Renaming pfSense Interfaces

Only recommended for a fresh setup. I do not take any responsibility if you brick your config. Always make sure you have a recent backup of your config before tinkering with the config-file! If you are using for example pfELK for analysing your logs from your pfSense firewall, you may want to rename your interfaces... » weiterlesen

Elasticsearch As Log-Buffer

Why? What is that good for? Save license-costs and putting ingest-pipeline load somewhere else! :smiley: At my workplace we currently parse the events mostly with Logstash, but configuring those grok-filters so that the messages are ECS-comform is a lot of work. Yes, I know that there is a possibility to export those ingest-pipelines from Beats... » weiterlesen

Setup 3 Node Kubernetes 1.20 HA-Cluster (Without Docker) on Fedora 33

Master nodes will be worker nodes too (resources you know :wink:) We will use Keepalived and HAproxy as load-balancer for Kubernetes control-traffic. The whole Kubernetes-Cluster won't use Docker anymore. Prerequisites Three machines setup with minimal installation of Fedora 33 Server. I will call them vkube-001 ( vkube-002 ( vkube-003 ( One VIP ( which we... » weiterlesen

Check_MK – pfSense State Table Check (SNMP)

I needed a quick and dirty check for the pfSense's "State Table" via SNMP as I sometimes have the strange problem that it gets full and then I lose internet-connection. If the thresholds are hit and I am alerted, I hope I have time to investigate what is going wrong. The Check The default values... » weiterlesen

PART-7 – Miscallaneous, Ideas And ToDos

PART-7 - Miscallaneous, Ideas And ToDos A few things to help or make things easier. Upload The YAML-Files e.g. to github or provide a zip-file here (this will take some time - too lazy after finishing this HowTo atm 😉 Usefull Commands See What's Going on kubectl get es,kb,deployments,sts,pods,svc,pv,ingress -o wide -A Execute it with... » weiterlesen

PART-1 – Setting Up A Home-Lab Elastic ECK

There are wrong spaces later in some of the config-snippets - I have to adjust the pages. Be aware if you just copy and paste stuff from here - some markdown-conversion is not handled well 😐 Setting Up A Home-Lab Elastic ECK I used again Fedora Server (33) to setup a two node Kubernetes cluster... » weiterlesen

PART-2 – ECK setup

PART-2 - ECK setup ECK is only available with basic and enterprise/trial license! Deploy ECK Just run following command to install the custom resource definitions - or download the yaml and apply it kubectl apply -f Setting Up The Elasticsearch-Cluster Create a folder where you save your yaml-files. In this example we will assume... » weiterlesen

PART 3 – Monitoring

PART-3 - Monitoring As we want to know how our ECK is performing, we also want to monitor it with the built in and supplied "Stack Monitoring" Prepare Filebeat For Monitoring The Cluster For this setup you can orient at the - As we have our "ELK" in its own namespace and also a... » weiterlesen

PART-4 – Prepare RabbitMQ For Buffering Events

PART-4 - Prepare RabbitMQ For Buffering Events You may have a look at Elasticsearch As Log-Buffer The first thought maybe like: What? Why the hell RabbitMQ and not use the persistent queue featuere of Logstash? Because: Input plugins that do not use a request-response protocol cannot be protected from data loss. For example: tcp, udp,... » weiterlesen