I'm helping a client work through an interesting issue this week. It seems that one of their network monitoring devices is not logging as one would expect. You know, the type of network monitoring device everyone buys precisely for the increased network visibility provided by quality logging? I will remain vague on the device here so as not to seem to favor one technology over another. It seems that the documentation on the device's logging ability could be a lot better, and on top of that, what the device logs (and doesn't log) seems to be somewhat arbitrary. How did I stumble upon this issue? I noticed the device making certain DNS queries, but couldn't find any corresponding log entries in the device's logs that would explain said DNS queries. Yikes!
So, herein lies the rub. I had set up several jumping off points that queued off this device's logs. I assumed that the device was logging properly and gave myself a big pat on the back for helping this client defend its network. Not so fast.... I guess one can never assume....
Still working on this one....stay tuned....
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment