Energy Logserver – new level of integration

Energy Logserver, as a tool for managing large amounts of data, will always try to integrate with the largest possible amount of devices and data. We present a new solution that allows you to query Elasticsearch documents from the OP5 Monitor and Nagios level. Saved objects and documents can be used.
Thanks to this, we can obtain even more detailed data and make monitoring of IT infrastructure more consistent and readable.

What’s more, the scripts used for integration are issued under the Apache-2.0 license. We encourage you to use the hope that it will improve the quality of monitoring.

Project details and links below:

This plugin check Elasticsearch query total documents. It is aimed to work with Energy Logserver, OP5 Log Analytics and is supposed to work with opensource Elasticsearch and x-pack.

Dependencies for Centos 7:
# yum install perl-Monitoring-Plugin perl-libwww-perl perl-LWP-Protocol-https perl-JSON perl-String-Escape perl-Data-Dumper

$ ./ -U|--url= -i|--index=
[ -q|--query= ]
[ -S|--search= ]
[ -T|--timerange= ]

Usage examples
Total documents in ‘beats*’ index for latest 24 hours. Latest 24 hours is default time range.

./ -U 'http://user:password@localhost:9200' -i 'beats*'

Execute saved search named protection for latest 15 minutes. By default it checks @timestamp field, you can change it in –timefield option.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m'

As above plus show one latest document.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1

As above plus filter output to selected fields.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1 -f message,timestamp

As above plus limit output fields value to 100 characters.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -S 'protection' -T 'now:now-15m' -D 1 -f message,timestamp -l 100

Execute lucene query.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -q '' -T 'now:now-15m' -D 1 -f message,timestamp

Execute json query. Time range option wouldn’t work. You should define time range in query.

./ -U 'http://user:password@localhost:9200' -i 'beats*' -j -q ' { "size": 0, "query": { "bool": { "must": [ { "query_string": { "query": "task:\"Special Logon\"", "analyze_wildcard": true, "default_field": "*" } }, { "range": { "@timestamp": { "gte": "now-1d/d", "lte": "now/d" } } } ] } } } '

Energy Logserver on SEMAFOR 2020

Energy Logserver on SEMAFOR 2020

Energy Logserver continues the tradition from 2 years ago and this year we will also appear at SEMAFOR as one of the patrons of the event. We invite everyone to take part in our lecture, which will be led by EMCA CEO, Artur Bicki. The topic we will face this year is SIEM from Elasticsearch.

The lecture will be devoted to the issues of building the SIEM platform based on project components around Elasticsearch. Based on the Energy Logserver system, the functionalities of analyzing and handling security events will be presented. On a vivid example, we will present the possibilities of analyzing and correlating events from logs and network traffic, as well as managing detected incidents.
Let's meet on March 19 at 12:10.


SEMAFOR is one of the largest cyber security conferences in Poland. For years it has been a place where the most modern and best solutions in the field of IT security are presented. Participants can not only gain extremely valuable knowledge straight from global experts, but also establish partner and business relationships.

The two-day event will be held in Warsaw on March 19-20. Start at 8 am!

Data leak – over billion people affected (PDL / OXY)

On October 16th 2019 two cybersecurity experts – Bob Diachenko and Vinny Troia discovered unsecured elasticsearch environment. Sadly, this is not unique. Open-Source Elasticsearch does not have security mechanisms on its own and allowing access from Internet is always a bad idea.

Turns out that elaticsearch had huge amount of personalized data indexed, to be precise – 4 terabytes huge. Company who is owning elasticsearch database is unknown, but it seems that gathered data is or were owned by People Data Labs (PDL) company and

Most of the data was unusually valuable, as data was enriched. Meaning that data stored in those indices was previously correlated before from multiple smaller pieces, to create one rich document. That enriched data is then product of information and is sold by companies like PDL and OxyData. Data that was inside documents covers e-mail adresses, phone numbers, personal data, profiles data from LinkedIn and Facebook. To put that in some numbers, data had:

  • PDL
    • 1,2 billion unique data
    • 650 million e-mail adresses
  • OxyData
    • 380 million unique data, mainly from LinkedIn

The question is – how to know if the data is true and up to date? Luckyly PDL offers 1k queries per month free to their database. So such queries were send and actual data received from PDL were 100% accurate with data within elasticsearch indices. Data were the same.

Both of companies, PDL and OxyData, stands that there were no hacking attack, and source of that data was via customers, who bought the data. It’s hard to call hacking or breach, when all you need to do is put in your browser .

Of course adress and port is unavailable right now 🙂

That is the reason why you should never use unsecured elasticsearch for production data processing. It is important to point, that elasticsearch is not to blame for this breach, but  lack of security, such as those which are offered by Energy Logserver.

Energy Logserver enters the Middle East market

Four years after starting the first application, the Energy Logserver gained momentum, which exceeded even our expectations. After summarizing the successes at one of the largest cybersecurity events in Poland, "Semafor", it was confirmed that our product maturity, competing on the global market.

We appeared at one of the largest global cybersecurity and IoT events - Gisec 2019 in Dubai. We presented the latest SIEM and Network Security modules supported by Artificial Intelligence in Energy Logserver.

The well-received Energy Logserver aroused interest of leaders from around the world in the fields of telecommunications, finance, transport and the fuel industry. Thanks to that we were able to connect with new partners and acquire new customers of the Middle East, India and Asia.

Below are some photos from the events.