Random stuffs from the week
Apparently there aren’t a whole lot of ArcSight customers with Win2k8 DCs. I say this because when I started looking at the event stream from when we spun ours up I was shocked at how many domain (vs local) events didn’t have the client side IP in the sourceAddress field. Lovely. Granted I am sure there are probably some high speed ArcSight admins out there who have done modifications to the Unified Connector to overcome this but this last week and a half has been crazy. I also figure by sending the events into ArcSight for them to adjust the connector I have helped the overall client base (aka I’m lazy).
I HAVE to carve out time to go through the Win2k8 events anyway as I think there are some slight differences in the fields data goes into. Noticed this on some content tracking AD group membership. In many cases I tried being preemptive and added the 2008 event ID to the appropriate filters. Yeah….not so much. If you aren’t familiar with those events I highly recommend looking up Randy Franklin Smith’s Ultimate Windows Security site. The quick and dirty way to know what the new event ID will be is to add 4096 to the 2003 event.
Trends. A Trend timeout will occur at the lesser of 50% of the scheduled run time or 2 hours. I could have sworn it was 4 hours in 4.0. Actually I should be looking at a pair of reports I created to do some analysis on my Trends start, run length, and insert counts due to some issues we are seeing but the magic of the flat panel TVs displaying the menus the Tim Hortons I am in has captured my attention. Is anyone else using this technology for this ends? Is cool. Been 2 years since I have stepped inside one. Probably more on Trends in my next post assuming I haven’t wrapped my arms around some post ideas on monitoring vs alerting and SIEM use.
The oil change on the family assault vehicle is probably done and I should get out of here before I get some ice cream (Tim Hortons + Cold Stone = win (or fail depending on your point of view)).
No comments:
Post a Comment