Score:1

how to monitor a secure lab's machine and product's log files from my organization laptop?

uz flag

I'm trying to find a solution that will help me to monitor the product's machines and log files in each one of them. here are some fact about my working environment:

  • I have a product that's installed on labs composed of several machine (some of them 3 and some 8 VMs) of Windows server 2016 and up and Windows 10.

  • My laptop is in one LAN and the Lab in another LAN

  • The product creates several log files (*.log) with different name and purpose in each machine.

  • I think that those log files are created by the log4net feature...

  • There are 5 services to follow up: IIS, SQL, RabbitMQ, Product's service

  • I cannot UNC (like: \server-name\logs\product.log) to those machines from my laptop and vice-versa.

  • Machines have no access to internet

  • Currently If I want to monitor a log file I need to RDP to each machine and run the following PowerShell script line: Get-Content C:\Product\Logs\Product.log -wait -tail 1000

    OR

    to run this script from "outside" (from my laptop) with SSL Connection and and wrap the script line with Invoke-Command command:

...

#region SSL connecting to server 
 Add-Type @"
 using System.Net;
 using System.Security.Cryptography.X509Certificates;
 public class TrustAllCertsPolicy : ICertificatePolicy {
 public bool CheckValidationResult(
   ServicePoint srvPoint, X509Certificate certificate,
   WebRequest request, int certificateProblem
   ) 
 {
   return true;
 }
}
"@
 [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
 $AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
 [System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
#endregion

Enter-PSSession -ComputerName $hqappIP -Credential $cred
Invoke-Command -ComputerName $hqappIP -Credential $cred -ScriptBlock {
   Get-Content C:\Product\Logs\Product.log -wait -tail 1000
}

...
  • I was suggested to raise in my laptop a Docker engine that will run ELK\logstash + Kibana, and install in the Lab's machines - filebeat that would talk with the server in the Docker, but I found that the Lab's machine are in one LAN and cannot ping to my laptop that residence in a different LAN (What's make me confused because I can ping from my laptop to those machines and run the script in the way that I produced to you in the previous section)
  • I would not going to get additional machine in the Lab's LAN, so this is not an option
  • My laptop has Windows 10 OS

So, I left with a secured Lab in one hand, and my organization laptop in other hand - How can I build in such environment - a monitoring server in my laptop, especially with a free tools (as I mentioned some in the background)?

in flag
Are you open to commercial tools as well, or are you strictly looking for free solutions? Do you need reporting as well, or just alerts?
uz flag
Free solution and reporting as well.
Massimo avatar
ng flag
I totally understand your trouble. But please, Nobody can help you here if you are not actually looking for it.
Score:1
cn flag

Install and use a centralized logging service. Free software examples in this space include Graylog or ELK (Elasticsearch, Logstash, and Kibana). Either provides for running agents on hosts, and forwarding log file contents or Windows event logs to a database.

A considerable amount of work to deploy and configure, true, but quite a bit more powerful than staring at individual log files across multiple hosts. Querying for http 500 errors across all web servers, for example.

I cannot UNC (like: \server-name\logs\product.log) to those machines.

Tail-ing logs on file shares might work in the small scale. Either all the files on one central share, or the application server exports the share. However, some applications can't or won't log to a path compatible with this. And following a handful of files from your workstation merely replaces "terminal jungle" with "lots of BareTail tabs".

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.