On the Integration of pmacct with ElasticSearch and Kibana post a user (Xentoo) asked how to display geographic information provided by pmacct on a Kibana 4 map using pmacct-to-elasticsearch.
An experimental feature of p2es called transformations can be used to add a Geo Point field on the basis of the country code provided by pmacct.
Read more …
After reading Antonio Prado’s Reverse DNS lookup for Italian Government’s mail exchangers post I got intrigued by the idea of checking how many of those Italian Government’s MX mail servers support STARTTLS.
STARTTLS “offers a way to upgrade a plain text connection to an encrypted (TLS or SSL) connection” (Wikipedia) and, when it’s implemented on the MX SMTP server, it allows a STARTTLS-aware user’s outbound mail server to encrypt the traffic toward the recipient’s server.
Read more …
A couple of days ago CloudFlare announced its public alpha release of their DNSSEC implementation. Since they are using the “recent” Elliptic Curve ECDSA P-256 (RFC6605) I wondered how many resolvers can have problems with signatures validation so I wanted to take a peek at the current situation as seen by the RIPE Atlas probes network. Read more …
The public DNSBL services offered by AHBL have been shutdown.
Services and programs which used dnsbl.ahbl.org, ircbl.ahbl.org and rhsbl.ahbl.org need to be updated in order to avoid false positives:
X-Spam-Status: No, score=0.789 tagged_above=-999 required=6
Spamassassin configuration, for example, needs to be fixed:
# cat /usr/share/spamassassin/20_dnsbl_tests.cf | grep AHBL
header DNS_FROM_AHBL_RHSBL eval:check_rbl_envfrom('ahbl', 'rhsbl.ahbl.org.')
describe DNS_FROM_AHBL_RHSBL Envelope sender listed in dnsbl.ahbl.org
tflags DNS_FROM_AHBL_RHSBL net
Comment that block or (at least) force a score zero for the rule in your local configuration:
# cat /etc/spamassassin/local.cf | grep AHBL
score DNS_FROM_AHBL_RHSBL 0
In this post I want to show a solution based on a script (pmacct-to-elasticsearch) that I made to gather data from pmacct and visualize them using Kibana/ElasticSearch. It’s far from being the state of the art of IP accounting solutions, but it may be used as a starting point for further customizations and developments.
I plan to write another post with some ideas to integrate pmacct with the canonical ELK stack (ElasticSearch/Logstash/Kibana). As usual, add my RSS feed to your reader or follow me on Twitter to stay updated!
The big picture
This is the big picture of the proposed solution:
There are 4 main actors: pmacct daemons (we already saw how to install and configure them) that collect accounting data, pmacct-to-elasticsearch, which reads pmacct’s output, processes it and sends it to ElasticSearch, where data are stored and organized into indices and, at last, Kibana, that is used to chart them on a web frontend. Read more …