I recently started a new job and have been considering what to implement during the first period of my tenure. The following are my restrictions / requirements:
- No budget
- Services must fit in a VM
- Scalable (read: easily supported / maintained)
With that in mind, I’ve decided to implement a few things:
- syslog-ng syslog repository
- rancid
Syslog-NG is a great syslog server replacement, and there are a number of great management / reporting tools as well. It’s “free” and fits easily in a standard U*IX environment.
I’ll also be installing LogZilla (aka php-syslog-ng) and putting everything in a mysql database.
RANCID is a fantastic tool that will archive your network configurations & let you know if things have changed. Some folks have integrated the CVS repository that RANCID uses with CVSWEB, so I’ll be looking into that as well.
Ok, that’s nice, but what does that have to do with the CCDE?
Nothing directly, but it does have everything to do with the care & feeding of a network. You can’t know what’s going on with your devices without consolidating the messages they are producing, and without configuration backups / auditing you can be in trouble if a system loses its configuration or is changed.
The syslog-ng design will probably involve a hierarchy of some sort, where each site has a local repository, and all of these feed back to a central server that is being backed up. I don’t really know yet, but syslog-ng gives you the freedom to do so.
How about a pretty picture? I like pretty pictures:
security without obscurity 