
第2章 プロトコルShuya Osaki
 
How to shut down Netapp san 9.2 cluster mode version1
How to shut down Netapp san 9.2 cluster mode version1How to shut down Netapp san 9.2 cluster mode version1
How to shut down Netapp san 9.2 cluster mode version1Saroj Sahu
 
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesIETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesMark Smith
 
How to shutdown the Netapp SAN 8.3 and 9.2 version
How to shutdown the Netapp SAN 8.3 and 9.2 versionHow to shutdown the Netapp SAN 8.3 and 9.2 version
How to shutdown the Netapp SAN 8.3 and 9.2 versionSaroj Sahu
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case studyDusan Klinec
 
How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -Naoto MATSUMOTO
 
Basic command for Time sync (Domain Controllers)
Basic command for Time sync (Domain Controllers)Basic command for Time sync (Domain Controllers)
Basic command for Time sync (Domain Controllers)Naseem Khoodoruth
 
In depth understanding network security
In depth understanding network securityIn depth understanding network security
In depth understanding network securityThanawan Tuamyim
 
Volume migration from one aggregate to other without impacting the applicatio...
Volume migration from one aggregate to other without impacting the applicatio...Volume migration from one aggregate to other without impacting the applicatio...
Volume migration from one aggregate to other without impacting the applicatio...Saroj Sahu
 
How to shutdown and power up of the netapp cluster mode storage system
How to shutdown and power up of the netapp cluster mode storage systemHow to shutdown and power up of the netapp cluster mode storage system
How to shutdown and power up of the netapp cluster mode storage systemSaroj Sahu
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 

What's hot (20)

UDP Hunter
UDP HunterUDP Hunter
UDP Hunter
 
Jenkins without Install
Jenkins without InstallJenkins without Install
Jenkins without Install
 
Managing Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous FleetManaging Open vSwitch Across a Large Heterogenous Fleet
Managing Open vSwitch Across a Large Heterogenous Fleet
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
 
St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)St Louis Linux Users Group Wireguard (for Fun and Networking)
St Louis Linux Users Group Wireguard (for Fun and Networking)
 
Salt Stack pt. 2 : Configuration Management
Salt Stack pt. 2 : Configuration ManagementSalt Stack pt. 2 : Configuration Management
Salt Stack pt. 2 : Configuration Management
 
第2章 プロトコル
第2章 プロトコル第2章 プロトコル
第2章 プロトコル
 
How to shut down Netapp san 9.2 cluster mode version1
How to shut down Netapp san 9.2 cluster mode version1How to shut down Netapp san 9.2 cluster mode version1
How to shut down Netapp san 9.2 cluster mode version1
 
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet DevicesIETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
IETF 106 - Default IPv6 Local Only Addressing for Non-Internet Devices
 
How to shutdown the Netapp SAN 8.3 and 9.2 version
How to shutdown the Netapp SAN 8.3 and 9.2 versionHow to shutdown the Netapp SAN 8.3 and 9.2 version
How to shutdown the Netapp SAN 8.3 and 9.2 version
 
G meteo Weather station code
G meteo Weather station code G meteo Weather station code
G meteo Weather station code
 
Nagios intro
Nagios intro Nagios intro
Nagios intro
 
UPC router reverse engineering - case study
UPC router reverse engineering - case studyUPC router reverse engineering - case study
UPC router reverse engineering - case study
 
How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -How to train your L3DSR with PBR - MEMO -
How to train your L3DSR with PBR - MEMO -
 
Intro to Exploitation
Intro to ExploitationIntro to Exploitation
Intro to Exploitation
 
Basic command for Time sync (Domain Controllers)
Basic command for Time sync (Domain Controllers)Basic command for Time sync (Domain Controllers)
Basic command for Time sync (Domain Controllers)
 
In depth understanding network security
In depth understanding network securityIn depth understanding network security
In depth understanding network security
 
Volume migration from one aggregate to other without impacting the applicatio...
Volume migration from one aggregate to other without impacting the applicatio...Volume migration from one aggregate to other without impacting the applicatio...
Volume migration from one aggregate to other without impacting the applicatio...
 
How to shutdown and power up of the netapp cluster mode storage system
How to shutdown and power up of the netapp cluster mode storage systemHow to shutdown and power up of the netapp cluster mode storage system
How to shutdown and power up of the netapp cluster mode storage system
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 

Viewers also liked

Open Source Business Model of Open ERP
Open Source Business Model of Open ERPOpen Source Business Model of Open ERP
Open Source Business Model of Open ERPFabien Pinckaers
 
Benefits of implementing ERP using Odoo ERPOnline
Benefits of implementing ERP using Odoo ERPOnlineBenefits of implementing ERP using Odoo ERPOnline
Benefits of implementing ERP using Odoo ERPOnlineDavid Tran
 
Odoo training 2016 - Apagen Solutions Pvt. ltd.
Odoo training 2016 - Apagen Solutions Pvt. ltd.Odoo training 2016 - Apagen Solutions Pvt. ltd.
Odoo training 2016 - Apagen Solutions Pvt. ltd.Gaurav Kumar
 
Software Consultancy (CRM-ERP-EPM-SCM-SOCIAL CLOUD)
Software Consultancy (CRM-ERP-EPM-SCM-SOCIAL CLOUD)Software Consultancy (CRM-ERP-EPM-SCM-SOCIAL CLOUD)
Software Consultancy (CRM-ERP-EPM-SCM-SOCIAL CLOUD)Ibrahim Younis
 
Odoo - How to create awesome websites and e-commerce
Odoo - How to create awesome websites and e-commerceOdoo - How to create awesome websites and e-commerce
Odoo - How to create awesome websites and e-commerceOdoo
 
Cisco jabber presentation
Cisco jabber presentationCisco jabber presentation
Cisco jabber presentationabbyfavali
 
Odoo Strategy and Roadmap
Odoo Strategy and RoadmapOdoo Strategy and Roadmap
Odoo Strategy and RoadmapOdoo
 
Odoo Warehouse Management
Odoo Warehouse ManagementOdoo Warehouse Management
Odoo Warehouse ManagementOdoo
 
Huge Presentation to Explain ERP
Huge Presentation to Explain ERPHuge Presentation to Explain ERP
Huge Presentation to Explain ERPdmdk12
 
How to manage a service company with Odoo
How to manage a service company with OdooHow to manage a service company with Odoo
How to manage a service company with OdooOdoo
 
RedHat Linux
RedHat LinuxRedHat Linux
RedHat LinuxApo
 
Red hat enterprise linux 7 (rhel 7)
Red hat enterprise linux 7 (rhel 7)Red hat enterprise linux 7 (rhel 7)
Red hat enterprise linux 7 (rhel 7)Ramola Dhande
 
ERP - Implementation is The Challenge
ERP - Implementation is The ChallengeERP - Implementation is The Challenge
ERP - Implementation is The Challengevinaya.hs
 

Viewers also liked (18)

RedHat Cluster!
RedHat Cluster!RedHat Cluster!
RedHat Cluster!
 
Odoo maroc tech_it_2017
Odoo maroc tech_it_2017Odoo maroc tech_it_2017
Odoo maroc tech_it_2017
 
Open Source Business Model of Open ERP
Open Source Business Model of Open ERPOpen Source Business Model of Open ERP
Open Source Business Model of Open ERP
 
Odoo V8 Installation
Odoo V8 InstallationOdoo V8 Installation
Odoo V8 Installation
 
Benefits of implementing ERP using Odoo ERPOnline
Benefits of implementing ERP using Odoo ERPOnlineBenefits of implementing ERP using Odoo ERPOnline
Benefits of implementing ERP using Odoo ERPOnline
 
Odoo training 2016 - Apagen Solutions Pvt. ltd.
Odoo training 2016 - Apagen Solutions Pvt. ltd.Odoo training 2016 - Apagen Solutions Pvt. ltd.
Odoo training 2016 - Apagen Solutions Pvt. ltd.
 
Software Consultancy (CRM-ERP-EPM-SCM-SOCIAL CLOUD)
Software Consultancy (CRM-ERP-EPM-SCM-SOCIAL CLOUD)Software Consultancy (CRM-ERP-EPM-SCM-SOCIAL CLOUD)
Software Consultancy (CRM-ERP-EPM-SCM-SOCIAL CLOUD)
 
Odoo - How to create awesome websites and e-commerce
Odoo - How to create awesome websites and e-commerceOdoo - How to create awesome websites and e-commerce
Odoo - How to create awesome websites and e-commerce
 
Cisco jabber presentation
Cisco jabber presentationCisco jabber presentation
Cisco jabber presentation
 
Odoo Strategy and Roadmap
Odoo Strategy and RoadmapOdoo Strategy and Roadmap
Odoo Strategy and Roadmap
 
Odoo Warehouse Management
Odoo Warehouse ManagementOdoo Warehouse Management
Odoo Warehouse Management
 
Huge Presentation to Explain ERP
Huge Presentation to Explain ERPHuge Presentation to Explain ERP
Huge Presentation to Explain ERP
 
How to manage a service company with Odoo
How to manage a service company with OdooHow to manage a service company with Odoo
How to manage a service company with Odoo
 
SCM & CRM & ERP
SCM & CRM & ERPSCM & CRM & ERP
SCM & CRM & ERP
 
RedHat Linux
RedHat LinuxRedHat Linux
RedHat Linux
 
Red hat enterprise linux 7 (rhel 7)
Red hat enterprise linux 7 (rhel 7)Red hat enterprise linux 7 (rhel 7)
Red hat enterprise linux 7 (rhel 7)
 
What is ERP
What is ERPWhat is ERP
What is ERP
 
ERP - Implementation is The Challenge
ERP - Implementation is The ChallengeERP - Implementation is The Challenge
ERP - Implementation is The Challenge
 

Similar to Listen to your_data!

Time Series Database and Tick Stack
Time Series Database and Tick StackTime Series Database and Tick Stack
Time Series Database and Tick StackGianluca Arbezzano
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationPavel Odintsov
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Tick Stack - Listen your infrastructure and please sleep
Tick Stack - Listen your infrastructure and please sleepTick Stack - Listen your infrastructure and please sleep
Tick Stack - Listen your infrastructure and please sleepGianluca Arbezzano
 
University of Oslo's TSD service - storing sensitive & restricted data by D...
University of Oslo's TSD service - storing sensitive & restricted data by D... University of Oslo's TSD service - storing sensitive & restricted data by D...
University of Oslo's TSD service - storing sensitive & restricted data by D...eurobsdcon
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiYossi Sassi
 
Android Things in action
Android Things in actionAndroid Things in action
Android Things in actionStefano Sanna
 
Hacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and ProfitHacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and ProfitAlisa Esage Шевченко
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsPROIDEA
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server HardeningMyOwn Telco
 
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemyPROIDEA
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsSlawomir Jasek
 
Dssh @ Confidence, Prague 2010
Dssh @ Confidence, Prague 2010Dssh @ Confidence, Prague 2010
Dssh @ Confidence, Prague 2010Juraj Bednar
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...Zoltan Balazs
 
Build reliable, traceable, distributed systems with ZeroMQ
Build reliable, traceable, distributed systems with ZeroMQBuild reliable, traceable, distributed systems with ZeroMQ
Build reliable, traceable, distributed systems with ZeroMQRobin Xiao
 

Similar to Listen to your_data! (20)

Time Series Database and Tick Stack
Time Series Database and Tick StackTime Series Database and Tick Stack
Time Series Database and Tick Stack
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Ripe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigationRipe71 FastNetMon open source DoS / DDoS mitigation
Ripe71 FastNetMon open source DoS / DDoS mitigation
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
 
Tick Stack - Listen your infrastructure and please sleep
Tick Stack - Listen your infrastructure and please sleepTick Stack - Listen your infrastructure and please sleep
Tick Stack - Listen your infrastructure and please sleep
 
Pcp
PcpPcp
Pcp
 
University of Oslo's TSD service - storing sensitive & restricted data by D...
University of Oslo's TSD service - storing sensitive & restricted data by D... University of Oslo's TSD service - storing sensitive & restricted data by D...
University of Oslo's TSD service - storing sensitive & restricted data by D...
 
Backtrack Manual Part8
Backtrack Manual Part8Backtrack Manual Part8
Backtrack Manual Part8
 
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi SassiInSecure Remote Operations - NullCon 2023 by Yossi Sassi
InSecure Remote Operations - NullCon 2023 by Yossi Sassi
 
Android Things in action
Android Things in actionAndroid Things in action
Android Things in action
 
Ssh tunnel
Ssh tunnelSsh tunnel
Ssh tunnel
 
Hacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and ProfitHacking Microsoft Remote Desktop Services for Fun and Profit
Hacking Microsoft Remote Desktop Services for Fun and Profit
 
Honeynet Project View
Honeynet Project ViewHoneynet Project View
Honeynet Project View
 
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocolsCONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
CONFidence 2014: Jakub Kałużny: Shameful secrets of proprietary protocols
 
CentOS Linux Server Hardening
CentOS Linux Server HardeningCentOS Linux Server Hardening
CentOS Linux Server Hardening
 
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
[CONFidence 2016] Leszek Miś - Honey(pot) flavored hunt for cyber enemy
 
Shameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocolsShameful secrets of proprietary network protocols
Shameful secrets of proprietary network protocols
 
Dssh @ Confidence, Prague 2010
Dssh @ Confidence, Prague 2010Dssh @ Confidence, Prague 2010
Dssh @ Confidence, Prague 2010
 
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
DEFCON 22: Bypass firewalls, application white lists, secure remote desktops ...
 
Build reliable, traceable, distributed systems with ZeroMQ
Build reliable, traceable, distributed systems with ZeroMQBuild reliable, traceable, distributed systems with ZeroMQ
Build reliable, traceable, distributed systems with ZeroMQ
 

Recently uploaded

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Listen to your_data!

  • 1.
  • 2. Overview  What is “Centralized Log Server” ? ● ● Why we need Centralized Log Server ? ● Importance of using Centralized Log Server ● Easily of getting logs! ● SPLUNK!!! ● DEMO
  • 3. What is “Centralized Log Server” ?
  • 4. What is “Centralized Log Server” ? It is a normal workstation with free RedHat Linux 6 Installed without any additional software installed It uses basic Linux Knowledge to collect the logs from all clients through TCP & UDP connections to one centralized machine
  • 5. Why we need Centralized Log Server ?
  • 6. Importance of Using C. Log Server - Collect security logs from all workstations and servers to one machine - Monitor the network & respond to attacks - Show password changes for all users - Show when ANY workstation reboot or shutdown
  • 7. Easily of getting logs! “/var/log/” User “root” changed his password: Mar 23 14:57:20 localhost passwd: pam_unix(passwd:chauthtok): password changed for root Local Authentication Failure: Mar 23 14:58:46 localhost login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty3 ruser= rhost= user=root Poweroff or Reboot: Mar 22 15:58:01 localhost init: tty (/dev/tty2) main process (1896) killed by TERM signal SSH Authentication Failure: Mar 18 01:13:18 rhel5.vmz sshd[2793]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.0.2 user=root
  • 8. SPLUNK!! - Graphical User Interface application to view system logs - Free & Open Source project -Quick Search, saved search, alerting,scheduling, and dashboard creation - Make graphical reports
  • 9.
  • 10.
  • 12. THANK YOU ! By: Mohammed Al­Maraghy RedHat Certified Engineer             Twitter: @MohammedMaraghy Maraghy@fedoraproject.org