Energy Logserver – new level of integration

Energy Logserver, as a tool for managing large amounts of data, will always try to integrate with the largest possible amount of devices and data. We present a new solution that allows you to query Elasticsearch documents from the OP5 Monitor and Nagios level. Saved objects and documents can be used.
Thanks to this, we can obtain even more detailed data and make monitoring of IT infrastructure more consistent and readable.

What’s more, the scripts used for integration are issued under the Apache-2.0 license. We encourage you to use the hope that it will improve the quality of monitoring.

Project details and links below:

This plugin check Elasticsearch query total documents. It is aimed to work with Energy Logserver, OP5 Log Analytics and is supposed to work with opensource Elasticsearch and x-pack.

Dependencies for Centos 7:
# yum install perl-Monitoring-Plugin perl-libwww-perl perl-LWP-Protocol-https perl-JSON perl-String-Escape perl-Data-Dumper

$ ./ -U|--url= -i|--index=
[ -q|--query= ]
[ -S|--search= ]
[ -T|--timerange= ]

Usage examples
Total documents in ‘beats*’ index for latest 24 hours. Latest 24 hours is default time range.

./ -U 'http://user:password@localhost:9200' -i 'beats*'

Execute saved search named protection for latest 15 minutes. By default it checks @timestamp field, you can change it in –timefield option.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m'

As above plus show one latest document.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1

As above plus filter output to selected fields.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1 -f message,timestamp

As above plus limit output fields value to 100 characters.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1 -f message,timestamp -l 100

Execute lucene query.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -q '' -T 'now:now-15m' -D 1 -f message,timestamp

Execute json query. Time range option wouldn’t work. You should define time range in query.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -j -q ' { "size": 0, "query": { "bool": { "must": [ { "query_string": { "query": "task:\"Special Logon\"", "analyze_wildcard": true, "default_field": "*" } }, { "range": { "@timestamp": { "gte": "now-1d/d", "lte": "now/d" } } } ] } } } '

Energy Logserver major release 7.x

Energy Logserver major release 7.x

The latest Energy Logserver major release is now available. Most important change is that from now on Energy Logserver is based on version 7.3.2 Elasticsearch and Kibana.

We've also added new module - XLSX Import, which allows to import into Energy Logserver any csv or xlsx format file with data directly from GUI. Additional options cover creation of new index with custom mapping based on data in file.

We've also by default added curator into installation package for index management, along with custom icons for modules.

Read more in changelog below or at:

  • migrated features from branch 6 [ latest:6.1.8 ]
  • XLSX import [kibana]
  • curator added to /usr/share/kibana/curator
  • node_modules updated! [kibana]
  • elasticsearch upgraded to 7.3.2
  • kibana upgraded to 7.3.2
  • dedicated icons for all kibana modules
  • eui as default framework for login,raports
  • bugfix: alerts type description fix

Energy Logserver on SEMAFOR 2020

Energy Logserver on SEMAFOR 2020

Energy Logserver continues the tradition from 2 years ago and this year we will also appear at SEMAFOR as one of the patrons of the event. We invite everyone to take part in our lecture, which will be led by EMCA CEO, Artur Bicki. The topic we will face this year is SIEM from Elasticsearch.

The lecture will be devoted to the issues of building the SIEM platform based on project components around Elasticsearch. Based on the Energy Logserver system, the functionalities of analyzing and handling security events will be presented. On a vivid example, we will present the possibilities of analyzing and correlating events from logs and network traffic, as well as managing detected incidents.
Let's meet on March 19 at 12:10.


SEMAFOR is one of the largest cyber security conferences in Poland. For years it has been a place where the most modern and best solutions in the field of IT security are presented. Participants can not only gain extremely valuable knowledge straight from global experts, but also establish partner and business relationships.

The two-day event will be held in Warsaw on March 19-20. Start at 8 am!

6.1.8 New version Energy Logserver!

6.1.8 New version Energy Logserver

The latest Energy Logserver update introduces improvements to existing mechanisms, but adds a number of new tools.
Fully compatible with version 6.x elasticsearch, Energy Logserver introduces, among others:
Logtrail - a tool for analyzing and reading service logs straight from system files that are updated on a regular basis. Clear interface with code coloring and search highlighting.
Cerebro - a graphical interface for working with api elasticsearch without logging in to the system console, available from the browser level.
IP Reputation - a mechanism for verifying IP addressing in IP reputation databases, supporting in the analysis of network traffic. The databases are automatically updated.
A collection of improved and new visualizations and dashboards, available to the user.

Version 6.1.8

Enhancements in Netflow support
Logtrail feature for covering all system components logs [kibana]
Cerebro Management tool support [kibana]
Automation for Bad IP reputation lists
Default Role integrated dynamically when working with AD accounts [elasticsearch-auth]
Explained additional logging class for elasticsearch in log4j
Detailed restore process of functional indexes [elasticsearch-auth]
AD/LDAP/SSO API - new endpoint /role-mapping/_reload [elasticsearch-auth]
License API - new endpoint /license/_reload [elasticsearch-auth]
Better radius integration with NAS-Identifier and NAS-IP-Address [elasticsearch-auth]
Skimmer components updated to 1.0.8
Backup script updated - utils/
Java environment updated to branch v11
Network graph/corellation - new vizualization type [kibana]


bugfix: CSV Export not working due to wrong binary definition
bugfix: Error when trying to delete alert rule with an apostrophe in the name
bugfix: Reading of configuration variables in the Config tab [kibana]

Data leak – over billion people affected (PDL / OXY)

On October 16th 2019 two cybersecurity experts – Bob Diachenko and Vinny Troia discovered unsecured elasticsearch environment. Sadly, this is not unique. Open-Source Elasticsearch does not have security mechanisms on its own and allowing access from Internet is always a bad idea.

Turns out that elaticsearch had huge amount of personalized data indexed, to be precise – 4 terabytes huge. Company who is owning elasticsearch database is unknown, but it seems that gathered data is or were owned by People Data Labs (PDL) company and

Most of the data was unusually valuable, as data was enriched. Meaning that data stored in those indices was previously correlated before from multiple smaller pieces, to create one rich document. That enriched data is then product of information and is sold by companies like PDL and OxyData. Data that was inside documents covers e-mail adresses, phone numbers, personal data, profiles data from LinkedIn and Facebook. To put that in some numbers, data had:

  • PDL
    • 1,2 billion unique data
    • 650 million e-mail adresses
  • OxyData
    • 380 million unique data, mainly from LinkedIn

The question is – how to know if the data is true and up to date? Luckyly PDL offers 1k queries per month free to their database. So such queries were send and actual data received from PDL were 100% accurate with data within elasticsearch indices. Data were the same.

Both of companies, PDL and OxyData, stands that there were no hacking attack, and source of that data was via customers, who bought the data. It’s hard to call hacking or breach, when all you need to do is put in your browser .

Of course adress and port is unavailable right now 🙂

That is the reason why you should never use unsecured elasticsearch for production data processing. It is important to point, that elasticsearch is not to blame for this breach, but  lack of security, such as those which are offered by Energy Logserver.

Energy Logserver enters the Middle East market

Four years after starting the first application, the Energy Logserver gained momentum, which exceeded even our expectations. After summarizing the successes at one of the largest cybersecurity events in Poland, "Semafor", it was confirmed that our product maturity, competing on the global market.

We appeared at one of the largest global cybersecurity and IoT events - Gisec 2019 in Dubai. We presented the latest SIEM and Network Security modules supported by Artificial Intelligence in Energy Logserver.

The well-received Energy Logserver aroused interest of leaders from around the world in the fields of telecommunications, finance, transport and the fuel industry. Thanks to that we were able to connect with new partners and acquire new customers of the Middle East, India and Asia.

Below are some photos from the events.


Energy Logserver on Confidence 2019!

Confidence is one of the largest conferences in Europe devoted to IT security. In 2019, the 18th edition took place! We couldn't miss it.

As a platinum conference partner, we have appeared to present the Energy Logserver new functionalities to the world in SIEM area.

To our delight, the Energy Loggerver stand enjoyed great interest, thanks to which we established new, great acquaintances and we could present the system's functionalities even closer.

At the full auditorium, one of our experts conducted a lecture on the construction of the SIEM system according to the unique needs and systems of the client. The presentation is available at this link.