tag:blogger.com,1999:blog-4088979.post111335984300663285..comments2023-10-16T06:06:25.012-04:00Comments on TaoSecurity Blog: Blogging from USENIX 2005Richard Bejtlichhttp://www.blogger.com/profile/13512184196416665417noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-4088979.post-1113720017151054412005-04-17T02:40:00.000-04:002005-04-17T02:40:00.000-04:00I've got /my/ answer to your conference attendee c...I've got /my/ answer to your conference attendee complaint -- I'm in the lecture because I'm desperately hoping to learn something new and interesting, but because I likely won't and don't want to waste the time, I'll work on something else while I'm there, keeping one ear half-open with a filter for new and interesting things.<BR/><BR/><BR/>jsynAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1113387873853050392005-04-13T06:24:00.000-04:002005-04-13T06:24:00.000-04:00I've noticed the same sort of thing about conferen...I've noticed the same sort of thing about conference attendees...get in a room full of people, and you'll notice a good number of them glued to their laptops...checking email, doing IM, etc. I can see if someone comes into the back of the room and takes a seat away from everyone else...they may simply be trying to get something done.<BR/><BR/>Another thing that gets me is the guys (and yes, it's always been guys, women don't seem to do this...) who huddle around a laptop and chatter away while you're presenting, and then ask, "what happens if...?" My stock response is something along the lines of, "why don't you try it and then share your results with us?" After all, you've got a system right there to try it on! <BR/><BR/>I agree with you, though...why sit in on a presentation if you already know the info, and all you're interested in doing is checking your email/IM? <BR/><BR/>H. Carvey<BR/>"Windows Forensics and Incident Recovery"<BR/>http://www.windows-ir.com<BR/>http://windowsir.blogspot.comAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4088979.post-1113363684005299732005-04-12T23:41:00.000-04:002005-04-12T23:41:00.000-04:00If you are interested in Nagios, I highly recommen...If you are interested in Nagios, I highly recommend checking out <A HREF="http://www.zabbix.com/" REL="nofollow">Zabbix</A>. Like Nagios, you define events and setup constraints on what the expected results should be. Unlike Nagios, Zabbix records the full results data, which is almost always numbers, like the # of seconds a plug-in or command took to run, load, number of swapouts per second. Using this data, you can generate graphs and trend data just like mrtg or cricket.<BR/><BR/>Also unlike Nagios, you don't have to write plug-ins to check items and exit with a certain code. You simply tell Zabbix to run a command on a remote host, such as:<BR/><BR/>vmstat | awk '{ print $9 }' | tail -1<BR/><BR/>.. and then in the web interface define what numbers should trigger certain events.<BR/><BR/>Zabbix is fairly new, and honestly, only the 1.1 alpha's are really worth it, but it's something to keep an eye on in the next 6-12 months. I've migrated my network from Nagios to it so I wouldn't have to setup mrtg/cricket on all of the hosts to gather trend data.Anonymousnoreply@blogger.com