Navigation

    ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. IT-ADMIN
    • Profile
    • Following
    • Followers
    • Topics
    • Posts
    • Best
    • Groups

    IT-ADMIN

    @IT-ADMIN

    171
    Reputation
    1180
    Posts
    1840
    Profile views
    4
    Followers
    0
    Following
    Joined Last Online
    IT-ADMIN Follow

    Posts made by IT-ADMIN

    • RE: logrotats vs simple cron job

      @stacksofplates said in logrotats vs simple cron job:

      How are you getting the logs? Did you set up a syslog server or something?

      yeah, ASA firewall send me logs to rsyslog on my box centos, rsyslog write these logs into a txt file, then logstash read from this text file and parse the data to elasticsearch for storage as a form of indexes,
      this mean that after each day i will not need this big text file so i have to delete it, so i'm asking how to do this safely
      by the way you like jesse pinkman 😉 yo yo

      posted in IT Discussion
      IT-ADMIN
    • RE: logrotats vs simple cron job

      @DustinB3403 said in logrotats vs simple cron job:

      Can your log aggregator not manage this for you?

      No, it is a manual setup,

      If not, logrotate is the modern approach, but crontab would work.

      i had trouble with logrotate therefor i decided to just create a simple cron job
      thanks

      posted in IT Discussion
      IT-ADMIN
    • logrotats vs simple cron job

      Hi folks
      i work on a project of centralizing logs of all servers, and let's say i want to delete a very big log file daily at 00:00 night, what is the best way to do it : configure logrotate or create a simple cron job ??

      posted in IT Discussion
      IT-ADMIN
    • Policies vs Network Access Control

      @marcinozga said in how to prevent non domain users from getting ip configuration:

      Why do you allow them to wipe the PCs? Disable booting from USB, optical drives and floppy, and everything that's not the drive main OS is installed on, and password protect BIOS.

      Next time you catch a user wiping their drive, take it to upper management and recommend termination of said employee. Once the word gets out, nobody will try any more shenanigans.

      the user wipe his computer cuz the department in charge of helpdesk is not doint its job, it is a public sector, so as i security guy i want just to minimize the risk, it is complicated when we are talking about public sector, you don't have that control over the employee since you cant fire him lol

      posted in IT Discussion
      IT-ADMIN
    • RE: How Can You Prevent Non-Domain Users from Getting an IP Configuration

      @DustinB3403 said in how to prevent non domain users from getting ip configuration:

      How would this even work? You need to have an IP address to be able to communicate and bind to the domain.

      Are you saying you're okay if the user statically assigns an address to their PC? And then maybe, somehow block that device at your switch or firewall because it's not bound?

      you strike a good point, i forget about the fact that in order to determine a joint computer from non is done after the machine get ip configuration

      posted in IT Discussion
      IT-ADMIN
    • arcSight SIEM

      Hi folks

      any advice regarding arcSight SIEM, we want to have a SOC in order to have a full vision of what is going on in our environement, and the management intend to buy arcSight and waiting for our approval,

      anyone already used it and familliare with the usecases ?? is it worth the investement ?
      we are using ELK stack (free version) just to be the first stage in order to define our need and classify our network but we can't continue to use since it doesn't correlate events and send alarms in case of any attack

      posted in IT Discussion
      IT-ADMIN
    • How Can You Prevent Non-Domain Users from Getting an IP Configuration

      Hi ML community

      i have a question regarding a policy i want to apply in my network, we have a very big envirenment and some users format their PCs in order to gain full access over their machine (they don't want to be part of the domain), i want to solve this problem by preventing any non domain machine from getting ip configuration so that they are forced to join their machin into our domain in order to get ip configuration,

      how i can acheive that, i heard that their is some setting in the switch that can prevent non domain users from getting into the network but i have no clue how to proceed, any enlightenment please ??

      posted in IT Discussion
      IT-ADMIN
    • RE: Anyone tried ELK stack before ???

      0_1541080301199_Sans titre.png

      posted in IT Discussion
      IT-ADMIN
    • RE: Anyone tried ELK stack before ???

      @coliver Hi Sir

      the management recommend me to use ELK as SIEM for our logs
      the problem is : i get stuck at "Successfully started Logstash API endpoint {:port=>9600}" while trying to ingest txt log file into elasticsearch

      here is my config file :

      input {
      file {
      path => "C:\Users\mustapha\Desktop\test.txt"
      start_position => "beginning"
      }
      }
      filter {
      grok {
      match => {"message" => "%{WORD:username} %{WORD:email} %{WORD:hash}" }
      }
      }
      output {
      elasticsearch {
      hosts => ["localhost:9200"]
      index => "test"
      }
      }

      my log file is :

      username email hash
      username email hash
      username email hash
      username email hash
      username email hash

      i cant even get this simple example work, am i missing something ???

      posted in IT Discussion
      IT-ADMIN
    • Anyone tried ELK stack before ???

      Hello guys

      anyone tried ELK : (elasticsearch+logstash+kibana) stack before ? i have a couple of question ?

      posted in IT Discussion
      IT-ADMIN