Travis Technical Review and Projects

J Travis H Hutchings | Senior Systems Engineer, Lead | name@yourdomain.com Travis H Hutchings Senior Systems Engineer Download PDF thutch901@gmail.com (971) - 226-6732 Profile Progressively evolve cross-platform ideas in Information System Engineering to Monitoring and Automated Solutions. Skills Information System Engineering A long history in successful Information System Engineering projects. Virtualization Engineering From building virtualized systems and migrating, designing and manged virtualized solutions. Enterprise Monitoring Engineering Proven ability to lead and manage a wide variety of desig...

Veritas Netbackup ______________________________________________________________________________________________________ Script examples written by Travis Hutchings thutch901@gmail.com 971.226.6732 Past Storage assignment in the following environments: _______________________________________________________ Summary Netapp, EMC Symetrix, EMC VNX, EMC Centera, Dell Compellent and Dell Equallogic. Configure storage equipment providers to ensure that we are aligned with their best practices and recommended firmware versions. Identify and resolve problems affecting the customer delivery and to escalate in a timely manner. Worked with storage vendors to configure phone capabilities and work closely with vendor management teams to identify upgrade paths and work issues with the storage supported systems. Memec, Vesta, IBM, Qualcomm and Intuit In-depth understanding of network segmentation; virtualization technologies preferred. Reviewed current network environments to address and segment iSCS...

______________________________________________________________________________________________________ Script examples written by Travis Hutchings thutch901@gmail.com 971.226.6732 Server and OS patch management:  Microsoft Windows _______________________________________________________ Introduction: User device patch management. Network and Appliance Device patch management. KIOSK patch management. Hand Held device patch management, Windows CE or Linux CE or embedded OS patch management. Due to making it a brief and not a full implementation plan and exercise, it is certainly not an exhaustive recommendation on a patching strategy. The concepts will work with any managed environment possible minor modifications to process and requirements. I have used just scripts and good old fashioned native OS schedulers and scripted jobs and inventory results. That really is dependent on the tools used for patching. I had hands-on experience at WSUS patching mechanism. I was also using a S...

J Travis H Hutchings | Senior Systems Engineer, Lead | name@yourdomain.com Travis H Hutchings Senior Systems Engineer Download PDF thutch901@gmail.com (971) - 226-6732 Profile Progressively evolve cross-platform ideas in Information System Engineering to Monitoring and Automated Solutions. Skills Information System Engineering A long history in successful Information System Engineering projects. Virtualization Engineering From building virtualized systems and migrating, designing and manged virtualized solutions. Enterprise Monitoring Engineering Proven ability to lead and manage a wide variety of desig...

______________________________________________________________________________________________________ Script examples written by Travis Hutchings thutch901@gmail.com 971.226.6732 Splunk Dispatch Directory count and size. If it gets above 2000 entries it stops forwarding. _______________________________________________________ Command Examples for Dispatch CLI options. df -h $SPLUNK_HOME/var/run/dispatch cd  $SPLUNK_HOME/var/run/dispatch ls -l | head -4 ls -l tail -4 Script Example for Dispatch Alert Cron Script #!/bin/bash #Version: 1.2 #Owner: Optiv NGSOC #Document Purpose: Pull list of all active log sources in the last week and email them to appropriate recipients clientName="Your Company" emailFrom="Splunk_Dispatch_rp.as@yourco.com" emailTo="systemadmins@yourco.com" listFile="/splunk/scripts/dispatch_length.csv" bodyFile="/splunk/scripts/dispatch_length.txt" Echo "Dispatch Directory Progress" >> $listFile ls -l  $SP...

Splunk Log Forwarding Configuration Steps: There are multiple ways to send linux logs to splunk like using splunk linux app, splunk universal forwarder or syslog. Best and performance reliable way is to install splunk universal forwarder on linux machines for which you wish to forward data.Splunk universal forwarder will act as agent for log collection.It will collect logs and will forward to indexer.We can  also use syslog for log collection and then install splunk forwarder on it and then forward data from syslog server to splunk indexer.Below we have provided steps for most reliable method to add linux logs to splunk For syslog installation and configuration follow steps give at below link: Refer below steps to add linux logs to splunk Step 1: On Splunk server (receiver) Download/install Splunk TA for Unix and Linux to the Splunk server (receiver) and enabled it by going to Manager|Apps|Enable Step 2: On host you want to collect data from (sender) Download and install the Splu...

Azure Data Explorer KQL cheat sheets : Kusto Query Language is a powerful intuitive query language, which is being used by many Microsoft Services. KQL Language concepts​   Relational operators (filters, union, joins, aggregations, …)​ Each operator consumes tabular input and produces tabular input​ Can be combined with ‘|’ (pipe).​ Sim...

Network and System Monitoring: SolarWinds:  Purpose it to have published information on Solarwinds I have utilized before from implementations and links to articles and how I had designed SolarWinds to work in other projects. SolarWinds Online Demo SolarWinds Syslog Troubleshooting Guide SIEM Security Solutions, Scripts and Resources: Security and Monitoring Standards: MITRE Attack Framework HP Arcsight ArcSite YouTube Demo

  Active Directory Migration Tools   Dcdiag- Purpose review active directory connections issues and logs. dcdiag command arguments [/v /f:LogFile /ferr:ErrLog ] dnslint.exe -This tool is a free download from Microsoft.   (See http://support.microsoft.com/ kb/321045 for the download location.) This tool can be used to help diagnose common DNS name resolution issues and to verify that DNS records used specifically for AD DS replication are correct ADDSSite.xlsx   - Spreadsheet template for documenting AD DS site info. ListADDSites.psl  - Powershell script for listing sites within AD ADMT Migration Services Microsoft CSVDE  - Active Directory Export to CSV file LDIFDE Utility AD Export.

EPS by logsource with QRADAR PSQL query tests and research By Travis Hutchings thutch901@gmail.com 971.226.6732  psql -A -F"," -U qradar -c "select sensordevice.id, sensordevice.hostname, sensordevice.devicename, sensordevicetype.devicetypename, to_timestamp(sensordevice.timestamp_last_seen/1000) from sensordevice, sensordevicetype where sensordevice.devicetypeid = sensordevicetype.id and sensordevice.deviceenabled = 't' and sensordevice.devicename not ilike '%wincollect%' and to_timestamp(sensordevice.timestamp_last_seen/1000) > now() - interval '30 days' order by to_timestamp(timestamp_last_seen/1000) desc" psql -A -F"," -U qradar -c "select sensordevice.id, sensordevice.hostname, sensordevice.devicename, sensordevicetype.devicetypename, to_timestamp(sensordevice.timestamp_last_seen/1000), to_timestamp(round(sensordevice.creationdate/1000) from sensordevice, sensordevicetype where sensordevice.devicetypeid = sensordevicety...

 Travis Hutchings Technology Resource Implementation and Resource Links Monitoring Scripts and Resources Linux Projects and Scripts      - GrayLog Server process flow and installation notes:                                 GrayLog Server process flow and installation notes      - Qradar Scripts and Articles:                  Qradar Disk Space Alert and Persistent Queue                  Qradar EPS by Log Source Script                 Postgres Research for EPS report by logsource Syslog-NG Resources and Links Syslog-ng. conf manipulation and changes     -Linux Scripts Windows Projects and Scripts Seterus Active Directory Project proposal Active Directory Migrations Microsoft Azure Resources and Links: Azure KQL Resources and Commands Arti...

______________________________________________________________________________________________________ Script examples written by Travis Hutchings thutch901@gmail.com 971.226.6732 _______________________________________________________ Bash shell script examples for eps by log source as csv: #Version: 1.5 #Owner: TravisH Corporation #Document Purpose: EPS storage metric script clientName="TravisH" emailFrom="qradar.activ@travishcorp.com" emailTo="Travis.H@travishcorp.com" listFile="/store/scripts/eps_storage_raw.csv" bodyFile="/store/scripts/eps_storage.csv cd /store/scripts/results/ /opt/qradar/support/deployment_info.sh -A echo "" >> $listFile echo "" >> $listFile echo "Log Source:" >> $listFile psql -A -F"," -U qradar -c "select sensordevice.hostname as LogSource, peakeps60s as EPS, to_timestamp(round(sensordevice.creationdate/1000)) as created, to_timestamp(sensordevice.times...

______________________________________________________________________________________________________ Script examples written by Travis Hutchings thutch901@gmail.com 971.226.6732 _______________________________________________________ Disk Space and Alerting Results specific to Qradar servers and environments. General Linux script concepts can also be applied to system administration concepts. This disk space script utilizes a few Qradar support functions. 1. Disk Space Alerting and results in /store volume List disk space for all Qradar servers: df- h /opt/qradar/support/all_servers.sh -a '15%' 'df -h /store' >> $listFile List the top of the directory to see file dates and times to determine if Persistent Queue is processing: /opt/qradar/support/all_servers.sh -a '15%' 'ls -l /store/persistent_queue/ecs-ec-ingress.ecs-ec-ingress | head -6' >> $listFile Bottom of the Persistent Queue and seeing if results are processing: /opt/qradar/suppor...