Why is checking the LOGS is always the 4th or 5th step in the troubleshooting flow?
-
Why is checking the LOGS is always the 4th or 5th step in the troubleshooting flow?
The logs, they have iNfORMatiON that the programmer figured you’d like to know when shit goes sideways.
Start there! Read that wisdom, even if it’s half misspelled and riddled with weird numbers. It SPEakS to you!
-
Why is checking the LOGS is always the 4th or 5th step in the troubleshooting flow?
The logs, they have iNfORMatiON that the programmer figured you’d like to know when shit goes sideways.
Start there! Read that wisdom, even if it’s half misspelled and riddled with weird numbers. It SPEakS to you!
@pejacoby I usually start with logs
I have a syslog server collecting logs, like a psychopath. No graphana , no docker containers, just syslog-ng listening on UDP514 with allow-lists for known devices.
that one device having shit connectivity? guess what? syslog told me that that port flapped and had ~32000 BPDU messages in ~3 seconds.
What do I find? unmanaged switch inline and some loose ethernet cables.... Someone created a loop.
Why BPDU guard wasn't enabled is a different story, but here we are.
READ YOUR LOGS PEOPLE
-
@pejacoby I usually start with logs
I have a syslog server collecting logs, like a psychopath. No graphana , no docker containers, just syslog-ng listening on UDP514 with allow-lists for known devices.
that one device having shit connectivity? guess what? syslog told me that that port flapped and had ~32000 BPDU messages in ~3 seconds.
What do I find? unmanaged switch inline and some loose ethernet cables.... Someone created a loop.
Why BPDU guard wasn't enabled is a different story, but here we are.
READ YOUR LOGS PEOPLE
@kajer amen brother!
Not once, not twice, but at least three times today on one 90 minute call…
Hey, you, tail /var/log/foo - see that? Fix that error.
Ok now tail it again - error changed? Progress! Fix that one now…
And one more time…no errors? holy shit it works now?
-
@kajer amen brother!
Not once, not twice, but at least three times today on one 90 minute call…
Hey, you, tail /var/log/foo - see that? Fix that error.
Ok now tail it again - error changed? Progress! Fix that one now…
And one more time…no errors? holy shit it works now?
-
-
Why is checking the LOGS is always the 4th or 5th step in the troubleshooting flow?
The logs, they have iNfORMatiON that the programmer figured you’d like to know when shit goes sideways.
Start there! Read that wisdom, even if it’s half misspelled and riddled with weird numbers. It SPEakS to you!
-
-
-
One F100 org I was at had multi million dollar splunk instance... NEVER AGAIN
we got free tshirts tho, so that was neat.
-
@pejacoby I usually start with logs
I have a syslog server collecting logs, like a psychopath. No graphana , no docker containers, just syslog-ng listening on UDP514 with allow-lists for known devices.
that one device having shit connectivity? guess what? syslog told me that that port flapped and had ~32000 BPDU messages in ~3 seconds.
What do I find? unmanaged switch inline and some loose ethernet cables.... Someone created a loop.
Why BPDU guard wasn't enabled is a different story, but here we are.
READ YOUR LOGS PEOPLE
-
-
-
-
R relay@relay.infosec.exchange shared this topic
