Posts made by IT-ADMIN

@stacksofplates said in logrotats vs simple cron job:

How are you getting the logs? Did you set up a syslog server or something?

yeah, ASA firewall send me logs to rsyslog on my box centos, rsyslog write these logs into a txt file, then logstash read from this text file and parse the data to elasticsearch for storage as a form of indexes,
this mean that after each day i will not need this big text file so i have to delete it, so i'm asking how to do this safely
by the way you like jesse pinkman yo yo

@DustinB3403 said in logrotats vs simple cron job:

Can your log aggregator not manage this for you?

No, it is a manual setup,

If not, logrotate is the modern approach, but crontab would work.

i had trouble with logrotate therefor i decided to just create a simple cron job
thanks

Hi folks
i work on a project of centralizing logs of all servers, and let's say i want to delete a very big log file daily at 00:00 night, what is the best way to do it : configure logrotate or create a simple cron job ??

@marcinozga said in how to prevent non domain users from getting ip configuration:

Why do you allow them to wipe the PCs? Disable booting from USB, optical drives and floppy, and everything that's not the drive main OS is installed on, and password protect BIOS.

Next time you catch a user wiping their drive, take it to upper management and recommend termination of said employee. Once the word gets out, nobody will try any more shenanigans.

the user wipe his computer cuz the department in charge of helpdesk is not doint its job, it is a public sector, so as i security guy i want just to minimize the risk, it is complicated when we are talking about public sector, you don't have that control over the employee since you cant fire him lol

@DustinB3403 said in how to prevent non domain users from getting ip configuration:

How would this even work? You need to have an IP address to be able to communicate and bind to the domain.

Are you saying you're okay if the user statically assigns an address to their PC? And then maybe, somehow block that device at your switch or firewall because it's not bound?

you strike a good point, i forget about the fact that in order to determine a joint computer from non is done after the machine get ip configuration

Hi folks

any advice regarding arcSight SIEM, we want to have a SOC in order to have a full vision of what is going on in our environement, and the management intend to buy arcSight and waiting for our approval,

anyone already used it and familliare with the usecases ?? is it worth the investement ?
we are using ELK stack (free version) just to be the first stage in order to define our need and classify our network but we can't continue to use since it doesn't correlate events and send alarms in case of any attack

Hi ML community

i have a question regarding a policy i want to apply in my network, we have a very big envirenment and some users format their PCs in order to gain full access over their machine (they don't want to be part of the domain), i want to solve this problem by preventing any non domain machine from getting ip configuration so that they are forced to join their machin into our domain in order to get ip configuration,

how i can acheive that, i heard that their is some setting in the switch that can prevent non domain users from getting into the network but i have no clue how to proceed, any enlightenment please ??

@coliver Hi Sir

the management recommend me to use ELK as SIEM for our logs
the problem is : i get stuck at "Successfully started Logstash API endpoint {:port=>9600}" while trying to ingest txt log file into elasticsearch

here is my config file :

input {
file {
path => "C:\Users\mustapha\Desktop\test.txt"
start_position => "beginning"
}
}
filter {
grok {
match => {"message" => "%{WORD:username} %{WORD:email} %{WORD:hash}" }
}
}
output {
elasticsearch {
hosts => ["localhost:9200"]
index => "test"
}
}

my log file is :

username email hash
username email hash
username email hash
username email hash
username email hash

i cant even get this simple example work, am i missing something ???

Hello guys

anyone tried ELK : (elasticsearch+logstash+kibana) stack before ? i have a couple of question ?

glad to know that

i think it is a good idea to install the pfsense in SITE B in a physical machine

before continue reading your issue, i want to tell you that pfsense will not play well in virtual environment, in their official website too many people complaining about slow connection when installing pfsense in virtual environment,

hhhhh maybe, i have to check

lol that is because i hate to see errors pop up here and there

because i heard that if a language has strict syntax like C++ or Java then it is a strong language, but languages like javascript and php are not that strict toward syntax and actually this is what i like in them, simplicity and the code still work even if it has fatal errors, i think this is awesome, isnt it ??

Hi everyone

is strict syntaxt good or bad for a language, for example javascript, is that make it a good programming language or bad one ???

for mobile access you have these options : viewEasyV2 and vMEyeSuper, i tried them both, for the DVR we have 3 ones brand ASPEN with recording, till now it works great but i dont think it is well known in US

where we can post our CVs please ??

i recently virtualize a WIN Server 2008 R2, and it didn't ask me for activation, i wonder if it will be the case with you, i hope so