graylog VS kibana

Graylog: An open source log management platform that provides real-time visibility into security events and facilitates incident response.

https://www.graylog.org/ but might be overkill.

Looks like the fix for this went in on March 28 and this should have been included in the April bugfix release 5.0.6

Sure! I use the Open Source of Graylog to search and build reports from the data. It sits on its own Droplet

Check out Graylog - https://www.graylog.org/ Graylog stores everything in elasticssearch, so you gan also use it as a datasource in Grafana.

Graylog

I use this to monitor my reverse proxy (SWAG) and fail2ban logs in conjunction. It's not as streamlined as GoAccess, GrayLog, Grafana, etc . . . but it is very personal. I divide all my connections into three buckets: Home, Outside, and Known Devices; and fail2ban statistics are layered against the all connections.

Graylog is an open-source centralized log management and analytics tool. It collects, enhances, correlates, searches, and visualizes all your log data in one location to uncover patterns and trends for application and IT infrastructure.

As you might have guessed, I spend a lot of time thinking about application security - almost every day, in fact. At my day job, I'm constantly pondering how to enhance Kibana's security in a scalable manner without overburdening my already hardworking team. Outside of work, I'm equally dedicated to making Secutils.dev even more valuable to fellow engineers looking for better security tools.

These newsletters are among the best sources to stay up-to-date with the latest happenings in JavaScript, web development, and Node.js. They conveniently categorize content into sections like new releases, articles & tutorials, and code & tools. Since I use JavaScript/TypeScript and Node.js extensively, both in my day job and for Secutils.dev, I have to stay informed about developments in these essential tools. Usually, I quickly scan through the newsletter and focus only on the items that grab my attention — it doesn't consume much time but keeps me well-informed.

This is the second part of my reflection sparked by the recent “2023 State of Open Source Security” report from Snyk. It got me thinking about the price we pay for false positives in software security. In my previous post, “The Cost of False Positives in Software Security, Part 1: Small Applications”, I talked about how true and false positives affect smaller applications like Secutils.dev. Now, I want to take the same idea and apply it to a much larger software that’s a big part of my daily work: Kibana.

False positives in security are something that really bothers me, as I happen to work on security for both large applications like Kibana, with hundreds of contributors, and smaller ones like Secutils.dev, where I'm the sole developer.

The increasing complexity of modern systems led to the rise of AIOps (Artificial Intelligence for IT Operations) and observability practices. AIOps leveraged machine learning algorithms to automate problem detection, analysis, and resolution. Observability focused on gaining insights into system behaviour through metrics, logs, and traces. As a result, tools like Prometheus, Grafana, and ELK stack (Elasticsearch, Logstash, Kibana) gained popularity.

There was a discussion on Elastic's Github quite a while ago: https://github.com/elastic/kibana/issues/88956 but I haven't found any related documentation on Elastic's website.

ahh good catch here, I have raised a FR to get this added to Kibana https://github.com/elastic/kibana/issues/157348