Skip to main content
Gå til innhold

Felles logging

Humio is a Log Analytics plattform delivered by Cyber Security Center for Research and Education (eduCSC).

Support Requests

Send an email to kontakt@sikt.no for any request regarding users, repositories, views, etc in Humio.

Web Console

Our Humio instance is available for all Sikt employees that need to analyse logs for their servies. It uses Feide for login. A user must be created for you before you can log in.

Humio Documentation

Some of the main concepts in Humio is described in this section. See the official docs for more in-depth information.

Repository

A Repository is a way of organizing data storage in Humio. Within Humio, each repository has its own set of users, dashboards, saved queries, and parsers.

The Sandbox Repository

In Humio there is by default a Sandbox repository for testing data, executing queries, and testing new features of the Humio software.

Views

There may be a situation in which you want a subset of a repository. This is basically a view. You might want it as a security measure, limiting some users to certain data. It could also be a way to focus on relevant areas of the data.

Ingest Token

Ingest Tokens are used for authorization when sending data to Humio. Ingest token have limited API access and cannot e.g. be used to read repository settings or execute queries.

A repository can have multiple ingest tokens, each with their own parser assigned.

Configuring log Shipping

Puppet managed servers

For Puppet managed servers we have a module (pmodule_filebeat) that is configured to ship all system logs to Humio by default. This is sent to a repository which Platon and internal security have access.

pmodule_filebeat can also be used to ship other logs as it can be set-up multiple times for a server with different configs.

A view can be created here for those teams that would like access to the logs for their servers.

Kubernetes

Our Kubernetes clusters run Vector for shipping logs to Humio. The current default is not to log to Humio for a given Kubernetes Namespace. By request logging can be enabled for one or more Namespaces to a dedicated Repository in Humio.

You can also view logs with the kubectl logs command.