Apply SSL certificates to LogRhythm Web UI / Console


  • Windows Certificate already generated
  • OpenSSL for Windows available Download
  • Working Directory is set to C:\CertWork
  • Copy OpenSSL to the Working Directory.

Export the Windows certifcate you generated to the Working Directory.

  • Export with Private Key, enter a password, this will be stripped off in a later step as LogRhythm does not support a password protected cert.
  • Export as PKCS #12 and make sure “Include all certificates in the certification path if possible” is checked.
  • Name the exported file my_cert.pfx

    Extract the certficate and key from the PFX file with OpenSSL.

    Open a command prompt and execute the following commands from the Working Directory

  • openssl pkcs12 -in my_cert.pfx -nocerts -out private_key.pem -nodes

  • openssl pkcs12 -in my_cert.pfx -nokeys -out public_key.pem

  • openssl rsa -in private_key.pem -out raw.key

    Open the LogRhythm Configuration Manager on your Web UI/Console system and insert the certs.

  • Under the “SSL Public Key” section, click Choose File and open C:\CertWork\public_key.pem

  • Under the “SSL Private Key” section, click Choose File and open C:\CertWork\private_key.pem

  • Click Save.

    Restart the LogRhythm Web Console UI service.

Save the generated files and PFX file someplace for safekeeping.

Philips - 'Carousel' still cool after 10 years

I was going through cleaning out my bookmarks and noticed a link to an ad created for Philips to promote their Cinema 21:9 LCD TVs. Even after 10 years, ‘Carousel’ is still on my list of cool.

Stink Studios’ Carousel project site

Philips - ‘Carousel’ (720p)

Wikipedia article

Install pyenv on MacOS 10.14.3

I’m a big fan of pyenv, a slick way to manage Python on UNIX or Linux systems. It can be installed on MacOS systems, but it’s not quite as straight-forward.


  1. Install homebrew
  2. brew install readline xz
  3. Download and install the latest CommandLineTools from the Apple Developer site.


  1. homebrew install pyenv
  2. CFLAGS="-I$(xcrun --show-sdk-path)/usr/include" pyenv install -v 3.7.1
  3. pip install --upgrade pip

In step #2, substitute 3.7.1 for whatever version of Python you wish to install with pyenv.

Mikrotik Packet Sniffer to Security Onion

You’ll need tzsp2pcap, git, and some development libraries.

Configure on Mikrotik Router

  1. Winbox > Tools > Packet Sniffer.
  2. Enable Streaming server (insert IP address of your Security Onion Management interface)
  3. Enable Filter Stream.
  4. Ensure interfaces are selected that you want to “tap”.
  5. Start the packet sniffer.

Configure on Security Onion

  1. sudo ufw allow 37008
  2. sudo apt install git build-essential libpcap0.8-dev
  3. git clone h[tt]ps://
  4. make
  5. sudo cp tzsp2pcap /usr/local/bin
  6. sudo tzsp2pcap -vv -f | sudo tcpreplay --topspeed -i <capture interface> -

You will now be capturing traffic from your selected Mikrotik interfaces and dumping it to your Security Onion capture interface.

An excellent use case for this is monitoring your wireless network (if using a combination wireless and wired router) or other interfaces such as PPoE or VPN tunnels that might not otherwise be tapped without additional hardware.

Note that this can have severe impact to the performance of your Mikrotik device. The more interfaces you choose to sniff, the more processing overhead when those interfaces become loaded with traffic. As an example, a Mikrotik RB2011 loaded with 50Mbit of ethernet traffic from a total of three sniffed interfaces maxed the CPU (“overlocked” to 750MHz) at 100% and started severly impacting other services running on the device.

Fixing Security Onion Kibana Index Pattern Errors

I had been struggling with Index Pattern issues after updating Security Onion. After logging into Kibana you are greeted with the following:

In order to visualize and explore data in Kibana, you'll need to create an index pattern to retrieve data from ElasticSearch.

I was also experiencing ElasticSearch stability issues; it often had a status (sudo so-status) of FAILED when trying to troubleshoot the indexing issues.

What I ended up doing is resetting Elastic, and reconfiguring the dashboards.

  1. sudo so-elastic-reset
  2. sudo so-elastic-configure-kibana-dashboards
  3. You may need to set *:logstash-* as the default index.

Note this is the nuclear option, but it does get the job done.

Caracal CAR816 A2 Impressions

The Facts

Enter the CAR816A2. I’ll skip the history lesson, instead watch an informative Youtube video by Small Arms Solutions to get educated.

Highlights that set this apart from your average AR style rifle

  • Piston-driven
  • Manufactured for Caracal USA in New Hampshire by Wilcox
  • Passed NATO testing standards
  • OTB safety feature in the barrel extension
  • Powder-filled buffer
  • Anti-tilt carrier with sand cuts
  • Spring-loaded pin (in lower) to keep tension between lower and upper

Opening the box you receive a number of items in addition to the rifle itself:

  • OTIS cleaning kit
  • Two-point sling
  • Lock
  • Instruction Manual
  • Lancer AWM L5 30 round magazine

The OTIS cleaning kit is nice. It includes everything you need to maintain the rifle from a cleaning and lubrication perspective in a nice portable package.

The sling is less impressive but functional. This sling has QD sling attachments, both of which are noticeably thinner than Daniel Defense or Magpul equivalents. The strap material is acceptable.

Upon inspection of the rifle it was immediately obvious it is well made. The rifle was well oiled from the factory, including grease on the safety selector, buffer tube, and buffer spring. For comparison, the fit-and-finish rivalled a factory-new Daniel Defense M4V5.

The bolt carrier and inside of the upper was wiped down and lubricated with LSA (Lubricating Oil, Semi-Fluid) prior to taking to the range.

The First Few Rounds

175 rounds were put through the rifle; a mix of steel 62gr Wolf .223 and brass Federal .223 55gr. Weather was intermittent rain and cold (approximately 36F), with no wind.

Initially there were several failure-to-feeds with the Wolf .223. After firing a round, the bolt would completely slide over the next round without extracting it from the magazine. Recharging the rifle would fix it until the next failure-to-feed.

The gas setting was changed to adverse which fixed the issue for 20 rounds, afterwhich the problem returned. I was handed a spare Magpul PMAG M3 magazine which proved reliable for the remainder of the shooting session, even when changing the gas setting back to standard.

The brass Federal ammunication did not cause a problem during the shooting session, even when used with the Lancer magazine.

Interestingly the rifle did not require sighting in. The iron sights were on the money out-of-the-box and hits to a 12” target at 110 yards were immediately possible. Nice.

Recoil was slightly more than a carbine-length direct impingment gun, nothing that would cause you to change the way you shoot.

In closing

Obviously 175 rounds isn’t enough rounds to make any reasonable determination of reliability, but I doubt I’ll be reaching the round counts needed to pass NATO testing anytime soon. Between that and the combined pedigree of the designers, I’m confident in the rifle.

Something that I would like to see from Caracal is an extended handguard option. The included handguard works, but it is short. The current length is perfect for the 11” upper, but we’re missing out on several inches of real-estate with a 16” barrel. Food for thought.

OnlyKey Thoughts

I’ve been using OnlyKey for nearly two years, starting with the “first” generation model (no RGB led, shown in photo) and currently with two “second” generation models (RGB led).

Both models have been used heavily on a daily basis. One model by a non-technical user configured as a simple gate to LastPass.


Instead of remembering a password or passphrase, you just need a pin code or remember a pattern. This allows you to extend the idea of password managers to a physical key, which can further increase the security of your password manager.

Works as a USB keyboard. I like this feature as it lets me enter passwords quickly in situations that would otherwise require a work-around (nested RDP sessions as an example).

Multiple two-factor options supported. I use OTP and U2F daily without issue.

Durability. One of the concerns I had is the pads tarnishing. This would indicate which pads were used in a pin sequence, greatly reducing the amount of guesses needed for brute-forcing a pin. Fortunately this has not proved to be a problem even after hundreds or thousands of button presses over the past few years. The backside of the hardware key is wearing to show some copper underneath the resin board, however this hasn’t caused any problems.

Support. The developer has been continually improving the device and software since I’ve been using it. Software development is slow, but this has been put together by a very small team and I’m betting this isn’t their full-time job.


Speaking of brute-forcing a pin; one of the downsides to the device–that I’m not sure can be overcome without non-volatile memory on the device–is that the lockout feature/protection is useless. You can reset the tries indefinitely by removing the device from the USB slot and re-inserting, which effectively resets the amount of tries. Time consuming, but a weakness nevertheless.

Configuration is difficult, especially for non-technical users. This has gotten better as the software (Chrome App) is improved. Recent changes include firmware updates from the application instead of requiring command-line knowledge.

Configuration more or less requires Google Chrome. This might dissuade some users who are dead set on using other browsers such as Firefox.

OTP functionality requires the OnlyKey Chrome App be on with some exceptions (such as once it’s set, you don’t have to do it again as long as the hardware remains plugged into a powered-on system). Until the hardware includes an on-board clock with memory this will always be a requirement.


I highly recommend these devices for technical users. I’d get two and keep a backup within short driving distance if using for work-related or otherwise critical duties.

I’d recommend these for non-technical users in conjunction with a password manager such as Lastpass. Once you have them setup with a pin and they understand the simple repeatable workflow, they should be set.

Portable Python on Windows

Portable Python on Windows

This has come in handy for situations where I’ve been unable to install software, but could execute portable software.

  1. Download the latest Python Windows Embedded from
  2. Extract the ZIP file someplace.
  3. Download the latest VC++ Redistributable from Microsoft. Install if needed.
  4. Download from
  5. Uncomment #import site from python37._pth
  6. Execute python
  7. Add Python to the PATH as desired.

You now have a portable Python interpreter for Windows.

Installing Packages with Portable pip

Assuming you are in the root directory you extracted Python to:

.\Scripts\pip install <package>