LogZilla NEO lets you collect, enrich, transform, automate, analyze, and archive syslog messages, text files, web hooks, and SNMP traps to take automated actions on suspicious or damaging events.

LogZilla is free for anything under 500k Events per day, so an eve-ng lab should come in well under that :)

The EVE-NG PRO platform is the first client-less multi vendor network emulation software that empowers network and security professionals with huge opportunities in the networking world, ready for today’s IT-world requirements. It allows enterprises, e-learning providers/centers, individuals and group collaborators to create virtual proof of concepts, solutions and training environments.

LogZilla Template for EVE-NG

Step 1: Download

wget 'https://logzilla.sh/eve-logzilla.tgz'

Step 2: Add LogZilla files to EVE-NG

  • Extract the downloaded .tgz:
tar xzvf eve-logzilla.tgz
  • Copy/Move the LogZilla image to your qemu directory:
cp -rp addons/qemu/logzilla-ubuntu-22.04-server /opt/unetlab/addons/qemu/logzilla-ubuntu-22.04-server
  • Copy/move the contents of html to your unetlab directory:
cp -rpi html/ /opt/unetlab/html
  • Add the following to your /opt/unetlab/html/includes/custom_templates.yml:

name: LogZilla
listname: 'LogZilla Centralized Log Management Platform'

There’s an example of the final file located at /opt/unetlab/html/includes/custom_templates.yml, but if you have customized your don’t just copy this one over it!

Lastly, be sure to fix your unetlab permissions:

/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Step 3: Adding a LogZilla Node

In the eve-ng GUI, add a new node:



The next menu should show LogZilla assuming you did Step 1 properly:



Leave the defaults as they are. LogZilla requires 8 CPU and 8GB ram to run.

NOTE: You can run it with less, but you would have to manually pull down the kickstart script from https://logzilla.sh and edit it

Connect the newly created node to your internet access:



Click Start:



After the icon turns orange, click it to connect to the console:



You should now have a console similar to:


Ubuntu 22.04.1 LTS eve-logzilla ttyS0
Welcome to LogZilla!
Please log in below using the username/password of lzadmin/lzadmin
eve-logzilla login:
Login as lzadmin with a password of lzadmin.

Assuming you have internet access, LogZilla will automatically install.

ENJOY!

P.S. I’ve included a small helper script in bin/eve that I use to fix permissions and check IoL images - mostly because I can’t remember the commands :)

It’s optional, but feel free to use it.

Just chmod 755 bin/eve and run it without parameters to get help.

LogZilla's CCIE Lab

LogZilla's CCIE Lab
Posted 
September 28, 2022
 in 
LogZilla University
 category

Clayton Dukes

View Posts

Post Tags:

Cisco
eve-ng
LogZilla
ccie
juniper
duo
checkpoint
sophos
JNCIE
Security

More from the

LogZilla University

 category

View All
This is some text inside of a div block.
This is some text inside of a div block.
Syslog Essentials
8
 min read
This is some text inside of a div block.
This is some text inside of a div block.
How to Run LogZilla on EVE-NG for free
5
 min read
This is some text inside of a div block.
This is some text inside of a div block.
LogZilla Dashboard in 3 minutes
8
 min read
This is some text inside of a div block.
This is some text inside of a div block.
NetOps and the Holy Grail
5
 min read