About LogZilla NEO
LogZilla NEO is an innovative platform designed to collect, enrich, transform, automate, and analyze various types of data inputs, including syslog messages, text files, webhooks, and SNMP traps. By processing these inputs, LogZilla NEO empowers users to take automated actions on events that may be suspicious or potentially damaging. With a generous free tier allowing for up to 500k Events per day, LogZilla NEO is both accessible and powerful, making it an ideal solution for a wide range of applications.
Understanding EVE-NG PRO Platform
EVE-NG PRO is a groundbreaking client-less multi-vendor network emulation software that stands at the forefront of the networking world. With a keen focus on the current requirements of the IT industry, it serves multiple audiences:
- Enterprises: For creating virtual proof-of-concepts and testing network solutions in a risk-free environment.
- E-learning Providers/Centers: Offering a versatile platform for practical hands-on training.
- Individuals and Group Collaborators: Enabling the creation and sharing of virtual training environments and scenarios.
The platform’s distinguishing feature is its ability to allow multiple users to collaborate, design, and emulate network topologies without the need for any client software.
Installation and Setup
LogZilla Template for EVE-NG
To utilize LogZilla NEO within the EVE-NG PRO environment, specific steps are required. Follow the subsequent guidelines to ensure a seamless integration:
Downloading and Extracting the Necessary Files
Initiate the download using the command:
wget 'https://logzilla.sh/eve-logzilla.tgz'
Upon completion of the download, extract the contents of the .tgz file with:
tar xzvf eve-logzilla.tgz -C /
Set Permissions
To avoid potential issues, permissions should be fixed using the command:
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions
Deployment on EVE-NG
Adding a LogZilla Node
To maximize the benefits of LogZilla NEO within the EVE-NG PRO environment, you must successfully add a LogZilla node. Here's a step-by-step guide:
- Launch the EVE-NG GUI: Access the main interface of EVE-NG PRO.
- Initiate Node Creation: Choose the option to add a new node. This will open up a selection menu.
- Select LogZilla: If you've followed the setup process correctly, you should now see the LogZilla option in the menu.
Configuring Node Specifications
- Adjust Settings: While the default settings are usually ok, it's essential to understand them. LogZilla typically requires 8 CPU and 8GB RAM for minimal lab performance.
- Note: Although it's possible to run with reduced resources, adjustments are necessary. In such cases, manually retrieve the kickstart script from https://logzilla.sh and make the necessary edits.
- Connection to the Internet: Once you've added the node, the next step is to establish an internet connection. This connection ensures the node can communicate and retrieve any necessary updates or configurations.
- Node Initialization: Click the 'Start' option. You'll notice the node icon will change in color to orange, signifying it's in the process of booting up.
- Access the Console: After the node has been initialized, click on the icon. This action will connect you to the console interface.
Initiating and Accessing the LogZilla Node Console
When accessing the console for the first time, users will encounter a greeting interface. for example:
Ubuntu 22.04.1 LTS eve-logzilla ttyS0
Welcome to LogZilla!
Please log in below using the username/password of lzadmin/lzadmin
eve-logzilla login:
For the initial login, use the credentials:
- Username: lzadmin
- Password: lzadmin
Upon successful login and provided the node has internet access, LogZilla will commence the automatic installation.
Tips and Best Practices with LogZilla on EVE-NG
System Requirements
Before setting up LogZilla on EVE-NG, ensure you meet the recommended system requirements:
- Processor (CPU): At least 8 cores for smaller labs running LogZilla.
- Memory (RAM): Minimum 8GB. This provides decent performance in smaller lab environments.
Achieving Smooth Integration
- File Permissions: Ensure that you have the correct permissions for all your LogZilla and EVE-NG files.
- Monitor Resources: Regularly monitor the resources (CPU, RAM, and storage) utilized by LogZilla on EVE-NG. If you notice any performance degradation, consider optimizing or allocating more resources.
- Updates: Keep both your LogZilla and EVE-NG platforms updated. New updates often come with performance improvements, new features, and bug fixes.
Troubleshooting Tips
- Start Simple: If you encounter issues, start by checking the basics. Ensure that your node is connected to the internet and that all configurations are correctly set.
- LogZilla UI Unavailable: Should the UI not start, check the LogZilla console to make sure all containers have started. In Lab environments on Eve-NG, your disks may be too slow, causing the containers to time out. In this case, simply running `sudo logzilla start` or `sudo logzilla restart` should fix it.
- Logs are Key: In case of any operational issues, always refer to /var/log/logzilla/logzilla.log. This log will provide valuable insights into the root cause of problems and help in finding a solution.
- Consult the docs: LogZilla docs are available in the UI itself under "Help" and also available online at https://docs.logzilla.net