@DustinB3403 yes it's Oracle virtual box.kali linux is guest is.i have installed the drivers as well

@DustinB3403 said in NXLog and Windows for Graylog:

@flaxking said in NXLog and Windows for Graylog:

When I was playing with graylog, I was using Beats

Care to elaborate?

Flexible and made to work with different solutions

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html

https://logz.io/blog/filebeat-tutorial/

PetaSAN, at least in component form, would make an excellent backup target array, for example.

because it's not uncommon to do 2+ searches in a row. Now they have to close the window between searches... which means it's broken.

The script I started with was shamelessly stolen from a Technet post.

That gave me a pretty good start. I did some light editing to more accurately match what was going on at my employer when I first used it for a large batch of users rather a while ago.

Now I'm making some more changes and additions to turn it into something a bit more broadly useful day to day.

@JaredBusch said in FreePBX 15 released:

Sangoma Vega 100 (I think) PRI gateway. PRI from phone company on one side and sip trunk on the other, hook it up to whatever PBX you want to.

https://www.voipsupply.com/sangoma-vega-100g

@DustinB3403 said in Tar gzip file compression calculation without decompressing the file:

@Pete-S So the simplest way I can think to explain this would be like this.

You have a network share which is relatively organized

You create a compressed tarball of any folder on that share and then move that tarball to offsite storage.

How would I realistically get a hash of that folder pre and post tar and compression and have it make sense? They aren't the same thing, even if they contain the same things.

@Pete-S said in Tar gzip file compression calculation without decompressing the file:

Is it safe to assume that the gzip file is correct when it is created?

This is what I'm looking to verify 🙂

I'm assuming that files are static during backup.

If you first of all run md5deep on all files in the folder, you'll create a textfile that contains md5 (or sha256 or what you want) signatures on every file in the folder. Place it into the folder so it ends up inside the backup and you'll always have the ability to verify any uncompressed individual file.

If you really want to verify your tar.gz file after it's created I think you have to decompress the files to a temporary folder, run md5deep on the files to compare them with the original file. What you really are testing is that the backup-compress-decompress-restore operation is lossless on every file. It should be by design, but if there is an unlikely bug somewhere it's technically possible that it might not be.

If you use the gzip compression with tar, gzip has a CRC-32 checksum inside that can be used to verify the integrity of the gzip file.

Or to be even more certain you can create an md5 signature of the entire gzip archive with md5sum or md5deep. Then you can always verify that the archive has not been corrupted.

If you ever need to restore the files you can verify the integrity of the restored files with the md5 you created on the original files, before you did the backup.

@scottalanmiller said in Incorporating Ransomware Protection into Backup Plan:

D2D2T

Appreciate all of the input. This is the solution I've been leaning towards over the last week. Had an infrastructure hiccup & haven't been able to spend any time on this. But I will utilize my existing backup device for the backup disk & incorporate standard LTO-8 drive library with a rotating weekly offsite storage.

@gjacobse said in (Air Gapped) Data Storage and security:

Can you (how do you) Air gap and secure data and still be able to make it available to a (end user)

Once the user can get to it, it's not air gapped any longer.

@Dashrender said in 3CX Linux Beta:

@scottalanmiller said in 3CX Linux Beta:

@Dashrender said in 3CX Linux Beta:

@JaredBusch said in 3CX Linux Beta:

@Dashrender said in 3CX Linux Beta:

@scottalanmiller said in 3CX Linux Beta:

@Pete-S said in 3CX Linux Beta:

So when you push a button and have all your phones upgraded to the latest 3CX/Yealink firmware you pretty much know that everything is going to work afterwards.

Now that is a pretty solid value that could make up for quite a bit of cost.

I was wondering how much value this provided. I've done some firmware updates via FreePBX - been a while though - and I didn't find it very easy, though not end of the world hard either.

A push button solution though would definitely be nice. Anyone know if the endpoint module for FreePBX is there yet?

Then you were doing it wrong. Assuming you have the paid EPM, it is all just built in. Always has been.

If you were going without the paid EPM, then it is still easy if you have setup auto provisioning manually during initial setup.

I've never used EPM.

That's the part of FreePBX that does that stuff.

Yes I know... JB has always suggested against it's value in the past.

Because setting up manually once does take some skill, but after that, it is simple file replication.

@Dashrender said in rfc 2821 + postmaster:

@scottalanmiller said in rfc 2821 + postmaster:

@Dashrender said in rfc 2821 + postmaster:

@scottalanmiller said in rfc 2821 + postmaster:

@Dashrender said in rfc 2821 + postmaster:

It could be an alias - so it wouldn't have to be a paid account.

That's correct, but the actual postmaster isn't normally someone at the final company, but at the email provider.

Think about some small sewing business with two old ladies. They order email from Office 365. Which one of them should get the postmaster emails? Neither of them can do anything about them. Should their nephew, the IT guy get it? He's not responsible for their email or any of their decisions. Only Microsoft has any reasonable hope of using that info. So an alias would break the postmaster and send the emails to the wrong place.

OK sure, but in those cases, there really isn't a true cost to the hosting provider - they could build the system in such a way to not show the account to the account holder yet get the emails to the hosting provider. Yes this would take coding... but it's not impossible.

Right, and maybe they do. But I think that the issue is... no one does and it is unclear who is responsible for conforming to the "rule".

yeah - is the hosting provider or the client? both will/could say it's the other, and then it's simply never done.

And I think it shows that the concept might not be valid any longer. Neither is likely capable of doing anything valuable with that email.

@Dashrender said in Scam calls/emails:

@JaredBusch said in Scam calls/emails:

@scottalanmiller said in Scam calls/emails:

@Dashrender said in Scam calls/emails:

the EHR vendor say - nope not us - unless we've had such a catastrophic hack that we can't detect it in our logs.

"Not in our logs" is a pretty weak defense of not having been hacked.

While true, I would also lean towards his network being infected and him not knowing it, over a large EHR vendor.

We also know (assume as a smaller SMB) he has no SEIM to give him information about the state of his network.

I definitely agree with this. The odd thing is we can't find a correlation between these incidents. Not the same doc, not the same staff, not the same computer.

Same network, though.

Already in WSUS too

@Dashrender said in Excel freezing:

@wrx7m said in Excel freezing:

@VoIP_n00b said in Excel freezing:

Excel is a bitch

Especially, here. They are running all their forecasts through it. Excel using something like 16GB of RAM for one sheet.

As much as that likely belongs on a DB server somewhere - who's going to set it up? and program the new interface, etc?

yeah. that has been in the works for over a year. We are syncing the data to SQL and then will be able to run queries and also export it to Domo.

@Dashrender said in Remote management of employees personal cell phones ...:

@flaxking said in Remote management of employees personal cell phones ...:

@IRJ said in Remote management of employees personal cell phones ...:

@flaxking said in Remote management of employees personal cell phones ...:

@IRJ said in Remote management of employees personal cell phones ...:

@flaxking said in Remote management of employees personal cell phones ...:

@IRJ said in Remote management of employees personal cell phones ...:

@flaxking said in Remote management of employees personal cell phones ...:

@IRJ said in Remote management of employees personal cell phones ...:

You can certainly do this with Intune and office 365. Basically you'd be able to wipe all corporate data as long as it's kept in office 365.

With Office 365 MDM, you can't disable the ability to do a full remote wipe. You do have more control over that with GSuite. Does Intune give you more control?

I'm pretty sure you can do what I described, but I'm not 100% sure.

https://support.office.com/en-us/article/Choose-between-MDM-for-Office-365-and-Microsoft-Intune-c93d9ab9-efb2-4349-9b93-30c30562ee22

It's not a question of what you can do, it's a question of what can the IT department be prevented from doing. The difference between wiping company data and wiping the whole phone just being different buttons does not reassure me.

This is how you do it - from MS link I posted earlier

"Enable your users to more securely access corporate information using the Office mobile and line-of business apps they know, while ensuring security of data by helping to restrict actions like copy, cut, paste, and save as, to only those apps managed by Intune."

If you restrict actions like copy, cut, paste, saving, screenshots, etc then you keep the data inside Office Mobile. Then you just remove the Office Mobile app remotely.

Are you able to enable remote removal of the app with just this feature?

You actually dont even have to do that. If they cannot login they cannot get to any of the data.

Assuming an encrypted cache, this sounds like a viable option. We have 100 Intune licences, so I can insist on being one of the users managed by Intune rather than Office365 MDM. But based on my recent experiences, I'm not too keen to have email or Teams on my phone.

what experience is that?

Nothing to do with the application, just to do with being always working. I did a 108 hour week followed by a 90 hour, followed by a 70 hour. I've now removed all work communication from my phone in order to try to get some peace when I can.

@Pete-S said in laptop slow after installing Spectre/Meltdown mitigations:

Wasn't the bios also involved in these mitigations?

In so much as a micro-code patches for the processors are concerned - yes. My processor is updated to the most current, Oct 2019. Doesn't matter - performance still sucks!

I applied these reg changes, rebooted - then applied a script I've done many times before. It was amazing how slow the script ran compared to other machines. I took a video, I'll see about posting it later.

@Pete-S said in Windows Server licensing for HA?:

If you have two servers and run HA, does that mean that you have to license Windows Server standard for the maximum number of VMs running when you have a failure?

So for example,
Server A: 16 cores, runs 6 VMs normally
Server B: 16 cores, runs 6 VMs normally

So each server has to be licensed for all 12 VMs running on 16 cores - so 6 x Windows Server Standard licenses for each server, total of 12 licenses?

But if you didn't run HA, you would only license each server for 6 VMs, with 3 x Windows Server Standard, a total of 6 licenses?

Is this correct?

Yup.

If you're running a HA setup of Server Standard, all physical servers must be licensed for all Windows Server VMs that can run on them. This means each physical server in your HA cluster must be licensed for 12 Windows Server VMs.

So yes, you are correct in that to license 12 Windows Server VMs on both of your physical servers, you'll need 6x Windows Server Standard licenses for each server, 12 "licenses" total as you said.