Last updated at Sat, 19 Aug 2017 02:36:14 GMT
This blog shows how to use the power of LogEntries Search and Analytics to monitor your Nexpose installation. LogEntries has joined the Rapid7 family and offers several powerful capabilities to search, analyze, monitor and alert on your Nexpose installation. LogEntries is also super easy to set up and maintain. I spent about five minutes getting it running. The Nexpose engineering team made it very easy by enabling the log4j appender in every installation of Nexpose. All you have to do is follow these steps to get up and running.
Set up your free trial
Set up a free trial on LogEntries (https://logentries.com/) by clicking on the "Start a Free Trial" button:
Generate tokens for system logging
You can create logging tokens by clicking on "Add a Log" and choosing the "Java" icon in the "Libraries" section and then click on "Create Log Token" at the bottom of the screen. Create as many as you want appenders (see next step). You can have an appender for every Nexpose log if you want:
Configure Nexpose Logging
In your Nexpose installation, copy the logentries appenders in the console's logging configuration located in /opt/rapid7/nexpose/nsc/conf/logging.xml (near the bottom of the file) and paste them into the user-log-settings.xml file in the same directory. Make sure to replace the ${logentries-*-token} with the actual token from your logentries account that you created above Each appender can have it's own token so they can be tracked using different logs in logentries. Here is an example:
<appender name="le-nsc" class="com.logentries.logback.LogentriesAppender">
<Token>123725d5-10df-4aa7-b683-3e8c71251b2c</Token>
<Debug>False</Debug>
<Ssl>False</Ssl>
<facility>USER</facility>
<encoder>
<pattern>${logFormat}</pattern>
</encoder>
</appender>
Unlock the power of LogEntries
Restart Nexpose and you will see logs flowing into your LogEntries account. Now you can start using all the great features of LogEntries including Live Tail, Saved Queries, Alerts, and Tagging to manage your Nexpose console. Here are some examples:
Initial Log View
This view will appear as soon as you click on the Log Set that you want to view. In my case, "Demo Set" is the log set that I used when creating my account and hooking up Nexpose. From here you can search and filter to find log entries of interest:
Live Tailing
Live Tailing is a great feature that allows you to debug or monitor issues as they are happening:
Creating Tags and Alerts
Tags and alerts allow you to label specific log lines based on regular expressions and also alert if anomalies occur:
Wrap Up
Also check out how to do the same thing with Metasploit Pro in Securing Your Metasploit Logs. I hope you have found this helpful and please share any feedback such as alerts, dashboards, or other useful tips and tricks that you have found when using Nexpose with LogEntries.