Tag Archives: Splunk

Syslog-ng Scalability

Normally my posts are about the things I’ve done at home on personal projects, but here is one I did for a client recently.

Syslog is a protocol used by network gear, appliances, and most Unix distributions to handle their logs. Most importantly (for this discussion) the protocol is used by these devices to send their logs to a central server. The client is a very large organization and was sending data from 100’s of devices configured with high verbosity so that they can see any security events more clearly. They also had a lot of filters configured in Syslog-ng so that they can sort the events so their SEIM can consume them properly. Syslog-ng couldn’t keep up with all the events coming in.
Continue reading

Getting Cfengine Community to promise logs into Splunk

One of the benefits of the enterprise version of Cfengine is the ability to capture the logs and the status of cf-agent runs centrally. Auditors have typically asked the IT teams to provide a snapshot of the environment so they can evaluate what is and is not in compliance. However capturing the Cfengine logs centrally means that we can get these reports on the fly. Auditors don’t need a snapshot anymore; they can have full access to see not just current state, but when things were last changed and when hosts go out of compliance. But up until now this data was only available in Cfengine Enterprise. Here is a solution to get the data from Cfengine Community and into Splunk where it can be reported on as needed.
Continue reading

Collecting Tesla Model S data into Splunk

With the upgrade to the Model S firmware recently I lost my way of figuring out what my car’s milage is. I used to just use the “Trips” App on the left side of my console to show my Wh per mile and since I never reset my trips would show a count of how much power I’ve used, how far I’ve gone, and my fuel (er… electric) economy. But after the update Tesla changed the app and only shows this per charge….

At the same time, I was looking for things to do with my personal Splunk instance that I have. A late night epiphany showed me that I can simply use the car’s API to dump data into Splunk. I can then use Splunk to query the data and create a dashboard from it

Tesla Dashboard Information

Continue reading