• Debian 8 - Central log server using NFS

    1. Introduction

    the idea is to use a server (in my case a VM on my ESXi) to collect all the log of my network server. to do it easily i will use a server NFS and mount the share folder directly above /var/log on each client.

    I got some trouble doing it with debian jessie and systemd as always...

    The objective afterward is to be able to use an elasticsearch & Co to visualize my log.


  • Debian 8 jessie : Disable ipv6 support

    i know some people will say we should start using ipv6 !... and i'm mostly agree with them... BUT i'm still no expert with ipv6 and i have WEEEEIIIIRD behavior on my network because of it... 

    so for the moment i'm trying to disabled it on all my new jessie.

    To do so just edit your /etc/sysctl.conf file and add these lines :


    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    net.ipv6.conf.lo.disable_ipv6 = 1
    net.ipv6.conf.eth0.disable_ipv6 = 1

    After editing sysctl.conf, you should run sysctl -p to activate changes or reboot system.



  • elasticsearch & Kibana : log analyser

    1. Introduction

    this objectives is to visualize my logs like fail2ban, vpn & co using elasticsearch/kibana/logstash

    i will describe how to install and configure elasticsearch stacks on debian 8


    this objective is to have an architecture looking like this as i deployed several time :

    Elasticsearch & Suricata. I won't go into details about "App server" in this topic but i will probably add more and more over time. Suricata is only an example of an "App". 

    thanks to the very good i improve some of my architecture. I will try to give you another point of view about these kinds of architecture and how to deploy it.