IT Infrastructure health checkup
-
We do this quarterly as well as required permissions checks and stuff. We monitor normally with OpManager and sometimes the BPA tool. For Audit we use a number of tools including AD Permission Reporter, AD Info, AD Photo Edit, AD Tidy, NTFS Premissions reporter, Service Credentials Reporter. For the permissions reports they are given to the department heads and they are required to sign off on them.
-
Performance / Capacity Planning checking is good too. As well as log scouring.
-
@scottalanmiller said:
Performance / Capacity Planning checking is good too. As well as log scouring.
What do you use for log scouring, or do you do it manually?
-
@Dashrender said:
@scottalanmiller said:
Performance / Capacity Planning checking is good too. As well as log scouring.
What do you use for log scouring, or do you do it manually?
Depends. At a customer who has no log infrastructure, manually.
-
@Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.
Edit: manually; lift pizza to face with left hand, mouse wheel scroll and coke in right.
-
@MattSpeller said:
@Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.
Monthly? I ain't nobody got time for going through logs manually every month. I think you could save a lot of money in man hours by automating it.
-
@thecreativeone91 it's an afternoon for 3 people & good excuse to talk about issues and potential solutions far less formally than weekly meetings
-
@MattSpeller Probably far more productive too since things are not formal.
-
@MattSpeller said:
@Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.
Edit: manually; lift pizza to face with left hand, mouse wheel scroll and coke in right.
Would be a good idea to set up an ELK loggin infrastructure so you can see all o fthe issues in one place while exercising your arms.
-
@thecreativeone91 said:
@MattSpeller said:
@Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.
Monthly? I ain't nobody got time for going through logs manually every month. I think you could save a lot of money in man hours by automating it.
Of course, if doing monthly. When you are doing it internally, I think log management is a must. ELK, Splunk, Loggly, whatever. If it is a client that refuses log management, manual might be a requirement.
-
@dafyre said:
@MattSpeller said:
@Dashrender we do it monthly with a pizza supplied by our boss as motivation. Caught some fun stuff early that would otherwise have caused issues.
Edit: manually; lift pizza to face with left hand, mouse wheel scroll and coke in right.
Would be a good idea to set up an ELK loggin infrastructure so you can see all o fthe issues in one place while exercising your arms.
If you aren't ready to manage ELK, Loggly is low cost and very nice. I like the product and the team. Good people.
-
While on this topic... what are some good tools for getting Windows Event Logs into something like ELK?
-
@dafyre said:
While on this topic... what are some good tools for getting Windows Event Logs into something like ELK?
-
@coliver Thanks. That one looks pretty slick.
-
-
Lets assume this is a one time job for a client, I would assume the tools would be:
BPA for the corresponding MS product
Lynis for Linux security Audit
For exchange, points mentioned by @Breffni-Potter
AD- tools suggested by @thecreativeone91
OpenVAS or Nexpose or Nessus or GFI Languard
MBSA
Sydi for network documentationNot sure on a one time audit, if we can use some sort of log management
-
Yes you have to check logs for a one time audit, otherwise what's the point?
If the DC is screaming about an easily preventable group policy conflict, how will you pick that up apart from logs?
-
@Breffni-Potter said:
Yes you have to check logs for a one time audit, otherwise what's the point?
If the DC is screaming about an easily preventable group policy conflict, how will you pick that up apart from logs?
Automation can still be done on the logs so it's not a manual process of looking through everything. It will also centralize it.
Also a DC is not going to tell you about a GP conflict, that's client side. RoSP or GPresult on the client machine will tell you about those. However, the are avoided by using enforced GPOs where needed. However aside from the setting not being applied there's no actual harm to GP conflicts.
-
@thecreativeone91 said:
However aside from the setting not being applied there's no actual harm to GP conflicts.
Speaking broadly, with a badly setup GP you can get delayed logins and other strange issues.
-
@Breffni-Potter said:
@thecreativeone91 said:
However aside from the setting not being applied there's no actual harm to GP conflicts.
Speaking broadly, with a badly setup GP you can get delayed logins and other strange issues.
Not from conflicting settings you won't get delayed logins. Conflicting settings will just allow one to override the other.
Delayed logins come from permissions issues, trying to do to much, bad settings or corrupt Sysvol and too much WMI filtering.