Fluentd VS clair

Get Started with Fluentd

Currently, there is no cluster-wide logging. Fluentd can be used to have a unified logging layer for the cluster.

Fluentd hasn't been touched for 8 years? Looking at the repo it looks like it's alive and well. https://github.com/fluent/fluentd

Fluentd is an open-source log management and data collection tool. Just like Logstash, Fluentd uses a pipeline-based architecture. This allows it to collect data from various sources and network traffic and forward it to various destinations.

Fluentd is a powerful log management tool that offers organizations the flexibility and scalability required to handle large volumes of log data from a variety of sources and transport it to various destinations. Utilizing a flexible and modular architecture, Fluentd allows users to easily add new input and output plugins to integrate with a wide range of systems and applications. It supports a wide range of data sources and destinations, including databases, message queues, and data stores.

Substation is an affordable alternative to products like Cribl (~10x cost savings) and is easier to manage than similar open-source projects such as Logstash and fluentd. It's been used in production by the security team at Brex for 2+ years and is ready for any scale, even beyond 100,000 events per second!

There are probably too many to chose from. Logstash, Promtail, Vector, Filebeat, FluentD, Logagent and probably many more

To alleviate some of the pain, it’s a good idea to use industry standards and tooling like OpenTelemetry (https://opentelemetry.io). For data collection specific to logs, open-source tools like LogStash and Fluentd are also popular.

Created and maintained by the creators of fluentd, fluentbit is a lightweight, fast, and scalable logging and metrics processor and forwarder. Built specifically for the cloud and containerized environments, it allows users to collect data from any source, enrich it with filters and forward it to the tool of their choice.

Besides pointing pentester tools like metasploit at yourself, there are some nice scanners out there.

https://github.com/quay/clair

https://github.com/anchore/grype/

Clair. Vulnerability Static Analysis for Containers.

https://github.com/quay/clair 9.4k stars, updated 17 hours ago

It scaled well compared to a naive graph abstraction implemented outside the database, but when performance wasn't great, it REALLY wasn't great. We ended up throwing it out in later versions to try and get more consistent performance.

I've since worked on SpiceDB[1] which takes the traditional design approach for graph databases and simply treating Postgres as triple-store and that scales far better. IME, if you need a graph, you probably want to use a database optimized for graph access patterns. Most general-purpose graph databases are just bags of optimizations for common traversals.

[0]: https://github.com/quay/clair

[1]: https://github.com/authzed/spicedb

Clair GitHub

Open source: Trivy, Gryp and Clair are widely used open source tools for container scanning.

Testing the image with github.com/fullhunt/log4j-scan and https://github.com/quay/clair shows no vulnerabilities

Amazon Elastic Container Registry is a fully-managed Docker container registry. It makes it easy for developers to store and manage Docker images inside their AWS environment. ECR supports two types of image scanning. Enhanced image scanning requires an integration with Amazon Inspector. It will scan your repositories continuously. Basic image scanning will use the Common Vulnerabilities and Exposures (CVEs) database (open-source Clair) to find vulnerabilities in your images. You can trigger scans on image push or manually.