-
Re: When Is a Log and Event System Like a Cathedral?
mdriskellMay 29, 2013 7:22 AM (in response to Mrs. Y.)
Measure twice cut once....it's all in the design and build out. There will always be changes and needs to tweak and "Re-design" aspects of it.
-
Re: When Is a Log and Event System Like a Cathedral?
matt.matheus May 29, 2013 10:36 AM (in response to Mrs. Y.)When a cathedral is being built over the course of several centuries, the building's requirements are likely to change. Additions and adjustments are being made even while the building is still under construction from the original design. I think this is the same way a log and event system works. Requirements are added over the course of the system's lifespan in such a way that the system is completely different from what it was originally intended to be. Flexibility is so important, especially as security or monitoring requirements change, and a logging / event system can only be as good as its ability to adapt.
-
Re: When Is a Log and Event System Like a Cathedral?
mikegrocket May 29, 2013 11:44 AM (in response to Mrs. Y.)A little while back, there was a discussion about firewall rules and the need to monitor, audit, or update occasionally. I think the same applies here. Yes, things change and updates are needed. Our industry as a whole is in continual change, adapting to the needs of the customer, so why is so far fetched to think we would need to adapt our individual networks and systems?
-
Re: When Is a Log and Event System Like a Cathedral?
Aforsythe May 29, 2013 1:03 PM (in response to Mrs. Y.)I don't think you can look at log correlation and event management systems, or network / infrastructure management systems in terms of complete/incomplete ever. So the answer to "when are they like a cathedral" would be never.
I think really the only way to look at these systems are in terms of up-to-date vs. Not up-to-date and effective vs. ineffective. And both of those measurement concepts are completely relative and open to interpretation. What I consider effective may be considered completely useless by someone else, it really depends on what I mean to accomplish with the system and whether or not I'm accomplishing it.
-
Re: When Is a Log and Event System Like a Cathedral?
Andy McBride May 29, 2013 3:05 PM (in response to Mrs. Y.)Great blog entry!
-
Re: When Is a Log and Event System Like a Cathedral?
byronaMay 29, 2013 11:45 PM (in response to Mrs. Y.)
I have to agree with Aforsythe. I think one of the large problems with log and event management systems is unrealistic expectations and/or bad project management. To quote Stephen Covey "you need to begin with the end in mind". Basic project management means creating a project scope with reasonable expectations and goals. Then select a log and event management system that can meet those goals; once they are met the project is complete and successful. As requirements in the future change you can make the necessary changes to the system to meet those needs. Like any system a log and event management system will require some care and feeding and that should be expected but that isn't the same as a project that is never completed.
-
Re: When Is a Log and Event System Like a Cathedral?
Webbster May 30, 2013 9:46 AM (in response to Mrs. Y.)I believe that Acy Forsythe summed it up nicely in his reply, you have to rely on your own interpretation in order be satisfied with your results.
-
Re: When Is a Log and Event System Like a Cathedral?
avnishb May 30, 2013 10:08 AM (in response to Mrs. Y.)We recently installed Splunk to manage all our logs and events for the enterprise. It took almost six months to get to a point where we could start using it for some deeper levels of analysis and operational intelligence by combining various machine data and logs. It is a continuous process to keep this system valid because of the constant changes in the infrastructure and can never claim that is task is over.
-
Re: When Is a Log and Event System Like a Cathedral?
wanine39 Nov 1, 2013 4:35 PM (in response to avnishb)how do you like it?
i keep gettings calls from them
how does it compare to LEM?. As my new LEM licenses will not work and support does not have a soln after two weeks, i need to know if i should stay with LEm or go to Splunk for their tool
-
-
Re: When Is a Log and Event System Like a Cathedral?
nicole paulsMay 30, 2013 10:52 AM (in response to Mrs. Y.)
Monitoring is never a "set it and forget it" type of thing, logs are definitely no exception. It's cool to have all (some, most) of your data in one place, but even after you get past the first "now what?" there's a constant "oh, I wish I would have automated that" and "oh, a new log source" and "oh, new devices" that you are always building, building, building.
So I guess after you build that cathedral, you have to keep up with repairs, remodel the interior, and handle the constant influx of new people.
-
Re: When Is a Log and Event System Like a Cathedral?
byronaMay 30, 2013 11:02 AM (in response to nicole pauls)
Way to roll with the analogy!
-
-
Re: When Is a Log and Event System Like a Cathedral?
jswiss8608 May 31, 2013 8:13 AM (in response to Mrs. Y.)I think alot of things in IT designs that are like that. They always need tweaked, checked upon, etc. There are not very many "set it and forget it" processes in IT. Great post. Definitely makes you think.
-
Re: When Is a Log and Event System Like a Cathedral?
michael2907 May 31, 2013 10:55 AM (in response to Mrs. Y.)That just goes to show that if you don't put the necessary effort into the planning stages, your project will fall apart before it's even begun
-
Re: When Is a Log and Event System Like a Cathedral?
rharland2012Jun 3, 2013 7:27 AM (in response to Mrs. Y.)
"Organizations don't have the money of an Italian Renaissance prince and can ill afford to pay heaps of cash into something that simply fades away into the dust of time."
I don't know about you, but I see organizations do this all the time.