An easy guide to installing, configuring, and running Zeek IDS automatically on your Mac

Vector by Vecteezy

Zeek (formerly Bro) is a powerful open-source framework for network traffic analysis and security monitoring. In this step-by-step guide, I’ll show you how to install, configure, and run Zeek automatically on your Mac.

Installing Zeek

  • Xcode or the Command Line Tools. To check if either is installed run:
xcode-select -p

Note: If you get an error, install them with: xcode-select --install

To install Zeek via Homebrew simply run:

brew install zeek

Note: If you are using MacPorts, then execute: sudo port install zeek

To validate if Zeek was installed successfully…


Remove the noise and send Auditbeat logs to its own directory: /var/log/auditbeat

Image by rawpixel (CC0).

By default, Auditbeat 7.X creates a service unit file on Linux systems with systemd. Logs are stored in journald. However, Auditbeat has its own logging directory: /var/log/auditbeat. If you prefer to remove the noise from your system log and send Auditbeat logs to its own directory, then keep reading.

Tested Environment

This fix was tested on three different machines with CentOS 7, 8, and Fedora 33 all running Auditbeat 7.9.3.

Note: This behavior also occurs in other agents of the Elastic Beats family, such as Filebeat and Metricbeat. The fix is the same for all of them as well.

  1. Remove the parameter…

Gaining insights from macOS system metrics collected by macstat: a custom Bash shell script

iMac vector by Vecteezy, graph icon by Flaticon.

Have you ever wanted to monitor your Mac in real time? The Devo Platform can collect and monitor machine data from different operating systems. To automate this, Devo has a package called Devo Monitor which uses Dstat (an open-source, versatile resource statistics tool). It is compatible with most UNIX-like operating systems. The bad news is that it doesn’t work on macOS. That’s the reason I decided to solve this problem.

This guide describes the steps to collect macOS system metrics using a custom Bash shell script I created called macstat. Then send them over to Devo using syslog-ng. …


The complete and painless guide to making syslog-ng work on Mac

MacBook Pro vector by Vecteezy

Overview

My goal was to send any kind of Mac logs to a big data platform (Devo). Mac already comes with syslogd, which is the Apple System Log server. It is basically a daemon that processes syslog messages but to be honest, it’s pretty old and basic. As a result, I decided to try syslog-ng.

To my surprise, the syslog-ng documentation discloses:

At present we are not supporting macOS syslog-ng on our official repository on GitHub. However, you can compile syslog-ng yourself following this guide.

That’s what I did. I compiled syslog-ng from source following the official documentation. But I encountered…


It’s difficult to choose only the 25 best songs among thousands released each year. To be on the list, I considered three basic rules:

  • Awesome tune.
  • Officially released this year.
  • One track per band/artist.

Many of them are not the typical songs you will find in commercial playlists because I do not listen to commercial radio. So if you want to discover new tunes you might have missed, then you have come to the right place.

Following my rules, I had to remove some great songs such as Franz Ferdinand’s first single Always Ascending or Black Rebel Motorcycle Club’s Little…

Roberto Meléndez

Tech Support Engineer @devo_Inc | syslog-ng Contributor | New music hunter | Tech problem solver | Taco Expert. 🔗 linkedin.com/in/rcmelendez

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store