 And welcome to vlog. There's a number her 330. I hope you're having a fantastic day You know, I want to start saying that being in the videos because if you ever called my office That is what you'll hear is thank you for calling Lauren systems, and I hope you're having a fantastic day I like to start out any interactions with people with a little enthusiasm. So I you know, I thought about it I said, why don't I do that my videos? I've literally have that as my voicemail or IVR prompt to be more specific not voicemail But that has been the prompt for a number of years. It's the you know, hope you're having a fantastic day It's funny because I say if your day is less than fantastic, press one for support. That's the next line I say But yeah, I should probably start saying I don't know. I like the enthusiasm on there the Keeping everyone enthusiastic. Let me turn my phone off And I doubt that person is watching the live stream But someone did decide to repeatedly call me that knows me and I'm just like Yeah, you can't just repeatedly call me while I'm in a meeting over and over again and never leave a voicemail I'm pretty confident the That the I will not call you back if you don't leave me a reason to call you back that's certainly an annoyance I had So anyways, I won't rant about that but I will talk about where I'm gonna be and when I'm gonna be there I like to start the vlog out on that happy note as well Which is in nine days Nine days away to MSP geek con. I'm pretty excited about that. So that's gonna be kind of fun heading over to Orlando I'll also be at IT nation secure. I'll be speaking there. Those are the two public events I have more private events. I'm actually going to but those are the public ones where you can find me And I will admit this really cracked me up here Hello world welcome to another vlog Thursday show today's topic 50 streams of gray log. Yes all the shades of gray log So, yeah, that's definitely gonna be a Fun topic I will be talking about my gray log today. We'll throw this out here right away But also, I don't you know, what's in my other than the vlogging stuff I don't even know what sells us in here, but I have I you know Making things hopefully makes sense. I threw this out there for people today, which let me share share this tab instead This is another extractor and also so it's on my github That's you know, if you Google Lawrence system github if you can't remember the link, but I'll throw the link in the bottom here The There's my github link specifically to this people are asking about a unified parser the unified parser is a little bit different And I think this is what people want This is at least what I wanted. So this is how I started out creating it But I'm parsing the unify logs and I forgot to upload them before and I decided to tweak them a little bit And the only things I really care about that come out of the unify logs that I want parsed Would be so I could track if I needed to and I haven't really needed to but why not because I can the RSS I out of The Status updates that come from great from the unify to the gray log system Well, this is is that extractor is a two-part extractor. Let me I'm gonna pull it up inside of here I was gonna do is copy and paste it. You don't really have to do anything I did all the creating part for this. So if you're using gray log, you can just throw this in but what a two-part extractor does The way unify works is it sends some of the data in JSON format and some of it just in syslog So you have syslog, but within the syslog part of it is JSON So what we have to do is manage extractors share this tab when you're pulling the data out you have to First extract the pattern. So if we look at the way this pulls patterns out When it's pulling out the pattern it Creates another spot right here for the JSON data Then there's a JSON parser, which is a lot simpler that then parses it out further to other fields but if you paste it in it should be fine and as long as you put the Grock pattern before the JSON data it should work. I may have to do some tutorials I'm not an expert actually at Grock patterns or anything like that. I completely use chat GPT to fine-tune these so that's definitely Easy way to do it is if I were to teach you how I mean I I'm not good at regex or Grock myself, but chat GPT turns out better at regex than me Just how calculators have superseded people, you know adding lots of numbers together I look at things like chat GPT We have a complicated thing at least to me sorting out Grock and regex patterns to match certain data I literally can just grab some data that is unparsed and I say make me a Grock parser That will parse this data and then it does it so chat GPT is awesome This is the next thing I want to talk about so people keep asking about this And I don't really I I don't think elk is easier So if you look at something like elk stack or log stash or any of that It's a much more complicated to set up So I even seen you know, and here's the problem. I started setting up and I looked at the documentation I'm like this is harder. So this is Let's see. Can I share this tab and And I talked to a couple friends that do some of this and they they said they don't use gray log But the people I talked out elk were telling me just how much more work It was to set up elk compared to what I did in gray log. So for My use case this seems harder. I don't have a reason that you shouldn't use it They also don't appear to be open source anymore. I believe they did a bunch of licensing changes that remove the open source So Yeah, I don't really know. I don't have any good answers for it I don't plan to sit down and spend hours and hours learning it when I already know gray log. I don't know No one's made what I could find any good Comparisons and all the comparisons I did in forums Everyone just came up with the same conclusion that I have is that gray logs easier So, you know, I can't it's most things like do I do a video on it? It's one of those things like I don't know because I wouldn't it's just too much waste of time to me The same thing comes with Prometheus and Loki. So if you look at Loki people really like Loki, but once again It's a much more convoluted complicated system There's some people like oh, there's some templates to deploy it But I'm like it's managing it and things like that then someone said well, it's less CPU intensive than gray log And I'm like, okay, it ties in better the case. Well, if you have the knowledge to set up, you know, a really nice a extensive Kubernetes server for logging and everything or for your infrastructure and you're very familiar with it And you want to tie something else like that in maybe it makes sense but when it comes to logging the Gray log is the reason I went with great logs I used to I used to have I had a cabana set up with log stash I had a lot of problems with it. I could never get it working, right gray log I don't know if it's because their documentation was better or it just made more sense to me But that's why I stay with gray log. It's it's easy. It's open source. It's not confusing So that's basically why I I brought it up And I don't know if it's really worth me doing a comparison video because I don't have enough I actually asked several people if they would help me Like they're like now I Wonder if I don't know I couldn't find anyone who's like really proficient in it. So Yeah, I'm using the video. I just did and this was also a confusing point. Someone said gray logs on open source I'm like yesterday is it's it's a different license, but they give you the source code. Therefore open source It's free to use. I do use gray log open which also caused the confusion because someone left a couple comments on YouTube saying You can't do this with the gray log open version. I'm like I literally am using gray log open. So It's just one of those things and I don't think this is the answer because I don't know what Outside of people telling me gray log is more CPU intensive That's the only argument. I kind of found in some forums. I don't know what cabana can do that Or the whole law the whole Elastic stack can do with log stash that you can't do with gray log. So That I don't know um I hope to get that my docker deployment for setting up gray log that is released super easy Uh, so that's yeah That's one thing nice about it and I like I said I made it, you know The video is kind of long, but it really gets you a lot of detailed logging and parser on there. Um I think the problem with splunk if i'm not mistaken splunk is a um not open source And two I think one of the fun things uh, the funniest tweets I wish I could find it because didn't sysco did sysco buy splunk Uh did sysco I splunk uh, yes um February 11th Network maker sysco is made in takeover worth 20 million 20 billion dollar software maker splunk on friday Uh, sending people from everywhere with the matter doffros made recently to companies Are an act of talks who said uh some of the sources But um, so I don't know With the status of them. They're not open source. They're not free. So I have no Uh intentions of using them But the other funny thing was I remember when this one this got announced that they're doing it Someone said 20 billion dollars From sysco was that just to pay their bill because the joke of course is that splunk is quite expensive So that's that's a pretty big Um, you know, it's it's a heavy lift in terms of it. It's not I don't think it's a bad product It's just going to be a lot more expensive I try to cover a lot of products that are very accessible to homeland people to get them into You know, maybe understanding how logs works the same thing with security union I think security union is amazing. You will learn a ton You may or may not run into it in the commercial world But once you understand how like a tool like that works, it's actually really good um To gather that knowledge and have something that's really accessible on there Uh, what are some some great use cases examples for gray log? I actually have one if you look up unify gray log I walked through a troubleshooting on it, but correlating all your log data to be able to troubleshoot things Um, I also used it to troubleshoot smb logs when I was having a weird problem um with smb and the way it was mounting for Uh, manipulating files. There was a weird quirk. I had found on it, but being able to put all the logs together And parse them to look for a weird error or anomaly are huge Um, I also have it monitoring like anything like vpn notifications Uh, it monitors any of my servers that have problems and then you build alert triggers based on those problems So if there's any issues you can have the log system alert you of any of those issues Uh, how well will the creative log container work in podman? I don't know. I don't use podman not high. Am I to-do list? Uh, because it's a dedicated vm that runs the docker container So i'm not worried about it. So the advantage of podman is the fact that you're gonna that you have um the The what do you call it the the podman doesn't run as root so people like that I've never really looked into it to see what differences you have But because this is a my gray log is running on its own vm I'm not worried about uh escaping or not running as root just an exit security layer I don't know. Maybe it'll work. I don't have an answer for that. Uh, because I don't use podman Troubleshooting what separates approach from the amateurs? Definitely um Absolutely Yeah, basically take any syslog messages from ipa since I care about and send me an email Yes, because that's the thing. There's just a lot of data coming in and you want to be able to parse that data And bring meaning to it There are people in I know the reason grafana is liked amongst the home labbers because it has beautiful dashboards Ah dashboards are cool But at some point I need action. So that's that's a really, um You know Podman integrates with system d and has a timer that can auto update containers too I just didn't feel like trying any of the I it's written for docker. So I didn't bother Um, trying it for podman. So if it's a drop in Awesome, if it has problems, I don't know Uh, what why do you run gray log in docker if it already is in a hypervisor? What happens if either docker or hypervisor host has issues with solution in place for me getting the risk? What do you mean? Like it's it's easier and more convenient. That's why I do it. So I mean why build an extra system outside of my system? So that I do it. So I don't have to have an extra system outside my system Now let's talk about some feedback because I do have some feedback That people had in here. Where's the stupid feedback one? So people can email me. Let's read some feedback Uh, do do do so I'm not sure on this one um This is one of the reasons I run home assistant on its own hardware And I I'm going to do a video really soon on home assistant But people have trouble getting certain devices passed through and sure nascale This person asked how to get home assistant set up and pass through So I did set up home assistant inside of sure nascale just to see if it will work But the pass through I don't know if they're having trouble like they set it up and it's not working properly That is going to be the challenge you have because I'm using I'll grab it real quick. Um, I am using this little device here With my uh, can I do it? We'll focus on this. Yay But if you go to my kit.co Slash laurence systems I have all my parts list for things It's linked down in all descriptions of my videos But I have a home assistant parts list I'm putting together before I do it before I put the video So as I kind of change things people just looking for the parts now The trick with home assistant is if you need a z wave device is getting passed through to work properly And uh, this is the problem if you run it in docker, you'll have to sort that out I'm not an expert at troubleshooting it probably their forums is a better post for that um That's the yeah If the host goes down, what do you do for logging the other host? We have more than one. We have two hosts Docker update breaks cray log. Well at some point If the docker update breaks cray log I'm the one updating it and I would look at the logs from docker that are telling me it's breaking I mean, I could build redundant log servers. I just don't have a need for that It's not that critical if I if I run the docker update because there's a new version And it doesn't update I will roll back and look at the or look at the error message and figure out how to fix it so that's uh Pretty simple on that um The other question was whether or not I use a proxy for my home assistant and with home assistant I'm when I'm gonna be like said, I'll do that video. I'll probably have it done next week Uh, I'm just using the is it casa something the company that is there's a commercial company that supports the home assistant project And they have a reverse proxy. They set up for you for really inexpensive. So that's uh, that's all i'm doing on that So hopefully it answers that person's questions regarding home assistant Compiling zen orchestra Hi, what's the recommended source uh in 2023 to build zen orchestra sources. Have you been using the zen orchestra updater? Yes um Let me pull this up if you're compiling from source my video for compiling from source that I did several years ago Is still well, I think two years ago now Um, it's completely relevant today. It's the same zen orchestra updater So if you look at the video that I have in my playlist, it's still the best way to update it um Really weird someone says doesn't look like it's being updated But here it is. It was updated two months ago. So, um I don't understand But nonetheless, I don't have to understand why people think that I've had a few people I got a weird message from someone one time. Uh, they mailed. I think they mailed me a letter I thought it was just so strange. They really liked my channel But they wished I hadn't quit it and stopped making videos and I'm like Huh, that's weird. I got it like a year or two ago. It was just a weird letter to get Um from someone. I thought it was so strange that they mailed it But then also said I wish tom would still make videos. I'm like, oh good good for them. I still make videos Um I think the other question doesn't necessarily make any sense to me Uh, I have a video on port forwarding. Uh, so the other persons wanting to know How ports are forwarded in pf sense. I have a video on port forwarding So i'm not going to dive into that as a topic here today Oh, let's see. Yeah, always take a snapshot before you update Recommended storage for gray log currently using 250 giga my iskuzzy ssd from true nas Iskuzzy is good because logs are generally small rights the database specifically Open searches small rights, but I have no problems using it with nfs And uh, it works fine. So I have my gray log system mounting an nfs share and uh A login degree log and we'll Pull this up and I got to share the screen There we go So many things to share present stop present Uh share screen share Um Hopefully this is coming through All right. I just have um just the logs. I keep everything inside the image itself on my main system But this is the logs themselves are just going to an nfs share the nfs here that you see Right here is uh mounted on my uh true nas system via nfs nfs type version four So that's my solution to it someone will probably ask Why aren't you just having docker mount it because it gives errors that I didn't feel like troubleshooting? And if I just tell it to mount it boot it works fine Uh, I just didn't feel like fixing the errors In if you have docker errors because there's some weird docker ns F4 if you're using version four of nfs and you're using docker You will end up with some errors that there's a bunch of arguments and true nas to the best way to solve And none of them solved it for me. So I just skipped it Are you using linux for your streaming setup? I started using wayland or xorg for your streaming setup I use pop os uh nothing special So pop os for this stream, but I have a windows system with obs that's uh that does all my main All my other cameras connect to it my live streams are off my main computer But my recordings all are off a windows computer running obs because the windows computer works better with the uh stream deck So the stream deck does the trick for that. So linux has a harder time with it Nabu casa is the company that makes home assistant and hosts the cloud product. Yes, they are they're awesome I'm currently using gray log with a vm using local storage how to get my logs moved to it and a fs share I covered that in my recent gray log video. You you have to edit the Gray log file the gray log docker file and change it from a volume mount to a mount location I brought it up. It's in the video Exactly where to change that but you can also just google how to point a docker Storage mount the storage volume at a local mount Mount something in wherever you're going to mount it and if that's for example, like I did and then I pound I Have the docker image Pointing at mount slash gray log I can pull that up Oh There right there So va under volumes Mount slash gray log instead of the volume name. That's all you have to do. Nothing I do not use ice cozy as a uh boot volume Does gray log five published instructions for bare mineral salts. Yep. They've got documents for it They're longer. That's why I did it in docker The new cosmic looks interesting. Yeah, I love pop o s. I like that. They're working Um on it If you're not using docker, I do not have instructions for you But you just all you have to do is point wherever the If you're using open search wherever you have those open search logs going that's where you want to do your mount So moving them all over there Uh No, I have not watched lewis rossman do a video about synology I don't oh, I don't always consume a lot of content if there's a question you have about it Feel free to ask But I don't know what lewis rossman talked about regarding synology. So I I'm out of I don't have any context for that Do you know if anybody is working on just building xo a open source as a folder distribution? So you don't have to build our own and cancel update regularly. No Nope, there's no one working on that and it would it's not likely anyone would you just run that install script You can build it from sources via their instructions or you can run that install script that I mentioned earlier I have a video that has a link to it. It's the zen orchestra install updater. It's on github. So Um, yeah, but it I don't know anyone's working on distribution except the people at xcpng. So if you Stop present share screen So this is the uh zen orchestra install updater. So easy enough to find this it's called the zen orchestra installer, but and orchestra If you get it from them, they maintain all the updates for it That's what they're doing is offering service delivery of a complete turnkey system with auto updates and everything else That's that's their service offering you do it comes to support and updates So that's um, if someone's interested in actually getting it fully supported. So you don't have to maintain it That's their business model is selling that Uh, can gray logs care horizontally multiple service VMs? Yes, uh gray log can be set up in a multi node instance. So you can have um It scales out quite big if you want to have multiple sensors set up and everything else xcpng question Do you know if there's something official community-based that gives dynamic power management? I don't know. I've not done any power management with um Inside of there. So I have no idea Synology and longer whole solar versions of its os packages due to licensing changes Yeah, like I don't know I I can imagine that would be a problem Uh, I don't ever have a need for old Synology packages. So but I licensing is um A pain so I can imagine that could be an issue But I don't really have an opinion on it Like lots of companies drop old things and licensing is probably Is good a reason as any. I mean, I don't know what, you know I'd have to know more details to have context uh for it, but licensing is a challenge Uh, if if the license expired and then this is well, here's an example They used to and this goes to wordpress for example was able to use twitter Automatically part of their I think it's called the jetpack build Um, if you're build wordpress sites and elan decided that he wants $10,000 and fees for it So they I think that's what it is the for api access. So they said no So now it's not supported people are big mad that you can't have the same level of integration with your wordpress and twitter Which by the way wordpress runs about 90 of the websites on the internet So it's kind of a big deal that they can't integrate, but that's a licensing problem People are angry about it But you know at some point should wordpress the big company They are just fork over more money for licensing or should they uh drop it. I don't know It's uh, it's not like a black and white answer More things should be open source. So we don't have these problems. My answer twitter api access is an easy service level access So it's different, but the concept's the same Uh, you can pull from source image. It's a fully built image. Yes. Well, it's compiling it off the source Oh, that's right. They have a docker image too. Uh There's actually available if i'm not mistaken. Do I have it on here? Uh true chart added this you can actually build this inside of here And set it up so you can actually build zen orchestra now inside of uh your trunas system to host it I thought that was kind of neat So if you wanted to Uh For a go setting it up somewhere else you could say why not just put it in here Stick it in your trunas because all it does is manage The uh zen orchestra instances. You don't need to run as a vm at that point Synology dropped old versions that contain third party components. Well, it makes complete sense like If if there's I mean how many it's a from a business standpoint It's a business decision. You know do I keep paying For something that very very few people use You know, how many people are really downloading old packages of things? I don't know I mean the other side and I've mentioned is when I've compared sonology to trunas and other companies is You know when you're buying a sonology box It's turnkey, but not open source and not being open source means There's a bunch of licenses involved and when those licenses change Uh, you have to change with those um or pay or however that ends up working Uh, yes, can you check how much bandwidth something's using in real time at pf sense and top ng is the answer to that question That will definitely um Be an easy way to do it That's probably the fastest way to do it in terms of like Accuracy, but you can use other tools just to look at an ip address and see how much bandwidth that's using You can that's something you can do inside of pf sense as well I just bought an old sofos. Can I install pf sense on it just learning? I don't know the sofos models well enough, but I know some of them will I can't speak to every model. That's going to be a google search or post in the forums But generally speaking pfs runs pf sense runs on x86 hardware So if that model is based on standard x86 hardware that's compatible with pf sense, then it should run Does anyone well gray logs pricing is on their site if you want their enterprise So that I don't think they um They don't hide their pricing. Let's see Throw it on the screen. It's a google search Look pricing right at the top of the page There we go so starting at 15 it depends which model which one you want gray log operations Uh 12 50 per month. So right on their thing so Not bad And I'm using I did that video using gray log open um So the gray log open free self-managed All the features I talked about and all the things I'm doing was with that right there. So there you go How can you configure xcp xo a so that xo a vm starts automatically when rebooted to host? I configured autoboot vmh or it doesn't work Uh, I don't know what you did wrong Because mine all auto start and I'll show you the secret settings I have Right here Auto power on that's it. I don't have any other settings nothing special It works perfectly fine on and we do a lot of these. I I don't have any circumstances where I run into it doesn't work Now I'm not likely to do this tutorial. There's actually a there. What is that software out there that unify? um Had a name. It's some type of unify logging system that someone set up Who's that thing called? Someone made some there's some tools out there that people have built but I don't I don't usually you know, it's funny. It's much unify and we install thousands of these We just haven't really had a need to use it. Um, so See you just seen the contact sales button. I mean it's right at the top next to contact I mean you have product solution learn support pricing contact us So I think they made it as obvious as they possibly could um, I'm no licensee export but the SSPL license I know it has to do with um It puts some type of restriction on how you can sell something as a SaaS service That's where I'm not an expert on it, but I know in general. That's what it means. So my take on it is You know, I don't really have a direct opinion. I just think some, you know, I what happens is and I think this started with elastic search They didn't like that amazon Had hosting they competed with their hosting. I think I'm not I'm so unclear on all that drama Around it. So I'm just not I'm not well versed enough on licenses to understand why it's bad I hear people say it's bad, but I I haven't found it. I did some reading I didn't have anyone point blank say this is exactly why it's a terrible idea It does seem to have as I understood from the it's bad arguments that are all over reddit in other forums It restricts your ability to sell something as a hosted service because that's the model that they have is hosting it as a cloud service But it does not seem to put restrictions on you using it At all for free. So I don't know I'm not a licensing expert and if someone has a great link they can send it to To educate me blog. There's the alarm systems.com if there was a concise not rambling hate article of it's not gnu shaking the fist at the cloud Person then that'd be great. I'm just trying to find some concise information Uh, is it possible to configure a schedule next spell to revert a v image the last snapshot was taken? Yes, it is That's actually a neat feature you could go to Let me find it real quick There is a scheduler in here That will do just that Remember where that is. I don't use it very often. I think I have some things in there Because you can use it to even suspend. Oh, it's under jobs. It seems obvious but Yeah, let's um if you're over in the jobs section And so name your job test Timeout, um Yeah, you can build the schedule here And where's the snapshot? I think you can type Vm snapshot select the vm See There's probably Ah vm snapshot revert. There we go There we go This would be you build a job for vm revert And the vm revert will revert back on a schedule to that particular Version so you could do that. It's an option. The jobs is interesting There's a lot of weird little things you can do in here Uh that are kind of one-offs like if you have some weird use case They've got a nice menu where you can build weird use cases I actually shut down. I do have it shutting down some things. Uh, I have it suspending stuff So I'm like, I'm not using it when I'm not working and the none of the staff are working So we actually start suspending all the vms that were not in use So, uh, I think that's kind of a novel way to do things Can you log pf sense connection states gray log for like the last two weeks looking for something historical perspective of pf sense Yes, you can Um, I can look up things inside of gray log of what was going on and when it was happening So let me Well, it's like you put in here Um But the short answer is yes, the longer answer is let me figure this out and give you Let me make sure I'm not showing any public ip address information, but I think this will do it Hey, look it works Let me find out if this log is good Hey, there we go. I'll share this tab So what I did was I did a search for Uh destination ip of one one one I just want to see over the last some amount of time You know, where that data is going how it's getting there. Um, and there we go It'll choose the destination ip so it'll log and you can go historically to see if you've reached out to something Uh And where that data went so Uh, yes, there's the open source open vast. I think it's open vast as an open source one It's really slick. You're going to get probably more false positives. There's plenty of commercial solutions out there for that, too Uh, google wants to push for ssl search to expire after 90 days without software support all renew is going to be a pain I don't see the point, uh Don't see the point and pay to sell sir if you just use let's encrypt I completely agree that with the 90 days expiration Um google's not the one pushing for it. By the way, google's probably pushing for it now I do know the people who are pushing for it and it's the folks over at let's encrypt and people who care about security Um, I had a good conversation which i'm going to bring them on the channel sometime I have a friend who does some pretty big things that the linux foundation Uh, and and with let's encrypt and things like that and he's extremely knowledgeable in a lot of this Uh, he's a great resource to understand the behind the scenes, which by the way I say behind the scenes, but it's more specifically Uh, very in public view if you know what forums to participate in how they Dispute these and argue these things out for why they want to change things like that, but absolutely um Auto renew is the way to go Shorter certificates is the way to go 90 days makes sense to me An issue I hit with all log servers at some service use journal D instead of syslog to proper differentiate file format. Can you do tor using journal d with gray log? Nope, not likely. I'm going to do a tutorial on that I send everything to syslog and I pipe syslog to graylog and parse it from there Uh I do not run active directory at home at all I have no I don't have a use case for active directory at home We manage it for businesses and that's enough active directory for me Uh, what set up would you recommend for securing a home lab say two or three computers? I don't understand that I need more context to answer that question um Because what what setup would you recommend? For securing a home lab is going to be pf sense and if you're running windows use windows defender I if you need something more in depth then Uh, I'll I'll need to probably a forum post ask more specific questions But on top of logging destination p I use dashboard feature to create pie charts to see what rules are the most and who the top talkers are Yep Um, I have not used the last velociraptor, but wazoo wazoo and ossek so wazoo is a fork of ossek I actually used to do I used to have a lot of ossek stuff set up Um wazoo came and I was like, oh, I'll I'll get that set up and I never got around to it So I still have some ossek set up, uh, and one day. Maybe I'll look at wazoo. I played with it It looks cool. I just didn't feel like swapping out my ossek configs with wazoo One day, but that day is a little far away You can set up file plugins for syslog, but it's easier to do this to loki Well, I just pipe syslog to graylog and parse away Uh, do you use monitoring or something different for monitoring network links? That's an mp devices or hardware appliances. I guess under what context A lot of the stuff we have is unify so unify can do the monitoring for you But there's also different monitoring tools that I have so it kind of depends on what type of monitoring There's different monitoring for different things Depending on, you know, most of our stuff is monitored through our rmm That's always where we try to get all of the data consolidated as much as possible The rmm is the source of truth for monitoring things From from a business standpoint. Um, that's our we use ninja one rmm for that You spoke before about capturing email on sonology kind of is an archive I know this exists in qnap as well as something similar runs on shunast not that I know of I don't know of any email archive capture tool Available for true nas it may exist. I'm just not aware of its existence Is it true in the early days of firewalls? If you had to write ip t usuals you build your own pre bst router on ip firewall It's not only true in the early days. It's true today. You can still build your own firewall The problem is it's a great learning experience. Just don't do it for businesses I've run into this before I've mentioned this where we've had consulting jobs where someone who is very very talented with linux built All their own firewalls at a uh small it was a I think it was a charter school The dude was really smart This is actually the problem He built a really hard to manage system because he did everything by hand all in linux every server was hand done by him He found a job that paid four or eight times. He got a he couldn't pass up this offer He got which is great. Good for him. The problem is they were trying to find someone who could replace him Uh that was going to make what he made and I'm like, um, yeah your skill set you have of being a really good linux engineer Does command this level of pay? But now you've now built a system that you're right. The school is going to have a really hard time replacing you And if we were to manage just because it's so manually managed all a bunch of linux Things that were hand put together. So it's not always a good idea for business There's a reason we have stuff with webinar faces But from a learning standpoint, so you have the fundamentals down because I've still built You know in learned how to build firewalls in the early days, which gives me a better understanding of how they work Uh, what do you use to monitor ubiquity and synology? Synologies, uh, what do you call that? Active insights is great ubiquity. Uh, the controller will do you can use the ubiquity controller to manage ubiquity Uh, monogamy for example, if internet link is up and running application parts like smt is up and running idreco iLO rmm tool has the ability to do that you can do that through the ninja one rmm This is correct. Some services don't log to assist log like apache engine x That's what our syslog is for so you can pike things to them and then have our syslog send it out But there's other ways to do it. I just do it that way because it's simple, but you are absolutely correct There are other ways that it can be done Uh, how do you archive mail fos seems to be lacking ease of use? um I just put it all I leave it all in gmail And download it with uh, synology's backup tool I don't I don't I used to use thunderbird to archive it all it's just too tedious I it wasn't worth it anymore. I used to run my own mail servers Um, and I finally got burned out on doing that. I used to keep a copy of everything in my own mail servers I said this is too much trouble and I just don't care enough anymore I don't know of any tools that are great for that in the open source world Where do you stand at open sense? I use ps sense for a while moved to ubiquity edge router looking to move back to open sensor pf sense I still like pf sense. There's more, you know, someone pointed this out the other day and they're not wrong There's just more documentation more write-ups not just my videos But just in general if you search for how to set something up at pf sense you have a more active community you have a more active Number of blogs and posts and write-ups on how to do things and more extensive documentation So it really comes down to could you interpret a pf sense write-up Into something for open sense. Sure You could board you can just use pf sense and not have to do that. So it all depends on what you want to do Looking for intrusion detection to try to find a simple one to set up I don't know any intrusion detection system that is easy unless it's An expensive commercial one like if you go to higher end commercial systems that are paid subscription They're going to be easy to set up if you want something that's free You're going to put some more effort into it wazoo is a pretty cool system or because wazoo is also included with security onion security onions amazing It's also complicated. That's what's taking me so long to get to doing a full video on security onion It's a great great amazing product that also just is a lot to set up And well, so let's make a video on because I haven't figured out where I started on making a video for it Like I want to use it and make I want to I want to make a video on it. But boy Breaking all this down. It's going to be one of those I'm going to sit down for a couple hours to do the video and that's that's where the challenge is going to be but it's definitely a It's a it's a really neat product. Uh, it's amazing what they bundle in there It's a huge learning opportunity for anyone running a home lab Um, I tried to back up my one driver comp a failed to make it easy. You had some recommendation to do it proper I don't use one drive. So I don't know any I don't know the best way to do it I think true nas come back it up, but I don't know. Let me look Is one drive in true nas or Huh, I want this sign in That's a new problem I'll log into my true nas it just he said it Refresh the page and the magic happens So that was weird. Um System is it under Credentials Let's see is one drive in here Now I don't have a one drive account. So I can't answer if this is a good or bad thing I will tell you it's a thing though. They have it in here. So I would try that ISP won't let me run my mx after switching to fiber for years back They were fine with it from dial up adsl but not on their fiber network. Yeah Do you know if it's possible to run a unify controller remotely? Give it a give it a public IP address I need to control a switch or remote and do not want to spin up a VPN server over there Yeah, you You can run it remotely. I mean we have all of well a matter of fact if you even look at my system log into it So here is My system like tom's basement the um This is all run at my office. I'm not local to it. Well, the where the controller is is at my office and where this is is here. So, yes Uh, my understanding is why of ypf since ce is held back from public. It's not held back 2.7 is under development. Um, I'm thinking they're going to release it soon But they they do the ce release cycles like annually that it takes them a lot longer because they focus on the one that makes them money um, so they focus on the c the Community the communication is not like held back. It just doesn't get compiled at the same time So, yeah Your video is really good because you explain why you selected those options in our videos You just tell you you have selected but not explain why thank you very much. Just appreciate it And you explain the other option and why you did not select the either option I try to be concise to make people understand like how all of that works What am I most excited about I have no idea All of it's exciting to me. I don't have any specific um Thing right now that's got me particularly excited. I always think virtualization is cool That's my go-to because virtualization is awesome So I'm always excited. Look at all this stuff here Ooh hot sauce arriving monday. All right, that is cool. I do like hot sauce I do like hot sauce Did I get any new emails? No All right, making sure I thought I saw another email came in It did not Ah Perfect. Yeah, my office is where we send everything. I don't give out people. I don't give out my home address Is there a waiver pf sense kui for pf sense kui and let's encrypt without a j proxie Yeah, you can just set up let's encrypt on pf sense. It doesn't and then use that as your certificate You don't have to use it with a j proxy Um certificate management pf sense and a j proxy are two separate things So you can set up just certificate management if you want Containerization is better. Yeah, but you still got to run the container somewhere. So Um virtual machines are where it all starts virtual machines are mostly the base for this Uh, you know, you build is I have a portainer setup But it's still a virtual machine that then runs a bunch of stuff in docker containers So there's still still all those connective things that need to work But I think that's all I have for today. I'll give this a couple more minutes. So I'll go right to 4 30 um, I think my son wants chocolate milk and Uh, he's we we go to this one particular dairy farm and buy the chocolate milk directly. He wanted that and for myself I bought another motorcycle so I want to go ride my other motorcycle There you go There I bought another motorcycle. So my plan today is to go ride my motorcycle some more I bought us a little 125 Because it's fun Uh, with the unified controller video and christin crosser video I may migrated my unified shoulder to lex server on vulture almost painless. So sweet in the cloud. Awesome I'll have to hear that HPE has a 600 storage climate. How much do you think this gives your appliance an edge over churnass? I don't think so at all. Um, what really really sets hp apart from churnass is how awful the support is Um, we're working with people who are just so unhappy with the way hp has had support um In their pricing. So the fact that there's the poor support and high prices, uh, have people going, you know uh That's not necessarily the best thing for us. So I don't think it's going to give them an edge Uh, we're cooking moving everything to a container, uh, or immutable system space. Cool What conferences are you going to this year? I am going to I don't know if you're gonna there's still I think there's still tickets left. Um to go to msp geek con. So This is nine days away, but I'll also be at it nation secure Let me pull that up real quick It nation secure is june 5th 6 and 7th, and I'm actually I'll be giving a talk with my friend jason slagle and matt lee If you we've done the if you look up on my channel, how I would hack you We're gonna do a similar talk, uh to that and we've done that before so Jump servers that can connect to both windows and linux for homelab. Nope. I don't have any Suggestions on that. I don't use jump servers to get to Um windows computers. We use screen connect hot sauce and motorcycles. Yes Oh, you'll be at sysco live. I'm sorry If you do sysco, it probably makes sense I would not go to sysco live, but I'm not a big sysco fan Um, so I'm gonna be I working in the it msp space means I usually go to those events But if you can make the msp geek con, um That's definitely gonna be a lot of fun. Yeah, that's a uh That just I'm just still looking forward to that's gonna be a lot of fun and if you're wondering, uh This is what I was doing last weekend riding with all my adventure riding friends So this is the other thing I go do is do some of these so The uh It's either adventure riding Playing in the sand. Well, this is this is the problem with uh, when you get to the rural areas of uh, michigan Is there's a lot of sand here to put to contend with um people drop on their bikes and things like that But you know, that's part of the fun part of the fun of riding Is the the challenges that come with it Uh, you're not a fan of ios. No, I'm not a big sysco person Uh, speaking sysco co lab with david. No, not like you'll do anything sysco with david I don't do enough sysco. So there's not much interest. I have in it How do you decide what to host internally what to host in the cloud? Um Is is the demand? I try to first I always prefer to host it internally But if the external demand is really high it'll get hosted in the cloud my website I do not host Locally because the hits on my website would exceed same with my forums the hits on that the external demand on it Is higher than the internal demand so it's better suited for the cloud But for some of the other services we have if there's a low demand on it and I can host it I I will host it, but that's my decision The decision that a lot of people make that's not very fortunate is they go I want to host it myself Are you familiar with hosting and they go not at all are you going to host something critical yourself? Absolutely. Do you know how it works? Barely. I don't know how to secure it or anything Well, at some point you have to make those rational decisions based on and overall Are you good at maintaining this thing properly and securely? Uh yourself now if it's a learning experience great, but if it's a business production System then you want to take that in uh consideration Carefully so Well, there's good in michigan so I can take my yamaha mt09 out of hibernation Yeah, they you hibernate the bikes a little bit in uh Um the winner that's for sure That's for sure. Uh, I don't you know You can say that these aren't ideal um But it's not all sand so the uh You know, there's plenty of dirt just I took a picture because people got stuck in the sand I didn't get stuck in the sand. I've gotten better. I used to get stuck in the stand a lot I get stuck in the sand a lot less now So I'm I'm proud of this because sand is the enemy of large motorcycles It is um It is a pain this is Uh This is what happens with sand and big motorcycles. They fall a lot especially when I'm riding them Oh Doesn't mean they're not fun. It's just that's what happens to me It's it's a thing On a fun note This is uh, I was riding around in this with my friends. So we got we got sand buggies uh for the other part So this is the other fun thing I do. This is what I do when I'm not when I'm not playing with computers I go play in the dirt Has the thought of using external msp store provide security services across your mind. Nope not at all not not for me um I haven't seen any that Impressed me that I would do that. So uh, we use sentinel one for all of our security monitoring We have the full what they call sentinel one vigilance and we have huntress. So I'm fine with that plus all the logging we have um, there's actually some other stuff like blumera that we run, but yeah, we I wouldn't um I wouldn't want to outsource it. I don't I haven't met anyone that I that would make me go. Yeah Now I think it's I'm not saying it's a bad service I'm just I work in cyber security and I have a strong familiarity with this and so do the other people that I work with So that's why I don't think as much about it Can you share how you secure a hosted environment for client if you ask to set up them? What type of hosted environment? You know, uh, we will practice principles of least privilege and make sure we have a patch management setup forum, etc Etc it's just all standard if you googled it you would find the same answers Yes, when in doubt throttle out, that's how you that's how you solve the problems of getting stuck in the sand on the motorcycles is uh, when in doubt throttle out just Just punch it. I don't know this spot. It's not that's definitely not the most articulate answer and that often leads to just a faster crash Can you touch on third party sd wan fighters? I don't know how to choose national sd wan company Uh to terminate multi-wan failure for density and areas too expensive for my needs are all expensive I don't know how to I don't know how to do it either I haven't seen one that I think is affordable. So I have no idea how to help you on that Um, they're they're expensive services. As a matter of fact We've we've actually removed them from companies because they couldn't figure out why they had them and they had outage I can't watch company. They had we had one. They had a couple outages. They you know, I don't know the It's one of those things like do you need it? It's a neat system But it's going to be expensive because you're having to terminate on their system like that. So You're you know Combining it all together all your connections so they can pipe over to their data center and pipe back out that's going to have a cost to it and I don't know what the right price is, but it's not the right price for me We don't even use one. We just use dual connections and most of our clients do too They're like, hey, whatever when the internet goes out. There's a there's a pause that fails over to the other side Where do you store secret pngs of personal data? I don't know. I don't exactly understand what you're asking Um, I keep passwords in my head that you know, my master password in my head so I can unlock my bit warden I keep things in bit warden Cisco viptela Uh Oh, yeah I did see I seen since I didn't know it was called viptela Uh, I did see that Cisco had a big sd-wan outage. I seen it in the news I just didn't click on it because I have zero customers using this So zero uh people I know were affected by this Since the udm has introduced wire guard, I moved over to it and got to say it's awesome. Yeah, I can't believe they finally got it. So Different type of sd-wan. So I have a video where I talk about all the different types of sd-wan sd-wan is a category Um that gets slapped on more than one service. So it's not a thing. It's actually several things So I the when chris asked the question the context was multi-wan Bonding essentially with sd-wan. That is the that is a flavor different than what you're going to get with tail scaler zero tier Uh, got a viewport shows up and protect the connection law science is going to adopt it. Yeah, I have no idea We've tested a few of those and they all worked. Um, they're pretty neat Hey, time I chance you have experience issues with, uh, I see using windows servers with database or terminal connectivity issues Nope, I haven't any problems with them. They the ones we have work We have customers with databases that work. We have a company that has a massive warehouse And all their system is running an xcp and g they got a pair of windows servers and one of them has a big database on it kinks and memory cards and thumb for I've no I have no context to explain what you asked Viewport does not play nice with ai 360. Huh? What's my favorite raspberry pi project that one I can answer pretty easily and that's going to be home assistant But there's a runner up. There's actually two of them that I just love. So let's pull this up real quick the two raspberry pride projects that I like are um Home assistant and uptime kuma. So uptime kuma is super cool for monitoring everything and seeing if there's any issues Uh, this I have running on an old raspberry pi 2 Uh, because why not? I think well, maybe it's a 3. I think it might be a raspberry pi 3 I can't remember it's just that it's dedicated to running uptime kuma that way It's not part of anything if something goes down This sends me alerts. So uh, and then you just use one other thing in your normal stack to monitor that but the uh The other one is definitely going to be home assistant. I just think home assistant is amazing I've automated so my one of the things that keeps delaying the video on home assistant is actually the um What do you call it the back got to keep automating more things Let me share there you go So I home assistant. I've got all kinds of things tied to it It controls all my studio lights. It controls my cameras It controls my lights around the house and it's just such a neat project I keep adding more and more things here. I even have now built um systems where If there's a detection on my sonology, it turns on the lights It has to detect a person not motion But if a person is detected or a car is detected in my driveway The lights come on on the outside perimeters of my house around where it found the object So you can just keep going down rabbit holes with it So that's why I keep wanting to start the video and I'm like, oh, let me automate one more thing and uh, yeah How to set up up time kuma Probably I think my friend christian just released a video on it You find it so I will if you look in uh Christian lumpa has a video said the home server uptime monitoring. He's got a tutorial. He just released on this so I'm I didn't watch it, but he does really good content. So Okay, never chuck has one as well. Cool Uptime kuma would definitely work on a zima board. Does zima board substantially faster than the raspberry pi I have running this so The kuma the zima board will definitely do a good job on that All right, well, I'm gonna wind it down so I go get some chocolate milk Thank you everyone who joined email questions over to vlog thursday at loren systems.com um And I will try to do my best to answer them next week Maybe if I feel inspired I'll do I keep saying this if I don't always do it I maybe I'll do a friday night livestream because I have a hard time doing the um The saturday and sunday ones because it's been nice out and I've been out riding my motorcycle and bicycling and things like that So awesome. Thank you everyone who joined uh hit my forums That's the best place because I do daily even when I'm traveling or whatnot I I go daily into my forums and make sure I answer questions in there Because there were some challenges with graylog and the forum some other people in the forum There was a problem with certain cpus if you had proxmox Oddly that caused a problem. I don't use proxmox, but hey the awesome people in my forums There's a lot of people a lot more than just me in there Do a good job. So definitely, you know, I'm just trying to push them a little more because it's one of those things like if you want to Engaged with a lot of people There's just I love the fact that there's a big community of people who answer questions Often before I have time to answer them. So forums. Lawrence systems.com definitely, um, you know Participating in community if you got questions, especially if they're more complicated ones Outline everything in there and if I don't you often will find people have really good responses and some answers for that So I'll leave you all with that and thank you