I have a habit of always checking logs of any equipment that I work on.
Clients are surprised when I find the occasional easter egg surprise.
In this example, I was working on a router configuration change, when I checked the log. It was full of a ton of invalid login requests from questionable IP addresses. After showing the client, he was shocked since all his routers have their built-in firewall enabled.
We took a peek, and he was correct, the firewall was enabled, but it had no rules configured. We referred to his configuration document and added his 'standard' wan interface rules. Then we checked the logs to confirm that the poking and prodding ended.
I suggested, at a minimum, he setup a Syslog server to better manage and monitor his equipment. There are tons of free and paid for syslog servers out there. i suggested he get one where he can configure what to get alerted on since some devices can get pretty verbose with their syslog traps.
Heres the thing about Syslog or Network Monitoring in general. The key is to not fall into the trap where there is so much being reported, that you become desensitized and start ignoring everything, missing a legitmate. problem. I suggested creating the most common scenarios that you want to be alerted on and then set alerts on those events first. Try not to be too generic. For example, you might want an alert if a network port that the server is connected to goes down, but not a client or printer.
Send your ideas, outlines or articles to post. We will happy to help you with your write ups, as along as they are not marketing pieces.
