|
Balthesar posted:Does anyone have advice for log monitoring solutions for Windows-based hosts? We're looking to gather text-based logs from a number of different sources and collect them centrally for analysis. I've heard of logstash but I've heard mixed reviews of it on Windows.
|
#
?
Nov 19, 2013 17:12
|
|
|
|
| # ? Jun 7, 2024 23:08 |
|
|
H.R. Paperstacks posted:Setup Splunk and install the Splunk Universal Forwarder on each of the systems you want to monitor log files on. Splunk owns for sure but hoo boy if you're indexing more than what the free tier allows, get ready to open the checkbook. I haven't looked into pricing in several years but at the time it went from free to like high 5 figures absurdly fast.
|
|
#
?
Nov 19, 2013 18:54
|
|
|
Docjowles posted:Splunk owns for sure but hoo boy if you're indexing more than what the free tier allows, get ready to open the checkbook. I haven't looked into pricing in several years but at the time it went from free to like high 5 figures absurdly fast. Oh yes, it is very costly, I think we are currently over $500k/yr in licensing.
|
|
#
?
Nov 19, 2013 18:57
|
|
|
H.R. Paperstacks posted:Oh yes, it is very costly, I think we are currently over $500k/yr in licensing. Is Logstash the best free alternative? There's budget available, but probably not 6-figures...
|
|
#
?
Nov 19, 2013 19:55
|
|
|
 is official! My drug screen and background check cleared and as of the end of the month I'm no longer a CJ  This email I'm about to write my team is the most wonderful-feeling thing I've ever done here. Wait, wait, wait... no, the exit interview I'm going to have with my boss will be. He knows things are hosed up, he just doesn't know how bad things are here. Ahhh, I feel free.
|
|
#
?
Nov 19, 2013 20:03
|
|
|
QPZIL posted:
Don't burn things in an exit interview. If the company is messed up and hasn't listened to advice during your employment nothing you say now will improve things. It may well leave ill will behind and it's not worth it for a cheap point on the way out the door.
|
|
#
?
Nov 19, 2013 20:11
|
|
|
toe shoes posted:Don't burn things in an exit interview. If the company is messed up and hasn't listened to advice during your employment nothing you say now will improve things. It may well leave ill will behind and it's not worth it for a cheap point on the way out the door. Oh no no, I'm not implying that I'm going to burn any bridges, but "here are some vague anonymous examples of why there is zero team atmosphere here," "here are some anonymous things I've seen going on that need an eye kept on," etc. Not like "Joe downloads porn on his computer I SEEN IT!" I genuinely like most of the management and most of the sys admin/network admin staff here, I just feel like there are a ton of growth opportunities within the team.
|
|
#
?
Nov 19, 2013 20:14
|
|
|
Balthesar posted:Is Logstash the best free alternative? There's budget available, but probably not 6-figures...
|
|
#
?
Nov 19, 2013 20:20
|
|
|
Balthesar posted:Is Logstash the best free alternative? There's budget available, but probably not 6-figures... Splunk has a free option as well, it just only indexes a maximum of 500MB per day.
|
|
#
?
Nov 19, 2013 20:38
|
|
|
QPZIL posted:Oh no no, I'm not implying that I'm going to burn any bridges, but "here are some vague anonymous examples of why there is zero team atmosphere here," "here are some anonymous things I've seen going on that need an eye kept on," etc. When I left my Helpdesk job I was so looking forward to doing just what you plan to do, but in the end I decided it just wasn't worth the effort. Shake the man's hand and walk out the door - karma will come calling on his rear end soon enough.
|
|
#
?
Nov 19, 2013 23:16
|
|
|
Daylen Drazzi posted:When I left my Helpdesk job I was so looking forward to doing just what you plan to do, but in the end I decided it just wasn't worth the effort. Shake the man's hand and walk out the door - karma will come calling on his rear end soon enough. Whether it's bad jobs or bad relationships, ending them this way is always the right move. Indifference is the best revenge.
|
|
#
?
Nov 19, 2013 23:57
|
|
|
Daylen Drazzi posted:When I left my Helpdesk job I was so looking forward to doing just what you plan to do, but in the end I decided it just wasn't worth the effort. Shake the man's hand and walk out the door - karma will come calling on his rear end soon enough.
|
|
#
?
Nov 20, 2013 00:23
|
|
|
Exit interview? I have always given notice and had a date I stopped turning up. normal work (handover) till knockoff time.
|
|
#
?
Nov 20, 2013 05:02
|
|
|
Most healthy organizations are actually interested in why you're leaving, and someone who's taking a position elsewhere is unlikely to be influenced by a fear of reprisals. All of this is useless if your boss conducts the interview.
|
|
#
?
Nov 20, 2013 14:28
|
|
|
Balthesar posted:Is Logstash the best free alternative? There's budget available, but probably not 6-figures... VMware Log Insight is only $250/yr as far as I can tell. I tried it and it's great, but I'm going to try the free Splunk tier before deciding since I haven't used Splunk before. edit: runs as an appliance, so while it does take syslogs from anything, you'll need at least an ESXi host to run it on.
|
|
#
?
Nov 20, 2013 15:45
|
|
|
I've just been told I need to wipe and reinstall the operating systems of about 20 laptop PCs that will be loaned out to employees. Can anybody make recommendations as to the best imaging software around right now? Preferably free, but will pay if there's nothing good around that's free though. I'll be installing Windows 7 to one of two computer types, meaning there will be two different sets of drivers I'll need to configure for. I'm cool with having to do a manual install once for each hardware set, then ghosting and deploying those images. If there is anything out there that can load up configurations of drivers that's cool too. To be honest I really have no idea what's out there when it comes to this kind of software. GreatGreen fucked around with this message at 22:04 on Nov 20, 2013 |
|
#
?
Nov 20, 2013 21:57
|
|
|
http://technet.microsoft.com/en-gb/windows/dn475741.aspx is by far your best option
|
|
#
?
Nov 20, 2013 22:01
|
|
|
Thanks! Is there any other software that will work as well or is Microsoft Deployment Toolkit far and away the best solution?
GreatGreen fucked around with this message at 22:12 on Nov 20, 2013 |
|
#
?
Nov 20, 2013 22:10
|
|
|
GreatGreen posted:Thanks! Is there any other software that will work as well or is Microsoft Deployment Toolkit far and away the best solution? For windows only, its the best bet.
|
|
#
?
Nov 20, 2013 22:14
|
|
|
Awesome, thanks guys.
|
|
#
?
Nov 20, 2013 22:17
|
|
|
evil_bunnY posted:Most healthy organizations are actually interested in why you're leaving, and someone who's taking a position elsewhere is unlikely to be influenced by a fear of reprisals. My boss was indeed conducting the exit interview, and I had absolutely no intention of giving him a reason to try and cock up my new job as a defense contractor. I never confirmed if he was a vindictive person or not, but I wasn't willing to take the chance when the opportunity for getting the hell out of Dodge was within reach. I just naturally assume that every person who could screw me over is eventually going to, and try my best to give them as little ammunition as possible. Paranoid? Maybe, but it's worked for me for the last decade.
|
|
#
?
Nov 20, 2013 22:53
|
|
|
Misogynist posted:Logstash is awesome. Kibana is a fantastic web interface and the product scales out really well. Just be aware that ElasticSearch (Logstash's backend) does not have standing as a system of record if you're looking to retain logs for legal compliance reasons. Splunk and other SIEM solutions (LogLogic, etc.) are, but you pay handsomely for it. Seconded. I just installed a logstash -> rabbitmq -> elasticsearch with Kibana setup here. My mind was blown when I found a mod_security grok configuration for it, and my devs are now hounding me to get it installed on ALL the things after I set up postgresql logging in CSV to logstash. I mean, I have a proof of concept, sorta, only 3 years after I started talking to the Splunk salesperson! (and turned them down because holy poo poo the pricing is insane)
|
|
#
?
Nov 20, 2013 23:24
|
|
|
So about how long should it take most technically inclined folks to get comfortable with Windows Deployment Toolkit? Also, youtube is okay but does anybody know where I can find any really good tutorials on this thing? vvv Excellent, thanks! GreatGreen fucked around with this message at 00:43 on Nov 21, 2013 |
|
#
?
Nov 21, 2013 00:29
|
|
|
GreatGreen posted:So about how long should it take most technically inclined folks to get comfortable with Windows Deployment Toolkit? These videos were very helpful when I was setting up MDT/WDS: http://deploymentresearch.com/Videos.aspx
|
|
#
?
Nov 21, 2013 00:36
|
|
|
So I was trying to work with the Windows Deployment Workbench and when I tried to create a deployment share, this pops up.quote:--------------------------- I'm on Windows 7 and trying to create a Windown 7 image, so I have no idea why the hell it's making me try to install this thing. Anyway, I try to install it and I get an error telling me "access denied" even though I'm running the program in admin mode. Has anybody run into this problem before?
|
|
#
?
Nov 21, 2013 02:52
|
|
|
GreatGreen posted:So I was trying to work with the Windows Deployment Workbench and when I tried to create a deployment share, this pops up. ADK, if I remember correctly, is what they're now calling WAIK. If you're planning on rolling out any XP images, go with WAIK instead. If you plan on rolling out Win8 or Server 2012, you'll need ADK.
|
|
#
?
Nov 21, 2013 03:06
|
|
|
TWBalls posted:ADK, if I remember correctly, is what they're now calling WAIK. If you're planning on rolling out any XP images, go with WAIK instead. If you plan on rolling out Win8 or Server 2012, you'll need ADK. Cool, thanks. I'm using windows 7, so maybe this will work better. Here's hoping!
|
|
#
?
Nov 21, 2013 03:08
|
|
|
GreatGreen posted:Thanks! Is there any other software that will work as well or is Microsoft Deployment Toolkit far and away the best solution? I've used Ghost, Acronis, Linux DD and personally after I went to MDT\SCCM, I've never turned back. If you're going this route, I would highly suggest using a blank OS image and installing the apps as packages. This makes the images highly customizable on the fly (no need to re-load image, add\remove app, save image, test image) You would also learn how automated software installs work, and maybe you'll put it to use in the future.
|
|
#
?
Nov 21, 2013 03:42
|
|
|
lol internet. posted:I've used Ghost, Acronis, Linux DD and personally after I went to MDT\SCCM, I've never turned back. So by blank OS do you mean bone-stock-untouched-off-the-disk OS?
|
|
#
?
Nov 21, 2013 04:08
|
|
|
Anyone ever had a situation where the position you were hired for is no longer sought on/pursued for longterm? I think I just need to start touching up my resume when I heard that but... eh. But wow VA is beginning to suck hard balls with the new defense budgets in place. YAY living in an area controlled by how well the defense budget is cut! Turns out the virtual market for the company I work for isn't as big as they hoped; mostly I feel this is because they won't partner with a vendor or tell the customer the whole "ROI/TCO/RPO/etc" story on virtual I don't mind explaining to a sales guy it but; come one learn it dude. Yah no gently caress that I am touching up my resume now. Dilbert As FUCK fucked around with this message at 04:20 on Nov 21, 2013 |
|
#
?
Nov 21, 2013 04:09
|
|
|
GreatGreen posted:So by blank OS do you mean bone-stock-untouched-off-the-disk OS? Yes, a OS with nothing installed on it. Can't remember but I think you might be able to just pop in the Windows 7\Server 2008 DVD and import the image into MDT. I know you can do this in SCCM for sure. Once imported, you then create application packages which are basically "automated software" installs with no user interaction. (Majority of this is pretty easy.) Once created, you can basically PXE boot into a live environment, a MDT GUI pops up, you check off Windows 7 or Server 2008 or whatever else image you have. Click Next. A list of "packaged applications" come up, check off what you want. ie. Office 2012, Trend Micro etc.. (whatever you made a package for.) Set a computer name, and domain credentials (to join domain.) and next, come back in 15mins and that's about it. Domain credentials, and a couple other things can be automated if you want to dig that much further into it, but it's not necessary. If you need any help, feel free to PM me. I always find MDT\SCCM fun.
|
|
#
?
Nov 21, 2013 04:16
|
|
|
lol internet. posted:Yes, a OS with nothing installed on it. Can't remember but I think you might be able to just pop in the Windows 7\Server 2008 DVD and import the image into MDT. I know you can do this in SCCM for sure. What about drivers?
|
|
#
?
Nov 21, 2013 10:41
|
|
|
Dilbert As gently caress posted:Anyone ever had a situation where the position you were hired for is no longer sought on/pursued for longterm? I think I just need to start touching up my resume when I heard that but... eh. But wow VA is beginning to suck hard balls with the new defense budgets in place. YAY living in an area controlled by how well the defense budget is cut! Turns out the virtual market for the company I work for isn't as big as they hoped; mostly I feel this is because they won't partner with a vendor or tell the customer the whole "ROI/TCO/RPO/etc" story on virtual I don't mind explaining to a sales guy it but; come one learn it dude. If you were promised x work, and x work never materialized, there's no reason to stick around and perform x-2. Get up and pursue.
|
|
#
?
Nov 21, 2013 11:03
|
|
|
evobatman posted:What about drivers? I'm trying to figure out this as well. All the driver packages I've ever installed were done through installer programs. I'm not sure how well those could be automated through the deployment workbench. I wonder if most drivers can be installed with preconfigurable text strings. GreatGreen fucked around with this message at 15:24 on Nov 21, 2013 |
|
#
?
Nov 21, 2013 15:17
|
|
|
GreatGreen posted:I'm trying to figure out this as well. All the driver packages I've ever installed were done through installer programs. I'm not sure how well those could be automated through the deployment workbench. I wonder if most drivers can be installed with preconfigurable text strings. You will have to extract the drivers out of the installers. Sometimes this is a pain because of the way that the installers are packaged. To make this super easy, if you already have a machine that has all the drivers installed, simply copy the drive folders from the C:\Windows\System32\DriverStore directories. Import all the drivers there to the mdt drivers store.
|
|
#
?
Nov 21, 2013 15:34
|
|
|
Dilbert As gently caress posted:Anyone ever had a situation where the position you were hired for is no longer sought on/pursued for longterm? I think I just need to start touching up my resume when I heard that but... eh. But wow VA is beginning to suck hard balls with the new defense budgets in place. YAY living in an area controlled by how well the defense budget is cut! Turns out the virtual market for the company I work for isn't as big as they hoped; mostly I feel this is because they won't partner with a vendor or tell the customer the whole "ROI/TCO/RPO/etc" story on virtual I don't mind explaining to a sales guy it but; come one learn it dude. I'd disagree with the notion that government shops are going to move to virtual all of a sudden because it has better ROI (they just don't care, mostly), but if your career opportunities are contingent on the budgets of an external organization, this could happen to you. Get out of MSP/VAR/SMB-land into a company that can throw money at problems instead of having you build out the same vSphere environment over and over again with marginally different requirements. Plus you wanted to move anyway!
|
|
#
?
Nov 21, 2013 17:24
|
|
|
So it looks like I have to have Windows Preinstallation Environment installed to create a bootable image? I don't have that, and google isn't helping. Is this software only available behind a paywall or something?
|
|
#
?
Nov 21, 2013 17:25
|
|
|
Dilbert As gently caress posted:Anyone ever had a situation where the position you were hired for is no longer sought on/pursued for longterm? I think I just need to start touching up my resume when I heard that but... eh. But wow VA is beginning to suck hard balls with the new defense budgets in place. YAY living in an area controlled by how well the defense budget is cut! Turns out the virtual market for the company I work for isn't as big as they hoped; mostly I feel this is because they won't partner with a vendor or tell the customer the whole "ROI/TCO/RPO/etc" story on virtual I don't mind explaining to a sales guy it but; come one learn it dude. Are they still actively trying to get virtualization deals, and just failing to close them? If that's the case, then a little bit of patience may help. Or have they announced in some fashion that they are getting out of that space and focusing their efforts elsewhere? What types of work are they giving you instead of your preferred work, are you still gaining marketable skills?
|
|
#
?
Nov 21, 2013 17:32
|
|
|
GreatGreen posted:So it looks like I have to have Windows Preinstallation Environment installed to create a bootable image? It's based on the windows image I think... which i recall for sure you import it off the blank windows 7 cd. You only need to use the x86 version but MDT builds a x64 version as well. Right click on the "MDT Share" and "Update deployment share" this will build the preinstallation boot disc and inject any new drivers if needed. Should be located here \\MDTServer\DeploymentShare$\Boot\ (MDTServer = server name, DeploymentShare = share name you created) along the lines of "lighttouchPE_x86.wim" Everytime you update your deployment share, it will inject network drivers into this boot disc. evobatman posted:What about drivers? There's a driver expansion sign, you just right click and import drivers. I *think* MDT might be able to handle exe. SCCM cannot. If it doesn't you need to find the ini files. You can also try using winrar to extract the .exe files. It's not that hard really to find the ini files. The drivers get automatically detected and installed as part of the MDT installation process. One issue people will run into is when they boot off the preinstallation environment, it automatically restarts and nothing happens. What's happening here is there is no network drivers for the current machine, you need to import it into MDT, update the deployment share, this rebuilds the boot disc with updated network drivers. Roargasm posted:You were given convuluted advice by people who know how to do cool things. If you're imaging 20 pieces of identical hardware, set up one exactly like you need it, then take a disc image with a program like Macrium Reflect (free and works on newer, UEFI only computers) and deploy that image onto the rest of the hardware either with a network location or a with plain old external HDD. Basic computer imaging to identical hardware is nothing more than backup and recovery, but you are recovering the backup to multiple computers. If you're rolling out your image to different hardware, you will need to strip out the system specific hardware IDs and registry values by running sysprep, which is a utility built into Windows. This is the traditional method and believe it or not it can be more time consuming in the long run. People who recommended MDT has most likely used your method already. What happens when you buy a new machine 6 months down the road and the drivers aren't part of your image? What happens software needs to be updated on all images? What happens when a new SP or 200MB of updates have been released? This is tedious and time consuming to be done. MDT actually isn't that complex believe it or not and the benefits outweigh the traditional method. Do it the best way.. not the way that requires least amount of effort. VVVV lol internet. fucked around with this message at 17:59 on Nov 21, 2013 |
|
#
?
Nov 21, 2013 17:42
|
|
|
|
| # ? Jun 7, 2024 23:08 |
|
|
GreatGreen posted:So it looks like I have to have Windows Preinstallation Environment installed to create a bootable image? You were given convuluted advice by people who know how to do cool things. If you're imaging 20 pieces of identical hardware, set up one exactly like you need it, then take a disc image with a program like Macrium Reflect (free and works on newer, UEFI only computers) and deploy that image onto the rest of the hardware either with a network location or a with plain old external HDD. Basic computer imaging to identical hardware is nothing more than backup and recovery, but you are recovering the backup to multiple computers. If you're rolling out your image to different hardware, you will need to strip out the system specific hardware IDs and registry values by running sysprep, which is a utility built into Windows.
|
|
#
?
Nov 21, 2013 17:44
|
|
