IT Infrastructure health checkup



  • Anyone doing this, as in audit a current setup and advise on the health status of the servers, be it be Exchange server/SharePoint/Active Directory?

    I assume the starting point would be Best Practice Analyzer? Any other tools that can give a nice report after the audit.



  • I will be interested to see some answers to this.



  • Agreed - I'm more interested in a topic that will tell us what tools are good for this versus some vendor just saying - yeah we do that.



  • This is the second time since yesterday I am posting in the wrong section.

    Mods, can someone please move this to IT?

    Sorry!


  • Banned

    Well we do that 🙂

    https://darait.co.uk/network-auditing/

    On a TLDR level, how it works is like this.

    Find out what services you are there to audit, if you don't need to check their mail server, don't touch it. Create a clear scope of what to investigate and check.

    Then, you either use tools or check it manually, so if it's a mail server.

    Is there a backup SMTP service for mailing out in place?
    Are we monitoring blacklists?
    Health of the Exchange server as a whole? the DB? Number of accounts?
    Exchange Cals in order? Y/N

    Once the results are in, explain it to the decision makers, have the conversation with the people who need to know.

    Then, what are you going to do about it? What is the action plan?


  • Banned

    There are SOOOOO many different things you could possibly audit and check on, and the tools to do that are changing all the time.

    Come up with a wish list of areas you would like to audit and I'll put together a list for you.



  • Exchange
    AD
    Switches/network



  • We do this quarterly as well as required permissions checks and stuff. We monitor normally with OpManager and sometimes the BPA tool. For Audit we use a number of tools including AD Permission Reporter, AD Info, AD Photo Edit, AD Tidy, NTFS Premissions reporter, Service Credentials Reporter. For the permissions reports they are given to the department heads and they are required to sign off on them.



  • Performance / Capacity Planning checking is good too. As well as log scouring.



  • @scottalanmiller said:

    Performance / Capacity Planning checking is good too. As well as log scouring.

    What do you use for log scouring, or do you do it manually?



  • @Dashrender said:

    @scottalanmiller said:

    Performance / Capacity Planning checking is good too. As well as log scouring.

    What do you use for log scouring, or do you do it manually?

    Depends. At a customer who has no log infrastructure, manually.



  • @Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.

    Edit: manually; lift pizza to face with left hand, mouse wheel scroll and coke in right.



  • @MattSpeller said:

    @Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.

    Monthly? I ain't nobody got time for going through logs manually every month. I think you could save a lot of money in man hours by automating it.



  • @thecreativeone91 it's an afternoon for 3 people & good excuse to talk about issues and potential solutions far less formally than weekly meetings



  • @MattSpeller Probably far more productive too since things are not formal.



  • @MattSpeller said:

    @Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.

    Edit: manually; lift pizza to face with left hand, mouse wheel scroll and coke in right.

    Would be a good idea to set up an ELK loggin infrastructure so you can see all o fthe issues in one place while exercising your arms.



  • @thecreativeone91 said:

    @MattSpeller said:

    @Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.

    Monthly? I ain't nobody got time for going through logs manually every month. I think you could save a lot of money in man hours by automating it.

    Of course, if doing monthly. When you are doing it internally, I think log management is a must. ELK, Splunk, Loggly, whatever. If it is a client that refuses log management, manual might be a requirement.



  • @dafyre said:

    @MattSpeller said:

    @Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.

    Edit: manually; lift pizza to face with left hand, mouse wheel scroll and coke in right.

    Would be a good idea to set up an ELK loggin infrastructure so you can see all o fthe issues in one place while exercising your arms.

    If you aren't ready to manage ELK, Loggly is low cost and very nice. I like the product and the team. Good people.



  • While on this topic... what are some good tools for getting Windows Event Logs into something like ELK?



  • @dafyre said:

    While on this topic... what are some good tools for getting Windows Event Logs into something like ELK?

    http://nxlog.org/



  • @coliver Thanks. That one looks pretty slick.



  • @dafyre said:

    @coliver Thanks. That one looks pretty slick.

    I've been trying to get it working for a bit. I really like the Kibana interface I just need to get NXLog and Logstash working together.



  • Lets assume this is a one time job for a client, I would assume the tools would be:

    BPA for the corresponding MS product
    Lynis for Linux security Audit
    For exchange, points mentioned by @Breffni-Potter
    AD- tools suggested by @thecreativeone91
    OpenVAS or Nexpose or Nessus or GFI Languard
    MBSA
    Sydi for network documentation

    Not sure on a one time audit, if we can use some sort of log management


  • Banned

    Yes you have to check logs for a one time audit, otherwise what's the point?

    If the DC is screaming about an easily preventable group policy conflict, how will you pick that up apart from logs?



  • @Breffni-Potter said:

    Yes you have to check logs for a one time audit, otherwise what's the point?

    If the DC is screaming about an easily preventable group policy conflict, how will you pick that up apart from logs?

    Automation can still be done on the logs so it's not a manual process of looking through everything. It will also centralize it.

    Also a DC is not going to tell you about a GP conflict, that's client side. RoSP or GPresult on the client machine will tell you about those. However, the are avoided by using enforced GPOs where needed. However aside from the setting not being applied there's no actual harm to GP conflicts.


  • Banned

    @thecreativeone91 said:

    However aside from the setting not being applied there's no actual harm to GP conflicts.

    Speaking broadly, with a badly setup GP you can get delayed logins and other strange issues.



  • @Breffni-Potter said:

    @thecreativeone91 said:

    However aside from the setting not being applied there's no actual harm to GP conflicts.

    Speaking broadly, with a badly setup GP you can get delayed logins and other strange issues.

    Not from conflicting settings you won't get delayed logins. Conflicting settings will just allow one to override the other.

    Delayed logins come from permissions issues, trying to do to much, bad settings or corrupt Sysvol and too much WMI filtering.


Log in to reply