|
Just wondering what others are using for log analysis, metrics, reporting. My company is thinking of using LogRhythm and from what I've heard its not so great at the analystics piece but is good on security. What tools do you guys use for troubleshooting, analysis, metrics and general health reporting?
|
|
|
|
|
MothInTheMachine wrote: Just wondering what others are using for log analysis, metrics, reporting
Excel.
MothInTheMachine wrote: analystics piece but is good on security
They feature five products, which are you referring to?
And log-files from which product? SharePoint logs look a little different from the IIS log.
Sorry, your question feels like an ad.
Bastard Programmer from Hell 
If you can't read my code, try converting it here[^]
|
|
|
|
|
Its a pretty crappy ad if I'm saying I don't like the product.
|
|
|
|
|
That was not exactly what you were saying, but still; is there a product that knows all the formats of all your different logfiles?
Logs are mostly text; you can treat them as a single-column CSV. Import into excel, mess a bit around.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
We use a customized version of YALV[^]
This, of course, means that we're bound to use log4net and the XML specification YALV supports - Of course it is open source and we could adjust it any time needed - But c'mon, it's a log file. These things don't get any more spectacular when changin the formatting 
|
|
|
|
|
Hello,
The organization I am working for is looking at largely automating their "onboarding" process (hiring new employees and getting them into the system). However, one of my big "question marks" regarding this project involves the wealth of legal and other forms the employee has to fill out (I-9 for example).
The organization wants (a) these forms to be able to be completed digitally, (b) information that we have previously captured (name, address, etc) to be pre-populated, (c) the user to be able to complete it at home if necessary, and (d) some way to gather both the manager's and employees signatures.
First, I am curious if this is possible without running into a host of legal issues. Also, what might the best approach to forms be? Would it be fine to create a typical HTML form, and then maybe use the data captured there to populate a PDF version of the various forms (such as I-9) or what?
Thanks for any advice or guidance.
modified 19-Nov-20 21:01pm.
|
|
|
|
|
We cannot possibly give advice on legal issues, you need to consult your company's lawyers. As to the rest, you could use webforms or PDF forms that you can circulate via email.
|
|
|
|
|
Thanks for the response. Just to clarify, I am definitely not expecting specific legal advice, I am merely curious, if anyone has experience with a similar project, if, as a general rule, it is possible to to complete US government forms electronically (being that they typically require a signature). For example, when I filed my taxes, I believe I could fill most off it out in PDF form; however, I still had to physically print and sign it.
modified 19-Nov-20 21:01pm.
|
|
|
|
|
Well that is not really a question for a programming forum.
|
|
|
|
|
Every year I've done an e-file tax return, I've used a digital signature. It's definitely a question for legal, though, as the laws and policies governing what is acceptable for digital signatures is going to heavily influence implementation.
You're also setting yourself up to manage PII, so please let me be the first to welcome you to the wonderful world of HIPAA.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
|
|
|
|
|
If I have more than one functioning network adapter in my machine and I open a browser, how does Windows decide which network adapter the browser communicates over?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
This does not work in win 10 for some reason it only allows prioritising networks not adapters, for 7 onwards.
Open networks sharing
click Change Adapter Settings
Press the Alt key to reveal the windows menu strip and click advanced
select Advanced Settings on the menu
|
|
|
|
|
Thank you.
I was referring to Windows 10. With network priorities, how does it decide when to move from the first network to the next one in the chain? When it can't find a resource?
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
First for "local" traffic if the adapters are in different networks with unique address ranges then the decision is based on the target IP address as to which network to use, logical really.
For external addresses not within any of the networks it will tend to be in order of metrics, for some reason the last network added (say you plug in a cable whilst you are on wifi) seems to get pushed to top priority which may be decided on the speed and stability of the cabled network and that it can see the internet or might just be cabled is better than wifi.
To set individual metrics; Open Adapter Properties, double-click IPv4 protocol and click the Advanced button bottom right, there you can set the metrics for IPv4 on that adapter, untick Automatic Metrics and set the adapter you want to be high priority to the lowest value and all the other adapters to higher numbers in order you want them to be searched.
Caveat is that Win 10 ignores this and no matter how you try sets it back to automatic, think it is an open issue at MS.
|
|
|
|
|
You do not specify which windows version, for all but win 10;
Open network sharing centre
click Change Adapter Settings
press Alt key to reveal the windows menu strip and click Advanced and select Advanced Settings
For Win 10 you'll need to alter the metrics on the IPv4 protocol on the adapter, which does not always work...
|
|
|
|
|
With ForceBindIP you can bind any Windows application to a specific interface or IP address. It´s freeware"
"ForceBindIP works in two stages - the loader, ForceBindIP.exe will load the target application in a suspended state. It will then inject a DLL (BindIP.dll) which loads WS2_32.DLL into memory and intercepts the bind(), connect(), sendto(), WSAConnect() and WSASendTo() functions, redirecting them to code in the DLL which verifies which interface they will be bound to and if not the one specified, (re)binds the socket. "
|
|
|
|
|
I tried switching off IPV6 but it didnt work
it shows "DNS request timed out timeout was 2 seconds" almost every time
these is the DNS communication as captured by wireshark when I type 'nslookup' and open the program
5 4.080346 192.168.1.6 192.168.1.1 DNS 84 Standard query 0x0001 PTR 1.1.168.192.in-addr.arpa
6 4.336621 192.168.1.1 192.168.1.6 DNS 113 Standard query response 0x0001 PTR 1.1.168.192.in-addr.arpa PTR D-Link.DSL2740B
and when I type 'facebook.com'
21 12.931466 192.168.1.6 192.168.1.1 DNS 81 Standard query 0x0002 A facebook.com.DSL2740B
22 12.965884 192.168.1.1 192.168.1.6 DNS 156 Standard query response 0x0002 No such name A facebook.com.DSL2740B SOA a.root-servers.net
23 12.966017 192.168.1.6 192.168.1.1 DNS 81 Standard query 0x0003 AAAA facebook.com.DSL2740B
29 14.976087 192.168.1.6 192.168.1.1 DNS 72 Standard query 0x0004 A facebook.com
30 14.980174 192.168.1.1 192.168.1.6 DNS 88 Standard query response 0x0004 A facebook.com A 173.252.89.132
(first field is the packet number,second:time,third:source IP
fourth:dest IP fifth:protocol sixth:length seventh:description)
why is my gateway's name appended on facebook.com (facebook.com.DSL2740B)
when I type set type=mx or set type=all the MX and ANY queries are sent and there is no reply
any help ??
|
|
|
|
|
Sounds like your DNS server isn't working properly. Try querying Google's DNS servers:
nslookup
server 8.8.8.8
set type=a
facebook.com
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Member 10964099 wrote: why is my gateway's name appended on facebook.com (facebook.com.DSL2740B)
This is because it is defined in the DNS Suffix Search List (type 'ipconfig /all' to see what is set). This list is mainly for resolving hosts in your local domain (no need to specify full qualified domains).
To avoid this you can use the nosearch option or append a period (but I'm not sure if using a period is supported by Windows nslookup):
nslookup -nosearch facebook.com
nslookup facebook.com.
Regarding the timeouts there may be multiple reasons. There may be for example firewalls blocking requests (on your system, on the gateway, or even by your ISP). It may be also a DNS server that responds with delays due to high system or network load.
Did you never got an answer or is it working sometimes (especially after sending the same query again)?
When sending the same query again, the DNS server on your gateway should have stored the result in his local cache meanwhile so that he can answer without forwarding the query.
You should also try to use a known DNS server as suggested by Richard:
nslookup facebook.com. 8.8.8.8
This avoids forwarding the query through the DNS server of your gateway / DSL router to the DNS server of your ISP and should be therefore much faster.
|
|
|
|
|
well the DNS server address default is my routers address
I changed it to my ISP's DNS server's address and everything works well
any idea why this happened only on nslookup while the rest of DNS worked fine ?
also : it happened only on one router
I moved to another house and it is working with any setting
|
|
|
|
|
Other programs will work because they usually have a longer timeout than the Windows nslookup.
It seems that your router is rather slow in forwarding DNS requests and answers. If it is an old model (slow CPU, little memory, old firmware) you should get a new one.
|
|
|
|
|
Member 10964099 wrote: I moved to another house
That's a bit of a drastic step, just to solve a DNS lookup issue! 
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I'm running Win Server 2012. I set up an FTP site in IIS, and I can connect remotely.
Yet I get errors trying to read the remote directory. I'm using WinSCP for my client. Here's the log file.
. 2016-08-28 21:39:58.375 Login time: Sunday, August 28, 2016 9:39:58 PM
. 2016-08-28 21:39:58.375 --------------------------------------------------------------------------
. 2016-08-28 21:39:58.375 Session name: iguser@xx.xx.xx.xxx (Modified site)
. 2016-08-28 21:39:58.375 Host name: xx.xx.xx.xxx (Port: 21)
. 2016-08-28 21:39:58.375 User name: iguser (Password: Yes, Key file: No)
. 2016-08-28 21:39:58.375 Transfer Protocol: FTP
. 2016-08-28 21:39:58.375 Ping type: Dummy, Ping interval: 30 sec; Timeout: 60 sec
. 2016-08-28 21:39:58.375 Disable Nagle: No
. 2016-08-28 21:39:58.375 Proxy: None
. 2016-08-28 21:39:58.375 Send buffer: 262144
. 2016-08-28 21:39:58.375 UTF: Auto
. 2016-08-28 21:39:58.375 FTPS: Explicit TLS/SSL [Client certificate: No]
. 2016-08-28 21:39:58.375 FTP: Passive: Yes [Force IP: Auto]; MLSD: Auto [List all: Auto]; HOST: Auto
. 2016-08-28 21:39:58.375 Session reuse: Yes
. 2016-08-28 21:39:58.375 TLS/SSL versions: TLSv1.0-TLSv1.2
. 2016-08-28 21:39:58.375 Local directory: C:\Users\Kevin\Documents, Remote directory: /, Update: Yes, Cache: Yes
. 2016-08-28 21:39:58.375 Cache directory changes: Yes, Permanent: Yes
. 2016-08-28 21:39:58.375 Recycle bin: Delete to: No, Overwritten to: No, Bin path:
. 2016-08-28 21:39:58.375 Timezone offset: 0h 0m
. 2016-08-28 21:39:58.375 --------------------------------------------------------------------------
. 2016-08-28 21:39:58.843 Connecting to xx.xx.xx.xxx ...
. 2016-08-28 21:39:58.843 Connected with xx.xx.xx.xxx, negotiating TLS connection...
< 2016-08-28 21:39:58.843 220 Microsoft FTP Service
<blockquote class="quote">
2016-08-28 21:39:58.843 AUTH TLS
< 2016-08-28 21:39:58.843 234 AUTH command ok. Expecting TLS Negotiation.
. 2016-08-28 21:39:58.967 Verifying certificate for "" with fingerprint 78:74:67:cf:e2:9c:a0:4c:8f:cd:93:72:17:af:fb:2b:5f:55:36:de and 20 failures
. 2016-08-28 21:39:58.967 Certificate for "" matches cached fingerprint and failures
. 2016-08-28 21:39:58.967 Using TLSv1.2, cipher TLSv1/SSLv3: ECDHE-RSA-AES256-SHA384, 2048 bit RSA, ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
. 2016-08-28 21:39:59.030 TLS connection established. Waiting for welcome message...
2016-08-28 21:39:59.030 USER iguser
< 2016-08-28 21:39:59.030 331 Password required
2016-08-28 21:39:59.030 PASS *************
< 2016-08-28 21:39:59.061 230 User logged in.
2016-08-28 21:39:59.061 SYST
. 2016-08-28 21:39:59.092 The server is probably running Windows, assuming that directory listing timestamps are affected by DST.
< 2016-08-28 21:39:59.092 215 Windows_NT
2016-08-28 21:39:59.092 FEAT
< 2016-08-28 21:39:59.139 211-Extended features supported:
< 2016-08-28 21:39:59.139 LANG EN*
< 2016-08-28 21:39:59.139 UTF8
< 2016-08-28 21:39:59.139 AUTH TLS;TLS-C;SSL;TLS-P;
< 2016-08-28 21:39:59.139 PBSZ
< 2016-08-28 21:39:59.139 PROT C;P;
< 2016-08-28 21:39:59.139 CCC
< 2016-08-28 21:39:59.139 HOST
< 2016-08-28 21:39:59.139 SIZE
< 2016-08-28 21:39:59.155 MDTM
< 2016-08-28 21:39:59.155 REST STREAM
< 2016-08-28 21:39:59.155 211 END
2016-08-28 21:39:59.155 OPTS UTF8 ON
< 2016-08-28 21:39:59.186 200 OPTS UTF8 command successful - UTF8 encoding now ON.
2016-08-28 21:39:59.186 PBSZ 0
< 2016-08-28 21:39:59.217 200 PBSZ command successful.
2016-08-28 21:39:59.217 PROT P
< 2016-08-28 21:39:59.264 200 PROT command successful.
. 2016-08-28 21:39:59.279 Connected
. 2016-08-28 21:39:59.279 --------------------------------------------------------------------------
. 2016-08-28 21:39:59.279 Using FTP protocol.
. 2016-08-28 21:39:59.279 Doing startup conversation with host.
2016-08-28 21:39:59.342 PWD
< 2016-08-28 21:39:59.373 257 "/" is current directory.
. 2016-08-28 21:39:59.389 Changing directory to "/".
2016-08-28 21:39:59.389 CWD /
< 2016-08-28 21:39:59.420 250 CWD command successful.
. 2016-08-28 21:39:59.420 Getting current directory name.
2016-08-28 21:39:59.420 PWD
< 2016-08-28 21:39:59.482 257 "/" is current directory.
. 2016-08-28 21:39:59.654 Retrieving directory listing...
2016-08-28 21:39:59.654 TYPE A
< 2016-08-28 21:39:59.701 200 Type set to A.
2016-08-28 21:39:59.701 PASV
< 2016-08-28 21:39:59.732 227 Entering Passive Mode (xx,xx,xx,xxx,19,136).
2016-08-28 21:39:59.732 LIST -a
. 2016-08-28 21:39:59.732 Connecting to 76.91.84.151:5000 ...
< 2016-08-28 21:39:59.779 150 Opening ASCII mode data connection.
. 2016-08-28 21:40:20.776 Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
. 2016-08-28 21:40:20.776 Could not retrieve directory listing
. 2016-08-28 21:40:29.809 Sending dummy command to keep session alive.
2016-08-28 21:40:29.809 REST 0
< 2016-08-28 21:41:05.907 550 Data channel timed out.
. 2016-08-28 21:41:05.907 LIST with -a failed, will try pure LIST
< 2016-08-28 21:41:05.907 350 Restarting at 0.
. 2016-08-28 21:41:05.907 Retrieving directory listing...
2016-08-28 21:41:05.907 TYPE A
< 2016-08-28 21:41:05.954 200 Type set to A.
2016-08-28 21:41:05.954 PASV
< 2016-08-28 21:41:05.985 227 Entering Passive Mode (xx,xx,xx,xxx,19,137).
2016-08-28 21:41:05.985 LIST
. 2016-08-28 21:41:05.985 Connecting to xx.xx.xx.xxx:5001 ...
< 2016-08-28 21:41:06.032 150 Opening ASCII mode data connection.
. 2016-08-28 21:41:27.030 Transfer channel can't be opened. Reason: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
. 2016-08-28 21:41:27.030 Could not retrieve directory listing
. 2016-08-28 21:41:35.719 Sending dummy command to keep session alive.
2016-08-28 21:41:35.719 TYPE I
< 2016-08-28 21:42:15.920 550 Data channel timed out.
< 2016-08-28 21:42:15.920 200 Type set to I.
. 2016-08-28 21:42:15.920 Dummy directory read to keep session alive.
. 2016-08-28 21:42:15.920 Retrieving directory listing...
2016-08-28 21:42:15.920 TYPE A
< 2016-08-28 21:42:15.967 200 Type set to A.
2016-08-28 21:42:15.967 PASV
< 2016-08-28 21:42:15.998 227 Entering Passive Mode (xx,xx,xx,x,19,138).
2016-08-28 21:42:15.998 LIST
. 2016-08-28 21:42:15.998 Connecting to xx.xx.xx.xxx:5002 ...
< 2016-08-28 21:42:16.045 150 Opening ASCII mode data connection.
. 2016-08-28 21:42:34.313 Disconnected from server
. 2016-08-28 21:42:34.313 Could not retrieve directory listing
* 2016-08-28 21:42:34.469 (EFatal)
Anyone have any idea what's wrong?
Thanks
If it's not broken, fix it until it is
|
|
|
|
|
Looks like the firewall might be getting in the way. Do you have an option turn off "passive" mode?
FTP Connection Modes (Active vs. Passive) :: WinSCP[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
suppose my pc is in a domain station. if i want to remove it from domain without admin password what i need to do?
if i change my harddisk and install new operating system,then it will be free from that domain or not
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
