Cupfighter.net

For Heat a CC-NC-ND image from ailatan's Flickr stream

By Xavier Mertens

Managing security events from you network. It is often perceived as boring. There is a lot of information and lots of tools. Additionally log formats are not standardized.

There are also economic issues, uptime often takes precedence over uptime, it takes time, staff may be reduced and it not a revenue generating activity.

Additionally there are legal issues, these issues center around privacy and have to be checked against local law.

Managing security logs is a layered approach:

1. Log collection
2. Normalization
3. Storage
4. Search
5. Reporting
6. Correlation

Correlation can be used to give events more meaning. This can be done with external sources like vulnerability information, but also with internal sources like e.g. badge swipes or geo-location. Read more…

The current version of System Center Operations Manager 2007 doesn’t use version control for management packs. If you manage complex environments and use lot of custom monitoring, it would be nice to see when there is something changed and even better: easily fall back to your previous version in case an error slipped in. Another benefit of version control is you have exported management packs ready to import in other environments: i.e. between acceptance and production or between customers in case you are managing multiple customers like we do.

I’ve written some scripts to automatically export all your unsealed management packs if there is something changed, write a version number and email the new managementpack with a summary of all differences.

Another script will import your version controlled management packs (if there is something changed).

Scripts are updated on 12-11-2009

Read more…