In my previous blog post I created a system to monitor my network traffic. This system is capable to visualize connections even in geographic manner. Checking the data I found two network devices who phones home to servers located in China. What can I find out about those connections. What are they? Do they pose any security threat to me?
My sole purpose was to experiment and learn new things. Please mind that I could pick any other countries the same way as I chose China. Although I have security concerns, I want to learn and not to make statements over any countries or vendors.
In the last post I wrote about how you can enrich Fail2ban logs with GeoIP metadata and with other data parsed from the logs. This time I will show you how you can use syslog-ng to send them into Elasticsearch and how visualizing Fail2ban logs in Kibana can show you where the failed login attempts are coming from.
Your home network might already contain some devices or systems like a home server, a WiFi router, a media player, or home automation system. It is a best practice creating a central syslog server and storing logs of various sources in one place.
In this post I will show you the way of creating a central syslog server and comply with use cases like: