Posts made by taurex

@notverypunny @scottalanmiller @JaredBusch thank you for your replies. We want to monitor databases, network devices, admin-level logins, etc. both on-prem and hosted for some suspicious activities or outages. I just thought that a SIEM would take care of the analytics/response part better than a monitoring solution like Elk, Greylog, OpenSearch, Zabbix, etc. which need a lot of fine-tuning to make them work in a similar fashion as a SIEM. We will check out Wazuh and compare it to SIEMmonster Community Edition, thanks.

Hi All,

We are evaluating a SIEM for an SMB with a lot of client-facing infrastructure on AWS. A colleague of mine suggested giving SIEMonster a go but I am not completely convinced. There was a separate thread here on centralised log management where @stacksofplates and others suggested trying ElasticSearch with some Grafana dashboards on AWS. Ideally, we need to find a solution that is not very time-consuming to deploy, works with endpoints anywhere and is easy to maintain. Our resources are quite stretched out ATM but they might hire a new person or outsource it to a third-party SOC to manage it.

All suggestions are very much welcome.

Thanks.

Scott pretty much nailed it. Although collecting and preserving logs centrally is a good idea, analysing them anything but superficially would normally require a dedicated IT security team. There are (expensive) solutions like SIEM that make this job easier but even those can hardly be managed by a typical SMB/SME IT depts on their own. If the OP's organisation needs to be ISO 27001 certified or compliant with PCI, HIPAA etc. yet small enough, looking at MDR, MSSP or managed SIEM providers might be an alternative.

@hobbit666 Not sure what the situation is like in the UK with the prices on GPUs but here in AUS it's pretty crazy at the moment. I was looking into a gaming PC build for my friend's son and found only Dell had a really good value deal on eBay during one of their promos: https://www.ozbargain.com.au/node/619439 The still available RTX 3070 are now sold for almost 2k here! And this is only an upper mid-range Nvidia GPU AFAIK.

@jim9500 said in New IT update 60TB / 60 mil files / 20 people - HP Equipment:

D3700

I'd add one thing that sometimes gets overlooked with all-flash storage. A lot of software or hardware-based storage solutions offer inline dedupe and compression that helps save even more storage with SSD.

I wouldn't even waste an entire host for an RDS farm, let alone a single VM tbh. I agree with Jared, try to get something modern on a warranty with a better CPU (AMD EPYC are worth taking a look at), more RAM and SSDs instead. Unfortunately, the newer 14th Gen Dell refurbs are hard to come by in the land of Oz but the 10 gen HPE Proliant refurbs can be found at many HPE Renew partners, often half-price from new with full NBD warranties. Also, check out Digicor for their SuperMicro deals.

@JasGot This Cloudflare KB should help: https://support.cloudflare.com/hc/en-us/articles/200169626-Identifying-subdomains-compatible-with-Cloudflare-s-proxy

@JasGot Are these media files images or videos? For images, they can look into something like the Smush Pro plugin (provided they're using WordPress CMS), videos can be easily hosted elsewhere like on YouTube or Vimeo and simply embedded to the website instead. Or they're talking about excess traffic caused by this activity?

Try iPerf. It definitely puts storage out of the equation. Try using it with parallel threads to get more accurate results what the link can really handle. Also, it would only test TCP throughput by default but you can test UDP on a client side with -u switch. There are tons of guides on it online.

@Dashrender said in How much RAM for this VM?:

why does the consumed have those dips?

I'd say this was invoked by the apps running on it. This VM is used for analytics and reporting, it's got Visual Studio, Power Bi and SQL server running on it. The vendor must've been doing some shit on it.

Do they have a vCenter running that controls that host? You can run some useful charts there that tells you how it was utilised over a certain time. I have one of VMs set up as per its vendor's requirements with 24 GB of RAM and I can't touch it otherwise they won't support it. This is how much this production VM has used its allocated memory over a year:)

@Pete-S said in Proxmox install for use with a ceph cluster:

@DustinB3403 said in Proxmox install for use with a ceph cluster:

@scottalanmiller I can remove the card for sure, but its not a practical lab exercise for what I'm working on.

I would do this in my personal lab possibly to do that, but not here, in this lab.

You can just the change the controller to HBA mode. In HBA mode it will work like a HBA.
On older cards you have to flash the firmware, on newer cards it's often just a setting.
From a hardware perspective a RAID card is a HBA + more powerful hardware for parity calcs + larger memory cache.

Hang on a sec see if I'll find the link on how to do it.

A newer way to set HP controller to HBA mode:
https://ahelpme.com/servers/hewlett-packard/smart-array-p440-enable-or-disable-hba-mode-using-smart-storage-administrator/

This is a older longer way to do it:
Youtube Video

I was just about to reply to turn passthrough mode (HBA) on on the controller but you nailed it! On the other hand, Proxmox works fine with hardware RAID. As a matter of fact, this is what the vendor themselves recommend: https://pve.proxmox.com/wiki/Raid_controller. Software ZFS RAID can potentially be faster but it needs to be configured properly with direct access to disks, plenty of RAM and ZIL for caching.

Are you positive no logical volume is configured on that host in its RAID controller? You should be able to check it via iLO. Or you can start Provmox VE installer in debug mode that gives you a console. You can use it to list all recognised drives.

Proxmox would not offer any mdraid configuration in its installer. https://pve.proxmox.com/wiki/Software_RAID

Asset Tiger is pretty good in my experience. Hosted and free for 250 assets or less.

@Pete-S I'd stay away from the 7xx Intel NICs, I heard lots of bad things on different IT forums how they play up. The Mellanox NICs would be my first choice for anything with RDMA support.

@biggen NVMe storage is indeed ridiculously fast. When I say fast think about its latency rather than throughput. In practice, their performance really shines with heavily used relational DBs. Doing RAID over the network with NVMe would require at least 25 GbE with RDMA support end-to-end and would work even better with NVMeoF initiator. Otherwise, network latency would be a bottleneck. However, for 4k video editing, 10 GbE end-to-end with SSD storage on the server should be sufficient.

There is a better alternative than interface bonding between a single file server and clients, it's called SMB multi-channel support that uses multiple network interfaces for data transfers (clients need to have multiple NICs though). This way network bandwidth is aggregated with active-active paths not load balanced with active-passive. The downside is SMB Multichannel works reliably in all Windows environment, its Samba implementation is patchy. Mac OS doesn't support it at all AFAIK.

Just remember @WrCombs that you can set up static routes both on the client VMs or the router VMs. Most of the time, you'd want this to be set up on your routers because it's more manageable this way plus you can use dynamic routing protocols at scale. However, in some real-life scenarios like remote access VPN with split tunnelling, a route to the secure remote network needs to be added on the client machine itself (with L2TP at least).

@scottalanmiller said in RingCentral and Vonage:

Their PBX base price is great, but their per minute cost to dial is very high and they line limit. So if you have any number or users or make any amount of calls, their pricing is pretty high for the market.

I don't know about normal handsets, but their handset prices are significantly higher than any market we've seen and we work all over the world.

Call to mobiles are always expensive in Australia, the rest of the outgoing calls are only charged per call, not per minute. As for the handsets, yes, Maxo sells them with a quite a bit of a margin but they don't customise any handset firmware like some other telcos here that lock you in with their handsets. We buy them from other retailers for a lot less. What's great about their PBX is practically everything can be done via their web admin interface. Other telcos here are miles behind in terms in terms of convenience and functionality of a web GUI.

Well, I live in Australia and know quite a bit about local VoIP providers. As far as I'm concerned, no one does it better here than Maxotel. I am not a reseller and don't get any kickbacks from any vendors but their Asterisk-based hosted PBX and their support team have been absolutely amazing in my experience. Check them out.