How to Run LogZilla on EVE-NG for free

Learn how to easily download and install LogZilla in an eve-ng virtual lab

Clayton Dukes, CEO

How to Run LogZilla on EVE-NG for free

Monday, October 05, 2020

LogZilla is a Centralized Log Management (CLM) platform, designed for IT Operations, Security, and Risk Management leaders who want to gain better incident investigation capabilities by capturing all network and security related logs into a single log collection platform without sacrificing speed or budget.

LogZilla is free for anything under 1M Events per day, so an eve-ng lab should come in well under that :)

The EVE-NG PRO platform is the first clientless multivendor network emulation software that empowers network and security professionals with huge opportunities in the networking world, ready for today’s IT-world requirements. It allows enterprises, e-learning providers/centers, individuals and group collaborators to create virtual proof of concepts, solutions and training environments.

LogZilla Template for EVE-NG

Step 1: Download

Download the EVE-NG-logzilla image here

Step 2: Add LogZilla files to EVE-NG

  • Extract the downloaded .tgz:
tar xzvf eve-logzilla.tgz
  • Copy/Move the LogZilla image to your qemu directory:
cp -rp addons/qemu/logzilla-ubuntu-20.04-server /opt/unetlab/addons/qemu/logzilla-ubuntu-20.04-server
  • Copy/move the contents of html to your unetlab directory:
cp -rp html/ /opt/unetlab/html
  • Add the following to your /opt/unetlab/html/includes/custom_templates.yml:
  - name: LogZilla
    listname: 'LogZilla Centralized Log Management Platform'

There’s an example of the final file located at opt/unetlab/html/includes/custom_templates.yml, but if you have customized your /opt/unetlab/html/includes/custom_templates.yml, don’t just copy this one over it!

Lastly, be sure to fix your unetlab permissions:

/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

Step 3: Adding a LogZilla Node

In the eve-ng GUI, add a new node:

The next menu should show LogZilla assuming you did Step 1 properly:

Leave the defaults as they are. LogZilla requires 8 CPU and 8GB ram to run.

NOTE: You can run it with less, but you would have to manually pull down the kickstart script from and edit it

Connect the newly created node to your internet access:

Click Start:

After the icon turns orange, click it to connect to the console:

You should now have a console similar to:

  _                 _______ _ _
 | |               |___  (_) | |
 | |     ___   __ _   / / _| | | __ _
 | |    / _  / _` | / / | | | |/ _` |
 | |___| (_) | (_| |/ /__| | | | (_| |
 |_________/ __, /_____|_|_|_|__,_|
               __/ |
Ubuntu 20.04.1 LTS eve-logzilla ttyS0
Welcome to LogZilla!
Please log in below using the username/password of lzadmin/lzadmin
eve-logzilla login:

Login as lzadmin with a password of lzadmin.

Assuming you have internet access, LogZilla will automatically install.


P.S. I’ve included a small helper script in bin/eve that I use to fix permissions and check IoL images - mostly because I can’t remember the commands :)

It’s optional, but feel free to use it.

Just chmod 755 bin/eve and run it without parameters to get help.

Clayton Dukes

Clayton Dukes


4819 Emperor Boulevard Suite 400
Raleigh, NC,27703

About Clayton

Clayton Dukes leverages over two decades of experience in network systems design, implementation, and management. Early years included designing an open source solution to solve network event management challenges as a Datacenter Lead Engineer at Cisco, which and ultimately led to a later-creation of the LogZilla Network Event Orchestrator platform. Dukes has co-authored the CCIE SP OPS certification and resides in North Carolina.
Tags: Cisco , eve-ng , logzilla , ccie , juniper , duo , checkpoint , sophos , jnccie , security , log management

Real-Time Threat Hunting using Zeek, LogZilla, and Axellio - A DCO_SOSSEC Cyber Talk

Did you miss our last webinar?