Should I use UDP or TCP for logging to a SIEM?

We have an application that runs on hundreds of users’ computers on our company’s internal network. We want to start sending logs from this app to a SIEM (Graylog). We have decided to add code to our app that sends logs from the app to the SIEM directly. The only question is, should we use UDP or TCP to send the logs? My preference is to use TCP because of the reliability, but what happens if the SIEM goes offline — won’t that cause our app to block, thus slowing down our entire system? I am very curious about how other companies handle this situation. I have read a few guides online, and most recommend TCP because of the reliability but none address the blocking issue.

python – How could make this Django logging middleware more efficient?

We built a REST API with Django and the Django Rest Framework. As we want to track which endpoints get used how much and which users use what areas, I wrote the following middleware:

class AnalyticsMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        # Before view is called
        APILog.objects.create(
            url=request.build_absolute_uri(),
            user=User.objects.get(
                id=request.user.id) if request.user.is_authenticated else None,
            method=request.method
        )
        return self.get_response(request)

It is not a real problem at the moment, however I believe that this could be problematic as it is one write to the database each request. I am not an expert and don’t know whether it would be worth to do this in a separate thread and if it would be somehow possible to bulk requests every couple of minutes or similar.

networking – Logging the traffic of VPN users

I created a vpn service using openvpn. I need to log user traffic for legal obligations.
I tried using tcpdump for this job.

tcpdump -i tun0 -w /opt/kibrit_data/log/trace-%m-%d-%H-%M-%S-%s -W 3 -G 300 -q -tttt 

the code above helps me listen and record packages. But when 5 people are connected, it produces more than 300mb of data within 5 minutes. How can I keep track of who visited which url on which date instead of keeping all packages? I am open to another tool recommendation.

logging – Need to make changes in logs received by SIEM

logging – Need to make changes in logs received by SIEM – Information Security Stack Exchange

logging – How long can anonymised log files be stored in the EU?

It seems to be standard industry practice to anonymise IP addresses etc. in web server log files after seven days. If this has happened, how long am I allowed to keep the log files? My reason for keeping them is for possible analysis in the event of an attack that is only noticed and/or processed after seven days (this has already happened to me). I sleep more peacefully when I don’t have to delete log files at all, although I already realise that this is not an argument. I expect a statement of the form one month, one year, three years or forever (archived).

logging – Are there tools for viewing logs with rich data?

I am new to the world of logging. I see that loggers (e.g. sl4j for Java or winston for JavaScript) support several “transports” that allow them to store the logs in files in various formats.

At first glance, I thought that this is to perhaps enable some standard log viewing tools to parse the logs.

I was expecting features offered by the browser console which I often use for viewing logs. It offers:

1 Inspection of rich json objects

enter image description here

You can expand the object to view what you need, so the full json representation of the object doesn’t clutter your screen:

enter image description here

2 Filtering of logs

e.g. here I’ve filtered in only messages with (tag) in their text

enter image description here


I think there must be log viewing tools which offer these features, but I cannot find any (perhaps I’m not searching with the right terms). Are there such tools? If there are, are they tied to a particular language or only to a particular log format?

macos – Problems logging into Mac after reinstalling older OS

I’m having problems with my late 2013 27 inch Mac and need some help.

Last night I tried to install a newer OS (Mojave) and it told me there was a disk management error (69854). I was previously on OS High Sierra.

I followed all the troubleshooting guides etc. and eventually had to
resinstall the OS in recovery mode. It took me all the way back to OS X Mavericks I think.

Unfortunately I don’t have a time machine backup. OS X is installed but it won’t let me go past the login page. When I try to enter my password the screen refreshes and nothing happens.

I’m inexperienced with this sort of stuff so any easy to follow help would be appreciated.

In terms of logging back in, I’ve repaired the “disc permissions” in disk utility but it’s done nothing.

Thanks

Logging in AirOS router from other network

Logging in AirOS router from other network – Information Security Stack Exchange

linux – key works for logging in via ssh, but scp gives permission denied

I am relatively new to the Linux environment, and I have been trying to setup a server to for hosting purposes.

I have been using an ssh key to log into my server with no issues, but when I try to use scp I am given a “Permission Denied” message. I have password auth turned off normally, but when I did turn it back on I was able to log in and upload the file via scp just fine. I also found it odd that when I went to scp to the server initially, I was given the usual message that the server fingerprint has not been identified and would I like to add it to the list of known hosts? The reason I found this odd is because I already added my server to the list of known hosts when I first setup the server, so why did it ask me again? Shouldn’t the host already be known when I did it via ssh initially? I was really confused and made sure that I was using the correct server path a bunch of different times and each time I got that message to add to the known list, when I already had that server added (logged into ssh as well just fine). When it added it to the list of known hosts I could log in but not with the ssh key.

I added my ssh key initially using ssh-copy-id, but I also tried using scp to upload the ssh keys to the server, with no luck.

scp ~/.ssh/id_rsa.pub <username>@<host>:~/.ssh/authorized_keys

I even attempted to redo `ssh-copy-id’ as well as do it with -f and nothing.

The only thing I can think of is maybe there is some sort of permissions issue, but I don’t see why the permissions would be different when using the user via ssh compared to via scp. The only other thing I can think of is somehow there is something weird going on with looking at the host and that’s affecting the ssh key lookup? I’m not sure.

I’m curious if anyone has any clue what is going on? Thank you

I’m having trouble logging in to ALM 15 using JAVA 8

I’m having trouble logging in to ALM 15 using JAVA 8.

Below is an example of curl login:

curl -u "USARIO_ALM":"PASSWORD_ALM" -X GET localhost:8080/qcbin/api/authentication/sign-in -c files/${LINUX_USER}/cookie

Documentation link:

https://admhelp.microfocus.com/alm/en/12.60/api_refs/REST_TECH_PREVIEW/ALM_REST_API_TP.html#REST_API_Tech_Preview/General/Authenticate_LWSSO.html%3FTocPath%3DHow%2520to%2520Do%2520Common%2520Tasks%7CAuthenticate%7C_____1

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123