LISA08 – day 1

I’ve now finished my first day at the LISA conference. It has been quite interesting, and I have a lot of input I have to filter and digest.

In the morning, I attended a training program called “Management 101: Effective Communication Tools for Sysadmins.” It was basically about communication, with your boss, your colleagues, users and everyone else you get in contact with as a System Administrator. They provided us with some tools to improve ones ability to communicate more effectively, both as a reciever of information as well as a facilitator of it. They talked about how you can avoid having feelings rule and sometimes ruin your conversation with others.

The last part of it was about documentation. How to structure it, target it for the right audience and in doing that actually provide several different versions of the same documentation: A version for the Executives, a version for the Users and a version for the Tech people. Do not mix this into one document as it ends up being a totally unusable one by doing that.

In the evening I attended another training program called “Building a Logging Infrastructure and Log Analysis for Security.” It was a walkthrough of some of the tools and techniques available for collecting, analyzing and correlating your logfiles across multiple computers, network equipment etc.

Things that especially caught my attention was the way he set up the syslog infrastructure. He had a central logserver, and several log relay servers, to achieve the following goals:

  • Securing the access to the central logserver – It’s not every server which are allowed to send logfiles to it. Only the relay servers can do that.
  • Minimizing the amount of network connections on the central log server – It doesn’t have to cope with gazillions of simultaneous connections.
  • Segmentation of your network  You can cluster your hosts by making logrelay servers that only serves specific kind of server, fx. webservers send logmessages to logrelay1, mailservers to logrelay2 etc.

What I would have liked him to address in more detail was how to handle logs from networking equipment like switches and routers. I tried to catch him afterwards, but as everyone else also wanted to talk to him, I actually never got to ask him some questions about that. I’ll probably try to catch him one of the other days.

All in all, this has been a good first day of LISA08 – at least for me.

  Relaterede indlæg

Add a Comment