// chris johnsonField notes on cybersecurity, AI-assisted development, infrastructure, and the craft of shipping things that actually work.
Get a weekly email with what I learned, summaries of new posts, and direct links. No spam, unsubscribe anytime.
Part 1 of a 2-part series on replacing the Mission Control Dashboard's SQLite-only event store with a Vector + ClickHouse log-lake on a Mac mini. This post covers the use case, the reasoning behind going custom instead of off-the-shelf, the three ingestion patterns, and the ClickHouse engine choices. Part 2 covers the implementation phases and the gotchas that almost shipped.
Why a security engineer running a small home network picked Wazuh over Splunk, Elastic, and Graylog, what hardware caught the job, and the 29-task implementation plan that went through 5 patches before a single playbook ran against the target server.