Tag Archives: GeoIP

China traffic details

Which Android app phones home to China?

In my previous blog post I created a system to monitor my network traffic. This system is capable to visualize connections even in geographic manner. Checking the data I found two network devices who phones home to servers located in China. What can I find out about those connections. What are they? Do they pose any security threat to me?

My sole purpose was to experiment and learn new things. Please mind that I could pick any other countries the same way as I chose China. Although I have security concerns, I want to learn and not to make statements over any countries or vendors.

Continue reading

Visualizing Fail2ban logs in Kibana

In the last post I wrote about how you can enrich Fail2ban logs with GeoIP metadata and with other data parsed from the logs. This time I will show you how you can use syslog-ng to send them into Elasticsearch and how visualizing Fail2ban logs in Kibana can show you where the failed login attempts are coming from.Fail2ban vvisualization in Kibana Coordinate map

 

Continue reading

Creating a central syslog server

Your home network might already contain some devices or systems like a home server, a WiFi router, a media player, or home automation system. It is a best practice creating a central syslog server and storing logs of various sources in one place.

A pile of timber logs

In this post I will show you the way of creating a central syslog server and comply with use cases like:

Continue reading