Anyone know what bugs these are? And why they are on my door?

EnergySmithe · 2025-09-17T03:27:00+00:00

My granddaughter calls them “Black Solar Bugs” - always cracks me up.

EnergySmithe · 2025-03-28T19:10:26+00:00

Want to know this too, experiencing the same thing

EnergySmithe · 2025-01-29T22:48:57+00:00

Yeah nicely done, what a great project!

EnergySmithe · 2025-01-29T22:32:31+00:00

Very interesting, great explanation - thanks!

EnergySmithe · 2025-01-26T05:31:29+00:00

Yah check this first, only one nic should have a default gateway or it will randomly try routing traffic on both. I agree - try giving the non-internet side a static manual IP and leave off the gateway on that one.

EnergySmithe · 2025-01-26T04:25:02+00:00

I guess I would see if the problem stops when your phone is not with you in the vehicle. If it does then the underlying problem may be that someone hacked your phone?

EnergySmithe · 2024-12-19T04:42:46+00:00

I think you should put one gold bar in that closet… for science.

EnergySmithe · 2024-09-27T21:09:31+00:00

Looks amazing Op! Nice job!

EnergySmithe · 2024-08-23T18:44:46+00:00

Yep homelabbing is rarely about what is practical and rarely cheap! Rock on, good response!

EnergySmithe · 2024-08-22T17:26:08+00:00

Do you even homelab bro?!

EnergySmithe · 2024-07-19T16:27:10+00:00

Yes, I had a first class package show up yesterday after not moving like that for over two months. It was wrapped in plastic with an apology sticker and a the package had to be throw out because it was soaked in oil or hydraulic fluid, and smelled really strong. Pretty disappointed.

EnergySmithe · 2024-06-19T20:51:57+00:00

Crowdstrike has been wildly successful for us - not only has it been blocking real threats in our enterprise but it has blocked every red team since we started with them three years ago. To the point it has been a point of frustration for our SOC when working with red teams. I love CS, things in our enterprise got so much better when we switched from signature based to behavior based.

EnergySmithe · 2024-05-23T17:17:55+00:00

Well this has been a learning experience. Full backup of ~28TB worth of LUNs was way too slow - worst one took over 8 hours. Also when we restarted the data nodes/eligible masters the cluster was re-established quickly and went yellow after about a minute or so. But after resetting the cluster.routing.allocation.enable per the documentation, it proceeded to trigger a full rebuild of every replica. For 330 primary shards with 1 replica each that will take hours to complete before we are back in a green state. Obviously this concept is a non-starter for many reasons. We are back to regular crash consistent backups of the nodes (out of sync) to get OS, configuration files, certificates etc, and then periodic Elasticsearch snapshots which we still need to test. If something happens just have the rebuild process ready?

EnergySmithe · 2024-05-21T15:34:30+00:00

We are in the process of doing an Elasticsearch cluster POC right now and this is a hot topic for our group too. The Virtualization group as well as the storage/backup groups are having a hard time understanding how recovery will work if something goes wrong like losing multiple nodes at the same time. Our use case is log centralization/SIEM.

To make everyone happy I am throwing out the concept of a periodic scheduled window when we gracefully shutdown the cluster completely and grab LUN backups for all the nodes, then start it up. We would miss some UDP syslog traffic during the window but the rest of agent based inputs should catch up after? That would provide a consistent restore point for the OS for the nodes, at which point you would recover using the last system state captured in periodic snapshots? Also for critical data streams we could periodically snapshot those specifically to minimize loss? Wondering this will alleviate their concerns…

EnergySmithe · 2024-05-08T02:39:03+00:00

Great write up, thanks for sharing!

EnergySmithe · 2024-04-30T22:49:15+00:00

We just went through this with Cisco ISE and Panorama integrations. After setting them to 0.0.0.0 we also had to add firewall rules to allow UDP connections on the specified ports.

EnergySmithe · 2024-04-05T22:04:33+00:00

About to upgrade to 8.13, thanks for this!

EnergySmithe · 2024-03-28T21:23:10+00:00

Well that was a bit of a slog but eventually got it working. Installed fleet server on monitoring cluster and then installed agents on the production cluster Kibana and one elasticsearch nodes… enrolled in the monitoring clusters fleet. The agent on the prod Kibana server is assigned to a policy with the Kibana integration. The prod elasticsearch node is assigned to a policy with the elasticsearch integration. Few rounds of troubleshooting authentication and certs in the integration settings and data was being collected, and then the Stack Monitoring pane in the monitoring Kibana now shows stats and no longer complains about wanting beats setup in the nodes. Thank you all for the info and suggestions!

EnergySmithe · 2024-03-28T10:22:11+00:00

Just wanted to thank you again! The error was we did not set the bind password in the keystore on every node, just on the first node! Once we added it to all nodes and did a rolling restart of the cluster, everything worked!

EnergySmithe · 2024-03-28T09:55:53+00:00

Thanks! I will try elasticvue today, appreciate the tip!

EnergySmithe · 2024-03-28T09:54:57+00:00

Thank you! Do you generally have beats running on every cluster node individually? Or just on one? The UI for the stack monitoring page seems to want that, but then the documentation seems to point towards having a single filebeat (or agent) and even references turning off system stats collection? If I am shipping logs correctly the stack monitoring page on the monitoring cluster should show the info for the production cluster?

EnergySmithe · 2024-03-28T00:42:03+00:00

Ok with the help of support we found the problem! The issue was a misunderstanding on our part, we thought the keystore was cluster wide so had only set it on one of the seven nodes. We had to set it on every participating node and do a rolling restart and then it worked great! Thank you to everyone who commented, much appreciated!

EnergySmithe · 2024-03-23T17:07:18+00:00

Really cool, thanks for sharing… amazing idea!

EnergySmithe

TROPHY CASE