jgherbert

Thanks, mfmahler‌. DDoS is indeed a significant consideration for high speed logging as it can in theory make the impact much worse that just the attack itself. I'm not sure there's a right answer other than to have an HSL solution on a given platform that is as low CPU as possible so that even under stress, the CPU isn't…

So to clarify you avoiding coding because you didn't want to stare at code and do documentation, and instead you got involved in networking where you stare at configurations and don't do any documentation? Seriously though, I totally get it; as I said above in my response to jeremymayfield​, I don't want to do that either.…

I'm sorry; I also meant to acknowledge your link at the bottom to the feature request for NPM/Orion so I can tell the answer for those products. I was wondering if you'd had joy with any other products or if this is an area that's lacking across the board.

Agreed, and I think Illumio is a good example of somebody trying to crack this particular nut. Again though, it's most likely going to be one (complex) tier of a larger security architecture.

sparda963​ You only get street cred for creating batch scripts if you also used edlin to do it. Just saying.

Many acronyms, yes; fewer would be nice

tinmann0715, you need to be on commission from the sounds of it! Seriously though, it's clear that what you're doing is very important and will benefit the company hugely, so keep up the good work!

Thanks for the information, @jm_sysadmin! I know you can force types on the variables and convert them as needed, but your examples and explanation are very much appreciated! Part of the problem - and PS is by no means unique here - is the use by some languages of "+" as a concatenation operator for both strings and…

As ever, great comments rschroeder​. You asked "Why wasn't some sort of resource management monitoring tool part of the original package and deployment?" That's an entirely reasonable thing to ask, but I've seen it happen in many places, where there's a management tool in place but it has limited monitoring/performance…

Solarwinds' intuitiveness can still exist even if the underlying data gathering protocol changes though, surely?

Well, if you're going to put all these fancy conditions on it then, um, probably not. *grin*

I see we are going to need somewhere to store all those sandals...

It's only a small step from there to collaborating with your peers, and then where will we be? Enjoy your meal!

*grin* Thank you for saying so (I feel somewhat vindicated now!)

Good point about logs. They are definitely another good source of data, especially for security purposes. Of course, then we can get into the problems with High Speed Logging, which I posted about a couple of weeks back. Either way though, a good source of information for sure.

Simple, at least - and very low cost.

As always, rschroeder​, you make good points. I was thinking about your comments about Bill Gates, and I wondered if perhaps the answer - in part at least - is that if they had the experience we have now, I'd like to think that they'd put security higher on the list. Then I look at almost every product out there and…

I'm totally in agreement. This kind of integration is fundamental to keeping a firm grip on your assets, both virtual and physical.

In fact, maybe when we say DWIT what we are also adding silently is "And Do It The Way I Would Do It." DWITADITWIWDI ? Maybe that;'s why we only say the DWIT part. I agree though. It's like delegating a technical task to a team member; you have to make sure that they fully understand the requirement, the timelines, the…

Maybe that's what should be on my résumé... Scripting Skills: Perl, Go, Python, Sloth, Ruby, (ba|t?c|z)?sh. I get the feeling nobody would notice; it sounds so plausible.

You make a fair point, novasamurai‌, though this is the classic dilemma of proactive visibility (and the ability to go back and see what happened historically) versus ‌reactive, where you turn it on when you have a problem, but may never know what started that problem off because you can't see what you didn't capture. HSL…

"it does however make the monitoring system one of the top talkers through out the network" -- *lol*, I'll bet! ;-) You're right about tactical tool usage for monitoring. When you think there's an issue, it's great to break out a more 'active' tool to get more detail. I'm not sure I would agree that it's "okay for a…

Understood (as I just noted to muwale), and one would have to control DHCP in the environment just as with PXE. You both raise a good issue with any of the ZTD solutions; without configuring a specific (secret) identity on a device, knowing for sure which device is connecting will be a problem. Similarly, without knowing…

It shouldn't? Why not? If something better comes along that is just as simple and universally adopted, why shouldn't it die?

I've been discussing just such a "per device break-glass admin password" with somebody recently, and the management of those passwords looked like it would be a nightmare. We also talked about split passwords (e.g. two parties get half the password each), and just like the safe, it's a huge pain in a crisis. So then we…

Do you have an action plan defined for a team member leaves the company? i.e. do you change the passwords and the KeePass password?

The short answer is "everything" Take as an example, a load balancer. Traffic hits an internet-facing VIP; it gets source-NATted and destination NATted before being sent to the back end server. HSL could log the inbound connection and a session id, then log the server-side connection with the same session id. You'd then…

I hear you about the impediment to replacing SNMP, but I live in hope. :-) SNMP is simple, for sure, maybe to the point of being stupid. We want to use it for way more than it was ever designed for. As an analogy, RIP is a simple routing protocol; why do we not use it every day any more? The protocols we chose instead of…

I think for a lot of engineers (but not all, of course), coding may be just another extension of the logical way they already work. Anyway, if you have managed to handle PHP without gnawing your own leg off, I think you'll do well with Python

Roger that. CMDBs are quite often used just for hardware and software tracking; it's defining those relationships between objects in the CMDB that make all the difference to how helpful it can be. It's one thing to know that a particular service might connect to a particular switch, say, but it's harder to know whether…