Oh crap. Heartbleed or why most servers in the world are in a bad way

[mtnbkr]

You should download it and give it a run on a VM.  It's free for eval use (license is good for 500mb/day for 30 days, then reverts to a free 50mb/day license with limited functionality).  I even deployed it in Amazon's AWS service for shits and grins once. :D

Build a VM or phsyical linux box, install/configure syslog-ng, and have Splunk monitor the syslog-ng output file.  Then point other devices to udp/514 on your new Splunk box/VM. :D

Chris

[RevDisk]

Just logs.  My customers send IDS/IPS, FW, routers, proxies, various server logs, etc.  They have retention periods running from 90 days to "forever".  That's just raw data, then you have the reporting/auditing requirements ("I need to see what Joe has done on the network for the last year" or "show me every time this IP connected to that IP and what type of traffic it sent") and the fact that some queries can take a day or more to run due to the volume.  Some of my customers turn Splunk into a lightweight SIEM or use it to monitor devices by output (ie send an email if you don't see logs for more than X min).  They do all kinds of crazy things with their data.  Splunk makes that possible and even easy though.  It's a framework and there's so much you can do with it, it isn't funny.  You can tie all kinds of things together (how about tying orders on a web commerce site to unsolicited feedback posted to twitter from the happy or unhappy customer?)

Splunk gets nosebleed expensive at these levels.  Several of my customers have 500gb and up to 1tb licenses (spread over multiple indexers).  That allows them to index that much per day.  And yes, they use every bit of the licensed capacity.

Chris

Holy Vishnu on a crotch rocket, I want to weep at the thought of that bill. Splunk was cheaper back in the day. Then "big data" came along, and they charge out the nose these days. Like Meraki, good product, terrible pricing for a lot of folks.

[mtnbkr]

Holy Vishnu on a crotch rocket, I want to weep at the thought of that bill. Splunk was cheaper back in the day. Then "big data" came along, and they charge out the nose these days. Like Meraki, good product, terrible pricing for a lot of folks.

Tell me about it.  That's one of the reasons I'm redesigning our platform.  It seems when folks are paying that much money, they want a fast return on their data requests.  Go figure.

Chris

[Harold Tuttle]

awesome!, All my polycom codecs are vulnerable

[Ben]

CNET has a live update page on popular sites that are vulnerable/patched/were never vulnerable:

http://www.cnet.com/how-to/which-sites-have-patched-the-heartbleed-bug/

ETA: And here's another link with an embedded link that lets you just put a URL in to see if it's vulnerable. My work is going crazy on this today, so I keep getting these links in emails. :)

http://mashable.com/2014/04/09/heartbleed-what-to-do/

[Harold Tuttle]

http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html

[CypherNinja]

http://xkcd.com/1354/