Tag Archives: cause

Configuring Logstash and Kibana to receive and Dashboard Sonicwall Logs

Note: If you want to quickly download my Logstash config and Kibana dashboards, see the end of this post.

Locate and Update your Logstash.conf File
First, you must update your logstash configuration file, generally located in /etc/logstash or /etc/logstash/conf.d/ and named logstash.conf

Add a logstash input
In logstash.conf, you must first add an input which will allow logstash to receive the syslog from your Sonicwall appliance along with a designated “listening” port. For my configuration, I set this to port 5515. In my logstash instance, I am using Suricata SELKs, so you can also see a file input for that prior to my Sonicwall input. See below (the text highlighted in RED was the text I added to the config file).

input {
file {
path => [“/var/log/suricata/eve.json”]
#sincedb_path => [“/var/lib/logstash/”]
sincedb_path => [“/var/cache/logstash/sincedbs/since.db”]
codec => json
type => “SELKS”
}
syslog {
type => Sonicwall
port => 5515
}

Insert a logstash Filter
The next step is to insert a new filter for parsing your sonicwall logs, this is so that Logstash knows how to automatically create fields so that you can filter on specific fields in Syslog. Below is the text that I added to the configuration file.  Important: You must make sure that if you have pre-existing filters, your start and end curly braces appropriately open and close and in the filter section the text below incorporated into the filter bracketed text.

if [type] == “Sonicwall” {
kv {
exclude_keys => [ “c”, “id”, “m”, “n”, “pri” ]
}
grok {
match => [ “src”, “%{IP:srcip}:%{DATA:srcinfo}” ]
}
grok {
match => [ “dst”, “%{IP:dstip}:%{DATA:dstinfo}” ]
}
grok {
remove_field => [ “srcinfo”, “dstinfo” ]
}
geoip {
add_tag => [ “geoip” ]
source => “srcip”
database => “/opt/logstash/vendor/geoip/GeoLiteCity.dat”
}

Configure the Parsed Output Location
Finally, you need to configure the output for the config file. The output is to send into the logstash instance. Below is the configuration for this. In this case, my logstash instance is sending to localhost because it is running on the same box.

}

output {
elasticsearch {
host => “127.0.0.1”
protocol => transport
}
}

Configure the Sonicwall
Next you will need to configure your Sonicwall to send syslog messages to the logstash server. Login to your sonicwall, go to “Log->Syslog and then add a server x.x.x.x with port 5515.

Next you’ll need to turn on Sonicwall Name Resolution for Logs
Go to Log->Name Resolution and make sure to setup a DNS server to resolve names. Otherwise, the src and dst fields in the Kibana dashboards will not have names and show double IP address entries.

Finally, you’ll need to configure dashboards in Kibana. To make all of this easier, I’ve included all my files below that can be easily downloaded.

Logstash Configuration *Use Right-Click and Save As*

Kibana Dashboards
(To Import go into Kibana and select “Load” then go to “Advanced and click on “Load File”)

  • Sonic-Alerts (Filters the Top Alert Messages from the Sonicwall Syslog
  • Sonic Top (Filters the Top Source and Destination hosts and events associated with your sonicwall.



Facebooktwittergoogle_plusredditpinterestlinkedinmail

Five steps for an unbelievably green and water efficient lawn during California’s drought

Keep your lawn green this summer!

The following five steps will allow you to significantly improve your lawn while saving a tremendous amount of water use throughout the year. The following five steps only take about 30 minutes across the entire year in order to properly improve your specific situation. The simple fact is you do not need to kill off your lawn in order to save significant amounts of water and contribute to the efficiency of water use within California.

By implementing these steps I personally experienced more than 30% reduction in my water use while my neighbors stood in awe of how florescent green my lawn was. When I showed my water bill and the savings to my neighbors they were in complete disbelief because they believed they had to kill off their lawn by reducing their water use to all zero but quite in fact this is not necessary. With proper maintenance, a lawn and your entire yard needs only a fraction of a the water necessary to keep it green and beautiful when you are not properly caring for it.

Step 1. Follow the sun (and the weather).

Often, many of us pay attention to the weather in order to select the right clothing for the day. However many of us ignore the fact that our lawns also need you to adjust your care according to the weather and the amount of sun your lawn will receive. So it is important to note what the weather will be like and the temperature ranges that your lawn will be experiencing along with you during the day.

Step 2. Penetrate your soul (leverage an aerator).

aerator

 

This simple little tool can be used to significantly change the absorption rate of water for your lawn. Imagine that you don’t aerate your lawn, without aeration the water sits on the top layer of soil and if you have a hill or sloped lawn it rolls right off only permeating the very top quarter-inch layer of topsoil. The goal for water efficient lawn is to maintain deep penetration of water into the topsoil and the only way to perform this without overwatering is through aeration. Aeration also has other benefits such as delivering nutrients further into the soil towards the roots of your grass. This is the single most effective way to reduce water usage and it only takes five minutes with this tool found at Home Depot at the following URL: http://www.homedepot.com/p/Hound-Dog-Steel-Spike-Aerator-HDP37/202605484

Step 3. Renew your body (sprinkle some seed).

Re-seeding is an essential step to keeping a quality lawn. Over time and age lawn degrades and the blades of grass simply don’t have the same luster as they once had similar to humans and aging. So it is important to re-seed on a regular basis usually in the springtime. grass-seedThere are many types of seed and you should try and match the type of seed that you already have if at all possible so that you can maintain the look the you desire. For me a simple fescue mix from my local Walmart or Home Depot was sufficient to maintain my own grass in the look that I desired.

Step 4. Take some vitamins (fertilize!).

The next stephandheld-spreader after aeration is to ensure that your grass has quality nutrients delivered directly to its roots, just like our bodies need vitamins so to do grasses and other shrubs we plant our yards. A simple $10-$15 fertilizer sprinkled across your lawn is sufficient to provide nutrients for almost 6 months and significantly improve the health of your lawn and provide for a florescent green and healthy color. This step takes only minutes once every six months. Ideally you can spread fertilizer with the same handheld spreader you use for the seed.

Step 5. Adjust your clocks! (water at the right time of day).

The final step in this process is to adjust your watering habits or your watering system to accommodate our newly renovated lawn. An unhealthy lawn without these maintenance techniques requires 2 to 3 times as much water, leading guidance from common Internet sources to claim watering must be 8 to 10 minutes per day in order for the desired look. However I have found that For my environmental conditions in Northern California,  quite honestly a healthfully maintained lawn only needs one third of the amount of water across to the majority of the year with only exceeding this amount in the highest temperature period of the summer months. The best watering times for grass are during the morning hours between 4 and 5 AM allowing sufficient soak time prior to the sun rising and evaporating the moisture. For my use I also run my water in the afternoon at around 5 PM, ideally you do not want a moist soil all night long to avoid bacteria and moss growth during the evening.

This is a photo of my lawn and my bill usage graph with an over 30% reduction (year over year) in my water use. 

my-grass

water-saved

 

 

 


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Small-time security threats bigger concern

http://www.autonews.com/article/20150309/FINANCE_AND_INSURANCE/303099941/small-time-security-threats-bigger-concern By David Barkholz Automotive News March 9, 2015 The biggest threats to a dealership’s data aren’t Russian hackers breaking through electronic firewalls or robots trying a thousand passwords on security codes until they finally crack into the system. It’s more likely the mundane stuff that will cause a breach that enables personal consumer data to slip out of the store, said Brad Miller, director of legal and regulatory affairs for the National Automobile Dealers Association. Watch out, he said, for laptops that may contain sensitive files being stolen out of cars. A thumb drive that contains code capable of capturing passwords or data can be plugged into the laptop. Also, software vendors long ago dropped by a dealership may retain active pass codes that enable data to be taken from the dealership, unbeknownst to store employees, Miller said. Or pirates may send dealership employees a “phishing” email hoping to fool one into giving out information or a password that opens the system to the thieves. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The Ambassador who worked from Nairobi bathroom to avoid State Dept. IT

http://arstechnica.com/information-technology/2015/03/the-ambassador-who-worked-from-nairobi-bathroom-to-avoid-state-dept-it/ By Sean Gallagher Ars Technica March 8, 2015 The current scandal roiling over the use of a private e-mail server by former Secretary of State Hillary Clinton is just the latest in a series of scandals surrounding government e-mails. And it’s not the first public airing of problems with the State Department’s IT operations—and executives’ efforts to bypass or work around them. At least she didn’t set up an office in a restroom just to bypass State Department network restrictions and do everything over Gmail. However, another Obama administration appointee—the former ambassador to Kenya—did do that, essentially refusing to use any of the Nairobi embassy’s internal IT. He worked out of a bathroom because it was the only place in the embassy where he could use an unsecured network and his personal computer, using Gmail to conduct official business. And he did all this during a time when Chinese hackers were penetrating the personal Gmail inboxes of a number of US diplomats. Why would such high-profile members of the administration’s foreign policy team so flagrantly bypass federal and agency regulations to use their own personal e-mail to conduct business? Was it that they had something they wanted to keep out of State’s servers and away from Congressional oversight? Was it that State’s IT was so bad that they needed to take matters into their own hands? Or was it because the department’s IT staff wasn’t responsive enough to what they saw as their personal needs, and they decided to show just how take-charge they were by ignoring all those stuffy policies? The answer is probably a little bit of all of the above. But in the case of former ambassador Scott Gration, the evidence points heavily toward someone who wanted to work outside the system because he just couldn’t stand it. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Tesla worried customers will get hurt hacking the Model S

http://www.rawstory.com/rs/2015/03/tesla-worried-customers-will-get-hurt-hacking-the-model-s/ By Thomas Halleck Posted with permission from International Business Times March 4, 2015 Tesla Motors Inc. warned investors that its stock could be negatively affected by customers hacking its Model S and other cars and injuring themselves in the process. The company also said that safety issues with the lithium ion batteries used to power its electric vehicles also pose a risk that could negatively affect business. Tesla released a number of potential risks to its business last week, including the high cost of producing the Model S sedan and unforeseen production delays, which could cause the company to miss projected sales and revenue figures. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] ‘CSI: Cyber’ review: Hackwork

http://www.nj.com/entertainment/tv/index.ssf/2015/03/csi_cyber_review_patricia_arquette_cbs.html By Vicki Hyman NJ Advance Media for NJ.com March 04, 2015 Thank goodness Patricia Arquette just won an Oscar, because otherwise I’d really have nothing to say about “CSI: Cyber.” The newest “CSI” franchise, which debuts on CBS tonight at 10 p.m., is about the FBI’s cyber crime division, comes with all the series’ high-tech visual flourishes and stars “Boyhood” star Arquette, who, um, just won an Oscar. Yeah. Oh! This time, the Who theme song is “I Can See For Miles.” I’m not saying “CSI: Cyber” isn’t worth watching. I’m just saying there’s not a heck of a lot to say about it. (The original flavor “CSI” is still plugging away after 15 years, while the Miami and New York franchises lasted 10 and 9 seasons, respectively. The latest entry is a bit different in that there’s a lot of people peering at computer screens instead of into microscopes. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NIST outlines guidance for security of copiers, scanners

http://gcn.com/articles/2015/02/25/nist-replication-device-security.aspx By GCN Staff Feb 25, 2015 The National Institute of Standards and Technology announced its internal report 8023: Risk Management for Replication Devices is now available. The guidance covers protecting the information processed, stored or transmitted on replication devices (RDs), which are devices that copy, print or scan documents, images or objects. Because today’s RDs have the characteristics of computing devices (storage, operating systems, CPUs and networking) they are vulnerable to a number of exploits, NIST said. Among the threats to RDs are: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Surprise! America Already Has a Manhattan Project for Developing Cyber Attacks

http://www.wired.com/2015/02/americas-cyber-espionage-project-isnt-defense-waging-war By Kevin Poulsen Threat Level Wired.com 02.18.15 “What we really need is a Manhattan Project for cybersecurity.” It’s a sentiment that swells up every few years in the wake of some huge computer intrusion—most recently the Sony and Anthem hacks. The invocation of the legendary program that spawned the atomic bomb is telling. The Manhattan Project is America’s go-to shorthand for our deep conviction that if we gather the smartest scientists together and give them billions of dollars and a sense of urgency, we can achieve what otherwise would be impossible. A Google search on “cyber Manhattan Project” brings up results from as far back as 1997—it’s second only to “electronic Pearl Harbor” in computer-themed World War II allusions. In a much-circulated post on Medium last month, futurist Marc Goodman sets out what such a project would accomplish. “This Manhattan Project would help generate the associated tools we need to protect ourselves, including more robust, secure, and privacy-enhanced operating systems,” Goodman writes. “Through its research, it would also design and produce software and hardware that were self-healing and vastly more resistant to attack and resilient to failure than anything available today.” These arguments have so far not swayed a sitting American president. Sure, President Obama mentioned cybersecurity at the State of the Union, but his proposal not only doesn’t boost security research and development, it potentially criminalizes it. At the White House’s cybersecurity summit last week, Obama told Silicon Valley bigwigs that he understood the hacking problem well—“We all know what we need to do. We have to build stronger defenses and disrupt more attacks”—but his prescription this time was a tepid executive order aimed at improving information sharing between the government and industry. Those hoping for something more Rooseveltian must have been disappointed. On Monday, we finally learned the truth of it. America already has a computer security Manhattan Project. We’ve had it since at least 2001. Like the original, it has been highly classified, spawned huge technological advances in secret, and drawn some of the best minds in the country. We didn’t recognize it before because the project is not aimed at defense, as advocates hoped. Instead, like the original, America’s cyber Manhattan Project is purely offensive. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail