Tutorial entries

Some of you may have heard of Logz.io, a yet-another-company that provides ELK as a Service. Their marketing is quite good, they have great newsletters, tutorials and webcasts, so I thought to myself to let’s check ’em out. After registration you are taken to the wiki entry that lets you configure your gear to ship your logs logz.io ingest servers. While the wiki looks pretty comprehensive, they evidently missed out the good old Unix player here, syslog-ng. Seeing configuration guides for all these “next-gen”, “cloud-native”, “serverless” totally hyped piece of craps without mentioning syslog-ng at all I feel being kinda old school.

So this post is the missing manual on how to ship logs to logz.io using syslog-ng.

Read more →

I successfully managed to get Linux VTI (Virtual Tunnel Interface) working with strongSwan. By using VTI it is no longer needed to rely on the routing policy database, making understanding and maintaining routes easier. Also with VTI you can see the cleartext traffic on the VTI interface itself. It was confusing to see actual tunnel traffic before using tcpdump using the standard policy database setup. (There are ulog/nflog hacks to see cleartext traffic in both direction though, similar to BSD pflog.)

Read more →