Your basic ITPro blog... What's going on at work, what I'm interested in.

Tuesday, July 15, 2008

More Thoughts on Creation Science

I have been thinking a lot about this topic lately. The idea that God's creation declares His Glory, as well as His Word, is stuck in my head. Both His Word and His creation are divine revelation. Therefore, they must be consistent and they must be true. So, what we read in Scripture and what we see in nature must agree. At the points where it seems they don't agree... that is the result of our limitations; either in understanding the Word or in understanding nature (or, more often, a combination of both!).

Scripture, as God's revelation to us, does not lie. Every word of it is true. As we study scripture and prayerfully work to discern its meaning, we move closer and closer toward understanding. I am confident that the pastor at my church more fully understands and comprehends the scriptures than I do. He has spent years and years in intense study of the Word. As a result, his understanding is greater than it was in the past.

This process (study for understanding) works even if you don't 'believe' what you study. For example, I know of Christians who are 'experts' in the Koran. They have studied the Koran and, as such, have a deeper understanding of it than they otherwise would. They don't believe it to be what it is claimed to be, yet they study it and know it.

Why am I saying all of this? Because, I believe that we, as people, grow in our understanding of nature as we study it. As we observe and measure, as we test and experiment, we learn more about nature, not less. We get closer to quantifying reality, not further away. Our definitions and descriptions become more representative of reality, not less.

And again, the question comes to mind, "Would God's creation -- the nature that He put all around us and that reveals His Glory -- would this creation lie to us? Would God lie to us?" I am confident that the answer is NO.

image

This graphic (I'm not much of an artist) shows one example of why I have such trouble with the young-earth position. It goes like this:

We look to the sky and see stars A and B. Star A is observed and studied, as is star B. Star A is determined to be less than 6,000 light years away while star B is determined to be more than 6,000 light years away. While observing these stars, we measure luminosity, distance, composition (how much helium, hydrogen, etc.). Then, we see both go super-nova, explode, and disappear.

The question is, did star B ever actually exist?

If the universe has only existed for 6,000 years, how did the light from star B have time to travel through space and reach earth for us to observe? We, in essence, were observing an illusion... a star that never existed. Only the light (represented by the solid wavy line) could have existed. This would have to be true for any object we observe in space that is further than 6,000 light years away.

When we look 'up' in to the sky, we are looking at the past, not the present. The universe does not exist as we see it, it 'existed' as we see it. For example, the Sun is about eight light-minutes away from earth. That is, it takes sunlight eight minutes to reach us. So, the sunlight you see now is eight minutes old. The sun could explode and we wouldn't know for eight minutes. In fact, the sun could actually be gone this very moment!! Let's wait eight minutes to see...

Still here? Well, it's eight minutes later and the sun is still shining, so I guess it didn't explode. Whew!

Now, look up in the sky... See that star there? It has been measured to be 2,000 light years away. So, the star we see is actually the star as it was when Jesus walked the earth. That star could be gone now, it could have been gone for a thousand years! Astronomy is the study of history. The further away an object is, the further back in time we are looking. But, it takes time for that light to travel through space.

AiG has an article addressing this. I am curious to hear what you think about it...

The Law of Unintended Consequences - Revisited

I recently commented on how we made some changes to our system that resulted in unintended consequences. Well, we got another dose of this last Saturday. Had I thought through things a bit more thoroughly, I might have caught this.

The new Cisco wireless install already required some big changes to our Checkin Kiosk computers. The changes were made, though, and the kiosks seemed to be working fine. We noticed that the wireless clients connecting to these new WAPs were getting configuration information from the Gilbert campus, even though they were on the Mesa campus. This is because we have just on Controller, which is in Gilbert.

We realized that this would mean that network traffic for these clients would all traverse our WAN link (currently a T1). Not ideal, but workable.

What we didn't realize was that this would impact event publication to our checkin kiosks. Our checkin system uses source subnet on the kiosks to determine which events to make available. Mesa events would be available on kiosks with "Mesa" IP addresses and Gilbert events would be available on kiosks with "Gilbert" IP addresses. Of course, now all kiosks were effectively in Gilbert!

So, Saturday night, as we tried to start checkin for our evening service in Mesa, our kiosks showed 'no events available'. We quickly scrambled and put our old Linksys WAPs back in place so that checkin would work.

So... more unintended consequences and, thus, more work to do.

D

-------------------------------------------

Secret Message (The same message as before, run through the encoder again):

AAT63385O9UA957E36U6HFIC0OAO249EUUO1OGY4I75G6T31AZKO0156IW6C2I755EAH29UOAA22UGAXW00UQXAE373EJ9E3
IOUH1UY98F45ODRZ2U5PBI38518AXTEA533A987XNIE31AA6O9I9160AOOV93ICX8A09167IOUL1OGAPR1671UIUA38UTIJZ
09OWQJ29268OLA60O66RUU5E4AIII945ALLUF20AALP3IS6R125ATAY6W1A9EOA72E9O80UEIU2IIEZ2EV6B72U5LE4UEKO8
600UU96AK3199UQ6AH7R82E697ZQX77046A9P578E63846E67G5I7EU18EAEA43878I9Z5TAR2IETX41955886UHS4654U9R
3EGAFE72980UL886IC79W0OLU9W5W1IAEU254AT7VUU246E53EW6U9IR22IKI3877AL5AT677D7180UH5W9S950486ET75O3
AP7IIU2IAA76I53UVP6US29746IEPB44IG7S22OQUQX24AWWK41EMCA5S391AIUO48546IXAHE3EOA07IPTS02ETRM34IWFU
3UELU3IFIG0OI5E6O3AQDP3IEIM40UUEAF63EAIKT11AHQTIL23

Time Warp!

I have a Google Alert set up for my name (vanity?). As you can probably guess, 99%+ of the time, this alert just returns me my own blog posts!  :-)

But, this morning, something really interesting came up.

I just looked through a window to my past!

This page sent me on a short jaunt, reading discussion posts I have published in 1995 and 1996! I have questions posted about GroupWise, Netware 3.12, network printing questions (still have those!), MSMail/Schedule+ (wow! I barely even remember that!), Windows for Workgroups 3.11, and more.

What a blast! I would have bet money that this history was lost forever.

I remember writing this post! Those were interesting days.

This is another fun one. Especially the rant by the last guy in the thread (note how big the patches are! hehe)

Wednesday, July 9, 2008

Thoughts On Ken Ham Talks and Creation Science in General

I was going to post a comment on Jon Edmiston's blog post, but my comments went long. So I just decided to turn it in to a post here.

Growing up (especially through Jr. High and High School), I spent a lot of time reading materials and going to conferences/conventions/seminars made available by organizations like ICR and Answers In Genesis. I remember challenging my science teachers on points of evolution and geology, making the arguments (as I understood them) for a young-earth point of view. I don't think I changed many minds back then, but at least I spoke up. Science is about ideas... different ideas being put forth, being tested against observable data, and being either validated (usually only partially and thereby requiring modification/tuning) or rejected.

Some time later - I don't remember when - I was introduced to Reasons to Believe and have gone through a similar process. I have attended a few live events and have read most of the books in their library. I have always been interested in science and I love the idea that there are multiple views and viewpoints for this. You miss a lot if you only choose to see one side of things. I went to public schools all through high school (and have read various popular science books published by non-religious sources, and have watched more than my share of science shows on public television, etc.), so I have been exposed to all three major views; evolutionary science, young earth creationism, and old earth creationism. Side Note: I'm not sure I like these terms, but they are recognized, so I use them here.

I have really enjoyed this journey! It's a blast and the topic really fascinates me! I think the reason I can have fun with it is because I don't believe that it is essential for my salvation that I believe the earth is only a few thousand years old. I believe that it is entirely possible for our planet to be 4.3 billion years old and for God to still be God! I believe that both God's Word and God's Creation consistently reveal His glory. Neither lie to us, deceive us, or mislead us. God is revealed in both!

Psalm 19:1 says, "The heavens declare the glory of God; the skies proclaim the work of his hands." We can trust what God's creation has to tell us, for it tells us of His glory!

I have really come to respect, appreciate, and accept the work that Reasons to Believe is doing. I find their material very engaging, their science and theology well-reasoned, and their arguments persuasive. 1 Thessalonians 5:21 says, "Test everything. Hold on to the good." This scripture smacks of the scientific method... Test your ideas, your presuppositions. Do they fit the evidence? Do they fit with what you see? Find the Good and hold on!

With this in mind, these are some issues, or points of interest, that I have when thinking about the young-earth viewpoint...

Why do they trust all other sciences except the ones that contradict their viewpoint? I am guessing that Ken Ham trusts sciences such as medicine (does he ever go to the doctor?), mathematics (does he ever travel and calculate distances and times? Make change?), chemistry (endless applications in every-day life), physics (does he believe in gravity?). I am sure that he has no problem agreeing that man has the ability to reason, explore, think, hypothesize, theorize, test, measure, revise theories as needed, define and explain what we see and observe in these other sciences. I am sure there are a myriad of areas in which Ken Ham has no problems with the science being done. But, for some reason, he believes that we suddenly lose all of our God-given abilities when it comes to sciences such as geology, astronomy, astrophysics, anthropology. He is fine with man's abilities in hundreds of different fields of study, but has major contention and believes that we get it dead-wrong when it comes to this tiny subset of scientific endeavor.

It's like having two people (Mary and Joe) look at a rainbow and identify the colors. Mary lists the colors as "Red, Orange, Yellow, Green, Blue, Indigo, Violet" while Joe says "Red, Orange, Yellow, Green, Blue, Indigo, Black". Both observe the rainbow, both use their faculties to reason out and identify the colors. But, Joe is adamant that Mary is wrong about the last color. Why does Joe feel that Mary can correctly reason out and identify the first six colors correctly, but somehow is incompetent to do the same for the last color? Likewise, why is man able to perform so admirably is many, many fields of science and study, yet fail so miserably in a tiny subset?

I realize that Ken Ham attempted to make a distinction between what he calls Observational science and Historical science in his first session. But, all science is based on and progressed through observation. I did not catch the distinction he was trying to make.

Along these lines, in his second session, Ken Ham quotes scientists and states that they estimate there are 10^80 atoms in the universe (at about 29:30 in the second session video). He goes on to use this number to make a point about the great potential for diversity, etc. I presume that these scientists, whom he seems to trust wholeheartedly when it comes to estimating the number of atoms in the universe, were astronomers (or some related field). I also presume that these scientists used the same methods of observation, critical thinking, scientific rigor, scientific tools and techniques, and even the same biases (religious and otherwise) to come to this number as they use to come to conclusions about the age of the universe. Why does Mr. Ham feel so comfortable to accept one number from them but not another?

While I don't dare presume to equate any scientific publication with scripture, this attitude reminds me of Thomas Jefferson and his Bible. (I am speaking to man's attitudes and behaviors, nothing more.) Jefferson felt it appropriate to pick and choose from the material, only keeping the parts that he felt comfortable with or that agreed with his notions. Mr. Ham seems to do the same.

The main thing I see when I read (or hear) material from Answers In Genesis is a fear of age. They equate an old earth with a Godless earth. There is a belief that billions of years proves evolution. Reasons to Believe has many resources showing that, mathematically, 4.3 billions years (the estimated age of earth) is not enough time for evolution to work. Old does not equal evolution.

Ask yourself the question... Would creation be any less miraculous if it began billions of years ago rather than thousands of years ago? Is God not timeless? And why thousands? Why not hundreds? Or tens? Why not only a moment ago?

The answer you may give to that is, "We have documented history going back thousands of years, so those thousands of years must have existed! God couldn't possibly have created everything only moments ago."

Yet, the heavens, which proclaim the work of His hands, seem to be telling us that they are billions of years old. In fact, using the most current technology, the most current science, the universe is determined to be about 13.7 billion years old. With each new measurement this number gets more refined. So, the question becomes, "Does God's creation, which declares His glory and proclaims the work of His hands... lie to us? Are distant stars not really billions of light-years away? Or, was their light created 'in transit'? Why would God create something that would so deliberately and so drastically deceive us? God is not a God of deception. And, since He is perfectly consistent, His creation can not deceive us.

As we make advances in science, this results in a greater understanding of God's creation. Think about medicine... cells, germs, viruses, diseases. Our knowledge of these things increase as we apply the science of medicine. We don't move further and further away from the truth about these things over time. Science brings us greater understanding. That's our image of God being expressed! That's God revealing Himself to us through His creation! Why would it be any different for sciences such as astronomy and anthropology?

Here is a great article that speaks to issues and differences between young-earth and old-earth creationists. It is put out by RTB as a response to a Ken Ham article. Here is another article that addresses points Ken Ham made in his 4th talk.

I would really be interested in hearing your thoughts on this!

Potpourri

Well, we have had a number of fun things going on around here. This is a rundown...

1. We have deployed three (soon to be six) new Cisco APs on our Mesa campus. These light-weight APs are being managed by our Controller on the Gilbert campus. (Previous posts: here, here, and here)

  • Plusses
    • Single wireless experience for both campuses
    • Single point of management and administration for wireless infrastructure
    • Better network security utilizing VLANs and router ACLs to allow and restrict traffic accordingly
    • Single platform, with robust service and support available
    • Forced upgrades to infrastructure on Mesa campus, improving our network
  • Minuses
    • Mesa wireless clients get network settings from Gilbert campus
    • All Mesa wireless traffic now has to make a round-trip over our T1 link between the campuses

This last point didn't really hit me until we actually began testing and I noticed that my laptop had a 10.100.x.x IP address, which is in the Gilbert campus address space. While I initially got very uneasy about this, a couple of things have eased my fears. First, after some testing, network performance wasn't that bad. Web browsing was fine and LAN access, while slower, was tolerable. Second... well the second point brings me to my second point!  :-)

2. As my boss recently blogged about, we have just signed up for an Optical Ethernet connection between our campuses. We will have a 200Mb pipe linking our Gilbert and Mesa campuses. Any issues we may have with our current wireless implementation (related to our WAN link) will soon be gone. Also, we are looking at getting a second Controller for our Mesa campus at some point. This would be set up in a 'client' role, keeping the Gilbert Controller in a 'server' role. So, we would still only have one place for management, but each campus would have a local controller for their respective APs, handing out network settings each for its own campus. This would keep local traffic local... a good thing!

Also, this high-speed link will open up conversations about file syncing, remote backup, VoIP integration, and more. Fun Stuff!

clip_image0023. Austin Spooner (here, then here, I believe) was kind enough to inform us (via Nick) that Firefox 3 didn't seem to like our SSL implementation. After testing and confirming the problem, I made a call to Network Solutions. We bought our cert some time ago and have not had any problems until this time.

As it turns out, when I set our certificate up, I only installed our certificate. I was supposed to get a total of four certs from NS and put them all on our web server. Since I did not do that, Firefox 3 correctly reported it could not determine the provenance of our certificate.

I was quickly directed to our Cert Management site and downloaded the other three certs I needed. One was installed as a root cert and two were installed as intermediate certs. Once I restarted the WWW service on our web server, things were right as rain.

It's amazing how things work when you do them correctly!  :-) Thanks again, Austin!

4. This one ties in to number 1 above. Our new wireless implementation required us to make some not-insignificant changes to some of our check-in kiosks. Actually, the solution we landed on required us to make changes to all of our kiosks (on both campuses). You see, some of our kiosks are out in the middle of a space, so they require wireless access to the network. Well, with the new wireless solution, these kiosks had to be reconfigured. And, like a snowball rolling down hill, this thing got bigger and bigger, faster and faster, and it almost wiped us out. But, we landed on a solution that, I think, will work pretty well and will be an improvement over what we had previously.

When we changed the wireless network settings, we broke everything. The kiosks - ELO touch-screens - had a program loaded and provided and on-screen keyboard and auto-logon capability. The problem was that our wireless network requires authentication (against AD) before allowing you on the LAN-access VLAN. The ELO app, however, did not use cached credentials, so it was not able to log on! There was no network available for the AD authentication. A great catch-22, but very frustrating... we needed the network to authenticate, but the network itself required authentication!

So, we decided to remove the ELO software tool and look for other ways to auto-logon. We soon found many articles describing how to do this. A few registry key changes later, and we had our computers logging on automatically. Of course, we weren't done yet. Now, the computers were using cached credentials (because the wireless network wasn't up yet) and the GPO has these machine automatically start IE in kiosk mode and open our ckeckin app webpage. Well, with networking still down, the computer were just showing a 'page not found' error. Not very helpful.

Our next step, then, was to figure out how to tell these computers to wait until their network was up before starting IE and the checkin app. After a bit of fiddling around, I landed on this VBScript:

Set objShell = WScript.CreateObject("WScript.Shell")
 
strCommand = "ping -n 1 SERVERNAME"

strResults=""

while not InStr(1,StrResults,"Reply from")>0
    WScript.Sleep 5000
    Set objExecObject = objShell.Exec(strCommand)
    Do While Not objExecObject.StdOut.AtEndOfStream
        strResults = objExecObject.StdOut.ReadAll()
    Loop
wend

objShell.Run """C:\Program Files\Internet Explorer\iexplore.exe"" -k http://SERVERNAME/CheckIn/scancode.aspx"

All it does is try to ping a server and waits until it gets a reply before executing our ckeckin app. We just changed the GPO to run this script, rather than IE itself. Simple, but effective. So, our config change steps are:

  • Remove ELO tool
  • Modify registry for auto-logon
  • Copy VBScript file to kiosk computer
  • Reconfigured wireless to point to new infrastructure

The one realization we had late in the game was that this change affected all kiosks, not just wireless ones. Since we changed the GPO to run the VBScript file rather than IE directly, we had to put the VBScript file on our wired kiosks as well. Not a big deal, but something we didn't think about at first (while focused on the wireless machines). This was a quick object lesson in The Law of Unintended Consequences. A good tip: test the whole system after making a change, even areas that you don't think you messed with.

5. And finally... some fun. Well, at least I think it's fun. I like codes and ciphers. I like stories/novels with codes and codebreaking in them. I have always liked creating codes and trying to break codes. To that end (and as an excuse to play with PowerShell), I wrote a PoSH script that encodes/decodes messages. I thought it would be fun to share a coded message and see if anyone can decode it. Here's the coded message:

IIV03EOII036UFSOY2UI7A848E6OI6E20AF589Q22OGY00IZW6A0OPH2UIO
B43EOA89I28EGA9DF9305IZQUI801A8YU33IOIY1IKB4E9WFZ161O5LLI0EK
P7AO2EX86NOI13IIAU01OAEN8308EKZI2U8OIS23EK85IQY2EU6EI500OPUF
79P02ATWF44AMU15UL5O9O5I0U68IAI22E9976D6Q8IL23AO8V9T83I6VW29
3AF6UGP4EAAE31IO5842IUAE44UEIS45IVH1EZ7E03A6E5Y5U0OEUB45A7Y5
6UJS2UL9WL4ANI94EQOI55A5944O87AOI4EYGAJ1A9EKH947IB7F150U8T51
2O59HEW9I70UNIDC71586850ASELJ47O5I69UI2ELF9OO617770O82969OHEO
795K4EHA1682AXEW7P44UQ8QD619ECU62796ESIAU178AUAE51ARQU9L253I
O97XR24UQH94IYUPW3AWDT01UVTI97S3OUAO71OLAHU23EUA04EYH8X2I
QFH2UJYA42AAV7O43I7LOZ23I9EOO2USBG01AEUG1IUUIF0EUAXG24EZGLIH20

NOTES/HINTS:

  • I added arbitrary line breaks to make it easier to post. The original output is all on one line.
  • I am using a substitution cipher, following a new simple rules I came up with. These rules are fixed.
  • I will post this message, re-encoded, again in the future. Having multiple encoding of the same message may help in decoding it.

Tuesday, July 8, 2008

First W2008 Server Core Installation

This post is simply notes for me, but I hope you find them useful.

Important commands for Server Core:

  • Rename server: netdom renamecomputer <oldName> /NewName <newName>
  • Reboot server: shutdown /r /t 0
  • Enter license key: slmgr -ipk <License Key with Dashes>
  • Activate Windows: slmgr -ato
  • Allow RDP: netsh firewall set portopening tcp 3389 "Remote Desktop"
  • Allow ping: netsh firewall set icmpsetting 8
    • DISallow ping: netsh firewall set icmpsetting 8 disable
  • To logoff: logoff
  • To get a command prompt back:
    • Ctrl+Alt+Delete
    • 'Start Task Manager'
    • 'New Task'
    • 'cmd'
  • Enable Remote Admin: Netsh advfirewall firewall set rule group=“remote administration” new enable=yes

Good resources out there:

Wednesday, July 2, 2008

Wireless Moving Forward

I have posted a couple of other times on our wireless/infrastructure upgrades on our Mesa campus (here and here). We are finally ready to move forward. We have scheduled deployment of four new APs for next Monday. I am very excited.

WiFiThese APs will tie in to our Gilbert wireless infrastructure, providing two SSIDs, one for public access and one for private LAN access. The great thing about this implementation (I am hoping!) is that our wireless services will look identical on both campuses. No more dual configs on our laptops! Very nice!

I do have a couple of concerns, but I am confident that our integrators will not have a problem. First, we are not using Cisco gear on the Mesa campus. We have a combination of Dell and LinkSys switches. They all support VLANs and QoS though, so I think we will be OK. Also, there will need to be some engineering done on our P2P link between the campuses to handle multiple VLANs and QoS. Again, should not be a problem for an actual Cisco engineer (just don't ask me to do it!).

I am very very excited about this and hope that this provides all of the benefits that we are counting on. Fewer APs with better coverage; better security; easier management.

I will let you know how it goes next week. Wish us luck!

Signing PowerShell Scripts

Talk has begun around here of using PowerShell on our servers. Up until now, I have just been running it on my laptop, using my scripts myself. But, with talk of distributing this functionality and expanding our use of PoSH, it is also time to start thinking about script security.

To that end, I have begun looking in to script signing. Now, I am not going to spend a lot of time writing up what little I know about this topic. There is a ton of other information out there that is way better than anything I could produce. I will say, however, that one particular post was most helpful for me.

You can find the post here.

Scott Hanselman does a great job of taking you through the process of creating a self-signed cert for code-signing. Check it out!

A couple of things I did run across... When I turned on AllSigned "Set-ExecutionPolicy AllSigned", I had to then sign every script that I might run. Of course, this is exactly by design. But, I was just thinking about the scripts that I write. But, it wasn't long before I realized that my profile wouldn't load either. So, I had to sign that. Then, my profile calls various scripts, to pre-load a bunch of stuff... All those had to be signed. You get the idea.

To help me in my new environment, I wrote a couple little functions to do the signing for me. The first one just signs a script I pass it:

function Sign-Script
(
    [string]$Script
)
{
    begin {
        function Usage() {
            Write-Host ''
            Write-Host 'FUNCTION: Sign-Script' -ForegroundColor White
            Write-Host ''
            Write-Host 'USAGE'
            Write-Host '    Sign-Script'
            Write-Host '    Sign-Script "C:\scripts\myScript.ps1"'
            Write-Host ''
            Write-Host 'SYNOPSIS'
            Write-Host '    Digitally signs a script file'
            Write-Host ''
            Write-Host 'PARAMETERS'
            Write-Host '    $Script as string     DEFAULT: none   ( example: "C:\scripts\myScript.ps1" )'
            Write-Host ''
        }
        if (($Args[0] -eq "-?") -or ($Args[0] -eq "-help")) {
            Usage
            break
        }
    }
    process {
        if ($Script) {
            $cert = Get-ChildItem cert:\CurrentUser\My -codesigning
            Set-AuthenticodeSignature $Script $cert
        }
        else {
            Write-Host "Please provide a script to sign."
        }
    }
}

The second function refreshes the signatures on all the scripts in my 'library'. I have a \library folder that holds all of my functions and scripts I pre-load for every PoSH session. If I ever change these scripts (which I do often) I have to re-sign them or the hash is wrong and the script won't run. This function takes care of that for me.

function Sign-LibraryScripts
{
    begin {
        function Usage() {
            Write-Host ''
            Write-Host 'FUNCTION: Sign-LibraryScripts' -ForegroundColor White
            Write-Host ''
            Write-Host 'USAGE'
            Write-Host '    Sign-LibraryScripts'
            Write-Host ''
            Write-Host 'SYNOPSIS'
            Write-Host '    Digitally signs my library script files'
            Write-Host ''
            Write-Host 'PARAMETERS'
            Write-Host '    none'
            Write-Host ''
        }
        if (($Args[0] -eq "-?") -or ($Args[0] -eq "-help")) {
            Usage
            break
        }
    }
    process {
        $cert = Get-ChildItem cert:\CurrentUser\My -codesigning
        $scripts = Get-ChildItem C:\scripts\Library\*.ps1
        foreach ($script in $scripts) {
            Set-AuthenticodeSignature $script $cert
        }
    }
}

Tuesday, July 1, 2008

Analyzing Syslogs

I have no idea how to do this! And, things are getting to the point where I think I need to learn.

We have a Cisco ASA5510. We use this box with our Internet connection and use the 'inside', 'outside', and 'dmz' interfaces, each doing pretty much what you would expect.

I have What's Up Gold monitoring this device, primarily for bandwidth utilization on the 'outside' interface. "How much of our pipe are we using for inbound and outbound traffic?" This question, I can answer. But, there are times when I ask, "What type of traffic (and to/from which client) is using all this bandwidth?"

Something was chewing up ALL of my outbound pipe for most of the day yesterday. The frustrating thing is that, at this time, I do not know how to find out what was being stuffed down that pipe, and by whom. I am assuming (guessing?) that the answer can be found in the syslogs. But, how to read them??

WupTmp_D87B5E59-AE2F-4325-BB26-19CFD5B89ABF[1]
Yesterday's Chart

I have been poking around in the Cisco ASDM tool, seeing if it can help me. The 'Home' screen shows the syslog messages race by. While this is a bit mesmerizing, it doesn't really help me know what's going on. Then there is the Log Viewer in the ASDM.

image
Cisco ASDM 5.2 Log Viewer

This tool adds the ability to see the Details, and Explanation, and give Recommended Actions (if any) for each log entry. Pretty cool, except I still have no idea what I am looking at or what I am looking for. What I need is a tool that will eat these logs and spit out pretty charts and graphs showing utilization by source, destination, and protocol/service/datatype/etc.

While doing some research yesterday, looking for a free tool that might start me on this path, I came across Splunk. The glossies led me to believe that this tool may do some of what I am looking for. So, I downloaded the free version and put it on my laptop. It was easy to configure the datasource (my ASA5510) and it was just as easy to set my 5510 to see my laptop at its syslog destination. So, I have Splunk getting my logs from my 5510. YEAH!

Now what?!

Now I have to learn Splunk to see if it will in fact do what I want/need.

If anyone knows of any other tools that might help, I would love to hear about them!

Additional Info

My photo
email: support (AT) mangrumtech (DOT) com
mobile: 480-270-4332