https://wiki.itcollege.ee/api.php?action=feedcontributions&feedformat=atom&user=AkergeICO wiki - User contributions [en]2026-05-05T20:58:23ZUser contributionsMediaWiki 1.45.1https://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=114854Logging - Monitoring C212016-11-24T07:57:09Z<p>Akerge: /* Nagios Monitoring */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
* '''How to install Netdata and Monitoring with Netdata.'''<br />
<br />
* '''How to install Nagios and Monitoring with Nagios.'''<br />
<br />
* '''Trouble shooting and experiences.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Logging Solutions ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
=== Installing extras ===<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
'''FOLLOWING LINE GOES INTO GRAYLOG CONF!'''<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in deb format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
apt-get update<br />
Install MongoDB using the following command.<br />
<br />
apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
service mongod start<br />
<br />
ln -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
Create a symbolic link<br />
<br />
update-rc.d mongod defaults<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
apt-get install apt-transport-https<br />
<br />
apt-get update<br />
Install Graylog server using following command.<br />
<br />
apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
service graylog-server restart<br />
<br />
Enable auto start of graylog server service during system startup.<br />
<br />
update-rc.d graylog-server defaults<br />
<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
tailf /var/log/graylog-server/server.log<br />
<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
apt-get install graylog-web<br />
<br />
Edit the configuration file and set the following parameters.<br />
<br />
nano /etc/graylog/web/web.conf<br />
<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
service graylog-web restart<br />
<br />
Enable auto start of web interface service during system startup.<br />
<br />
update-rc.d graylog-web defaults<br />
<br />
== Monitoring Solutions ==<br />
* Netdata<br />
<br />
* Nagios<br />
=== Netdata Monitoring ===<br />
[[File:Netdata.gif]]<br />
<br />
Linus Distribution: Debian Linux and its derivatives (including Ubuntu, Mint)<br />
<br />
'''Install nessesary packages:'''<br />
<br />
Install the packages for having a basic netdata installation (system monitoring and many applications, without mysql / mariadb, postgres, named, hardware sensors and SNMP):<br />
<br />
curl -Ss 'https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh' >/tmp/kickstart.sh && bash /tmp/kickstart.sh netdata<br />
<br />
Install all the required packages for monitoring everything netdata can monitor:<br />
<br />
curl -Ss 'https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh' >/tmp/kickstart.sh && bash /tmp/kickstart.sh netdata-all<br />
<br />
apt-get install zlib1g-dev uuid-dev libmnl-dev gcc make git autoconf autoconf-archive autogen automake pkg-config curl<br />
<br />
'''Install Netdata'''<br />
<br />
Download it - the directory 'netdata' will be created<br />
git clone https://github.com/firehol/netdata.git --depth=1<br />
cd netdata<br />
<br />
Build it, install it, start it<br />
./netdata-installer.sh<br />
<br />
'''starting netdata at boot'''<br />
<br />
Copy the netdata startup file to /etc/init.d<br />
cp system/netdata-lsb /etc/init.d/netdata<br />
<br />
Make sure it is executable<br />
chmod +x /etc/init.d/netdata<br />
<br />
Enable it<br />
update-rc.d netdata defaults<br />
<br />
Access to web interface<br />
<br />
http://<ipaddress>:19999<br />
<br />
''Referenced : https://github.com/firehol/netdata/wiki/Installation''<br />
<br />
=== Nagios Monitoring ===<br />
[[File:Nagios.png]]<br />
<br />
<br />
Check your PHP service has been installed on your server:<br />
<br />
which php<br />
<br />
Or Install PHP (version 5): <br />
<br />
apt-get install php5-common libapache2-mod-php5 php5-cli<br />
<br />
<br />
'''Downloading the Latest Release'''<br />
<br />
Make sure to download the Nagios XI installation package to the /tmp directory of the server on which you wish to install it, as shown in<br />
the following commands:<br />
<br />
cd /tmp<br />
<br />
To download the latest stable release, use the following command:<br />
<br />
wget http://assets.nagios.com/downloads/nagiosxi/xi-latest.tar.gz<br />
<br />
tar xzf xi-latest.tar.gz<br />
<br />
cd /tmp/nagiosxi<br />
<br />
./fullinstall<br />
<br />
''Note: It will take around 5 minutes to finish the installation.''<br />
<br />
You are access the Nagios XI interface by pointing your web browser to:<br />
<br />
http://<ipaddress>/nagiosxi OR http://<ipaddress>/nagiosql/install<br />
<br />
''Note: An empty file named ENABLE_INSTALLER is necessary to create in install/ directory to continue with installation.<br />
<br />
'''Troubleshooting'''<br />
<br />
I got the problem with the given IP after finishing installation, it gave me wrong IP to access. But just ignore it and go to your correct IP of your web server: <br />
<br />
http://<ipaddress><br />
<br />
without "/nagiosxi"<br />
<br />
It will show the installation GUI and you just need to follow and login after all.<br />
<br />
''Referenced: https://assets.nagios.com/downloads/nagiosxi/docs/XI_Manual_Installation_Instructions.pdf''<br />
<br />
==== Install Plugins ====<br />
<br />
'''Locate Your Plugin'''<br />
<br />
Visit this website to download plugins: http://exchange.nagios.org. <br />
<br />
'''Install Plugin'''<br />
<br />
Click the Admin menu --> Manage Plugins <br />
<br />
Click the Browse button --> click the Upload Plugin button.<br />
<br />
'''Test Your Plugin From The Command Line'''<br />
<br />
cd /usr/local/nagios/libexec<br />
<br />
./plugin_name arg1 arg2 ...<br />
<br />
*See the document of plugin to get more detail of its arguments<br />
<br />
<br />
'''Define A Command'''<br />
<br />
browse to Configure → Core<br />
<br />
Configuration Manager → Commands and click Add New.<br />
<br />
Enter a Command Name, usually the same as the plugin<br />
filename. Next in the Command Line field, enter<br />
$USER1$/plugin_name $ARG1$. The $USER1$ macro is<br />
replaced with the path to the plugin directory, while the<br />
$ARG1$ macro is a placeholder for an argument you want to<br />
specify later on a per-service basis. If you want, you can omit<br />
$ARG1$ or add more ($ARG2$, $ARG3$, etc.)<br />
<br />
<br />
Click Save --> Apply Configuration.<br />
<br />
'''Add A Service'''<br />
<br />
In the left-hand menu<br />
<br />
Click Services --> click Add New.<br />
<br />
*'''Config Name''' field, enter the file name where the<br />
configuration will be stored. Next enter a description of the<br />
service in the Description field. Associate the service with a<br />
host by clicking the Manage Host button.<br />
<br />
*'''Check command''' field, select the command you defined<br />
above from the dropdown list. If you had any argument<br />
placeholders when you defined the command earlier, enter<br />
replacement text in the appropriate argument fields.<br />
<br />
*'''Manage Templates''' button allows you to apply a template<br />
to this service which will save you from having to fill in all the<br />
other configuration options, or you can enter the required<br />
Check and Alert settings manually.<br />
<br />
Save --> Apply Configuration again<br />
<br />
<br />
'''Verify Your Service Is Working'''<br />
<br />
Navigate to<br />
<br />
Home → Service Detail <br />
<br />
Look for your new service in the list. It will probably take a few minutes before it runs its first check.<br />
<br />
''Referenced: https://assets.nagios.com/downloads/nagiosxi/docs/Managing-Plugins-in-Nagios-XI.pdf<br />
''<br />
<br />
= Experiences =<br />
<br />
'''Graylog'''<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
<br />
'''Nagios'''<br />
<br />
I have faced some of certain problem with installing Plugin for Nagios. First of all, you need to check if the plugins you want to use is supported for the OS of the server you are running, for example the plugin is written for Windows Server but you are running Linux server, thus it will give you an error about its format or bunch of error which is difficult to determine exactly its trouble.<br />
<br />
Furthermore, once you wish to add the plugin as a service. Please pay attention on the "Service Name" and "Manage Host" which might effect to your installation as well.<br />
<br />
= Summary =<br />
<br />
'''Graylog'''<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
'''Nagios'''<br />
<br />
The reason I choose Nagios as my monitoring solution is because it is quite fully functions which help people can handle the services on the server for example it points out detail notification of crucial services such as manage users, HTTP, SSH..so forth. I am using a trial version, but it's seem pretty enough for beginner to "hangout" with Monitoring tool at first.<br />
<br />
This is my opinion of its advantages:<br />
<br />
+ Easy to install with many ways with official guide from Nagios Supports.<br />
+ Good trial version to barely use for beginner.<br />
+ There are some useful extensions, plugins which are free and easy to install.<br />
+ Easy to handle with web interface.<br />
+ Does not take many space of hard disk.<br />
<br />
Another hand, it also has disadvantages:<br />
<br />
+ Too expensive for license version.<br />
+ Lack of plugins development, some of them is quite old as well.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''<br />
<br />
''https://assets.nagios.com/downloads/nagiosxi/docs/Managing-Plugins-in-Nagios-XI.pdf''<br />
<br />
''https://assets.nagios.com/downloads/nagiosxi/docs/XI_Manual_Installation_Instructions.pdf''<br />
<br />
''https://github.com/firehol/netdata/wiki/Installation''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=114853Logging - Monitoring C212016-11-24T07:37:23Z<p>Akerge: /* Nagios Monitoring */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
* '''How to install Netdata and Monitoring with Netdata.'''<br />
<br />
* '''How to install Nagios and Monitoring with Nagios.'''<br />
<br />
* '''Trouble shooting and experiences.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Logging Solutions ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
=== Installing extras ===<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
'''FOLLOWING LINE GOES INTO GRAYLOG CONF!'''<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in deb format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
apt-get update<br />
Install MongoDB using the following command.<br />
<br />
apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
service mongod start<br />
<br />
ln -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
Create a symbolic link<br />
<br />
update-rc.d mongod defaults<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
apt-get install apt-transport-https<br />
<br />
apt-get update<br />
Install Graylog server using following command.<br />
<br />
apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
service graylog-server restart<br />
<br />
Enable auto start of graylog server service during system startup.<br />
<br />
update-rc.d graylog-server defaults<br />
<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
tailf /var/log/graylog-server/server.log<br />
<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
apt-get install graylog-web<br />
<br />
Edit the configuration file and set the following parameters.<br />
<br />
nano /etc/graylog/web/web.conf<br />
<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
service graylog-web restart<br />
<br />
Enable auto start of web interface service during system startup.<br />
<br />
update-rc.d graylog-web defaults<br />
<br />
== Monitoring Solutions ==<br />
* Netdata<br />
<br />
* Nagios<br />
=== Netdata Monitoring ===<br />
[[File:Netdata.gif]]<br />
<br />
Linus Distribution: Debian Linux and its derivatives (including Ubuntu, Mint)<br />
<br />
'''Install nessesary packages:'''<br />
<br />
Install the packages for having a basic netdata installation (system monitoring and many applications, without mysql / mariadb, postgres, named, hardware sensors and SNMP):<br />
<br />
curl -Ss 'https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh' >/tmp/kickstart.sh && bash /tmp/kickstart.sh netdata<br />
<br />
Install all the required packages for monitoring everything netdata can monitor:<br />
<br />
curl -Ss 'https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh' >/tmp/kickstart.sh && bash /tmp/kickstart.sh netdata-all<br />
<br />
apt-get install zlib1g-dev uuid-dev libmnl-dev gcc make git autoconf autoconf-archive autogen automake pkg-config curl<br />
<br />
'''Install Netdata'''<br />
<br />
Download it - the directory 'netdata' will be created<br />
git clone https://github.com/firehol/netdata.git --depth=1<br />
cd netdata<br />
<br />
Build it, install it, start it<br />
./netdata-installer.sh<br />
<br />
'''starting netdata at boot'''<br />
<br />
Copy the netdata startup file to /etc/init.d<br />
cp system/netdata-lsb /etc/init.d/netdata<br />
<br />
Make sure it is executable<br />
chmod +x /etc/init.d/netdata<br />
<br />
Enable it<br />
update-rc.d netdata defaults<br />
<br />
Access to web interface<br />
<br />
http://<ipaddress>:19999<br />
<br />
''Referenced : https://github.com/firehol/netdata/wiki/Installation''<br />
<br />
=== Nagios Monitoring ===<br />
[[File:Nagios.png]]<br />
<br />
<br />
Check your PHP service has been installed on your server:<br />
<br />
which php<br />
<br />
Or Install PHP (version 5): <br />
<br />
apt-get install php5-common libapache2-mod-php5 php5-cli<br />
<br />
<br />
'''Downloading the Latest Release'''<br />
<br />
Make sure to download the Nagios XI installation package to the /tmp directory of the server on which you wish to install it, as shown in<br />
the following commands:<br />
<br />
cd /tmp<br />
<br />
To download the latest stable release, use the following command:<br />
<br />
wget http://assets.nagios.com/downloads/nagiosxi/xi-latest.tar.gz<br />
<br />
tar xzf xi-latest.tar.gz<br />
<br />
cd /tmp/nagiosxi<br />
<br />
./fullinstall<br />
<br />
''Note: It will take around 5 minutes to finish the installation.''<br />
<br />
You are access the Nagios XI interface by pointing your web browser to:<br />
<br />
http://<ipaddress>/nagiosxi OR http://<ipaddress>/nagiosql<br />
<br />
'''Troubleshooting'''<br />
<br />
I got the problem with the given IP after finishing installation, it gave me wrong IP to access. But just ignore it and go to your correct IP of your web server: <br />
<br />
http://<ipaddress><br />
<br />
without "/nagiosxi"<br />
<br />
It will show the installation GUI and you just need to follow and login after all.<br />
<br />
''Referenced: https://assets.nagios.com/downloads/nagiosxi/docs/XI_Manual_Installation_Instructions.pdf''<br />
<br />
==== Install Plugins ====<br />
<br />
'''Locate Your Plugin'''<br />
<br />
Visit this website to download plugins: http://exchange.nagios.org. <br />
<br />
'''Install Plugin'''<br />
<br />
Click the Admin menu --> Manage Plugins <br />
<br />
Click the Browse button --> click the Upload Plugin button.<br />
<br />
'''Test Your Plugin From The Command Line'''<br />
<br />
cd /usr/local/nagios/libexec<br />
<br />
./plugin_name arg1 arg2 ...<br />
<br />
*See the document of plugin to get more detail of its arguments<br />
<br />
<br />
'''Define A Command'''<br />
<br />
browse to Configure → Core<br />
<br />
Configuration Manager → Commands and click Add New.<br />
<br />
Enter a Command Name, usually the same as the plugin<br />
filename. Next in the Command Line field, enter<br />
$USER1$/plugin_name $ARG1$. The $USER1$ macro is<br />
replaced with the path to the plugin directory, while the<br />
$ARG1$ macro is a placeholder for an argument you want to<br />
specify later on a per-service basis. If you want, you can omit<br />
$ARG1$ or add more ($ARG2$, $ARG3$, etc.)<br />
<br />
<br />
Click Save --> Apply Configuration.<br />
<br />
'''Add A Service'''<br />
<br />
In the left-hand menu<br />
<br />
Click Services --> click Add New.<br />
<br />
*'''Config Name''' field, enter the file name where the<br />
configuration will be stored. Next enter a description of the<br />
service in the Description field. Associate the service with a<br />
host by clicking the Manage Host button.<br />
<br />
*'''Check command''' field, select the command you defined<br />
above from the dropdown list. If you had any argument<br />
placeholders when you defined the command earlier, enter<br />
replacement text in the appropriate argument fields.<br />
<br />
*'''Manage Templates''' button allows you to apply a template<br />
to this service which will save you from having to fill in all the<br />
other configuration options, or you can enter the required<br />
Check and Alert settings manually.<br />
<br />
Save --> Apply Configuration again<br />
<br />
<br />
'''Verify Your Service Is Working'''<br />
<br />
Navigate to<br />
<br />
Home → Service Detail <br />
<br />
Look for your new service in the list. It will probably take a few minutes before it runs its first check.<br />
<br />
''Referenced: https://assets.nagios.com/downloads/nagiosxi/docs/Managing-Plugins-in-Nagios-XI.pdf<br />
''<br />
<br />
= Experiences =<br />
<br />
'''Graylog'''<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
<br />
'''Nagios'''<br />
<br />
I have faced some of certain problem with installing Plugin for Nagios. First of all, you need to check if the plugins you want to use is supported for the OS of the server you are running, for example the plugin is written for Windows Server but you are running Linux server, thus it will give you an error about its format or bunch of error which is difficult to determine exactly its trouble.<br />
<br />
Furthermore, once you wish to add the plugin as a service. Please pay attention on the "Service Name" and "Manage Host" which might effect to your installation as well.<br />
<br />
= Summary =<br />
<br />
'''Graylog'''<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
'''Nagios'''<br />
<br />
The reason I choose Nagios as my monitoring solution is because it is quite fully functions which help people can handle the services on the server for example it points out detail notification of crucial services such as manage users, HTTP, SSH..so forth. I am using a trial version, but it's seem pretty enough for beginner to "hangout" with Monitoring tool at first.<br />
<br />
This is my opinion of its advantages:<br />
<br />
+ Easy to install with many ways with official guide from Nagios Supports.<br />
+ Good trial version to barely use for beginner.<br />
+ There are some useful extensions, plugins which are free and easy to install.<br />
+ Easy to handle with web interface.<br />
+ Does not take many space of hard disk.<br />
<br />
Another hand, it also has disadvantages:<br />
<br />
+ Too expensive for license version.<br />
+ Lack of plugins development, some of them is quite old as well.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''<br />
<br />
''https://assets.nagios.com/downloads/nagiosxi/docs/Managing-Plugins-in-Nagios-XI.pdf''<br />
<br />
''https://assets.nagios.com/downloads/nagiosxi/docs/XI_Manual_Installation_Instructions.pdf''<br />
<br />
''https://github.com/firehol/netdata/wiki/Installation''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=114370Logging - Monitoring C212016-11-10T09:20:09Z<p>Akerge: /* MongoDB */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
'''FOLLOWING LINE GOES INTO GRAYLOG CONF!'''<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in deb format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
apt-get update<br />
Install MongoDB using the following command.<br />
<br />
apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
service mongod start<br />
<br />
ln -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
Create a symbolic link<br />
<br />
update-rc.d mongod defaults<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
apt-get install apt-transport-https<br />
<br />
apt-get update<br />
Install Graylog server using following command.<br />
<br />
apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
service graylog-server restart<br />
<br />
Enable auto start of graylog server service during system startup.<br />
<br />
update-rc.d graylog-server defaults<br />
<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
tailf /var/log/graylog-server/server.log<br />
<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
apt-get install graylog-web<br />
<br />
Edit the configuration file and set the following parameters.<br />
<br />
nano /etc/graylog/web/web.conf<br />
<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
service graylog-web restart<br />
<br />
Enable auto start of web interface service during system startup.<br />
<br />
update-rc.d graylog-web defaults<br />
<br />
=== Netdata Monitoring ===<br />
[[File:Netdata.gif]]<br />
<br />
Linus Distribution: Debian Linux and its derivatives (including Ubuntu, Mint)<br />
<br />
'''Install nessesary packages:'''<br />
<br />
Install the packages for having a basic netdata installation (system monitoring and many applications, without mysql / mariadb, postgres, named, hardware sensors and SNMP):<br />
<br />
curl -Ss 'https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh' >/tmp/kickstart.sh && bash /tmp/kickstart.sh netdata<br />
<br />
Install all the required packages for monitoring everything netdata can monitor:<br />
<br />
curl -Ss 'https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh' >/tmp/kickstart.sh && bash /tmp/kickstart.sh netdata-all<br />
<br />
apt-get install zlib1g-dev uuid-dev libmnl-dev gcc make git autoconf autoconf-archive autogen automake pkg-config curl<br />
<br />
'''Install Netdata'''<br />
<br />
Download it - the directory 'netdata' will be created<br />
git clone https://github.com/firehol/netdata.git --depth=1<br />
cd netdata<br />
<br />
Build it, install it, start it<br />
./netdata-installer.sh<br />
<br />
'''starting netdata at boot'''<br />
<br />
Copy the netdata startup file to /etc/init.d<br />
cp system/netdata-lsb /etc/init.d/netdata<br />
<br />
Make sure it is executable<br />
chmod +x /etc/init.d/netdata<br />
<br />
Enable it<br />
update-rc.d netdata defaults<br />
<br />
''Referenced : https://github.com/firehol/netdata/wiki/Installation''<br />
<br />
=== Nagios Monitoring ===<br />
[[File:Nagios.png]]<br />
<br />
<br />
Check your PHP service has been installed on your server:<br />
<br />
which php<br />
<br />
Or Install PHP (version 5): <br />
<br />
apt-get install php5-common libapache2-mod-php5 php5-cli<br />
<br />
<br />
'''Downloading the Latest Release'''<br />
<br />
Make sure to download the Nagios XI installation package to the /tmp directory of the server on which you wish to install it, as shown in<br />
the following commands:<br />
<br />
cd /tmp<br />
<br />
To download the latest stable release, use the following command:<br />
<br />
wget http://assets.nagios.com/downloads/nagiosxi/xi-latest.tar.gz<br />
<br />
tar xzf xi-latest.tar.gz<br />
<br />
cd /tmp/nagiosxi<br />
<br />
./fullinstall<br />
<br />
''Note: It will take around 5 minutes to finish the installation.''<br />
<br />
You are access the Nagios XI interface by pointing your web browser to:<br />
<br />
http://<ipaddress>/nagiosxi<br />
<br />
'''Trouble shooting'''<br />
<br />
I got the problem with the given IP after finishing its installation, it gave me wrong IP to access. But just ignore it and go to your correct IP of your web server: <br />
<br />
http://<ipaddress><br />
<br />
*without "/nagiosxi"<br />
<br />
It will show the installation GUI and you just need to follow and login after all.<br />
<br />
''Referenced: https://assets.nagios.com/downloads/nagiosxi/docs/XI_Manual_Installation_Instructions.pdf''<br />
<br />
=== Install Plugins ===<br />
<br />
'''Locate Your Plugin'''<br />
<br />
Visit this website to download plugins: http://exchange.nagios.org. <br />
<br />
'''Install Plugin'''<br />
<br />
Click the Admin menu --> Manage Plugins <br />
<br />
Click the Browse button --> click the Upload Plugin button.<br />
<br />
'''Test Your Plugin From The Command Line'''<br />
<br />
cd /usr/local/nagios/libexec<br />
<br />
./plugin_name arg1 arg2 ...<br />
<br />
*See the document of plugin to get more detail of its arguments<br />
<br />
<br />
'''Define A Command'''<br />
<br />
browse to Configure → Core<br />
<br />
Configuration Manager → Commands and click Add New.<br />
<br />
Enter a Command Name, usually the same as the plugin<br />
filename. Next in the Command Line field, enter<br />
$USER1$/plugin_name $ARG1$. The $USER1$ macro is<br />
replaced with the path to the plugin directory, while the<br />
$ARG1$ macro is a placeholder for an argument you want to<br />
specify later on a per-service basis. If you want, you can omit<br />
$ARG1$ or add more ($ARG2$, $ARG3$, etc.)<br />
<br />
The Command Type should be check command if your plugin<br />
will monitor a host or service, or misc command if it handles<br />
events. If in doubt, leave it unclassified.<br />
Click Save and then Apply Configuration.<br />
<br />
'''Add A Service'''<br />
<br />
Click Services --> click Add New.<br />
<br />
In the '''Config Name''' field, enter the file name where the<br />
configuration will be stored. Next enter a description of the<br />
service in the Description field. Associate the service with a<br />
host by clicking the Manage Host button.<br />
<br />
In the '''Check command''' field, select the command you defined<br />
above from the dropdown list. If you had any argument<br />
placeholders when you defined the command earlier, enter<br />
replacement text in the appropriate argument fields.<br />
<br />
The '''Manage Templates''' button allows you to apply a template<br />
to this service which will save you from having to fill in all the<br />
other configuration options, or you can enter the required<br />
Check and Alert settings manually.<br />
<br />
'''Save''' and '''Apply''' Configuration again<br />
<br />
<br />
'''Verify Your Service Is Working'''<br />
<br />
Navigate to<br />
<br />
Home → Service Detail <br />
<br />
Look for your new service in the list. It will probably take a few minutes before it runs its first check.<br />
<br />
= Experiences =<br />
<br />
'''Grayloag'''<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
<br />
'''Nagios'''<br />
<br />
I have faced some of certain problem with installing Plugin for Nagios. First of all, you need to check if the plugins you want to use is supported for the OS of the server you are running, for example the plugin is written for Windows Server but you are running Linux server, thus it will give you an error about its format or bunch of error which is difficult to determine exactly its trouble.<br />
<br />
Furthermore, once you wish to add the plugin as a service. Please pay attention on the "Service Name" and "Manage Host" which might effect to your installation as well.<br />
<br />
= Summary =<br />
<br />
'''Graylog'''<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
'''Nagios'''<br />
<br />
The reason I choose Nagios as my monitoring solution is because it is quite fully functions which help people can handle the services on the server for example it points out detail notification of crucial services such as manage users, HTTP, SSH..so forth. I am using a trial version, but it's seem pretty enough for beginner to "hangout" with Monitoring tool at first.<br />
<br />
This is my opinion of its advantages:<br />
<br />
+ Easy to install with many ways with official guide from Nagios Supports.<br />
+ Good trial version to barely use for beginner.<br />
+ There are some useful extensions, plugins which are free and easy to install.<br />
+ Easy to handle with web interface.<br />
+ Does not take many space of hard disk.<br />
<br />
Another hand, it also has a disadvantages:<br />
<br />
+ Too expensive for license version.<br />
+ Lack of plugins development, some of them is quite old as well.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=114365Logging - Monitoring C212016-11-10T08:32:43Z<p>Akerge: /* MongoDB */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
'''FOLLOWING LINE GOES INTO GRAYLOG CONF!'''<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in deb format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
apt-get update<br />
Install MongoDB using the following command.<br />
<br />
apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
service mongod start<br />
<br />
ls -sh /usr/bin/mongod /etc/init.d/mongod<br />
<br />
-s is for size and -h for humanizing the output of ls<br />
<br />
update-rc.d mongod defaults<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
apt-get install apt-transport-https<br />
<br />
apt-get update<br />
Install Graylog server using following command.<br />
<br />
apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
service graylog-server restart<br />
<br />
Enable auto start of graylog server service during system startup.<br />
<br />
update-rc.d graylog-server defaults<br />
<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
tailf /var/log/graylog-server/server.log<br />
<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
apt-get install graylog-web<br />
<br />
Edit the configuration file and set the following parameters.<br />
<br />
nano /etc/graylog/web/web.conf<br />
<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
service graylog-web restart<br />
<br />
Enable auto start of web interface service during system startup.<br />
<br />
update-rc.d graylog-web defaults<br />
<br />
=== Netdata Monitoring ===<br />
[[File:Netdata.gif]]<br />
<br />
Linus Distribution: Debian Linux and its derivatives (including Ubuntu, Mint)<br />
<br />
'''Install nessesary packages:'''<br />
<br />
Install the packages for having a basic netdata installation (system monitoring and many applications, without mysql / mariadb, postgres, named, hardware sensors and SNMP):<br />
<br />
curl -Ss 'https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh' >/tmp/kickstart.sh && bash /tmp/kickstart.sh netdata<br />
<br />
Install all the required packages for monitoring everything netdata can monitor:<br />
<br />
curl -Ss 'https://raw.githubusercontent.com/firehol/netdata-demo-site/master/install-required-packages.sh' >/tmp/kickstart.sh && bash /tmp/kickstart.sh netdata-all<br />
<br />
apt-get install zlib1g-dev uuid-dev libmnl-dev gcc make git autoconf autoconf-archive autogen automake pkg-config curl<br />
<br />
'''Install Netdata'''<br />
<br />
Download it - the directory 'netdata' will be created<br />
git clone https://github.com/firehol/netdata.git --depth=1<br />
cd netdata<br />
<br />
Build it, install it, start it<br />
./netdata-installer.sh<br />
<br />
'''starting netdata at boot'''<br />
<br />
Copy the netdata startup file to /etc/init.d<br />
cp system/netdata-lsb /etc/init.d/netdata<br />
<br />
Make sure it is executable<br />
chmod +x /etc/init.d/netdata<br />
<br />
Enable it<br />
update-rc.d netdata defaults<br />
<br />
''Referenced : https://github.com/firehol/netdata/wiki/Installation''<br />
<br />
=== Nagios Monitoring ===<br />
[[File:Nagios.png]]<br />
<br />
<br />
Check your PHP service has been installed on your server:<br />
<br />
which php<br />
<br />
Or Install PHP (version 5): <br />
<br />
apt-get install php5-common libapache2-mod-php5 php5-cli<br />
<br />
<br />
'''Downloading the Latest Release'''<br />
<br />
Make sure to download the Nagios XI installation package to the /tmp directory of the server on which you wish to install it, as shown in<br />
the following commands:<br />
<br />
cd /tmp<br />
<br />
To download the latest stable release, use the following command:<br />
<br />
wget http://assets.nagios.com/downloads/nagiosxi/xi-latest.tar.gz<br />
<br />
tar xzf xi-latest.tar.gz<br />
<br />
cd /tmp/nagiosxi<br />
<br />
./fullinstall<br />
<br />
''Note: It will take around 5 minutes to finish the installation.''<br />
<br />
You are access the Nagios XI interface by pointing your web browser to:<br />
<br />
http://<ipaddress>/nagiosxi<br />
<br />
'''Trouble shooting'''<br />
<br />
I got the problem with the given IP after finishing its installation, it gave me wrong IP to access. But just ignore it and go to your correct IP of your web server: <br />
<br />
http://<ipaddress><br />
<br />
*without "/nagiosxi"<br />
<br />
It will show the installation GUI and you just need to follow and login after all.<br />
<br />
''Referenced: https://assets.nagios.com/downloads/nagiosxi/docs/XI_Manual_Installation_Instructions.pdf''<br />
<br />
=== Install Plugins ===<br />
<br />
'''Locate Your Plugin'''<br />
<br />
Visit this website to download plugins: http://exchange.nagios.org. <br />
<br />
'''Install Plugin'''<br />
<br />
Click the Admin menu --> Manage Plugins <br />
<br />
Click the Browse button --> click the Upload Plugin button.<br />
<br />
'''Test Your Plugin From The Command Line'''<br />
<br />
cd /usr/local/nagios/libexec<br />
<br />
./plugin_name arg1 arg2 ...<br />
<br />
*See the document of plugin to get more detail of its arguments<br />
<br />
<br />
'''Define A Command'''<br />
<br />
browse to Configure → Core<br />
<br />
Configuration Manager → Commands and click Add New.<br />
<br />
Enter a Command Name, usually the same as the plugin<br />
filename. Next in the Command Line field, enter<br />
$USER1$/plugin_name $ARG1$. The $USER1$ macro is<br />
replaced with the path to the plugin directory, while the<br />
$ARG1$ macro is a placeholder for an argument you want to<br />
specify later on a per-service basis. If you want, you can omit<br />
$ARG1$ or add more ($ARG2$, $ARG3$, etc.)<br />
<br />
The Command Type should be check command if your plugin<br />
will monitor a host or service, or misc command if it handles<br />
events. If in doubt, leave it unclassified.<br />
Click Save and then Apply Configuration.<br />
<br />
'''Add A Service'''<br />
<br />
Click Services --> click Add New.<br />
<br />
In the '''Config Name''' field, enter the file name where the<br />
configuration will be stored. Next enter a description of the<br />
service in the Description field. Associate the service with a<br />
host by clicking the Manage Host button.<br />
<br />
In the '''Check command''' field, select the command you defined<br />
above from the dropdown list. If you had any argument<br />
placeholders when you defined the command earlier, enter<br />
replacement text in the appropriate argument fields.<br />
<br />
The '''Manage Templates''' button allows you to apply a template<br />
to this service which will save you from having to fill in all the<br />
other configuration options, or you can enter the required<br />
Check and Alert settings manually.<br />
<br />
'''Save''' and '''Apply''' Configuration again<br />
<br />
<br />
'''Verify Your Service Is Working'''<br />
<br />
Navigate to<br />
<br />
Home → Service Detail <br />
<br />
Look for your new service in the list. It will probably take a few minutes before it runs its first check.<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=111076Logging - Monitoring C212016-10-20T07:57:43Z<p>Akerge: /* Graylog2 */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
'''FOLLOWING LINE GOES INTO GRAYLOG CONF!'''<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in deb format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
apt-get update<br />
Install MongoDB using the following command.<br />
<br />
apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
service mongod start<br />
<br />
'''No /etc/init.d/mongod''' :( also, why is -s argument needed for ls?<br />
<br />
ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
update-rc.d mongod defaults<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
apt-get install apt-transport-https<br />
<br />
apt-get update<br />
Install Graylog server using following command.<br />
<br />
apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
service graylog-server restart<br />
<br />
Enable auto start of graylog server service during system startup.<br />
<br />
update-rc.d graylog-server defaults<br />
<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
tailf /var/log/graylog-server/server.log<br />
<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
apt-get install graylog-web<br />
<br />
Edit the configuration file and set the following parameters.<br />
<br />
nano /etc/graylog/web/web.conf<br />
<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
service graylog-web restart<br />
<br />
Enable auto start of web interface service during system startup.<br />
<br />
update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=111075Logging - Monitoring C212016-10-20T07:55:55Z<p>Akerge: /* Elasticsearch */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
'''FOLLOWING LINE GOES INTO GRAYLOG CONF!'''<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in deb format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
apt-get update<br />
Install MongoDB using the following command.<br />
<br />
apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
service mongod start<br />
<br />
'''No /etc/init.d/mongod''' :( also, why is -s argument needed for ls?<br />
<br />
ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
update-rc.d mongod defaults<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=111074Logging - Monitoring C212016-10-20T07:55:28Z<p>Akerge: /* Elasticsearch */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
'''THIS GOES INTO GRAYLOG CONF!'''<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in deb format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
apt-get update<br />
Install MongoDB using the following command.<br />
<br />
apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
service mongod start<br />
<br />
'''No /etc/init.d/mongod''' :( also, why is -s argument needed for ls?<br />
<br />
ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
update-rc.d mongod defaults<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=111072Logging - Monitoring C212016-10-20T07:53:24Z<p>Akerge: /* MongoDB */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
THIS GOES INTO GRAYLOG CONF!<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in deb format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
apt-get update<br />
Install MongoDB using the following command.<br />
<br />
apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
service mongod start<br />
<br />
'''No /etc/init.d/mongod''' :( also, why is -s argument needed for ls?<br />
<br />
ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
update-rc.d mongod defaults<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=111071Logging - Monitoring C212016-10-20T07:49:23Z<p>Akerge: /* MongoDB */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
THIS GOES INTO GRAYLOG CONF!<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in deb format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
apt-get update<br />
Install MongoDB using the following command.<br />
<br />
apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
service mongod start<br />
<br />
ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
update-rc.d mongod defaults<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=111070Logging - Monitoring C212016-10-20T07:48:23Z<p>Akerge: /* MongoDB */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
THIS GOES INTO GRAYLOG CONF!<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
apt-get update<br />
Install MongoDB using the following command.<br />
<br />
apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
service mongod start<br />
<br />
ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
update-rc.d mongod defaults<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=111069Logging - Monitoring C212016-10-20T07:47:03Z<p>Akerge: /* Prerequisites */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
THIS GOES INTO GRAYLOG CONF!<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=111068Logging - Monitoring C212016-10-20T07:46:43Z<p>Akerge: /* Elasticsearch */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
sudo apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
THIS GOES INTO GRAYLOG CONF!<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
service elasticsearch restart<br />
<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=111067Logging - Monitoring C212016-10-20T07:45:47Z<p>Akerge: /* Prerequisites */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed. From now on it is presumed that user has root privileges.<br />
<br />
sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
sudo apt-get -y install oracle-java8-installer<br />
<br />
java -version<br />
<br />
Output:<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
$ sudo apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
THIS GOES INTO GRAYLOG CONF!<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=107009Logging - Monitoring C212016-10-13T08:42:56Z<p>Akerge: /* Elasticsearch */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed.<br />
<br />
$ sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
$ sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
$ sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
$ sudo apt-get -y install oracle-java8-installer<br />
<br />
$ java -version<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
$ sudo apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
THIS GOES INTO GRAYLOG CONF!<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=107007Logging - Monitoring C212016-10-13T08:18:08Z<p>Akerge: /* Elasticsearch */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed.<br />
<br />
$ sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
$ sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
$ sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
$ sudo apt-get -y install oracle-java8-installer<br />
<br />
$ java -version<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
$ sudo apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
<br />
In the same file disable dynamic scripts to avoid remote execution. That can be done by adding the following line:<br />
<br />
script.disable_dynamic: true<br />
<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=107006Logging - Monitoring C212016-10-13T08:13:17Z<p>Akerge: /* Elasticsearch */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed.<br />
<br />
$ sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
$ sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
$ sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
$ sudo apt-get -y install oracle-java8-installer<br />
<br />
$ java -version<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache and install Elasticsearch<br />
<br />
$ sudo apt-get update && apt-get install elasticsearch<br />
<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
Disable dynamic scripts to avoid remote execution, that can be done by adding the following line at the end of above file.<br />
<br />
script.disable_dynamic: true<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=107005Logging - Monitoring C212016-10-13T08:12:12Z<p>Akerge: /* Elasticsearch */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed.<br />
<br />
$ sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
$ sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
$ sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
$ sudo apt-get -y install oracle-java8-installer<br />
<br />
$ java -version<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
<br />
$ sudo apt-get install elasticsearch<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
Disable dynamic scripts to avoid remote execution, that can be done by adding the following line at the end of above file.<br />
<br />
script.disable_dynamic: true<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=107004Logging - Monitoring C212016-10-13T08:11:49Z<p>Akerge: </p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group: Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created on: October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed.<br />
<br />
$ sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
$ sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
$ sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
$ sudo apt-get -y install oracle-java8-installer<br />
<br />
$ java -version<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
<br />
== Installing extras ==<br />
<br />
=== Elasticsearch ===<br />
<br />
Let’s install the Elasticsearch, it can be downloaded from the official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
<br />
$ sudo apt-get install elasticsearch<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
Disable dynamic scripts to avoid remote execution, that can be done by adding the following line at the end of above file.<br />
<br />
script.disable_dynamic: true<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
<br />
=== MongoDB ===<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
=== Graylog2 ===<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=107003Logging - Monitoring C212016-10-13T08:09:15Z<p>Akerge: </p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group : Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created by : October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
== Prerequisites ==<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed.<br />
<br />
$ sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
$ sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
$ sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
$ sudo apt-get -y install oracle-java8-installer<br />
<br />
$ java -version<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
Install Elasticsearch:<br />
<br />
<br />
Let’s install the Elasticsearch, it can be downloaded from official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
<br />
=== Installing extras ===<br />
<br />
==== Elasticsearch ====<br />
<br />
$ sudo apt-get install elasticsearch<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
Disable dynamic scripts to avoid remote execution, that can be done by adding the following line at the end of above file.<br />
<br />
script.disable_dynamic: true<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
<br />
==== MongoDB ====<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
==== Graylog2 ====<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=107002Logging - Monitoring C212016-10-13T08:08:11Z<p>Akerge: </p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group : Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created by : October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
=== Prerequisites ===<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed.<br />
<br />
$ sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
$ sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
$ sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
$ sudo apt-get -y install oracle-java8-installer<br />
<br />
$ java -version<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
Install Elasticsearch:<br />
<br />
<br />
Let’s install the Elasticsearch, it can be downloaded from official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
<br />
=== Installing extras ===<br />
<br />
==== Elasticsearch ====<br />
<br />
$ sudo apt-get install elasticsearch<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
Disable dynamic scripts to avoid remote execution, that can be done by adding the following line at the end of above file.<br />
<br />
script.disable_dynamic: true<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
<br />
==== MongoDB ====<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
==== Install Graylog2 ====<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=107001Logging - Monitoring C212016-10-13T08:05:53Z<p>Akerge: /* Abstract */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group : Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created by : October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for logging and monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
* '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
* '''How to use Graylog to protect servers.'''<br />
<br />
* '''Upgrading and configuring Graylog at first, and know how to secure Graylog.'''<br />
<br />
* '''Threats and security during logging.'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
=== Prerequisites ===<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed.<br />
<br />
$ sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
$ sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
$ sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
$ sudo apt-get -y install oracle-java8-installer<br />
<br />
$ java -version<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
Install Elasticsearch:<br />
<br />
<br />
Let’s install the Elasticsearch, it can be downloaded from official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
<br />
'''Install Elasticsearch.'''<br />
<br />
$ sudo apt-get install elasticsearch<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
Disable dynamic scripts to avoid remote execution, that can be done by adding the following line at the end of above file.<br />
<br />
script.disable_dynamic: true<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
<br />
'''Install MongoDB:'''<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
'''Install Graylog2:'''<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=107000Logging - Monitoring C212016-10-13T08:04:22Z<p>Akerge: /* Installation Guide */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group : Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created by : October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for Logging and Monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
- '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
- '''How to use Graylog to protect servers.<br />
'''<br />
<br />
- '''Upgrading and configure Graylog at first, and know how to secure Graylog.<br />
'''<br />
<br />
- '''Threats and Securing during logging.<br />
'''<br />
<br />
= Installation Guide =<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
=== Prerequisites ===<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed.<br />
<br />
$ sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
$ sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
$ sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
$ sudo apt-get -y install oracle-java8-installer<br />
<br />
$ java -version<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
Install Elasticsearch:<br />
<br />
<br />
Let’s install the Elasticsearch, it can be downloaded from official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
<br />
'''Install Elasticsearch.'''<br />
<br />
$ sudo apt-get install elasticsearch<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
Disable dynamic scripts to avoid remote execution, that can be done by adding the following line at the end of above file.<br />
<br />
script.disable_dynamic: true<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
<br />
'''Install MongoDB:'''<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
'''Install Graylog2:'''<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Talk:Logging_-_Monitoring_C21&diff=106999Talk:Logging - Monitoring C212016-10-13T07:52:38Z<p>Akerge: Blanked the page</p>
<hr />
<div></div>Akergehttps://wiki.itcollege.ee/index.php?title=Logging_-_Monitoring_C21&diff=106998Logging - Monitoring C212016-10-13T07:52:15Z<p>Akerge: /* Installation Guide */</p>
<hr />
<div>'''Logging and Monitoring with Graylog'''<br />
<br />
<br />
Course: Logging and Monitoring - Lecturer: Margus Ernits<br />
<br />
Group : Cyber Security Engineering (C21)<br />
<br />
Team members: Ender Phan, Kustas Kurval, Sheela Gowry Sumathi Raju, Artur Vincent Kerge<br />
<br />
Page created by : October 05, 2016<br />
<br />
= Abstract =<br />
<br />
In order to understand how to set up the Graylog service as well as understand its crucial roles. We decided to choose Graylog as our application for Logging and Monitoring. Below are our objectives which would be expected to achieve later on:<br />
<br />
- '''How to install Graylog on Ubuntu 14.04.'''<br />
<br />
- '''How to use Graylog to protect servers.<br />
'''<br />
<br />
- '''Upgrading and configure Graylog at first, and know how to secure Graylog.<br />
'''<br />
<br />
- '''Threats and Securing during logging.<br />
'''<br />
<br />
= Installation Guide=<br />
<br />
'''Ubuntu 14.04'''<br />
<br />
<br />
[[File:Graylog_simple_setup_v2.png]]<br />
<br />
'''Prerequisites:'''<br />
<br />
Since the Elasticsearch is based on java, we would require to install either openJDK or Oracle JDK. It is recommended to install Oracle JDK, verify the java version by using the following command.<br />
<br />
Remove the OpenJDK from the system, if you have it already installed.<br />
<br />
$ sudo apt-get remove --purge openjdk*<br />
Add repository.<br />
<br />
$ sudo add-apt-repository -y ppa:webupd8team/java<br />
Run the following command to pull the packages information from the newly added repository.<br />
<br />
$ sudo apt-get update<br />
Issue the following command to install Java jdk 1.8.<br />
<br />
$ sudo apt-get -y install oracle-java8-installer<br />
<br />
$ java -version<br />
<br />
Java version "1.8.0_60"<br />
Java(TM) SE Runtime Environment (build 1.8.0_60-b27)<br />
Java HotSpot(TM) 64-Bit Server VM (build 25.60-b23, mixed mode)<br />
Install Elasticsearch:<br />
<br />
<br />
Let’s install the Elasticsearch, it can be downloaded from official website.<br />
<br />
'''Download and install GPG signing key'''.<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
Note that the -qO argument is lowercase Quebec followed by capital Oscar.<br />
<br />
Save the repository definition to /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
$ echo "deb http://packages.elastic.co/elasticsearch/1.7/debian stable main" | sudo tee -a /etc/apt/sources.list.d/elasticsearch.list<br />
<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
<br />
'''Install Elasticsearch.'''<br />
<br />
$ sudo apt-get install elasticsearch<br />
Configure Elasticsearch to start during system startup.<br />
<br />
$ sudo update-rc.d elasticsearch defaults<br />
The only important thing is to set a cluster name as “graylog2“, that is being used by graylog. Now edit the configuration file of Elasticsearch.<br />
<br />
$ sudo nano /etc/elasticsearch/elasticsearch.yml<br />
<br />
cluster.name: graylog2<br />
Disable dynamic scripts to avoid remote execution, that can be done by adding the following line at the end of above file.<br />
<br />
script.disable_dynamic: true<br />
Once it is done, we are good to go. Before that, restart the Elasticsearch services to load the modified configuration.<br />
<br />
$ sudo service elasticsearch restart<br />
Wait at least a minute to let the Elasticsearch get fully restarted, otherwise testing will fail. Elastisearch should be now listen on 9200 for processing HTTP request, we can use CURL to get the response. Ensure that it returns with cluster name as “graylog2”<br />
<br />
$ curl -X GET http://localhost:9200<br />
<br />
{<br />
"status" : 200,<br />
"name" : "Pistol",<br />
"cluster_name" : "'''graylog2'''",<br />
"version" : {<br />
"number" : "1.7.1",<br />
"build_hash" : "b88f43fc40b0bcd7f173a1f9ee2e97816de80b19",<br />
"build_timestamp" : "2015-07-29T09:54:16Z",<br />
"build_snapshot" : false,<br />
"lucene_version" : "4.10.4"<br />
},<br />
"tagline" : "You Know, for Search"<br />
}<br />
<br />
Optional: Use the following command to check the Elasticsearch cluster health, you must get a cluster status as “green” for graylog to work.<br />
<br />
$ curl -XGET 'http://localhost:9200/_cluster/health?pretty=true'<br />
<br />
{<br />
"cluster_name" : "'''graylog2'''",<br />
"status" : "'''green'''",<br />
"timed_out" : false,<br />
"number_of_nodes" : 1,<br />
"number_of_data_nodes" : 1,<br />
"active_primary_shards" : 0,<br />
"active_shards" : 0,<br />
"relocating_shards" : 0,<br />
"initializing_shards" : 0,<br />
"unassigned_shards" : 0,<br />
"delayed_unassigned_shards" : 0,<br />
"number_of_pending_tasks" : 0,<br />
"number_of_in_flight_fetch" : 0<br />
}<br />
<br />
<br />
'''Install MongoDB:'''<br />
<br />
MongoDB is available in dep format and same can be downloaded from the official website. Add the following repository information on the system to install MongoDB. Before that we must import public key.<br />
<br />
$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10<br />
Add repository by creating the /etc/apt/sources.list.d/mongodb-org-3.0.list list file using the command.<br />
<br />
$ echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list<br />
Update repository cache.<br />
<br />
$ sudo apt-get update<br />
Install MongoDB using the following command.<br />
<br />
$ sudo apt-get install mongodb-org<br />
Start the MongoDB service and enable it to start automatically during the system start-up.<br />
<br />
$ sudo service mongod start<br />
<br />
$ sudo ls -s /usr/bin/mongod /etc/init.d/mongod<br />
<br />
$ sudo update-rc.d mongod defaults<br />
<br />
<br />
'''Install Graylog2:'''<br />
<br />
Graylog-server accepts and process the log messages, also spawns the RESTAPI for the requests that comes from graylog-web-interface. Download the latest version of graylog from graylog.org,<br />
<br />
Use the following command to install graylog2 repository.<br />
<br />
$ wget https://packages.graylog2.org/repo/packages/graylog-1.2-repository-ubuntu14.04_latest.deb<br />
<br />
$ sudo dpkg -i graylog-1.2-repository-ubuntu14.04_latest.deb<br />
Install https suppport and update the repository cache.<br />
<br />
$ sudo apt-get install apt-transport-https<br />
<br />
$ sudo apt-get update<br />
Install Graylog server using following command.<br />
<br />
$ sudo apt-get install graylog-server <br />
Edit the server.conf file.<br />
<br />
$ sudo nano /etc/graylog/server/server.conf<br />
Configure the following variables in the above file.<br />
<br />
Set a secret to secure the user passwords, use the following command to generate a secret, use at least 64 character’s.<br />
<br />
$ pwgen -N 1 -s 96<br />
<br />
OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
If you get a “pwgen: command not found“, use the following command to install pwgen.<br />
<br />
$ sudo apt-get install pwgen<br />
<br />
Place the secret.<br />
<br />
password_secret = OH9wXpsNZVBA8R5vJQSnkhTB1qDOjCxAh3aE3LvXddtfDlZlKYEyGS24BJAiIxI0sbSTSPovTTnhLkkrUvhSSxodTlzDi5gP<br />
<br />
Next is to set a hash password for the root user (not to be confused with system user, root user of graylog is admin). You will use this password for login into the web interface, admin’s password can not be changed using web interface, must edit this variable to set.<br />
<br />
Replace “yourpassword” with the choice of your’s.<br />
<br />
# echo -n yourpassword | sha256sum<br />
<br />
e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
<br />
Place the hash password.<br />
<br />
root_password_sha2 = e3c652f0ba0b4801205814f8b6bc49672c4c74e25b497770bb89b22cdeb4e951<br />
You can setup email address root (admin) user.<br />
<br />
root_email = "cyber.web@gmail.com"<br />
Set timezone of root (admin) user.<br />
<br />
root_timezone = UTC<br />
<br />
Graylog will try to find the Elasticsearch nodes automatically, it uses multicast mode for the same. But when it comes to larger network, it is recommended to use unicast mode which is best suited one for production setups. So add the following two entries to graylog server.conf file, replace ipaddress with live hostname or ipaddress. Multiple hosts can be added with comma separated.<br />
<br />
elasticsearch_http_enabled = false<br />
elasticsearch_discovery_zen_ping_unicast_hosts = ipaddress:9300<br />
<br />
Set only one master node by defining the below variable, default setting is true, you must set it as a false to make the particular node as a slave. Master node performs some periodic tasks that slave won’t perform.<br />
<br />
is_master = true<br />
<br />
The following variable sets the number of log messages to keep per index, it is recommended to have several smaller indices instead of larger ones.<br />
<br />
elasticsearch_max_docs_per_index = 20000000<br />
The following parameter defines to have total number of indices, if the this number is reached old index will be deleted.<br />
<br />
elasticsearch_max_number_of_indices = 20<br />
Shards setting is really depends on the number of nodes in the Elasticsearch cluster, if you have only one node, set it as 1.<br />
<br />
elasticsearch_shards = 1<br />
The number of replicas for your indices, if you have only one node in Elasticsearch cluster; set it as 0.<br />
<br />
elasticsearch_replicas = 0<br />
<br />
''Restart Graylog service.''<br />
<br />
$ sudo service graylog-server restart<br />
Enable auto start of graylog server service during system startup.<br />
<br />
$ sudo update-rc.d graylog-server defaults<br />
You can check out the server startup logs, it will be useful for you to troubleshoot graylog in case of any issue.<br />
<br />
# tailf /var/log/graylog-server/server.log<br />
On successful start of graylog-server, you should get the following message in the log file.<br />
<br />
2015-09-17T09:35:22.895+02:00 INFO [ServerBootstrap] Graylog server up and running.<br />
<br />
'''Install Graylog web interface:'''<br />
<br />
To configure graylog-web-interface, you must have at least one graylog-server node. Install Graylog web interface using “apt-get”.<br />
<br />
$ sudo apt-get install graylog-web<br />
Edit the configuration file and set the following parameters.<br />
<br />
$ sudo nano /etc/graylog/web/web.conf<br />
This is the list of graylog-server nodes, you can add multiple nodes, separate by commas.<br />
<br />
graylog2-server.uris="http://127.0.0.1:12900/"<br />
Set the application scret and can be generated using pwgen -N 1 -s 96.<br />
<br />
application.secret="sNXyFf6B4Au3GqSlZwq7En86xp10JimdxxYiLtpptOejX6tIUpUE4DGRJOrcMj07wcK0wugPaapvzEzCYinEWj7BOtHXVl5Z"<br />
Set Web interface timezone.<br />
<br />
Timezone="Europe/Tallinn"<br />
<br />
Restart the gralog-web-interface using following command,<br />
<br />
$ sudo service graylog-web restart<br />
Enable auto start of web interface service during system startup.<br />
<br />
$ sudo update-rc.d graylog-web defaults<br />
<br />
= Experiences =<br />
<br />
In during installation time, we have found some problems which will impact on our your installation as well.<br />
<br />
- The version of Ubuntu and Graylog might conflict each other as well as Graylog's packages ( e.g : java )<br />
<br />
= Summary =<br />
<br />
During the installation Graylogs in both versions of Ubuntu ( 14.04 and 16.0 ). We realized that it had many differences between these versions. Listed above our objectives what we expect to achieve after installing and using Graylog, along with its useful information and its interaction between Administrator (users) with Graylog.<br />
<br />
its advantages:<br />
+ Free.<br />
+ Easy to interact with web interface.<br />
+ Easy to install with the good support from its sources.<br />
+ Help Administrator (user) to collect information in during logging and monitoring straightforwardly.<br />
+ Many useful tools ( plugins ) which supports to work on.<br />
<br />
= References =<br />
<br />
''http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-graylog2-on-ubuntu-14-04.html''</div>Akergehttps://wiki.itcollege.ee/index.php?title=Talk:Logging_-_Monitoring_C21&diff=106995Talk:Logging - Monitoring C212016-10-13T07:41:03Z<p>Akerge: Created page with "Following produces an error: $ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - dash '-' needs to be escaped with '\' and wget should r..."</p>
<hr />
<div>Following produces an error:<br />
<br />
$ sudo wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -<br />
<br />
dash '-' needs to be escaped with '\' and wget should really be verbose instead of quiet.</div>Akergehttps://wiki.itcollege.ee/index.php?title=User:Akerge&diff=105745User:Akerge2016-09-26T09:27:18Z<p>Akerge: /* Before the Start of Academical Year */</p>
<hr />
<div>As the study builds up bit by bit, then,<br />
<blockquote>He, who collects no bit, gets no byte!</blockquote><br />
<br />
'''This is a work in progress:'''<br />
<br />
__TOC__<br />
<br />
= Survival Guide for Students of Cybersecurity Engineering (CSE) =<br />
<br />
This is an ongoing project from the alpha tester. All suggestions are purely recommendations that I wish I knew before the beginning of the school. <br />
<br />
Prepare to your [[#Mindset | mindset]], as the first semester will be the most challenging and it should get easier once you [https://www.thrillist.com/health/nation/how-to-become-a-morning-person acquire the rhythm that suits] best for you. The tempo for studying is somewhat high if you haven't in a while or come from straight out of college without any previous knowledge of computers. Make mistakes, ask questions, put in some effort and you'll be fine.<br />
<br />
= Mindset =<br />
[[File:Mindset.gif|200px|thumb|right|alt=Fixed vs growth mindset graphic.|Fixed vs growth mindset. Author of the graphic is [http://nigelholmes.com/ Nigel Holmes.] You can [http://www.zazzle.com/mindset_poster_by_nigel_holmes-228303290595592374 order a print from here.]]]<br />
Write down why you decided to apply to this school, for this curriculum. If you haven't done so far, accept your to mistakes. Nobody's perfect and that's how we learn -- by making mistakes. Putting in effort goes a long way. Here are some helpful questions that I copied from [http://www.amazon.co.uk/Mindset-How-Fulfil-Your-Potential/dp/1780332009/ Carol S. Dweck's book "Mindset"]:<br />
<br />
*What are the opportunities for learning and growth today?<br />
*When, where and how will I embark on my plan?<br />
*When, where and how will I act on my new plan?<br />
<br />
= Before the Start of Academical Year =<br />
[[File:Learning-how-to-learn-mooc.png|200px|thumb|right|alt=Learning to remember|Learning to remember. [https://www.coursera.org/learn/learning-how-to-learn Online course can be found here]]]<br />
In order of importance. Or not, take your pick what's important to you.<br />
<br />
* Follow the news of the industry if you don't do so already. Get a RSS/Atom reader and follow the various news feeds.<br />
<br />
* Read [https://en.wikipedia.org/wiki/The_Hacker_Ethic_and_the_Spirit_of_the_Information_Age 'Hacker ethic' by Pekka Himanen].<br />
<br />
* Familiarise yourself with Discrete Math ∨ suffer. One can find several books online, although printed ones are superior to electronic ones, unless one prefers e-readers. Second hand books in a readable state are rather cheap online. See [[#Textbooks for Discrete Math|list of math textbooks]] in booksellers list in [[#Resources|resources]]. Bear in mind that one book is enough and I've heard that it may be even possible to find such books online in PDF format.<br />
<br />
* Learn JAVA as much as you can before, so you can study more in class and/or do your project meanwhile. See [[#Learning resources|list of learning resources]] for links.<br />
* If possible, move closer to school or dormitory to cut down time on the commute.<br />
* Learn to cook. By cooking I don't mean seasoning boiled noodles. [http://imgur.com/a/XGaog Here's a fine example].<br />
* In case it has been a while since one has learned anything or needs to familiarize oneself to studying, check out the infographic on the right, take the online course or read [http://www.barbaraoakley.com/mfn.html the book].<br />
<br />
= During =<br />
Majority of the following can be started before the beginning of school year to get in gear.<br />
* '''Learn to learn'''. This is the most difficult part. <br />
* '''Structure your time'''. Congrats if you're doing well with it.<br />
* Try to '''keep developing the learning habit and stick to the routine''' or figure out what works best for you.<br />
* '''There are no stupid questions'''. Get over the fear of asking questions. The more the merrier. How to ask good questions is another story altogether. Look it up.<br />
* '''Get plenty of rest'''. 8 hours per night, if possible.<br />
* '''Stay healthy''' -- invest in vitamins, especially vitamin D in winter due to lack of sun and Ginseng and/or Rhodiola extracts to keep you up and going.<br />
* '''Attend the classes'''. Recordings are made, but they are not a substitution to attendance.<br />
** Or if learning curve is too steep, skip the unnecessary classes and learn meanwhile, but really do it, don't imagine it doing. Prioritise classes.<br />
* Attend hackathons. Awesome places for networking and getting some hacker-cred!<br />
<br />
== Problems ==<br />
* If there is a problem, solve it or seek help. Unattended problems tend to grow out of hand.<br />
** If the problem is in curriculum or school, go see a study counsellor. They are best informed regarding school matters.<br />
**If the problem is of an emotional kind and/or related to depression, motivation you can seek help from the psychologist who speaks English and operates in TUT. The contact is counsellor at ttu (dot) ee. [https://translate.google.com/translate?sl=et&tl=en&js=y&prev=_t&hl=et&ie=UTF-8&u=http%3A%2F%2Fttu.ee%2Ftudengile%2Fnoustamine%2Fpsuhholoogiline-noustamine%2F&edit-text= Google translated page can be found here].<br />
* ''Ex unitate vires'' -- the strength of unity. Get to know your coursemates. Learning together and/or teaching each other is a simple solution for difficult problems.<br />
<br />
== Classes ==<br />
In the beginning of first semester you have 6 courses. It's going to be mad, so do as much as possible at school. Stay late, as college building is a surprisingly good place to study. Also, if you comprehend a little Estonian, attend the weekend classes for distance learning students: if you fail to comprehend something in Java or Math then this is a good way to recap.<br />
<br />
== Semester 1 ==<br />
<br />
=== [https://www.netacad.com/ Basic Networking] ===<br />
Cisco Networking Academy's course read by Roman Kuchin, by the end of which you'll get a CCNA certificate (if you pass). Be aware that the tempo is quite high - 2 Cisco semesters during fall semester! That is 8 weeks per Cisco semester, which consists of parts 1 and 2, so 25 labs per semester, about 50 in total, about hour to hour and a half per lab, plus chapter exams. Read, the chapter and do the chapter exam on netacad and read for the next lecture. This way you'll understand better what is said during the lecture. Also, this course is a prerequisite for [[#Introduction to Cyber Security|Intro to CS]]. Again, collaborate! If in hurry, do the labs on packet tracer but nothing beats doing them IRL.<br />
<br />
'''Grading:''' Online exams and practical labs must be done before the exam date (preferably by Christmas), to be admitted to the exam, which is in late January.<br />
<br />
=== Basic Programming ===<br />
Which is Java and is read by Mikk Mangus. If I would take this again, I'd skip the classes and study the book & practice more on my own. Practicums are sometimes interesting. There is no homework, sometimes lecturer remembers to remind to read a chapter from ''[http://math.hws.edu/javanotes/ the book]''. The pace is a chapter per week.<br />
<br />
'''Grading:''' Two tests in November, your own project by the beginning of December and exam in January. Own project can be anything but has to have several classes and have a git repository.<br />
<br />
=== [http://www.cs.ioc.ee/ITKDM/ Logic and Discrete Mathematics] ===<br />
You know math or are good at it? Help others out. Seriously, this is the most difficult subject. It is read by the professor [http://cs.ioc.ee/dept/staff/jaan.html Jaan Penjam] from Institute of Cybernetics, TUT. Recommend getting a textbook.<br />
<br />
'''Grading:''' Ongoing quizzes (9*2%) in practicum, after lecture. Midterm test (20%) and a final test (20%) before exam (42%) in January.<br />
<br />
=== [https://wiki.itcollege.ee/index.php/Category:I600_Introduction_to_Computers_and_Informatics Introduction to Informatics and Computers] ===<br />
The basics of computers with some in-depth stuff, like debugging VHDL. Read by Lauri Võsandi.<br />
<br />
'''Grading:''' Ongoing assessment in practicums and exam in January.<br />
<br />
=== Social, Ethical and Professional Issues in IT ===<br />
Rather interesting lectures read by [http://www.kakupesa.ee/ Kaido Kikkas] on computer and hacker history and related topics.<br />
<br />
'''Grading:''' A quiz in the first practicum about computer related history and trivia in a computer lab where you'll be using the Web to find the answers. Practicum attendance is a must, max 3 total non-attendances allowed. 1-2 written essays (2k words) with presentations.<br />
<br />
=== Oral and Written Communication Skills ===<br />
Valuable English language taught by Kärt Rummel. Be prepared to get over stage fright as you will have to present your writings (letters of motivation, informative and persuasive arguments etc) in front of your class.<br />
<br />
'''Grading:''' Ongoing assessment - do your homework, attend your classes and you'll be fine. >=51% rate of attendance and participation in final round-table is necessary to pass.<br />
<br />
== Semester 2 ==<br />
Coming soon!<br />
=== [[Introduction to Cyber Security]] ===<br />
Networking is a pre-requisite.<br />
<br />
*Programming<br />
*SysOp<br />
*Security<br />
<br />
Security is not a state but a process. Make sure your network is more secure than your neighbour's. Don't trust technology - it does not solve the problem, it moves the problem to some other place. Test your security. DevOps + enemy's tools.<br />
<br />
=== [http://cs.ioc.ee/ITKStat/ Statistics] ===<br />
<br />
<br />
[https://www.khanacademy.org/math/probability/statistics-inferential Inferential Statistics]<br />
<br />
[https://www.khanacademy.org/math/probability/descriptive-statistics Descriptive Statistics]<br />
<br />
[https://www.datacamp.com/courses/intro-to-statistics-with-r-student-s-t-test Intro to t-tests]<br />
<br />
== Semester 3 ==<br />
<br />
=== [https://wiki.itcollege.ee/index.php/I803_IT_Infrastructure_services IT Infrastructure services] ===<br />
<br />
= After =<br />
As with a good graphic designer, your work (probably) will not be noticed or commended unless something goes (horribly) wrong. <br />
Paraphrased from [https://www.erowid.org/general/about/about_article16.shtml Erowid's Sysadmin] article.<br />
<br />
Never stop being curious. There is a Calvin and Hobbes comic that (maybe) illustrates this perfectly but I spent too much time searching it and got distracted by imgur so maybe it will be here by the end of my studies.<br />
<br />
= Resources =<br />
<br />
=== Textbooks for Discrete Math ===<br />
<br />
As recommended by math professor on his [http://www.cs.ioc.ee/ITKDM/ homepage].<br />
* Susanna S. Epp's book is supposedly easier to follow, although with any book time and practice are prerequisites to gain knowledge on the subject. <br />
* Kenneth H. Rosen's 'Discrete Mathematics and Its Applications' is suggested by [http://www.cs.ioc.ee/ITKDM/ Disc. Math professor]. If you go with this one, also get the 'Student Solutions Guide For Discrete Mathematics And Its Applications' as well. At the time of writing, the newest version is 7th edition but new ones cost in multiples more. The difference is probably minimal errata.<br />
* 'Schaum's Outline of Discrete Mathematics' by S.Lipschutz and M.Lipson is another recommendation as well as 'Discrete mathematics: elementary and beyond' by L. Lovász, J. Pelikán and K. Vesztergombi.<br />
<br />
=== List of booksellers ===<br />
<br />
In order of personal preference.<br />
<br />
[https://www.amazon.co.uk/ Amazon] in £. Listing update is slow. Had one book refunded due to it. Although, as the prices for books might be cheaper than in EU, it is a hassle to get all the necessary books from one seller because of the (relatively) pricey shipping fees. On the other hand, if you're lucky, then the courier will bring the order to your doorstep.<br />
<br />
[https://www.ebay.ie/ eBay] in €! Usually mail order, prices and shipping costs are varied. Any parcel bigger than A4 envelope and 20 mm thickness will be kept at your local postal branch and you'll get a notification by snail mail or an SMS if there's a phone number on address slip.<br />
<br />
[https://www.abebooks.co.uk/ AbeBooks] in £. Lists European booksellers as well. Pricey shipping. €8 per book from UK?!<br />
<br />
[https://www.bookdepository.com/ Book Deposiory] in €.<br />
<br />
[https://www.thriftbooks.com/ ThriftBooks] in $. Unfortunately no personal experience with the last three.<br />
<br />
=== Learning resources ===<br />
<br />
'''Java'''<br />
*Heres a [https://www.youtube.com/watch?v=TBWX97e1E9g&list=PLE7E8B7F4856C9B19 'quite OK' Java Video Tutorial] from [http://itk.arti.ee/ Arti Zirk's ITC webpage].<br />
<br />
*[https://www.codecademy.com/ Codecademy's] [https://www.codecademy.com/learn/learn-java Java] is a nice place to remind oneself basics of Java.<br />
<br />
*[http://www.codingbat.com/ Codingbat] is an awesome place for Java problems.<br />
<br />
*David Eck's book [http://math.hws.edu/javanotes/ Java Notes] is well put together book introducing Java. Homework in class.<br />
'''Git'''<br />
*[https://www.codecademy.com/learn/learn-git Git] courses on Codecademy will get you kickstarted.<br />
<br />
= Contact & Feedback =<br />
If you have any further questions or comments, then you are free to contact me at artur at kerge (dot) eu or for non-urgent things, start a discussion on the page and/or edit it straight away. Also you can [http://kerge.eu/ check out my awesome homepage]!</div>Akergehttps://wiki.itcollege.ee/index.php?title=File:Learning-how-to-learn-mooc.png&diff=105744File:Learning-how-to-learn-mooc.png2016-09-26T09:19:22Z<p>Akerge: Info-graphic describing learning and remembering process</p>
<hr />
<div>Info-graphic describing learning and remembering process</div>Akergehttps://wiki.itcollege.ee/index.php?title=User:Akerge&diff=105292User:Akerge2016-09-08T11:48:14Z<p>Akerge: /* During */</p>
<hr />
<div>As the study builds up bit by bit, then,<br />
<blockquote>He, who collects no bit, gets no byte!</blockquote><br />
<br />
'''This is a work in progress:'''<br />
<br />
__TOC__<br />
<br />
= Survival Guide for Students of Cybersecurity Engineering (CSE) =<br />
<br />
This is an ongoing project from the alpha tester. All suggestions are purely recommendations that I wish I knew before the beginning of the school. <br />
<br />
Prepare to your [[#Mindset | mindset]], as the first semester will be the most challenging and it should get easier once you [https://www.thrillist.com/health/nation/how-to-become-a-morning-person acquire the rhythm that suits] best for you. The tempo for studying is somewhat high if you haven't in a while or come from straight out of college without any previous knowledge of computers. Make mistakes, ask questions, put in some effort and you'll be fine.<br />
<br />
= Mindset =<br />
[[File:Mindset.gif|200px|thumb|right|alt=Fixed vs growth mindset graphic.|Fixed vs growth mindset. Author of the graphic is [http://nigelholmes.com/ Nigel Holmes.] You can [http://www.zazzle.com/mindset_poster_by_nigel_holmes-228303290595592374 order a print from here.]]]<br />
Write down why you decided to apply to this school, for this curriculum. If you haven't done so far, accept your to mistakes. Nobody's perfect and that's how we learn -- by making mistakes. Putting in effort goes a long way. Here are some helpful questions that I copied from [http://www.amazon.co.uk/Mindset-How-Fulfil-Your-Potential/dp/1780332009/ Carol S. Dweck's book "Mindset"]:<br />
<br />
*What are the opportunities for learning and growth today?<br />
*When, where and how will I embark on my plan?<br />
*When, where and how will I act on my new plan?<br />
<br />
= Before the Start of Academical Year =<br />
<br />
In order of importance. Or not, take your pick what's important to you.<br />
<br />
* Follow the news of the industry if you don't do so already. Get a RSS/Atom reader and follow the various news feeds.<br />
<br />
* Read [https://en.wikipedia.org/wiki/The_Hacker_Ethic_and_the_Spirit_of_the_Information_Age 'Hacker ethic' by Pekka Himanen].<br />
<br />
* Familiarise yourself with Discrete Math ∨ suffer. One can find several books online, although printed ones are superior to electronic ones, unless one prefers e-readers. Second hand books in a readable state are rather cheap online. See [[#Textbooks for Discrete Math|list of math textbooks]] in booksellers list in [[#Resources|resources]]. Bear in mind that one book is enough and I've heard that it may be even possible to find such books online in PDF format.<br />
<br />
* Learn JAVA as much as you can before, so you can study more in class and/or do your project meanwhile. See [[#Learning resources|list of learning resources]] for links.<br />
* If possible, move closer to school or dormitory to cut down time on the commute.<br />
* Learn to cook. By cooking I don't mean seasoning boiled noodles. [http://imgur.com/a/XGaog Here's a fine example].<br />
<br />
= During =<br />
Majority of the following can be started before the beginning of school year to get in gear.<br />
* '''Learn to learn'''. This is the most difficult part. <br />
* '''Structure your time'''. Congrats if you're doing well with it.<br />
* Try to '''keep developing the learning habit and stick to the routine''' or figure out what works best for you.<br />
* '''There are no stupid questions'''. Get over the fear of asking questions. The more the merrier. How to ask good questions is another story altogether. Look it up.<br />
* '''Get plenty of rest'''. 8 hours per night, if possible.<br />
* '''Stay healthy''' -- invest in vitamins, especially vitamin D in winter due to lack of sun and Ginseng and/or Rhodiola extracts to keep you up and going.<br />
* '''Attend the classes'''. Recordings are made, but they are not a substitution to attendance.<br />
** Or if learning curve is too steep, skip the unnecessary classes and learn meanwhile, but really do it, don't imagine it doing. Prioritise classes.<br />
* Attend hackathons. Awesome places for networking and getting some hacker-cred!<br />
<br />
== Problems ==<br />
* If there is a problem, solve it or seek help. Unattended problems tend to grow out of hand.<br />
** If the problem is in curriculum or school, go see a study counsellor. They are best informed regarding school matters.<br />
**If the problem is of an emotional kind and/or related to depression, motivation you can seek help from the psychologist who speaks English and operates in TUT. The contact is counsellor at ttu (dot) ee. [https://translate.google.com/translate?sl=et&tl=en&js=y&prev=_t&hl=et&ie=UTF-8&u=http%3A%2F%2Fttu.ee%2Ftudengile%2Fnoustamine%2Fpsuhholoogiline-noustamine%2F&edit-text= Google translated page can be found here].<br />
* ''Ex unitate vires'' -- the strength of unity. Get to know your coursemates. Learning together and/or teaching each other is a simple solution for difficult problems.<br />
<br />
== Classes ==<br />
In the beginning of first semester you have 6 courses. It's going to be mad, so do as much as possible at school. Stay late, as college building is a surprisingly good place to study. Also, if you comprehend a little Estonian, attend the weekend classes for distance learning students: if you fail to comprehend something in Java or Math then this is a good way to recap.<br />
<br />
== Semester 1 ==<br />
<br />
=== [https://www.netacad.com/ Basic Networking] ===<br />
Cisco Networking Academy's course read by Roman Kuchin, by the end of which you'll get a CCNA certificate (if you pass). Be aware that the tempo is quite high - 2 Cisco semesters during fall semester! That is 8 weeks per Cisco semester, which consists of parts 1 and 2, so 25 labs per semester, about 50 in total, about hour to hour and a half per lab, plus chapter exams. Read, the chapter and do the chapter exam on netacad and read for the next lecture. This way you'll understand better what is said during the lecture. Also, this course is a prerequisite for [[#Introduction to Cyber Security|Intro to CS]]. Again, collaborate! If in hurry, do the labs on packet tracer but nothing beats doing them IRL.<br />
<br />
'''Grading:''' Online exams and practical labs must be done before the exam date (preferably by Christmas), to be admitted to the exam, which is in late January.<br />
<br />
=== Basic Programming ===<br />
Which is Java and is read by Mikk Mangus. If I would take this again, I'd skip the classes and study the book & practice more on my own. Practicums are sometimes interesting. There is no homework, sometimes lecturer remembers to remind to read a chapter from ''[http://math.hws.edu/javanotes/ the book]''. The pace is a chapter per week.<br />
<br />
'''Grading:''' Two tests in November, your own project by the beginning of December and exam in January. Own project can be anything but has to have several classes and have a git repository.<br />
<br />
=== [http://www.cs.ioc.ee/ITKDM/ Logic and Discrete Mathematics] ===<br />
You know math or are good at it? Help others out. Seriously, this is the most difficult subject. It is read by the professor [http://cs.ioc.ee/dept/staff/jaan.html Jaan Penjam] from Institute of Cybernetics, TUT. Recommend getting a textbook.<br />
<br />
'''Grading:''' Ongoing quizzes (9*2%) in practicum, after lecture. Midterm test (20%) and a final test (20%) before exam (42%) in January.<br />
<br />
=== [https://wiki.itcollege.ee/index.php/Category:I600_Introduction_to_Computers_and_Informatics Introduction to Informatics and Computers] ===<br />
The basics of computers with some in-depth stuff, like debugging VHDL. Read by Lauri Võsandi.<br />
<br />
'''Grading:''' Ongoing assessment in practicums and exam in January.<br />
<br />
=== Social, Ethical and Professional Issues in IT ===<br />
Rather interesting lectures read by [http://www.kakupesa.ee/ Kaido Kikkas] on computer and hacker history and related topics.<br />
<br />
'''Grading:''' A quiz in the first practicum about computer related history and trivia in a computer lab where you'll be using the Web to find the answers. Practicum attendance is a must, max 3 total non-attendances allowed. 1-2 written essays (2k words) with presentations.<br />
<br />
=== Oral and Written Communication Skills ===<br />
Valuable English language taught by Kärt Rummel. Be prepared to get over stage fright as you will have to present your writings (letters of motivation, informative and persuasive arguments etc) in front of your class.<br />
<br />
'''Grading:''' Ongoing assessment - do your homework, attend your classes and you'll be fine. >=51% rate of attendance and participation in final round-table is necessary to pass.<br />
<br />
== Semester 2 ==<br />
Coming soon!<br />
=== [[Introduction to Cyber Security]] ===<br />
Networking is a pre-requisite.<br />
<br />
*Programming<br />
*SysOp<br />
*Security<br />
<br />
Security is not a state but a process. Make sure your network is more secure than your neighbour's. Don't trust technology - it does not solve the problem, it moves the problem to some other place. Test your security. DevOps + enemy's tools.<br />
<br />
=== [http://cs.ioc.ee/ITKStat/ Statistics] ===<br />
<br />
<br />
[https://www.khanacademy.org/math/probability/statistics-inferential Inferential Statistics]<br />
<br />
[https://www.khanacademy.org/math/probability/descriptive-statistics Descriptive Statistics]<br />
<br />
[https://www.datacamp.com/courses/intro-to-statistics-with-r-student-s-t-test Intro to t-tests]<br />
<br />
== Semester 3 ==<br />
<br />
=== [https://wiki.itcollege.ee/index.php/I803_IT_Infrastructure_services IT Infrastructure services] ===<br />
<br />
= After =<br />
As with a good graphic designer, your work (probably) will not be noticed or commended unless something goes (horribly) wrong. <br />
Paraphrased from [https://www.erowid.org/general/about/about_article16.shtml Erowid's Sysadmin] article.<br />
<br />
Never stop being curious. There is a Calvin and Hobbes comic that (maybe) illustrates this perfectly but I spent too much time searching it and got distracted by imgur so maybe it will be here by the end of my studies.<br />
<br />
= Resources =<br />
<br />
=== Textbooks for Discrete Math ===<br />
<br />
As recommended by math professor on his [http://www.cs.ioc.ee/ITKDM/ homepage].<br />
* Susanna S. Epp's book is supposedly easier to follow, although with any book time and practice are prerequisites to gain knowledge on the subject. <br />
* Kenneth H. Rosen's 'Discrete Mathematics and Its Applications' is suggested by [http://www.cs.ioc.ee/ITKDM/ Disc. Math professor]. If you go with this one, also get the 'Student Solutions Guide For Discrete Mathematics And Its Applications' as well. At the time of writing, the newest version is 7th edition but new ones cost in multiples more. The difference is probably minimal errata.<br />
* 'Schaum's Outline of Discrete Mathematics' by S.Lipschutz and M.Lipson is another recommendation as well as 'Discrete mathematics: elementary and beyond' by L. Lovász, J. Pelikán and K. Vesztergombi.<br />
<br />
=== List of booksellers ===<br />
<br />
In order of personal preference.<br />
<br />
[https://www.amazon.co.uk/ Amazon] in £. Listing update is slow. Had one book refunded due to it. Although, as the prices for books might be cheaper than in EU, it is a hassle to get all the necessary books from one seller because of the (relatively) pricey shipping fees. On the other hand, if you're lucky, then the courier will bring the order to your doorstep.<br />
<br />
[https://www.ebay.ie/ eBay] in €! Usually mail order, prices and shipping costs are varied. Any parcel bigger than A4 envelope and 20 mm thickness will be kept at your local postal branch and you'll get a notification by snail mail or an SMS if there's a phone number on address slip.<br />
<br />
[https://www.abebooks.co.uk/ AbeBooks] in £. Lists European booksellers as well. Pricey shipping. €8 per book from UK?!<br />
<br />
[https://www.bookdepository.com/ Book Deposiory] in €.<br />
<br />
[https://www.thriftbooks.com/ ThriftBooks] in $. Unfortunately no personal experience with the last three.<br />
<br />
=== Learning resources ===<br />
<br />
'''Java'''<br />
*Heres a [https://www.youtube.com/watch?v=TBWX97e1E9g&list=PLE7E8B7F4856C9B19 'quite OK' Java Video Tutorial] from [http://itk.arti.ee/ Arti Zirk's ITC webpage].<br />
<br />
*[https://www.codecademy.com/ Codecademy's] [https://www.codecademy.com/learn/learn-java Java] is a nice place to remind oneself basics of Java.<br />
<br />
*[http://www.codingbat.com/ Codingbat] is an awesome place for Java problems.<br />
<br />
*David Eck's book [http://math.hws.edu/javanotes/ Java Notes] is well put together book introducing Java. Homework in class.<br />
'''Git'''<br />
*[https://www.codecademy.com/learn/learn-git Git] courses on Codecademy will get you kickstarted.<br />
<br />
= Contact & Feedback =<br />
If you have any further questions or comments, then you are free to contact me at artur at kerge (dot) eu or for non-urgent things, start a discussion on the page and/or edit it straight away. Also you can [http://kerge.eu/ check out my awesome homepage]!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User:Akerge&diff=104986User:Akerge2016-07-04T18:03:55Z<p>Akerge: /* List of booksellers */</p>
<hr />
<div>As the study builds up bit by bit, then,<br />
<blockquote>He, who collects no bit, gets no byte!</blockquote><br />
<br />
'''This is a work in progress:'''<br />
<br />
__TOC__<br />
<br />
= Survival Guide for Students of Cybersecurity Engineering (CSE) =<br />
<br />
This is an ongoing project from the alpha tester. All suggestions are purely recommendations that I wish I knew before the beginning of the school. <br />
<br />
Prepare to your [[#Mindset | mindset]], as the first semester will be the most challenging and it should get easier once you [https://www.thrillist.com/health/nation/how-to-become-a-morning-person acquire the rhythm that suits] best for you. The tempo for studying is somewhat high if you haven't in a while or come from straight out of college without any previous knowledge of computers. Make mistakes, ask questions, put in some effort and you'll be fine.<br />
<br />
= Mindset =<br />
[[File:Mindset.gif|200px|thumb|right|alt=Fixed vs growth mindset graphic.|Fixed vs growth mindset. Author of the graphic is [http://nigelholmes.com/ Nigel Holmes.] You can [http://www.zazzle.com/mindset_poster_by_nigel_holmes-228303290595592374 order a print from here.]]]<br />
Write down why you decided to apply to this school, for this curriculum. If you haven't done so far, accept your to mistakes. Nobody's perfect and that's how we learn -- by making mistakes. Putting in effort goes a long way. Here are some helpful questions that I copied from [http://www.amazon.co.uk/Mindset-How-Fulfil-Your-Potential/dp/1780332009/ Carol S. Dweck's book "Mindset"]:<br />
<br />
*What are the opportunities for learning and growth today?<br />
*When, where and how will I embark on my plan?<br />
*When, where and how will I act on my new plan?<br />
<br />
= Before the Start of Academical Year =<br />
<br />
In order of importance. Or not, take your pick what's important to you.<br />
<br />
* Follow the news of the industry if you don't do so already. Get a RSS/Atom reader and follow the various news feeds.<br />
<br />
* Read [https://en.wikipedia.org/wiki/The_Hacker_Ethic_and_the_Spirit_of_the_Information_Age 'Hacker ethic' by Pekka Himanen].<br />
<br />
* Familiarise yourself with Discrete Math ∨ suffer. One can find several books online, although printed ones are superior to electronic ones, unless one prefers e-readers. Second hand books in a readable state are rather cheap online. See [[#Textbooks for Discrete Math|list of math textbooks]] in booksellers list in [[#Resources|resources]]. Bear in mind that one book is enough and I've heard that it may be even possible to find such books online in PDF format.<br />
<br />
* Learn JAVA as much as you can before, so you can study more in class and/or do your project meanwhile. See [[#Learning resources|list of learning resources]] for links.<br />
* If possible, move closer to school or dormitory to cut down time on the commute.<br />
* Learn to cook. By cooking I don't mean seasoning boiled noodles. [http://imgur.com/a/XGaog Here's a fine example].<br />
<br />
= During =<br />
Majority of the following can be started before the beginning of school year to get in gear.<br />
* '''Learn to learn'''. This is the most difficult part. <br />
* '''Structure your time'''. Congrats if you're doing well with it.<br />
* Try to '''keep developing the learning habit and stick to the routine''' or figure out what works best for you.<br />
* '''There are no stupid questions'''. Get over the fear of asking questions. The more the merrier. How to ask good questions is another story altogether. Look it up.<br />
* '''Get plenty of rest'''. 8 hours per night, if possible.<br />
* '''Stay healthy''' -- invest in vitamins, especially vitamin D in winter due to lack of sun and Ginseng and/or Rhodiola extracts to keep you up and going.<br />
* '''Attend the classes'''. Recordings are made, but they are not a substitution to attendance.<br />
** Or if learning curve is too steep, skip the unnecessary classes and learn meanwhile, but really do it, don't imagine it doing. Prioritise classes.<br />
* Attend hackathons. Awesome places for networking and getting some hacker-cred!<br />
<br />
== Problems ==<br />
* If there is a problem, solve it or seek help. Unattended problems tend to grow out of hand.<br />
** If the problem is in curriculum or school, go see a study counsellor. They are best informed regarding school matters.<br />
**If the problem is of an emotional kind and/or related to depression, motivation you can seek help from the psychologist who speaks English and operates in TUT. The contact is counsellor at ttu (dot) ee. [https://translate.google.com/translate?sl=et&tl=en&js=y&prev=_t&hl=et&ie=UTF-8&u=http%3A%2F%2Fttu.ee%2Ftudengile%2Fnoustamine%2Fpsuhholoogiline-noustamine%2F&edit-text= Google translated page can be found here].<br />
* ''Ex unitate vires'' -- the strength of unity. Get to know your coursemates. Learning together and/or teaching each other is a simple solution for difficult problems.<br />
<br />
== Classes ==<br />
In the beginning of first semester you have 6 courses. It's going to be mad, so do as much as possible at school. Stay late, as college building is a surprisingly good place to study. Also, if you comprehend a little Estonian, attend the weekend classes for distance learning students: if you fail to comprehend something in Java or Math then this is a good way to recap.<br />
<br />
== Semester 1 ==<br />
<br />
=== [https://www.netacad.com/ Basic Networking] ===<br />
Cisco Networking Academy's course read by Roman Kuchin, by the end of which you'll get a CCNA certificate (if you pass). Be aware that the tempo is quite high - 2 Cisco semesters during fall semester! That is 8 weeks per Cisco semester, which consists of parts 1 and 2, so 25 labs per semester, about 50 in total, about hour to hour and a half per lab, plus chapter exams. Read, the chapter and do the chapter exam on netacad and read for the next lecture. This way you'll understand better what is said during the lecture. Also, this course is a prerequisite for [[#Introduction to Cyber Security|Intro to CS]]. Again, collaborate! If in hurry, do the labs on packet tracer but nothing beats doing them IRL.<br />
<br />
'''Grading:''' Online exams and practical labs must be done before the exam date (preferably by Christmas), to be admitted to the exam, which is in late January.<br />
<br />
=== Basic Programming ===<br />
Which is Java and is read by Mikk Mangus. If I would take this again, I'd skip the classes and study the book & practice more on my own. Practicums are sometimes interesting. There is no homework, sometimes lecturer remembers to remind to read a chapter from ''[http://math.hws.edu/javanotes/ the book]''. The pace is a chapter per week.<br />
<br />
'''Grading:''' Two tests in November, your own project by the beginning of December and exam in January. Own project can be anything but has to have several classes and have a git repository.<br />
<br />
=== [http://www.cs.ioc.ee/ITKDM/ Logic and Discrete Mathematics] ===<br />
You know math or are good at it? Help others out. Seriously, this is the most difficult subject. It is read by the professor [http://cs.ioc.ee/dept/staff/jaan.html Jaan Penjam] from Institute of Cybernetics, TUT. Recommend getting a textbook.<br />
<br />
'''Grading:''' Ongoing quizzes (9*2%) in practicum, after lecture. Midterm test (20%) and a final test (20%) before exam (42%) in January.<br />
<br />
=== [https://wiki.itcollege.ee/index.php/Category:I600_Introduction_to_Computers_and_Informatics Introduction to Informatics and Computers] ===<br />
The basics of computers with some in-depth stuff, like debugging VHDL. Read by Lauri Võsandi.<br />
<br />
'''Grading:''' Ongoing assessment in practicums and exam in January.<br />
<br />
=== Social, Ethical and Professional Issues in IT ===<br />
Rather interesting lectures read by [http://www.kakupesa.ee/ Kaido Kikkas] on computer and hacker history and related topics.<br />
<br />
'''Grading:''' A quiz in the first practicum about computer related history and trivia in a computer lab where you'll be using the Web to find the answers. Practicum attendance is a must, max 3 total non-attendances allowed. 1-2 written essays (2k words) with presentations.<br />
<br />
=== Oral and Written Communication Skills ===<br />
Valuable English language taught by Kärt Rummel. Be prepared to get over stage fright as you will have to present your writings (letters of motivation, informative and persuasive arguments etc) in front of your class.<br />
<br />
'''Grading:''' Ongoing assessment - do your homework, attend your classes and you'll be fine. >=51% rate of attendance and participation in final round-table is necessary to pass.<br />
<br />
== Semester 2 ==<br />
Coming soon!<br />
=== [[Introduction to Cyber Security]] ===<br />
Networking is a pre-requisite.<br />
<br />
*Programming<br />
*SysOp<br />
*Security<br />
<br />
Security is not a state but a process. Make sure your network is more secure than your neighbour's. Don't trust technology - it does not solve the problem, it moves the problem to some other place. Test your security. DevOps + enemy's tools.<br />
<br />
=== [http://cs.ioc.ee/ITKStat/ Statistics] ===<br />
<br />
<br />
[https://www.khanacademy.org/math/probability/statistics-inferential Inferential Statistics]<br />
<br />
[https://www.khanacademy.org/math/probability/descriptive-statistics Descriptive Statistics]<br />
<br />
[https://www.datacamp.com/courses/intro-to-statistics-with-r-student-s-t-test Intro to t-tests]<br />
<br />
= After =<br />
As with a good graphic designer, your work (probably) will not be noticed or commended unless something goes (horribly) wrong. <br />
Paraphrased from [https://www.erowid.org/general/about/about_article16.shtml Erowid's Sysadmin] article.<br />
<br />
Never stop being curious. There is a Calvin and Hobbes comic that (maybe) illustrates this perfectly but I spent too much time searching it and got distracted by imgur so maybe it will be here by the end of my studies.<br />
<br />
= Resources =<br />
<br />
=== Textbooks for Discrete Math ===<br />
<br />
As recommended by math professor on his [http://www.cs.ioc.ee/ITKDM/ homepage].<br />
* Susanna S. Epp's book is supposedly easier to follow, although with any book time and practice are prerequisites to gain knowledge on the subject. <br />
* Kenneth H. Rosen's 'Discrete Mathematics and Its Applications' is suggested by [http://www.cs.ioc.ee/ITKDM/ Disc. Math professor]. If you go with this one, also get the 'Student Solutions Guide For Discrete Mathematics And Its Applications' as well. At the time of writing, the newest version is 7th edition but new ones cost in multiples more. The difference is probably minimal errata.<br />
* 'Schaum's Outline of Discrete Mathematics' by S.Lipschutz and M.Lipson is another recommendation as well as 'Discrete mathematics: elementary and beyond' by L. Lovász, J. Pelikán and K. Vesztergombi.<br />
<br />
=== List of booksellers ===<br />
<br />
In order of personal preference.<br />
<br />
[https://www.amazon.co.uk/ Amazon] in £. Listing update is slow. Had one book refunded due to it. Although, as the prices for books might be cheaper than in EU, it is a hassle to get all the necessary books from one seller because of the (relatively) pricey shipping fees. On the other hand, if you're lucky, then the courier will bring the order to your doorstep.<br />
<br />
[https://www.ebay.ie/ eBay] in €! Usually mail order, prices and shipping costs are varied. Any parcel bigger than A4 envelope and 20 mm thickness will be kept at your local postal branch and you'll get a notification by snail mail or an SMS if there's a phone number on address slip.<br />
<br />
[https://www.abebooks.co.uk/ AbeBooks] in £. Lists European booksellers as well. Pricey shipping. €8 per book from UK?!<br />
<br />
[https://www.bookdepository.com/ Book Deposiory] in €.<br />
<br />
[https://www.thriftbooks.com/ ThriftBooks] in $. Unfortunately no personal experience with the last three.<br />
<br />
=== Learning resources ===<br />
<br />
'''Java'''<br />
*Heres a [https://www.youtube.com/watch?v=TBWX97e1E9g&list=PLE7E8B7F4856C9B19 'quite OK' Java Video Tutorial] from [http://itk.arti.ee/ Arti Zirk's ITC webpage].<br />
<br />
*[https://www.codecademy.com/ Codecademy's] [https://www.codecademy.com/learn/learn-java Java] is a nice place to remind oneself basics of Java.<br />
<br />
*[http://www.codingbat.com/ Codingbat] is an awesome place for Java problems.<br />
<br />
*David Eck's book [http://math.hws.edu/javanotes/ Java Notes] is well put together book introducing Java. Homework in class.<br />
'''Git'''<br />
*[https://www.codecademy.com/learn/learn-git Git] courses on Codecademy will get you kickstarted.<br />
<br />
= Contact & Feedback =<br />
If you have any further questions or comments, then you are free to contact me at artur at kerge (dot) eu or for non-urgent things, start a discussion on the page and/or edit it straight away. Also you can [http://kerge.eu/ check out my awesome homepage]!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User:Akerge&diff=104985User:Akerge2016-07-04T18:03:36Z<p>Akerge: /* List of booksellers */</p>
<hr />
<div>As the study builds up bit by bit, then,<br />
<blockquote>He, who collects no bit, gets no byte!</blockquote><br />
<br />
'''This is a work in progress:'''<br />
<br />
__TOC__<br />
<br />
= Survival Guide for Students of Cybersecurity Engineering (CSE) =<br />
<br />
This is an ongoing project from the alpha tester. All suggestions are purely recommendations that I wish I knew before the beginning of the school. <br />
<br />
Prepare to your [[#Mindset | mindset]], as the first semester will be the most challenging and it should get easier once you [https://www.thrillist.com/health/nation/how-to-become-a-morning-person acquire the rhythm that suits] best for you. The tempo for studying is somewhat high if you haven't in a while or come from straight out of college without any previous knowledge of computers. Make mistakes, ask questions, put in some effort and you'll be fine.<br />
<br />
= Mindset =<br />
[[File:Mindset.gif|200px|thumb|right|alt=Fixed vs growth mindset graphic.|Fixed vs growth mindset. Author of the graphic is [http://nigelholmes.com/ Nigel Holmes.] You can [http://www.zazzle.com/mindset_poster_by_nigel_holmes-228303290595592374 order a print from here.]]]<br />
Write down why you decided to apply to this school, for this curriculum. If you haven't done so far, accept your to mistakes. Nobody's perfect and that's how we learn -- by making mistakes. Putting in effort goes a long way. Here are some helpful questions that I copied from [http://www.amazon.co.uk/Mindset-How-Fulfil-Your-Potential/dp/1780332009/ Carol S. Dweck's book "Mindset"]:<br />
<br />
*What are the opportunities for learning and growth today?<br />
*When, where and how will I embark on my plan?<br />
*When, where and how will I act on my new plan?<br />
<br />
= Before the Start of Academical Year =<br />
<br />
In order of importance. Or not, take your pick what's important to you.<br />
<br />
* Follow the news of the industry if you don't do so already. Get a RSS/Atom reader and follow the various news feeds.<br />
<br />
* Read [https://en.wikipedia.org/wiki/The_Hacker_Ethic_and_the_Spirit_of_the_Information_Age 'Hacker ethic' by Pekka Himanen].<br />
<br />
* Familiarise yourself with Discrete Math ∨ suffer. One can find several books online, although printed ones are superior to electronic ones, unless one prefers e-readers. Second hand books in a readable state are rather cheap online. See [[#Textbooks for Discrete Math|list of math textbooks]] in booksellers list in [[#Resources|resources]]. Bear in mind that one book is enough and I've heard that it may be even possible to find such books online in PDF format.<br />
<br />
* Learn JAVA as much as you can before, so you can study more in class and/or do your project meanwhile. See [[#Learning resources|list of learning resources]] for links.<br />
* If possible, move closer to school or dormitory to cut down time on the commute.<br />
* Learn to cook. By cooking I don't mean seasoning boiled noodles. [http://imgur.com/a/XGaog Here's a fine example].<br />
<br />
= During =<br />
Majority of the following can be started before the beginning of school year to get in gear.<br />
* '''Learn to learn'''. This is the most difficult part. <br />
* '''Structure your time'''. Congrats if you're doing well with it.<br />
* Try to '''keep developing the learning habit and stick to the routine''' or figure out what works best for you.<br />
* '''There are no stupid questions'''. Get over the fear of asking questions. The more the merrier. How to ask good questions is another story altogether. Look it up.<br />
* '''Get plenty of rest'''. 8 hours per night, if possible.<br />
* '''Stay healthy''' -- invest in vitamins, especially vitamin D in winter due to lack of sun and Ginseng and/or Rhodiola extracts to keep you up and going.<br />
* '''Attend the classes'''. Recordings are made, but they are not a substitution to attendance.<br />
** Or if learning curve is too steep, skip the unnecessary classes and learn meanwhile, but really do it, don't imagine it doing. Prioritise classes.<br />
* Attend hackathons. Awesome places for networking and getting some hacker-cred!<br />
<br />
== Problems ==<br />
* If there is a problem, solve it or seek help. Unattended problems tend to grow out of hand.<br />
** If the problem is in curriculum or school, go see a study counsellor. They are best informed regarding school matters.<br />
**If the problem is of an emotional kind and/or related to depression, motivation you can seek help from the psychologist who speaks English and operates in TUT. The contact is counsellor at ttu (dot) ee. [https://translate.google.com/translate?sl=et&tl=en&js=y&prev=_t&hl=et&ie=UTF-8&u=http%3A%2F%2Fttu.ee%2Ftudengile%2Fnoustamine%2Fpsuhholoogiline-noustamine%2F&edit-text= Google translated page can be found here].<br />
* ''Ex unitate vires'' -- the strength of unity. Get to know your coursemates. Learning together and/or teaching each other is a simple solution for difficult problems.<br />
<br />
== Classes ==<br />
In the beginning of first semester you have 6 courses. It's going to be mad, so do as much as possible at school. Stay late, as college building is a surprisingly good place to study. Also, if you comprehend a little Estonian, attend the weekend classes for distance learning students: if you fail to comprehend something in Java or Math then this is a good way to recap.<br />
<br />
== Semester 1 ==<br />
<br />
=== [https://www.netacad.com/ Basic Networking] ===<br />
Cisco Networking Academy's course read by Roman Kuchin, by the end of which you'll get a CCNA certificate (if you pass). Be aware that the tempo is quite high - 2 Cisco semesters during fall semester! That is 8 weeks per Cisco semester, which consists of parts 1 and 2, so 25 labs per semester, about 50 in total, about hour to hour and a half per lab, plus chapter exams. Read, the chapter and do the chapter exam on netacad and read for the next lecture. This way you'll understand better what is said during the lecture. Also, this course is a prerequisite for [[#Introduction to Cyber Security|Intro to CS]]. Again, collaborate! If in hurry, do the labs on packet tracer but nothing beats doing them IRL.<br />
<br />
'''Grading:''' Online exams and practical labs must be done before the exam date (preferably by Christmas), to be admitted to the exam, which is in late January.<br />
<br />
=== Basic Programming ===<br />
Which is Java and is read by Mikk Mangus. If I would take this again, I'd skip the classes and study the book & practice more on my own. Practicums are sometimes interesting. There is no homework, sometimes lecturer remembers to remind to read a chapter from ''[http://math.hws.edu/javanotes/ the book]''. The pace is a chapter per week.<br />
<br />
'''Grading:''' Two tests in November, your own project by the beginning of December and exam in January. Own project can be anything but has to have several classes and have a git repository.<br />
<br />
=== [http://www.cs.ioc.ee/ITKDM/ Logic and Discrete Mathematics] ===<br />
You know math or are good at it? Help others out. Seriously, this is the most difficult subject. It is read by the professor [http://cs.ioc.ee/dept/staff/jaan.html Jaan Penjam] from Institute of Cybernetics, TUT. Recommend getting a textbook.<br />
<br />
'''Grading:''' Ongoing quizzes (9*2%) in practicum, after lecture. Midterm test (20%) and a final test (20%) before exam (42%) in January.<br />
<br />
=== [https://wiki.itcollege.ee/index.php/Category:I600_Introduction_to_Computers_and_Informatics Introduction to Informatics and Computers] ===<br />
The basics of computers with some in-depth stuff, like debugging VHDL. Read by Lauri Võsandi.<br />
<br />
'''Grading:''' Ongoing assessment in practicums and exam in January.<br />
<br />
=== Social, Ethical and Professional Issues in IT ===<br />
Rather interesting lectures read by [http://www.kakupesa.ee/ Kaido Kikkas] on computer and hacker history and related topics.<br />
<br />
'''Grading:''' A quiz in the first practicum about computer related history and trivia in a computer lab where you'll be using the Web to find the answers. Practicum attendance is a must, max 3 total non-attendances allowed. 1-2 written essays (2k words) with presentations.<br />
<br />
=== Oral and Written Communication Skills ===<br />
Valuable English language taught by Kärt Rummel. Be prepared to get over stage fright as you will have to present your writings (letters of motivation, informative and persuasive arguments etc) in front of your class.<br />
<br />
'''Grading:''' Ongoing assessment - do your homework, attend your classes and you'll be fine. >=51% rate of attendance and participation in final round-table is necessary to pass.<br />
<br />
== Semester 2 ==<br />
Coming soon!<br />
=== [[Introduction to Cyber Security]] ===<br />
Networking is a pre-requisite.<br />
<br />
*Programming<br />
*SysOp<br />
*Security<br />
<br />
Security is not a state but a process. Make sure your network is more secure than your neighbour's. Don't trust technology - it does not solve the problem, it moves the problem to some other place. Test your security. DevOps + enemy's tools.<br />
<br />
=== [http://cs.ioc.ee/ITKStat/ Statistics] ===<br />
<br />
<br />
[https://www.khanacademy.org/math/probability/statistics-inferential Inferential Statistics]<br />
<br />
[https://www.khanacademy.org/math/probability/descriptive-statistics Descriptive Statistics]<br />
<br />
[https://www.datacamp.com/courses/intro-to-statistics-with-r-student-s-t-test Intro to t-tests]<br />
<br />
= After =<br />
As with a good graphic designer, your work (probably) will not be noticed or commended unless something goes (horribly) wrong. <br />
Paraphrased from [https://www.erowid.org/general/about/about_article16.shtml Erowid's Sysadmin] article.<br />
<br />
Never stop being curious. There is a Calvin and Hobbes comic that (maybe) illustrates this perfectly but I spent too much time searching it and got distracted by imgur so maybe it will be here by the end of my studies.<br />
<br />
= Resources =<br />
<br />
=== Textbooks for Discrete Math ===<br />
<br />
As recommended by math professor on his [http://www.cs.ioc.ee/ITKDM/ homepage].<br />
* Susanna S. Epp's book is supposedly easier to follow, although with any book time and practice are prerequisites to gain knowledge on the subject. <br />
* Kenneth H. Rosen's 'Discrete Mathematics and Its Applications' is suggested by [http://www.cs.ioc.ee/ITKDM/ Disc. Math professor]. If you go with this one, also get the 'Student Solutions Guide For Discrete Mathematics And Its Applications' as well. At the time of writing, the newest version is 7th edition but new ones cost in multiples more. The difference is probably minimal errata.<br />
* 'Schaum's Outline of Discrete Mathematics' by S.Lipschutz and M.Lipson is another recommendation as well as 'Discrete mathematics: elementary and beyond' by L. Lovász, J. Pelikán and K. Vesztergombi.<br />
<br />
=== List of booksellers ===<br />
<br />
In order of personal preference.<br />
<br />
[https://www.amazon.co.uk/ Amazon] in £. Listing update is slow. Had one book refunded due to it. Although, as the prices for books might be cheaper than in EU, it is a hassle to get all the necessary books from one seller because of the (relatively) pricey shipping fees. On the other hand, if you're lucky, then the courier will bring the order to your doorstep.<br />
<br />
[https://www.ebay.ie/ eBay] in €! Usually mail order, prices and shipping costs are varied. Any parcel bigger than A4 envelope and 20 mm thickness will be kept at your local postal branch and you'll get a notification by snail mail or an SMS if there's a phone number on address slip.<br />
<br />
[https://www.abebooks.co.uk/ AbeBooks] in £. Lists European booksellers as well. Pricey shipping. €8 per book from UK?!<br />
<br />
[https://www.bookdepository.com/ Book Deposiory] in 4 €.<br />
<br />
[https://www.thriftbooks.com/ ThriftBooks] in $. Unfortunately no personal experience with the last three.<br />
<br />
=== Learning resources ===<br />
<br />
'''Java'''<br />
*Heres a [https://www.youtube.com/watch?v=TBWX97e1E9g&list=PLE7E8B7F4856C9B19 'quite OK' Java Video Tutorial] from [http://itk.arti.ee/ Arti Zirk's ITC webpage].<br />
<br />
*[https://www.codecademy.com/ Codecademy's] [https://www.codecademy.com/learn/learn-java Java] is a nice place to remind oneself basics of Java.<br />
<br />
*[http://www.codingbat.com/ Codingbat] is an awesome place for Java problems.<br />
<br />
*David Eck's book [http://math.hws.edu/javanotes/ Java Notes] is well put together book introducing Java. Homework in class.<br />
'''Git'''<br />
*[https://www.codecademy.com/learn/learn-git Git] courses on Codecademy will get you kickstarted.<br />
<br />
= Contact & Feedback =<br />
If you have any further questions or comments, then you are free to contact me at artur at kerge (dot) eu or for non-urgent things, start a discussion on the page and/or edit it straight away. Also you can [http://kerge.eu/ check out my awesome homepage]!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User:Akerge&diff=104984User:Akerge2016-07-04T18:02:02Z<p>Akerge: /* Semester 1 */</p>
<hr />
<div>As the study builds up bit by bit, then,<br />
<blockquote>He, who collects no bit, gets no byte!</blockquote><br />
<br />
'''This is a work in progress:'''<br />
<br />
__TOC__<br />
<br />
= Survival Guide for Students of Cybersecurity Engineering (CSE) =<br />
<br />
This is an ongoing project from the alpha tester. All suggestions are purely recommendations that I wish I knew before the beginning of the school. <br />
<br />
Prepare to your [[#Mindset | mindset]], as the first semester will be the most challenging and it should get easier once you [https://www.thrillist.com/health/nation/how-to-become-a-morning-person acquire the rhythm that suits] best for you. The tempo for studying is somewhat high if you haven't in a while or come from straight out of college without any previous knowledge of computers. Make mistakes, ask questions, put in some effort and you'll be fine.<br />
<br />
= Mindset =<br />
[[File:Mindset.gif|200px|thumb|right|alt=Fixed vs growth mindset graphic.|Fixed vs growth mindset. Author of the graphic is [http://nigelholmes.com/ Nigel Holmes.] You can [http://www.zazzle.com/mindset_poster_by_nigel_holmes-228303290595592374 order a print from here.]]]<br />
Write down why you decided to apply to this school, for this curriculum. If you haven't done so far, accept your to mistakes. Nobody's perfect and that's how we learn -- by making mistakes. Putting in effort goes a long way. Here are some helpful questions that I copied from [http://www.amazon.co.uk/Mindset-How-Fulfil-Your-Potential/dp/1780332009/ Carol S. Dweck's book "Mindset"]:<br />
<br />
*What are the opportunities for learning and growth today?<br />
*When, where and how will I embark on my plan?<br />
*When, where and how will I act on my new plan?<br />
<br />
= Before the Start of Academical Year =<br />
<br />
In order of importance. Or not, take your pick what's important to you.<br />
<br />
* Follow the news of the industry if you don't do so already. Get a RSS/Atom reader and follow the various news feeds.<br />
<br />
* Read [https://en.wikipedia.org/wiki/The_Hacker_Ethic_and_the_Spirit_of_the_Information_Age 'Hacker ethic' by Pekka Himanen].<br />
<br />
* Familiarise yourself with Discrete Math ∨ suffer. One can find several books online, although printed ones are superior to electronic ones, unless one prefers e-readers. Second hand books in a readable state are rather cheap online. See [[#Textbooks for Discrete Math|list of math textbooks]] in booksellers list in [[#Resources|resources]]. Bear in mind that one book is enough and I've heard that it may be even possible to find such books online in PDF format.<br />
<br />
* Learn JAVA as much as you can before, so you can study more in class and/or do your project meanwhile. See [[#Learning resources|list of learning resources]] for links.<br />
* If possible, move closer to school or dormitory to cut down time on the commute.<br />
* Learn to cook. By cooking I don't mean seasoning boiled noodles. [http://imgur.com/a/XGaog Here's a fine example].<br />
<br />
= During =<br />
Majority of the following can be started before the beginning of school year to get in gear.<br />
* '''Learn to learn'''. This is the most difficult part. <br />
* '''Structure your time'''. Congrats if you're doing well with it.<br />
* Try to '''keep developing the learning habit and stick to the routine''' or figure out what works best for you.<br />
* '''There are no stupid questions'''. Get over the fear of asking questions. The more the merrier. How to ask good questions is another story altogether. Look it up.<br />
* '''Get plenty of rest'''. 8 hours per night, if possible.<br />
* '''Stay healthy''' -- invest in vitamins, especially vitamin D in winter due to lack of sun and Ginseng and/or Rhodiola extracts to keep you up and going.<br />
* '''Attend the classes'''. Recordings are made, but they are not a substitution to attendance.<br />
** Or if learning curve is too steep, skip the unnecessary classes and learn meanwhile, but really do it, don't imagine it doing. Prioritise classes.<br />
* Attend hackathons. Awesome places for networking and getting some hacker-cred!<br />
<br />
== Problems ==<br />
* If there is a problem, solve it or seek help. Unattended problems tend to grow out of hand.<br />
** If the problem is in curriculum or school, go see a study counsellor. They are best informed regarding school matters.<br />
**If the problem is of an emotional kind and/or related to depression, motivation you can seek help from the psychologist who speaks English and operates in TUT. The contact is counsellor at ttu (dot) ee. [https://translate.google.com/translate?sl=et&tl=en&js=y&prev=_t&hl=et&ie=UTF-8&u=http%3A%2F%2Fttu.ee%2Ftudengile%2Fnoustamine%2Fpsuhholoogiline-noustamine%2F&edit-text= Google translated page can be found here].<br />
* ''Ex unitate vires'' -- the strength of unity. Get to know your coursemates. Learning together and/or teaching each other is a simple solution for difficult problems.<br />
<br />
== Classes ==<br />
In the beginning of first semester you have 6 courses. It's going to be mad, so do as much as possible at school. Stay late, as college building is a surprisingly good place to study. Also, if you comprehend a little Estonian, attend the weekend classes for distance learning students: if you fail to comprehend something in Java or Math then this is a good way to recap.<br />
<br />
== Semester 1 ==<br />
<br />
=== [https://www.netacad.com/ Basic Networking] ===<br />
Cisco Networking Academy's course read by Roman Kuchin, by the end of which you'll get a CCNA certificate (if you pass). Be aware that the tempo is quite high - 2 Cisco semesters during fall semester! That is 8 weeks per Cisco semester, which consists of parts 1 and 2, so 25 labs per semester, about 50 in total, about hour to hour and a half per lab, plus chapter exams. Read, the chapter and do the chapter exam on netacad and read for the next lecture. This way you'll understand better what is said during the lecture. Also, this course is a prerequisite for [[#Introduction to Cyber Security|Intro to CS]]. Again, collaborate! If in hurry, do the labs on packet tracer but nothing beats doing them IRL.<br />
<br />
'''Grading:''' Online exams and practical labs must be done before the exam date (preferably by Christmas), to be admitted to the exam, which is in late January.<br />
<br />
=== Basic Programming ===<br />
Which is Java and is read by Mikk Mangus. If I would take this again, I'd skip the classes and study the book & practice more on my own. Practicums are sometimes interesting. There is no homework, sometimes lecturer remembers to remind to read a chapter from ''[http://math.hws.edu/javanotes/ the book]''. The pace is a chapter per week.<br />
<br />
'''Grading:''' Two tests in November, your own project by the beginning of December and exam in January. Own project can be anything but has to have several classes and have a git repository.<br />
<br />
=== [http://www.cs.ioc.ee/ITKDM/ Logic and Discrete Mathematics] ===<br />
You know math or are good at it? Help others out. Seriously, this is the most difficult subject. It is read by the professor [http://cs.ioc.ee/dept/staff/jaan.html Jaan Penjam] from Institute of Cybernetics, TUT. Recommend getting a textbook.<br />
<br />
'''Grading:''' Ongoing quizzes (9*2%) in practicum, after lecture. Midterm test (20%) and a final test (20%) before exam (42%) in January.<br />
<br />
=== [https://wiki.itcollege.ee/index.php/Category:I600_Introduction_to_Computers_and_Informatics Introduction to Informatics and Computers] ===<br />
The basics of computers with some in-depth stuff, like debugging VHDL. Read by Lauri Võsandi.<br />
<br />
'''Grading:''' Ongoing assessment in practicums and exam in January.<br />
<br />
=== Social, Ethical and Professional Issues in IT ===<br />
Rather interesting lectures read by [http://www.kakupesa.ee/ Kaido Kikkas] on computer and hacker history and related topics.<br />
<br />
'''Grading:''' A quiz in the first practicum about computer related history and trivia in a computer lab where you'll be using the Web to find the answers. Practicum attendance is a must, max 3 total non-attendances allowed. 1-2 written essays (2k words) with presentations.<br />
<br />
=== Oral and Written Communication Skills ===<br />
Valuable English language taught by Kärt Rummel. Be prepared to get over stage fright as you will have to present your writings (letters of motivation, informative and persuasive arguments etc) in front of your class.<br />
<br />
'''Grading:''' Ongoing assessment - do your homework, attend your classes and you'll be fine. >=51% rate of attendance and participation in final round-table is necessary to pass.<br />
<br />
== Semester 2 ==<br />
Coming soon!<br />
=== [[Introduction to Cyber Security]] ===<br />
Networking is a pre-requisite.<br />
<br />
*Programming<br />
*SysOp<br />
*Security<br />
<br />
Security is not a state but a process. Make sure your network is more secure than your neighbour's. Don't trust technology - it does not solve the problem, it moves the problem to some other place. Test your security. DevOps + enemy's tools.<br />
<br />
=== [http://cs.ioc.ee/ITKStat/ Statistics] ===<br />
<br />
<br />
[https://www.khanacademy.org/math/probability/statistics-inferential Inferential Statistics]<br />
<br />
[https://www.khanacademy.org/math/probability/descriptive-statistics Descriptive Statistics]<br />
<br />
[https://www.datacamp.com/courses/intro-to-statistics-with-r-student-s-t-test Intro to t-tests]<br />
<br />
= After =<br />
As with a good graphic designer, your work (probably) will not be noticed or commended unless something goes (horribly) wrong. <br />
Paraphrased from [https://www.erowid.org/general/about/about_article16.shtml Erowid's Sysadmin] article.<br />
<br />
Never stop being curious. There is a Calvin and Hobbes comic that (maybe) illustrates this perfectly but I spent too much time searching it and got distracted by imgur so maybe it will be here by the end of my studies.<br />
<br />
= Resources =<br />
<br />
=== Textbooks for Discrete Math ===<br />
<br />
As recommended by math professor on his [http://www.cs.ioc.ee/ITKDM/ homepage].<br />
* Susanna S. Epp's book is supposedly easier to follow, although with any book time and practice are prerequisites to gain knowledge on the subject. <br />
* Kenneth H. Rosen's 'Discrete Mathematics and Its Applications' is suggested by [http://www.cs.ioc.ee/ITKDM/ Disc. Math professor]. If you go with this one, also get the 'Student Solutions Guide For Discrete Mathematics And Its Applications' as well. At the time of writing, the newest version is 7th edition but new ones cost in multiples more. The difference is probably minimal errata.<br />
* 'Schaum's Outline of Discrete Mathematics' by S.Lipschutz and M.Lipson is another recommendation as well as 'Discrete mathematics: elementary and beyond' by L. Lovász, J. Pelikán and K. Vesztergombi.<br />
<br />
=== List of booksellers ===<br />
<br />
In order of personal preference.<br />
<br />
[https://www.amazon.co.uk/ Amazon] in £. Listing update is slow. Had one book refunded due to it. Although, as the prices for books might be cheaper than in EU, it is a hassle to get all the necessary books from one seller because of the (relatively) pricey shipping fees. On the other hand, if you're lucky, then the courier will bring the order to your doorstep.<br />
<br />
[https://www.ebay.ie/ eBay] in €! Usually mail order, prices and shipping costs are varied. Any parcel bigger than A4 envelope and 20 mm thickness will be kept at your local postal branch and you'll get a notification by snail mail or an SMS if there's a phone number on address slip.<br />
<br />
[https://www.abebooks.co.uk/ AbeBooks] in £. Lists European booksellers as well. Pricey shipping. €8 per book from UK?!<br />
<br />
[https://www.thriftbooks.com/ ThriftBooks] in $. Unfortunately no personal experience with the last two.<br />
<br />
=== Learning resources ===<br />
<br />
'''Java'''<br />
*Heres a [https://www.youtube.com/watch?v=TBWX97e1E9g&list=PLE7E8B7F4856C9B19 'quite OK' Java Video Tutorial] from [http://itk.arti.ee/ Arti Zirk's ITC webpage].<br />
<br />
*[https://www.codecademy.com/ Codecademy's] [https://www.codecademy.com/learn/learn-java Java] is a nice place to remind oneself basics of Java.<br />
<br />
*[http://www.codingbat.com/ Codingbat] is an awesome place for Java problems.<br />
<br />
*David Eck's book [http://math.hws.edu/javanotes/ Java Notes] is well put together book introducing Java. Homework in class.<br />
'''Git'''<br />
*[https://www.codecademy.com/learn/learn-git Git] courses on Codecademy will get you kickstarted.<br />
<br />
= Contact & Feedback =<br />
If you have any further questions or comments, then you are free to contact me at artur at kerge (dot) eu or for non-urgent things, start a discussion on the page and/or edit it straight away. Also you can [http://kerge.eu/ check out my awesome homepage]!</div>Akergehttps://wiki.itcollege.ee/index.php?title=Talk:Irssi&diff=104329Talk:Irssi2016-06-05T10:44:28Z<p>Akerge: Blanked the page</p>
<hr />
<div></div>Akergehttps://wiki.itcollege.ee/index.php?title=Irssi&diff=104328Irssi2016-06-05T10:42:35Z<p>Akerge: /* Summary */</p>
<hr />
<div>[[File:Irssi.png|thumb|right|alt=A screenshot of Irssi in action.|Irssi screenshot with /nick command entered.]]<br />
<br />
'''The''' command line IRC client. Irssi is FOSS (licensed under the GPLv2) and is available for Linux, BSD, Solaris, Apple and with [https://www.cygwin.com/ Cygwin] on Windows. It was developed by [http://icecap.irssi2.org/ Timo Sirainen] and was released in the beginning of 1999. It is highly customizable, for example with themes and it is possible to to use other instant messaging communication through it.<br />
<br />
== Installing ==<br />
<br />
With other package managers, distros and platforms, please see the [https://irssi.org/download/ following link].<br />
<br />
With apt: <br />
<br/><code>sudo apt-get install irssi</code><br />
<br />
It is rather light-weight, being only 2 392 kB on disk.<br />
<br />
== Getting around ==<br />
<br />
=== Connecting ===<br />
There are several IRC servers still alive and going strong. In this example we shall be connecting to the closest freenode server, located in Finland. Physical distance is not an issue nowadays, but imagine being stuck on a 56 kB modem with top speeds through dial-up and the copper wire being about 12 kB, maxing out at 30 kB, if local.<br />
<br />
* Open terminal (Ctrl+Alt+T) and type: <code>irssi</code><br />
* <code>/connect rajaniemi.freenode.net</code> Closest freenode server.<br />
* <code>/join itcollege</code><br />
<br />
Joining channels usually requires a #-sign, for example #mozilla. Irssi adds it behind the scenes so it can be omitted.<br />
<br />
=== Window Switching ===<br />
<br />
<code>Alt+#</code> combination is used for window switching. For more than nine windows, the row below numbers will be used, for example key combination <code>Alt+q</code> etc. A window can be changed via command as well -- <code>/window #</code>. To close window, type <code>/wc #</code><br />
<br />
== Channel and user configuration ==<br />
<br />
===Name===<br />
<br />
Default nickname (under Ubuntu) will be the computer username. To change it type <code>/nick new-username</code><br />
<br />
Nickname registration is beneficial if one is planning on staying for longer. Also registration prevents nickname abuse.<br />
<br />
<code>/msg nickserv REGISTER <password> <email></code><br />
<br />
=== Channels (chat rooms) ===<br />
<br />
*To list all chat rooms type <code>/list</code> Might not be a good idea to do, considering there are about 12 000 channels. To search for a specific channel might be more useful to search via browser or know beforehand what channel you want to join.<br />
<br />
*Joining you can omit the number sign (#) <code>/join itcollege</code><br />
<br />
*If the channel is unregistered, connected user will receive op (+o more info below) upon entering. Channel can be registered by following command <code>/cs register #channel channelpassword channeldescription</code><br />
** Channelpassword is required to get or give channel ownership access.<br />
** Channeldescription is also required, containing description (duh) or channel purpose.<br />
<br />
*Away message: <code>/away msg</code><br />
<br />
*Quit message: <code>/quit quitmsg</code><br />
<br />
*User query: <code>/q <nick></code><br />
<br />
*List users in a channel: <code>/n</code><br />
<br />
*Private message a user: <code>/m <nick> message</code><br />
<br />
*Display a channels topic: <code>/topic</code><br />
<br />
*Perform an action: <code>/me scratches his nose</code> will look like <code><nick> scratches his nose</code><br />
<br />
*To mark yourself as away: <code>/away away_message</code><br />
<br />
=== User Flags (Roles) ===<br />
<br />
Flags give user control rights or take them away (operator vs banned for example).<br />
<br />
<code>+voice</code> - Enables use of the voice/devoice commands (who can or cannot speak).<br />
<br />
<code>+autovoice</code> - Enables automatic voice.<br />
<br />
<code>+halfop</code> - Enables use of the halfop/dehalfop commands (half rights of op).<br />
<br />
<code>+autohalfop</code> - Enables automatic halfop.<br />
<br />
<code>+op</code> - Enables use of the op/deop commands.<br />
<br />
<code>+autoop</code> - Enables automatic op.<br />
<br />
<code>+protect</code> - Enables use of the protect/deprotect commands.<br />
<br />
<code>+owner</code> - Enables use of the owner/deowner commands.<br />
<br />
<code>+set</code> - Enables use of the set command.<br />
<br />
<code>+invite</code> - Enables use of the invite and getkey commands. For example, when a channel is set to secret.<br />
<br />
<code>+remove</code> - Enables use of the kick, kickban, ban and unban <br />
commands.<br />
<br />
<code>+remove</code> - Enables use of the ban and unban commands.<br />
<br />
<code>+remove</code> - Enables use of the unban command.<br />
<br />
<code>+recover</code> - Enables use of the recover and clear commands.<br />
<br />
<code>+acl-change</code> - Enables modification of channel access <br />
lists.<br />
<br />
<code>+topic</code> - Enables use of the topic and topicappend commands.<br />
<br />
<code>+acl-view</code> - Enables viewing of channel access lists.<br />
<br />
<code>+successor</code> Marks the user as a successor.<br />
<br />
<code>+founder</code> Grants full founder access.<br />
<br />
<code>+banned</code> Enables automatic kickban.<br />
<br />
Previous has been copied from [http://www.stack.nl/~jilles/irc/atheme-help/ Jilles'] ChanServ Atheme (IRC service platform) help file and a local copy can be [http://enos.itcollege.ee/~akerge/irc/ found here].<br />
<br />
*For more thorough channel guide, please see the following file from [http://irchelp.org/irchelp/changuide.html IRC help].<br />
<br />
== Further Customization ==<br />
<br />
To make life easier [https://scripts.irssi.org/ scripts] and [https://irssi-import.github.io/themes/ themes] with further documentation can be found on on [https://irssi.org/ irssi] homepage.<br />
<br />
== Summary ==<br />
<br />
This was a short introduction to IRC and Irssi. So far the best program with minimal GUI that helps user to concentrate on the most important part of IRC - text.<br />
<br />
==References==<br />
<br />
https://www.cygwin.com/<br />
<br />
http://icecap.irssi2.org/<br />
<br />
https://irssi.org/download/<br />
<br />
http://www.stack.nl/~jilles/irc/atheme-help/<br />
<br />
http://irchelp.org/irchelp/changuide.html<br />
<br />
https://scripts.irssi.org/<br />
<br />
https://irssi-import.github.io/themes/<br />
<br />
https://irssi.org/<br />
<br />
http://www.linux.org/threads/irssi-for-beginners.4181/<br />
<br />
http://www.antonfagerberg.com/blog/my-perfect-irssi-setup/<br />
<br />
http://www.irchelp.org/irchelp/irctutorial.html<br />
<br />
At the time of writing a [http://blog.freenode.net/2016/02/recent-events-and-future-changes/ post has appeared on freenode staff blog] rendering their [http://freenode.net/faq.shtml FAQ page] unusable.<br />
<br />
Created and edited by [[User:akerge|Artur Kerge]] in Spring of 2016</div>Akergehttps://wiki.itcollege.ee/index.php?title=Irssi&diff=104327Irssi2016-06-05T10:41:28Z<p>Akerge: /* User Flags */</p>
<hr />
<div>[[File:Irssi.png|thumb|right|alt=A screenshot of Irssi in action.|Irssi screenshot with /nick command entered.]]<br />
<br />
'''The''' command line IRC client. Irssi is FOSS (licensed under the GPLv2) and is available for Linux, BSD, Solaris, Apple and with [https://www.cygwin.com/ Cygwin] on Windows. It was developed by [http://icecap.irssi2.org/ Timo Sirainen] and was released in the beginning of 1999. It is highly customizable, for example with themes and it is possible to to use other instant messaging communication through it.<br />
<br />
== Installing ==<br />
<br />
With other package managers, distros and platforms, please see the [https://irssi.org/download/ following link].<br />
<br />
With apt: <br />
<br/><code>sudo apt-get install irssi</code><br />
<br />
It is rather light-weight, being only 2 392 kB on disk.<br />
<br />
== Getting around ==<br />
<br />
=== Connecting ===<br />
There are several IRC servers still alive and going strong. In this example we shall be connecting to the closest freenode server, located in Finland. Physical distance is not an issue nowadays, but imagine being stuck on a 56 kB modem with top speeds through dial-up and the copper wire being about 12 kB, maxing out at 30 kB, if local.<br />
<br />
* Open terminal (Ctrl+Alt+T) and type: <code>irssi</code><br />
* <code>/connect rajaniemi.freenode.net</code> Closest freenode server.<br />
* <code>/join itcollege</code><br />
<br />
Joining channels usually requires a #-sign, for example #mozilla. Irssi adds it behind the scenes so it can be omitted.<br />
<br />
=== Window Switching ===<br />
<br />
<code>Alt+#</code> combination is used for window switching. For more than nine windows, the row below numbers will be used, for example key combination <code>Alt+q</code> etc. A window can be changed via command as well -- <code>/window #</code>. To close window, type <code>/wc #</code><br />
<br />
== Channel and user configuration ==<br />
<br />
===Name===<br />
<br />
Default nickname (under Ubuntu) will be the computer username. To change it type <code>/nick new-username</code><br />
<br />
Nickname registration is beneficial if one is planning on staying for longer. Also registration prevents nickname abuse.<br />
<br />
<code>/msg nickserv REGISTER <password> <email></code><br />
<br />
=== Channels (chat rooms) ===<br />
<br />
*To list all chat rooms type <code>/list</code> Might not be a good idea to do, considering there are about 12 000 channels. To search for a specific channel might be more useful to search via browser or know beforehand what channel you want to join.<br />
<br />
*Joining you can omit the number sign (#) <code>/join itcollege</code><br />
<br />
*If the channel is unregistered, connected user will receive op (+o more info below) upon entering. Channel can be registered by following command <code>/cs register #channel channelpassword channeldescription</code><br />
** Channelpassword is required to get or give channel ownership access.<br />
** Channeldescription is also required, containing description (duh) or channel purpose.<br />
<br />
*Away message: <code>/away msg</code><br />
<br />
*Quit message: <code>/quit quitmsg</code><br />
<br />
*User query: <code>/q <nick></code><br />
<br />
*List users in a channel: <code>/n</code><br />
<br />
*Private message a user: <code>/m <nick> message</code><br />
<br />
*Display a channels topic: <code>/topic</code><br />
<br />
*Perform an action: <code>/me scratches his nose</code> will look like <code><nick> scratches his nose</code><br />
<br />
*To mark yourself as away: <code>/away away_message</code><br />
<br />
=== User Flags (Roles) ===<br />
<br />
Flags give user control rights or take them away (operator vs banned for example).<br />
<br />
<code>+voice</code> - Enables use of the voice/devoice commands (who can or cannot speak).<br />
<br />
<code>+autovoice</code> - Enables automatic voice.<br />
<br />
<code>+halfop</code> - Enables use of the halfop/dehalfop commands (half rights of op).<br />
<br />
<code>+autohalfop</code> - Enables automatic halfop.<br />
<br />
<code>+op</code> - Enables use of the op/deop commands.<br />
<br />
<code>+autoop</code> - Enables automatic op.<br />
<br />
<code>+protect</code> - Enables use of the protect/deprotect commands.<br />
<br />
<code>+owner</code> - Enables use of the owner/deowner commands.<br />
<br />
<code>+set</code> - Enables use of the set command.<br />
<br />
<code>+invite</code> - Enables use of the invite and getkey commands. For example, when a channel is set to secret.<br />
<br />
<code>+remove</code> - Enables use of the kick, kickban, ban and unban <br />
commands.<br />
<br />
<code>+remove</code> - Enables use of the ban and unban commands.<br />
<br />
<code>+remove</code> - Enables use of the unban command.<br />
<br />
<code>+recover</code> - Enables use of the recover and clear commands.<br />
<br />
<code>+acl-change</code> - Enables modification of channel access <br />
lists.<br />
<br />
<code>+topic</code> - Enables use of the topic and topicappend commands.<br />
<br />
<code>+acl-view</code> - Enables viewing of channel access lists.<br />
<br />
<code>+successor</code> Marks the user as a successor.<br />
<br />
<code>+founder</code> Grants full founder access.<br />
<br />
<code>+banned</code> Enables automatic kickban.<br />
<br />
Previous has been copied from [http://www.stack.nl/~jilles/irc/atheme-help/ Jilles'] ChanServ Atheme (IRC service platform) help file and a local copy can be [http://enos.itcollege.ee/~akerge/irc/ found here].<br />
<br />
*For more thorough channel guide, please see the following file from [http://irchelp.org/irchelp/changuide.html IRC help].<br />
<br />
== Further Customization ==<br />
<br />
To make life easier [https://scripts.irssi.org/ scripts] and [https://irssi-import.github.io/themes/ themes] with further documentation can be found on on [https://irssi.org/ irssi] homepage.<br />
<br />
== Summary ==<br />
<br />
This was a short introduction to IRC and Irssi on command line. So far the best program with minimal GUI that helps user to concentrate on the most important part of IRC - text.<br />
<br />
==References==<br />
<br />
https://www.cygwin.com/<br />
<br />
http://icecap.irssi2.org/<br />
<br />
https://irssi.org/download/<br />
<br />
http://www.stack.nl/~jilles/irc/atheme-help/<br />
<br />
http://irchelp.org/irchelp/changuide.html<br />
<br />
https://scripts.irssi.org/<br />
<br />
https://irssi-import.github.io/themes/<br />
<br />
https://irssi.org/<br />
<br />
http://www.linux.org/threads/irssi-for-beginners.4181/<br />
<br />
http://www.antonfagerberg.com/blog/my-perfect-irssi-setup/<br />
<br />
http://www.irchelp.org/irchelp/irctutorial.html<br />
<br />
At the time of writing a [http://blog.freenode.net/2016/02/recent-events-and-future-changes/ post has appeared on freenode staff blog] rendering their [http://freenode.net/faq.shtml FAQ page] unusable.<br />
<br />
Created and edited by [[User:akerge|Artur Kerge]] in Spring of 2016</div>Akergehttps://wiki.itcollege.ee/index.php?title=Irssi&diff=104325Irssi2016-06-05T10:35:30Z<p>Akerge: added flags</p>
<hr />
<div>[[File:Irssi.png|thumb|right|alt=A screenshot of Irssi in action.|Irssi screenshot with /nick command entered.]]<br />
<br />
'''The''' command line IRC client. Irssi is FOSS (licensed under the GPLv2) and is available for Linux, BSD, Solaris, Apple and with [https://www.cygwin.com/ Cygwin] on Windows. It was developed by [http://icecap.irssi2.org/ Timo Sirainen] and was released in the beginning of 1999. It is highly customizable, for example with themes and it is possible to to use other instant messaging communication through it.<br />
<br />
== Installing ==<br />
<br />
With other package managers, distros and platforms, please see the [https://irssi.org/download/ following link].<br />
<br />
With apt: <br />
<br/><code>sudo apt-get install irssi</code><br />
<br />
It is rather light-weight, being only 2 392 kB on disk.<br />
<br />
== Getting around ==<br />
<br />
=== Connecting ===<br />
There are several IRC servers still alive and going strong. In this example we shall be connecting to the closest freenode server, located in Finland. Physical distance is not an issue nowadays, but imagine being stuck on a 56 kB modem with top speeds through dial-up and the copper wire being about 12 kB, maxing out at 30 kB, if local.<br />
<br />
* Open terminal (Ctrl+Alt+T) and type: <code>irssi</code><br />
* <code>/connect rajaniemi.freenode.net</code> Closest freenode server.<br />
* <code>/join itcollege</code><br />
<br />
Joining channels usually requires a #-sign, for example #mozilla. Irssi adds it behind the scenes so it can be omitted.<br />
<br />
=== Window Switching ===<br />
<br />
<code>Alt+#</code> combination is used for window switching. For more than nine windows, the row below numbers will be used, for example key combination <code>Alt+q</code> etc. A window can be changed via command as well -- <code>/window #</code>. To close window, type <code>/wc #</code><br />
<br />
== Channel and user configuration ==<br />
<br />
===Name===<br />
<br />
Default nickname (under Ubuntu) will be the computer username. To change it type <code>/nick new-username</code><br />
<br />
Nickname registration is beneficial if one is planning on staying for longer. Also registration prevents nickname abuse.<br />
<br />
<code>/msg nickserv REGISTER <password> <email></code><br />
<br />
=== Channels (chat rooms) ===<br />
<br />
*To list all chat rooms type <code>/list</code> Might not be a good idea to do, considering there are about 12 000 channels. To search for a specific channel might be more useful to search via browser or know beforehand what channel you want to join.<br />
<br />
*Joining you can omit the number sign (#) <code>/join itcollege</code><br />
<br />
*If the channel is unregistered, connected user will receive op (+o more info below) upon entering. Channel can be registered by following command <code>/cs register #channel channelpassword channeldescription</code><br />
** Channelpassword is required to get or give channel ownership access.<br />
** Channeldescription is also required, containing description (duh) or channel purpose.<br />
<br />
*Away message: <code>/away msg</code><br />
<br />
*Quit message: <code>/quit quitmsg</code><br />
<br />
*User query: <code>/q <nick></code><br />
<br />
*List users in a channel: <code>/n</code><br />
<br />
*Private message a user: <code>/m <nick> message</code><br />
<br />
*Display a channels topic: <code>/topic</code><br />
<br />
*Perform an action: <code>/me scratches his nose</code> will look like <code><nick> scratches his nose</code><br />
<br />
*To mark yourself as away: <code>/away away_message</code><br />
<br />
=== User Flags ===<br />
<br />
Following has been copied from [http://www.stack.nl/~jilles/irc/atheme-help/ Jilles'] Atheme (IRC service platform) help and a local copy can be [http://enos.itcollege.ee/~akerge/irc/ found here].<br />
<br />
Flags give user rights or take them away (operator vs banned for example).<br />
<br />
<code>+voice</code> - Enables use of the voice/devoice commands (who can or cannot speak).<br />
<br />
<code>+autovoice</code> - Enables automatic voice.<br />
<br />
<code>+halfop</code> - Enables use of the halfop/dehalfop commands.<br />
<br />
<code>+autohalfop</code> - Enables automatic halfop.<br />
<br />
<code>+op</code> - Enables use of the op/deop commands.<br />
<br />
<code>+autoop</code> - Enables automatic op.<br />
<br />
<code>+protect</code> - Enables use of the protect/deprotect commands.<br />
<br />
<code>+owner</code> - Enables use of the owner/deowner commands.<br />
<br />
<code>+set</code> - Enables use of the set command.<br />
<br />
<code>+invite</code> - Enables use of the invite and getkey commands.<br />
<br />
<code>+remove</code> - Enables use of the kick, kickban, ban and unban <br />
commands.<br />
<br />
<code>+remove</code> - Enables use of the ban and unban commands.<br />
<br />
<code>+remove</code> - Enables use of the unban command.<br />
<br />
<code>+recover</code> - Enables use of the recover and clear commands.<br />
<br />
<code>+acl-change</code> - Enables modification of channel access <br />
lists.<br />
<br />
<code>+topic</code> - Enables use of the topic and topicappend commands.<br />
<br />
<code>+acl-view</code> - Enables viewing of channel access lists.<br />
<br />
<code>+successor</code> Marks the user as a successor.<br />
<br />
<code>+founder</code> Grants full founder access.<br />
<br />
<code>+banned</code> Enables automatic kickban.<br />
<br />
*For more thorough channel guide, please see the following file from [http://irchelp.org/irchelp/changuide.html IRC help].<br />
<br />
== Further Customization ==<br />
<br />
To make life easier [https://scripts.irssi.org/ scripts] and [https://irssi-import.github.io/themes/ themes] with further documentation can be found on on [https://irssi.org/ irssi] homepage.<br />
<br />
== Summary ==<br />
<br />
This was a short introduction to IRC and Irssi on command line. So far the best program with minimal GUI that helps user to concentrate on the most important part of IRC - text.<br />
<br />
==References==<br />
<br />
https://www.cygwin.com/<br />
<br />
http://icecap.irssi2.org/<br />
<br />
https://irssi.org/download/<br />
<br />
http://www.stack.nl/~jilles/irc/atheme-help/<br />
<br />
http://irchelp.org/irchelp/changuide.html<br />
<br />
https://scripts.irssi.org/<br />
<br />
https://irssi-import.github.io/themes/<br />
<br />
https://irssi.org/<br />
<br />
http://www.linux.org/threads/irssi-for-beginners.4181/<br />
<br />
http://www.antonfagerberg.com/blog/my-perfect-irssi-setup/<br />
<br />
http://www.irchelp.org/irchelp/irctutorial.html<br />
<br />
At the time of writing a [http://blog.freenode.net/2016/02/recent-events-and-future-changes/ post has appeared on freenode staff blog] rendering their [http://freenode.net/faq.shtml FAQ page] unusable.<br />
<br />
Created and edited by [[User:akerge|Artur Kerge]] in Spring of 2016</div>Akergehttps://wiki.itcollege.ee/index.php?title=Irssi&diff=104321Irssi2016-06-04T11:31:03Z<p>Akerge: added summary</p>
<hr />
<div>__NOTOC__<br />
<br />
[[File:Irssi.png|thumb|right|alt=A screenshot of Irssi in action.|Irssi screenshot with /nick command entered.]]<br />
<br />
'''The''' command line IRC client. Irssi is FOSS (licensed under the GPLv2) and is available for Linux, BSD, Solaris, Apple and with [https://www.cygwin.com/ Cygwin] on Windows. It was developed by [http://icecap.irssi2.org/ Timo Sirainen] and was released in the beginning of 1999. It is highly customizable, for example with themes and it is possible to to use other instant messaging communication through it.<br />
<br />
== Installing ==<br />
<br />
With other package managers, distros and platforms, please see the [https://irssi.org/download/ following link].<br />
<br />
With apt: <code>sudo apt-get install irssi</code><br />
<br />
It is rather light-weight, being only 2 392 kB on disk.<br />
<br />
== Getting around ==<br />
<br />
=== Connecting ===<br />
There are several IRC servers still alive and going strong. In this example we shall be connecting to the closest freenode server, located in Finland. Physical distance is not an issue nowadays, but imagine being stuck on a 56 kB modem with top speeds through dial-up and the copper wire being about 12 kB, maxing out at 30 kB, if local.<br />
<br />
* Open terminal (Ctrl+Alt+T) and type: <code>irssi</code><br />
* <code>/connect rajaniemi.freenode.net</code> <br />
<br />
Closest freenode server.<br />
* <code>/join itcollege</code><br />
<br />
Joining channels usually requires a #-sign, for example #mozilla. Irssi adds it behind the scenes so it can be omitted.<br />
<br />
=== Window Switching ===<br />
<br />
<code>Alt+#</code> combination is used for window switching. For more than nine windows, the row below numbers will be used, for example key combination <code>Alt+q</code> etc. A window can be changed via command as well -- <code>/window #</code>. To close window, type <code>/wc #</code><br />
<br />
===Name===<br />
<br />
Your default nickname (under Ubuntu) will be your computer username. You can change it by entering <code>/nick your-new-username</code><br />
<br />
You should register your nickname if you plan staying for longer and don't want anyone to abuse it, by messaging NickServ <code>/msg nickserv REGISTER <password> <email></code><br />
<br />
=== Channels (chat rooms) ===<br />
<br />
*To list all chat rooms type <code>/list</code> Might not be a good idea to do, considering there are about 12 000 channels. To search for a specific channel might be more useful to search via browser or know beforehand where you want to connect to.<br />
<br />
*Joining you can omit the number sign (#) <code>/join itcollege</code><br />
<br />
*Away message: <code>/away msg</code><br />
<br />
*Quit message: <code>/quit quitmsg</code><br />
<br />
*User query: <code>/q <nick></code><br />
<br />
*List users in a channel: <code>/n</code><br />
<br />
*Private message a user: <code>/m <nick> message</code><br />
<br />
*Display a channels topic: <code>/topic</code><br />
<br />
*Perform an action: <code>/me scratches his nose</code> will look like <code><nick> scratches his nose</code><br />
<br />
*To mark yourself as away: <code>/away away_message</code><br />
<br />
== Further Customization ==<br />
<br />
To make life easier [https://scripts.irssi.org/ scripts] and [https://irssi-import.github.io/themes/ themes] with further documentation can be found on on [https://irssi.org/ irssi] homepage.<br />
<br />
== Summary ==<br />
<br />
This was a short introduction to IRC and Irssi on command line. So far the best program with minimal GUI that helps user to concentrate on the most important part of IRC - text.<br />
<br />
==References==<br />
<br />
https://www.cygwin.com/<br />
<br />
http://icecap.irssi2.org/<br />
<br />
https://irssi.org/download/<br />
<br />
https://scripts.irssi.org/<br />
<br />
https://irssi-import.github.io/themes/<br />
<br />
https://irssi.org/<br />
<br />
http://www.linux.org/threads/irssi-for-beginners.4181/<br />
<br />
http://www.antonfagerberg.com/blog/my-perfect-irssi-setup/<br />
<br />
http://www.irchelp.org/irchelp/irctutorial.html<br />
<br />
At the time of writing a [http://blog.freenode.net/2016/02/recent-events-and-future-changes/ post has appeared on freenode staff blog] rendering their [http://freenode.net/faq.shtml FAQ page] unusable.<br />
<br />
Created and edited by [[User:akerge|Artur Kerge]] in Spring of 2016</div>Akergehttps://wiki.itcollege.ee/index.php?title=Irssi&diff=104320Irssi2016-06-04T11:24:27Z<p>Akerge: edited links</p>
<hr />
<div>__NOTOC__<br />
<br />
[[File:Irssi.png|thumb|right|alt=A screenshot of Irssi in action.|Irssi screenshot with /nick command entered.]]<br />
<br />
'''The''' command line IRC client. Irssi is FOSS (licensed under the GPLv2) and is available for Linux, BSD, Solaris, Apple and with [https://www.cygwin.com/ Cygwin] on Windows. It was developed by [http://icecap.irssi2.org/ Timo Sirainen] and was released in the beginning of 1999. It is highly customizable, for example with themes and it is possible to to use other instant messaging communication through it.<br />
<br />
== Installing ==<br />
<br />
With other package managers, distros and platforms, please see the [https://irssi.org/download/ following link].<br />
<br />
With apt: <code>sudo apt-get install irssi</code><br />
<br />
It is rather light-weight, being only 2 392 kB on disk.<br />
<br />
== Getting around ==<br />
<br />
=== Connecting ===<br />
There are several IRC servers still alive and going strong. In this example we shall be connecting to the closest freenode server, located in Finland. Physical distance is not an issue nowadays, but imagine being stuck on a 56 kB modem with top speeds through dial-up and the copper wire being about 12 kB, maxing out at 30 kB, if local.<br />
<br />
* Open terminal (Ctrl+Alt+T) and type: <code>irssi</code><br />
* <code>/connect rajaniemi.freenode.net</code><br />
* <code>/join itcollege</code> joining channels usually requires a #-sign, for example #mozilla. Irssi adds it for you behind the scenes so you can omit it <br />
<br />
=== Window Switching ===<br />
<br />
<code>Alt+#</code> combination is used for window switching. For more than nine windows, the row below numbers will be used, for example key combination <code>Alt+q</code> etc. A window can be changed via command as well -- <code>/window #</code>. To close window, type <code>/wc #</code><br />
<br />
===Name===<br />
<br />
Your default nickname (under Ubuntu) will be your computer username. You can change it by entering <code>/nick your-new-username</code><br />
<br />
You should register your nickname if you plan staying for longer and don't want anyone to abuse it, by messaging NickServ <code>/msg nickserv REGISTER <password> <email></code><br />
<br />
=== Channels (chat rooms) ===<br />
<br />
*To list all chat rooms type <code>/list</code> Might not be a good idea to do, considering there are about 12 000 channels. To search for a specific channel might be more useful to search via browser or know beforehand where you want to connect to.<br />
<br />
*Joining you can omit the number sign (#) <code>/join itcollege</code><br />
<br />
*Away message: <code>/away msg</code><br />
<br />
*Quit message: <code>/quit quitmsg</code><br />
<br />
*User query: <code>/q <nick></code><br />
<br />
*List users in a channel: <code>/n</code><br />
<br />
*Private message a user: <code>/m <nick> message</code><br />
<br />
*Display a channels topic: <code>/topic</code><br />
<br />
*Perform an action: <code>/me scratches his nose</code> will look like <code><nick> scratches his nose</code><br />
<br />
*To mark yourself as away: <code>/away away_message</code><br />
<br />
== Further Customization ==<br />
<br />
To make life easier [https://scripts.irssi.org/ scripts] and [https://irssi-import.github.io/themes/ themes] with further documentation can be found on on [https://irssi.org/ irssi] homepage.<br />
<br />
==References==<br />
<br />
https://www.cygwin.com/<br />
<br />
http://icecap.irssi2.org/<br />
<br />
https://irssi.org/download/<br />
<br />
https://scripts.irssi.org/<br />
<br />
https://irssi-import.github.io/themes/<br />
<br />
https://irssi.org/<br />
<br />
http://www.linux.org/threads/irssi-for-beginners.4181/<br />
<br />
http://www.antonfagerberg.com/blog/my-perfect-irssi-setup/<br />
<br />
http://www.irchelp.org/irchelp/irctutorial.html<br />
<br />
At the time of writing a [http://blog.freenode.net/2016/02/recent-events-and-future-changes/ post has appeared on freenode staff blog] rendering their [http://freenode.net/faq.shtml FAQ page] unusable.<br />
<br />
Created and edited by [[User:akerge|Artur Kerge]] in Spring of 2016</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=103543User talk:Akerge2016-05-17T07:16:00Z<p>Akerge: /* Statisticks */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
'''Midterm exam retake is on 29th of April from 8 'til 10.'''<br />
<br />
* Review the practice video of 19th of April, last 30 min.<br />
<br />
'''Go through (watch) these courses:'''<br />
<br />
* [https://www.khanacademy.org/math/probability/statistics-inferential Inferential Statistics]<br />
* [https://www.khanacademy.org/math/probability/descriptive-statistics Descriptive Statistics]<br />
* Read the corresponding chapters in Online Stat Book & finish the exercises<br />
<br />
'''TO READ from lectures'''<br />
*12.04 Sampling Distribution <br />
*19.04 Sampling Distributions, p. 300-328<br />
*26.04 Estimation, p. 329-369<br />
*[https://en.wikipedia.org/wiki/Shapiro%E2%80%93Wilk_test Shapiro-Wilk test]<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web Dev==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
'''Exam:'''<br />
* Up to 3 tables<br />
* Up to 5 views<br />
* Able to write PHP<br />
* Able to write SQL: select, join, insert, update<br />
** Has to avoid SQL injections!<br />
* Has to use cookies<br />
* Validate W3C validator<br />
* Basic CSS (Desktop + Mobile)<br />
* Basic JS (ajax?)<br />
* DEPLOYMENT<br />
<br />
Twiddle with this https://beta.hacksaw.academy/<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=103373User talk:Akerge2016-05-10T09:16:42Z<p>Akerge: /* Statisticks */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
'''Midterm exam retake is on 29th of April from 8 'til 10.'''<br />
<br />
* Review the practice video of 19th of April, last 30 min.<br />
<br />
'''Go through (watch) these courses:'''<br />
<br />
* [https://www.khanacademy.org/math/probability/statistics-inferential Inferential Statistics]<br />
* [https://www.khanacademy.org/math/probability/descriptive-statistics Descriptive Statistics]<br />
* Read the corresponding chapters in Online Stat Book & finish the exercises<br />
<br />
'''TO READ from lectures'''<br />
*12.04 Sampling Distribution <br />
*19.04 Sampling Distributions, p. 300-328<br />
*26.04 Estimation, p. 329-369<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web Dev==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
'''Exam:'''<br />
* Up to 3 tables<br />
* Up to 5 views<br />
* Able to write PHP<br />
* Able to write SQL: select, join, insert, update<br />
** Has to avoid SQL injections!<br />
* Has to use cookies<br />
* Validate W3C validator<br />
* Basic CSS (Desktop + Mobile)<br />
* Basic JS (ajax?)<br />
* DEPLOYMENT<br />
<br />
Twiddle with this https://beta.hacksaw.academy/<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User:Akerge&diff=103372User:Akerge2016-05-10T09:09:20Z<p>Akerge: /* Semester 2 */</p>
<hr />
<div>As the study builds up bit by bit, then,<br />
<blockquote>He, who collects no bit, gets no byte!</blockquote><br />
<br />
'''This is a work in progress:'''<br />
<br />
__TOC__<br />
<br />
= Survival Guide for Students of Cybersecurity Engineering (CSE) =<br />
<br />
This is an ongoing project from the alpha tester. All suggestions are purely recommendations that I wish I knew before the beginning of the school. <br />
<br />
Prepare to your [[#Mindset | mindset]], as the first semester will be the most challenging and it should get easier once you [https://www.thrillist.com/health/nation/how-to-become-a-morning-person acquire the rhythm that suits] best for you. The tempo for studying is somewhat high if you haven't in a while or come from straight out of college without any previous knowledge of computers. Make mistakes, ask questions, put in some effort and you'll be fine.<br />
<br />
= Mindset =<br />
[[File:Mindset.gif|200px|thumb|right|alt=Fixed vs growth mindset graphic.|Fixed vs growth mindset. Author of the graphic is [http://nigelholmes.com/ Nigel Holmes.] You can [http://www.zazzle.com/mindset_poster_by_nigel_holmes-228303290595592374 order a print from here.]]]<br />
Write down why you decided to apply to this school, for this curriculum. If you haven't done so far, accept your to mistakes. Nobody's perfect and that's how we learn -- by making mistakes. Putting in effort goes a long way. Here are some helpful questions that I copied from [http://www.amazon.co.uk/Mindset-How-Fulfil-Your-Potential/dp/1780332009/ Carol S. Dweck's book "Mindset"]:<br />
<br />
*What are the opportunities for learning and growth today?<br />
*When, where and how will I embark on my plan?<br />
*When, where and how will I act on my new plan?<br />
<br />
= Before the Start of Academical Year =<br />
<br />
In order of importance. Or not, take your pick what's important to you.<br />
<br />
* Follow the news of the industry if you don't do so already. Get a RSS/Atom reader and follow the various news feeds.<br />
<br />
* Read [https://en.wikipedia.org/wiki/The_Hacker_Ethic_and_the_Spirit_of_the_Information_Age 'Hacker ethic' by Pekka Himanen].<br />
<br />
* Familiarise yourself with Discrete Math ∨ suffer. One can find several books online, although printed ones are superior to electronic ones, unless one prefers e-readers. Second hand books in a readable state are rather cheap online. See [[#Textbooks for Discrete Math|list of math textbooks]] in booksellers list in [[#Resources|resources]]. Bear in mind that one book is enough and I've heard that it may be even possible to find such books online in PDF format.<br />
<br />
* Learn JAVA as much as you can before, so you can study more in class and/or do your project meanwhile. See [[#Learning resources|list of learning resources]] for links.<br />
* If possible, move closer to school or dormitory to cut down time on the commute.<br />
* Learn to cook. By cooking I don't mean seasoning boiled noodles. [http://imgur.com/a/XGaog Here's a fine example].<br />
<br />
= During =<br />
Majority of the following can be started before the beginning of school year to get in gear.<br />
* '''Learn to learn'''. This is the most difficult part. <br />
* '''Structure your time'''. Congrats if you're doing well with it.<br />
* Try to '''keep developing the learning habit and stick to the routine''' or figure out what works best for you.<br />
* '''There are no stupid questions'''. Get over the fear of asking questions. The more the merrier. How to ask good questions is another story altogether. Look it up.<br />
* '''Get plenty of rest'''. 8 hours per night, if possible.<br />
* '''Stay healthy''' -- invest in vitamins, especially vitamin D in winter due to lack of sun and Ginseng and/or Rhodiola extracts to keep you up and going.<br />
* '''Attend the classes'''. Recordings are made, but they are not a substitution to attendance.<br />
** Or if learning curve is too steep, skip the unnecessary classes and learn meanwhile, but really do it, don't imagine it doing. Prioritise classes.<br />
* Attend hackathons. Awesome places for networking and getting some hacker-cred!<br />
<br />
== Problems ==<br />
* If there is a problem, solve it or seek help. Unattended problems tend to grow out of hand.<br />
** If the problem is in curriculum or school, go see a study counsellor. They are best informed regarding school matters.<br />
**If the problem is of an emotional kind and/or related to depression, motivation you can seek help from the psychologist who speaks English and operates in TUT. The contact is counsellor at ttu (dot) ee. [https://translate.google.com/translate?sl=et&tl=en&js=y&prev=_t&hl=et&ie=UTF-8&u=http%3A%2F%2Fttu.ee%2Ftudengile%2Fnoustamine%2Fpsuhholoogiline-noustamine%2F&edit-text= Google translated page can be found here].<br />
* ''Ex unitate vires'' -- the strength of unity. Get to know your coursemates. Learning together and/or teaching each other is a simple solution for difficult problems.<br />
<br />
== Classes ==<br />
In the beginning of first semester you have 6 courses. It's going to be mad, so do as much as possible at school. Stay late, as college building is a surprisingly good place to study. Also, if you comprehend a little Estonian, attend the weekend classes for distance learning students: if you fail to comprehend something in Java or Math then this is a good way to recap.<br />
<br />
== Semester 1 ==<br />
<br />
=== Social, Ethical and Professional Issues in IT ===<br />
Rather interesting lectures read by [http://www.kakupesa.ee/ Kaido Kikkas] on computer and hacker history and related topics.<br />
<br />
'''Grading:''' A quiz in the first practicum about computer related history and trivia in a computer lab where you'll be using the Web to find the answers. Practicum attendance is a must, max 3 total non-attendances allowed. 1-2 written essays (2k words) with presentations.<br />
<br />
=== Oral and Written Communication Skills ===<br />
Valuable English language taught by Kärt Rummel. Be prepared to get over stage fright as you will have to present your writings (letters of motivation, informative and persuasive arguments etc) in front of your class.<br />
<br />
'''Grading:''' Ongoing assessment - do your homework, attend your classes and you'll be fine. >=51% rate of attendance and participation in final round-table is necessary to pass.<br />
<br />
=== Basic Programming ===<br />
Which is Java and is read by Mikk Mangus. If I would take this again, I'd skip the classes and study the book & practice more on my own. Practicums are sometimes interesting. There is no homework, sometimes lecturer remembers to remind to read a chapter from ''[http://math.hws.edu/javanotes/ the book]''. The pace is a chapter per week.<br />
<br />
'''Grading:''' Two tests in November, your own project by the beginning of December and exam in January. Own project can be anything but has to have several classes and have a git repository.<br />
<br />
=== [https://wiki.itcollege.ee/index.php/Category:I600_Introduction_to_Computers_and_Informatics Introduction to Informatics and Computers] ===<br />
The basics of computers with some in-depth stuff, like debugging VHDL. Read by Lauri Võsandi.<br />
<br />
'''Grading:''' Ongoing assessment in practicums and exam in January.<br />
<br />
=== [http://www.cs.ioc.ee/ITKDM/ Logic and Discrete Mathematics] ===<br />
You know math or are good at it? Help others out. Seriously, this is the most difficult subject. It is read by the professor [http://cs.ioc.ee/dept/staff/jaan.html Jaan Penjam] from Institute of Cybernetics, TUT. Recommend getting a textbook.<br />
<br />
'''Grading:''' Ongoing quizzes (9*2%) in practicum, after lecture. Midterm test (20%) and a final test (20%) before exam (42%) in January.<br />
<br />
=== [https://www.netacad.com/ Basic Networking] ===<br />
Cisco Networking Academy's course read by Roman Kuchin, by the end of which you'll get a CCNA certificate (if you pass). Be aware that the tempo is quite high - 2 Cisco semesters during fall semester! That is 8 weeks per Cisco semester, which consists of parts 1 and 2, so 25 labs per semester, about 50 in total, about hour to hour and a half per lab, plus chapter exams. Read, the chapter and do the chapter exam on netacad and read for the next lecture. This way you'll understand better what is said during the lecture. Also, this course is a prerequisite for [[#Introduction to Cyber Security|Intro to CS]]. Again, collaborate! If in hurry, do the labs on packet tracer but nothing beats doing them IRL.<br />
<br />
'''Grading:''' Online exams and practical labs must be done before the exam date (preferably by Christmas), to be admitted to the exam, which is in late January.<br />
<br />
== Semester 2 ==<br />
Coming soon!<br />
=== [[Introduction to Cyber Security]] ===<br />
Networking is a pre-requisite.<br />
<br />
*Programming<br />
*SysOp<br />
*Security<br />
<br />
Security is not a state but a process. Make sure your network is more secure than your neighbour's. Don't trust technology - it does not solve the problem, it moves the problem to some other place. Test your security. DevOps + enemy's tools.<br />
<br />
=== [http://cs.ioc.ee/ITKStat/ Statistics] ===<br />
<br />
<br />
[https://www.khanacademy.org/math/probability/statistics-inferential Inferential Statistics]<br />
<br />
[https://www.khanacademy.org/math/probability/descriptive-statistics Descriptive Statistics]<br />
<br />
[https://www.datacamp.com/courses/intro-to-statistics-with-r-student-s-t-test Intro to t-tests]<br />
<br />
= After =<br />
As with a good graphic designer, your work (probably) will not be noticed or commended unless something goes (horribly) wrong. <br />
Paraphrased from [https://www.erowid.org/general/about/about_article16.shtml Erowid's Sysadmin] article.<br />
<br />
Never stop being curious. There is a Calvin and Hobbes comic that (maybe) illustrates this perfectly but I spent too much time searching it and got distracted by imgur so maybe it will be here by the end of my studies.<br />
<br />
= Resources =<br />
<br />
=== Textbooks for Discrete Math ===<br />
<br />
As recommended by math professor on his [http://www.cs.ioc.ee/ITKDM/ homepage].<br />
* Susanna S. Epp's book is supposedly easier to follow, although with any book time and practice are prerequisites to gain knowledge on the subject. <br />
* Kenneth H. Rosen's 'Discrete Mathematics and Its Applications' is suggested by [http://www.cs.ioc.ee/ITKDM/ Disc. Math professor]. If you go with this one, also get the 'Student Solutions Guide For Discrete Mathematics And Its Applications' as well. At the time of writing, the newest version is 7th edition but new ones cost in multiples more. The difference is probably minimal errata.<br />
* 'Schaum's Outline of Discrete Mathematics' by S.Lipschutz and M.Lipson is another recommendation as well as 'Discrete mathematics: elementary and beyond' by L. Lovász, J. Pelikán and K. Vesztergombi.<br />
<br />
=== List of booksellers ===<br />
<br />
In order of personal preference.<br />
<br />
[https://www.amazon.co.uk/ Amazon] in £. Listing update is slow. Had one book refunded due to it. Although, as the prices for books might be cheaper than in EU, it is a hassle to get all the necessary books from one seller because of the (relatively) pricey shipping fees. On the other hand, if you're lucky, then the courier will bring the order to your doorstep.<br />
<br />
[https://www.ebay.ie/ eBay] in €! Usually mail order, prices and shipping costs are varied. Any parcel bigger than A4 envelope and 20 mm thickness will be kept at your local postal branch and you'll get a notification by snail mail or an SMS if there's a phone number on address slip.<br />
<br />
[https://www.abebooks.co.uk/ AbeBooks] in £. Lists European booksellers as well. Pricey shipping. €8 per book from UK?!<br />
<br />
[https://www.thriftbooks.com/ ThriftBooks] in $. Unfortunately no personal experience with the last two.<br />
<br />
=== Learning resources ===<br />
<br />
'''Java'''<br />
*Heres a [https://www.youtube.com/watch?v=TBWX97e1E9g&list=PLE7E8B7F4856C9B19 'quite OK' Java Video Tutorial] from [http://itk.arti.ee/ Arti Zirk's ITC webpage].<br />
<br />
*[https://www.codecademy.com/ Codecademy's] [https://www.codecademy.com/learn/learn-java Java] is a nice place to remind oneself basics of Java.<br />
<br />
*[http://www.codingbat.com/ Codingbat] is an awesome place for Java problems.<br />
<br />
*David Eck's book [http://math.hws.edu/javanotes/ Java Notes] is well put together book introducing Java. Homework in class.<br />
'''Git'''<br />
*[https://www.codecademy.com/learn/learn-git Git] courses on Codecademy will get you kickstarted.<br />
<br />
= Contact & Feedback =<br />
If you have any further questions or comments, then you are free to contact me at artur at kerge (dot) eu or for non-urgent things, start a discussion on the page and/or edit it straight away. Also you can [http://kerge.eu/ check out my awesome homepage]!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=102966User talk:Akerge2016-04-27T13:51:57Z<p>Akerge: /* Web Dev */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
'''Midterm exam retake is on 29th of April from 8 'til 10.'''<br />
<br />
* Review the practice video of 19th of April, last 30 min.<br />
<br />
'''Go through (watch) these courses:'''<br />
<br />
* [Inferential Statistics https://www.khanacademy.org/math/probability/statistics-inferential]<br />
* [Descriptive Statistics https://www.khanacademy.org/math/probability/descriptive-statistics]<br />
* Read the corresponding chapters in Online Stat Book & finish the exercises<br />
<br />
'''TO READ from lectures'''<br />
*12.04 Sampling Distribution <br />
*19.04 Sampling Distributions, p. 300-328<br />
*26.04 Estimation, p. 329-369<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web Dev==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
'''Exam:'''<br />
* Up to 3 tables<br />
* Up to 5 views<br />
* Able to write PHP<br />
* Able to write SQL: select, join, insert, update<br />
** Has to avoid SQL injections!<br />
* Has to use cookies<br />
* Validate W3C validator<br />
* Basic CSS (Desktop + Mobile)<br />
* Basic JS (ajax?)<br />
* DEPLOYMENT<br />
<br />
Twiddle with this https://beta.hacksaw.academy/<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=102965User talk:Akerge2016-04-27T12:53:17Z<p>Akerge: /* Web Dev */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
'''Midterm exam retake is on 29th of April from 8 'til 10.'''<br />
<br />
* Review the practice video of 19th of April, last 30 min.<br />
<br />
'''Go through (watch) these courses:'''<br />
<br />
* [Inferential Statistics https://www.khanacademy.org/math/probability/statistics-inferential]<br />
* [Descriptive Statistics https://www.khanacademy.org/math/probability/descriptive-statistics]<br />
* Read the corresponding chapters in Online Stat Book & finish the exercises<br />
<br />
'''TO READ from lectures'''<br />
*12.04 Sampling Distribution <br />
*19.04 Sampling Distributions, p. 300-328<br />
*26.04 Estimation, p. 329-369<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web Dev==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
'''Exam:'''<br />
* Up to 3 tables<br />
* Up to 5 views<br />
* Able to write PHP<br />
* Able to write SQL: select, join, insert, update<br />
** Has to avoid SQL injections!<br />
* Has to use cookies<br />
* Validate W3C validator<br />
* Basic CSS (Desktop + Mobile)<br />
* Basic JS (ajax?)<br />
* DEPLOYMENT<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=102964User talk:Akerge2016-04-27T12:48:24Z<p>Akerge: /* Web App */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
'''Midterm exam retake is on 29th of April from 8 'til 10.'''<br />
<br />
* Review the practice video of 19th of April, last 30 min.<br />
<br />
'''Go through (watch) these courses:'''<br />
<br />
* [Inferential Statistics https://www.khanacademy.org/math/probability/statistics-inferential]<br />
* [Descriptive Statistics https://www.khanacademy.org/math/probability/descriptive-statistics]<br />
* Read the corresponding chapters in Online Stat Book & finish the exercises<br />
<br />
'''TO READ from lectures'''<br />
*12.04 Sampling Distribution <br />
*19.04 Sampling Distributions, p. 300-328<br />
*26.04 Estimation, p. 329-369<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web Dev==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
'''Exam:'''<br />
* Up to 3 tables<br />
* Up to 5 views<br />
* Able to write PHP<br />
* Able to write SQL: select, join, insert, update<br />
** Has to avoid SQL injections!<br />
* Has to use cookies<br />
* Validate W3C validator<br />
* Basic CSS (Desktop + Mobile)<br />
* Basic JS (ajax?)<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=102963User talk:Akerge2016-04-27T12:48:10Z<p>Akerge: /* Web App */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
'''Midterm exam retake is on 29th of April from 8 'til 10.'''<br />
<br />
* Review the practice video of 19th of April, last 30 min.<br />
<br />
'''Go through (watch) these courses:'''<br />
<br />
* [Inferential Statistics https://www.khanacademy.org/math/probability/statistics-inferential]<br />
* [Descriptive Statistics https://www.khanacademy.org/math/probability/descriptive-statistics]<br />
* Read the corresponding chapters in Online Stat Book & finish the exercises<br />
<br />
'''TO READ from lectures'''<br />
*12.04 Sampling Distribution <br />
*19.04 Sampling Distributions, p. 300-328<br />
*26.04 Estimation, p. 329-369<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web App==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
'''Exam:'''<br />
* Up to 3 tables<br />
* Up to 5 views<br />
* Able to write PHP<br />
* Able to write SQL: select, join, insert, update<br />
** Has to avoid SQL injections!<br />
* Has to use cookies<br />
* Validate W3C validator<br />
* Basic CSS (Desktop + Mobile)<br />
* Basic JS (ajax?)<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=102903User talk:Akerge2016-04-26T10:29:17Z<p>Akerge: /* Statisticks */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
'''Midterm exam retake is on 29th of April from 8 'til 10.'''<br />
<br />
* Review the practice video of 19th of April, last 30 min.<br />
<br />
'''Go through (watch) these courses:'''<br />
<br />
* [Inferential Statistics https://www.khanacademy.org/math/probability/statistics-inferential]<br />
* [Descriptive Statistics https://www.khanacademy.org/math/probability/descriptive-statistics]<br />
* Read the corresponding chapters in Online Stat Book & finish the exercises<br />
<br />
'''TO READ from lectures'''<br />
*12.04 Sampling Distribution <br />
*19.04 Sampling Distributions, p. 300-328<br />
*26.04 Estimation, p. 329-369<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web App==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=102894User talk:Akerge2016-04-26T09:18:52Z<p>Akerge: /* Statisticks */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
'''Midterm exam retake is on 29th of April from 8 'til 10.'''<br />
<br />
* Review the practice video of 19th of April, last 30 min.<br />
<br />
'''Go through (watch) these courses:'''<br />
<br />
* [Inferential Statistics https://www.khanacademy.org/math/probability/statistics-inferential]<br />
* [Descriptive Statistics https://www.khanacademy.org/math/probability/descriptive-statistics]<br />
* Read the corresponding chapter in Online Stat Book & finish the exercises<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web App==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=102690User talk:Akerge2016-04-19T10:32:20Z<p>Akerge: /* Statisticks */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
'''Midterm exam retake is on 29th of April from 8 'til 10.'''<br />
<br />
* Review the practice video of 19th of April, last 30 min.<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web App==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=102689User talk:Akerge2016-04-19T10:19:55Z<p>Akerge: /* Statisticks */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
Midterm exam retake is on 29th of April from 8 'til 10.<br />
<br />
Review the practice video of 19th of April, last 30 min.<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web App==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=User_talk:Akerge&diff=102452User talk:Akerge2016-04-07T11:47:57Z<p>Akerge: /* Python */</p>
<hr />
<div>__NOTOC__<br />
===Homeworks===<br />
<br />
==Statisticks==<br />
<br />
<del>Finish [https://www.udemy.com/r-basics/ Udemy R basics course].</del><br />
<br />
Review first 10 minutes of 22.03.16 lecture.<br />
Starting from page 203 from "Introduction to Statistics", including Binomial, Poisson, multinomial distributions until 7th chapter regarding normal distributions. What is a normal deviation? What is a percentile? Finish the exercises.<br />
<br />
'''From the book'''<br />
* Probability density function<br />
* Bernoulli trials (Binomial Probability Formula)<br />
* Cumulative distribution<br />
<br />
<code><br />
pnorm<br />
<br />
qnorm<br />
<br />
dnorm<br />
etc.<br />
<br />
runif(n,a,b)<br />
<br />
dunif(x,a,b)<br />
<br />
punif(x,a,b)<br />
</code><br />
<br />
* Central Limit Theorem<br />
All of the above can be found from pages 203–211 and 249–272.<br />
<br />
Also:<br />
<br />
* Advanced Graphics from pages 273–299:<br />
** qq-plots – to compare distributions<br />
** Cumulative distribution function (CDF)<br />
** Contour plots<br />
** 3D plots (rgl lib)<br />
<br />
==OS's==<br />
Review [[Operating_systems#Lecture_2|homework]]<br />
<br />
==Python==<br />
Finish CodeCademy course!<br />
<br />
Do [http://codingbat.com/python CodingBat exercises] daily!<br />
<br />
Start programming with Raspberry!<br />
<br />
Review 17.03 lectures<br />
<br />
REVIEW YaLP with bpython<br />
<br />
==Web App==<br />
* Finish SQLite track on Codecademy<br />
* Get on track with the Lauri's git<br />
* Standalone temperature monitor that can be used without external power and the curve output to a web page.<br />
<br />
==InfoSys Analysis==<br />
Keep an eye on workshops and quizzes.<br />
<br />
==Intro to Cybersec==<br />
* ''' Review first 20 min of 06.04.2016 lecture'''<br />
** EIK 2016<br />
* Keep an eye on what's happening in Cybersec industry. Enforce the habit<br />
* What will be the presentation topic(/demo) ?<br />
<br />
==Networking==<br />
Finish networking labs and exam ASAP!</div>Akergehttps://wiki.itcollege.ee/index.php?title=Irssi&diff=102429Irssi2016-04-06T08:15:18Z<p>Akerge: /* References */</p>
<hr />
<div>__NOTOC__<br />
<br />
[[File:Irssi.png|thumb|right|alt=A screenshot of Irssi in action.|Irssi screenshot with /nick command entered.]]<br />
<br />
'''The''' command line IRC client. Irssi is FOSS (licensed under the GPLv2) and is available for Linux, BSD, Solaris, Apple and [https://en.wikipedia.org/wiki/Cygwin Cygwin] (under Windows). It was developed by [https://en.wikipedia.org/wiki/Timo_Sirainen Timo Sirainen] and was released in the beginning of 1999. It is highly customizable, for example with themes and it is possible to to use other IM communication through it.<br />
<br />
== Installing ==<br />
<br />
With other package managers, distros and platforms, please see the [https://irssi.org/download/ following link].<br />
<br />
With apt: <code>sudo apt-get install irssi</code><br />
<br />
It is rather light-weight, being only 2 392 kB on disk.<br />
<br />
== Getting around ==<br />
<br />
=== Connecting ===<br />
There are several IRC servers still alive and going strong. In this example we shall be connecting to the closest freenode server, located in Finland. Physical distance is not an issue nowadays, but imagine being stuck on a 56 kB modem with top speeds through dial-up and the copper wire being about 12 kB, maxing out at 30 kB, if local.<br />
<br />
* Open terminal (Ctrl+Alt+T) and type: <code>irssi</code><br />
* <code>/connect rajaniemi.freenode.net</code><br />
* <code>/join itcollege</code> joining channels usually requires a #-sign, for example #mozilla. Irssi adds it for you behind the scenes so you can omit it <br />
<br />
=== Window Switching ===<br />
<br />
<code>Alt+#</code> combination is used for window switching. For more than nine windows, the row below numbers will be used, for example key combination <code>Alt+q</code> etc. A window can be changed via command as well -- <code>/window #</code>. To close window, type <code>/wc #</code><br />
<br />
===Name===<br />
<br />
Your default nickname (under Ubuntu) will be your computer username. You can change it by entering <code>/nick your-new-username</code><br />
<br />
You should register your nickname if you plan staying for longer and don't want anyone to abuse it, by messaging NickServ <code>/msg nickserv REGISTER <password> <email></code><br />
<br />
=== Channels (chat rooms) ===<br />
<br />
*To list all chat rooms type <code>/list</code> Might not be a good idea to do, considering there are about 12 000 channels. To search for a specific channel might be more useful to search via browser or know beforehand where you want to connect to.<br />
<br />
*Joining you can omit the number sign (#) <code>/join itcollege</code><br />
<br />
*Away message: <code>/away msg</code><br />
<br />
*Quit message: <code>/quit quitmsg</code><br />
<br />
*User query: <code>/q <nick></code><br />
<br />
*List users in a channel: <code>/n</code><br />
<br />
*Private message a user: <code>/m <nick> message</code><br />
<br />
*Display a channels topic: <code>/topic</code><br />
<br />
*Perform an action: <code>/me scratches his nose</code> will look like <code><nick> scratches his nose</code><br />
<br />
*To mark yourself as away: <code>/away away_message</code><br />
<br />
== Further Customization ==<br />
<br />
To make life easier [https://scripts.irssi.org/ scripts] and [https://irssi-import.github.io/themes/ themes] with further documentation can be found on on [https://irssi.org/ irssi] homepage.<br />
<br />
==References==<br />
<br />
https://irssi.org/<br />
<br />
http://www.linux.org/threads/irssi-for-beginners.4181/<br />
<br />
http://www.antonfagerberg.com/blog/my-perfect-irssi-setup/<br />
<br />
https://en.wikipedia.org/wiki/Irssi<br />
<br />
https://en.wikipedia.org/wiki/Timo_Sirainen<br />
<br />
https://en.wikipedia.org/wiki/Cygwin<br />
<br />
http://www.irchelp.org/irchelp/irctutorial.html<br />
<br />
At the time of writing a [http://blog.freenode.net/2016/02/recent-events-and-future-changes/ post has appeared on freenode staff blog] rendering their [http://freenode.net/faq.shtml FAQ page] unusable.<br />
<br />
Created and edited by [[User:akerge|Artur Kerge]] in Spring of 2016</div>Akerge