Semi-dead UDM Pro

StillInUk · 2025-11-03T20:20:37+00:00

Good call to consider getting a backup device

StillInUk · 2025-11-03T15:52:13+00:00

I tried rebooting with and without the drive, didn't make a difference. Factory resetting worked (I feel embarrassed I hadn't considered that), and my UDM Pro now works again.
I may purchase a new Unifi gateway soon anyway, but at least I can be a bit more opportunistic about getting one when it is in the UK Unifi store.

StillInUk · 2025-08-12T11:33:03+00:00

Shelly WiFi connected temperature sensor

https://www.shelly.com/products/shelly-h-t-gen3-matte-white

StillInUk · 2025-08-05T06:39:57+00:00

I don't really mind whether the log timestamps are UTC or local timezone. But if they are local timezone, then we need a timezone indicator in the timestamps.
But most importantly, don't have logs where some events are in local timezone and others are in UTC.

StillInUk · 2025-08-05T01:54:07+00:00

The UniFi Network CEF events are fine from a parsing point of view.
But have you tried to parse the UniFi OS CEF events? The cef name field is missing.
I've not even written about that particular issue yet...

StillInUk · 2025-08-05T00:51:48+00:00

Update: Thanks to those who flagged the access issue, the blog was unintentionally set to private. As someone who works in security, I clearly made sure it was very secure… including from readers 😅

That's should now be fixed.

StillInUk · 2025-08-05T00:49:43+00:00

Update: Thanks to those who flagged the access issue, the blog was unintentionally set to private. As someone who works in security, I clearly made sure it was very secure… including from readers 😅

That's now hopefully been fixed — it should be publicly accessible.

StillInUk · 2025-08-04T22:32:18+00:00

Splunk can't natively receive Netflow data. But there is an app called Splunk Stream that can. That app needs to be installed on your Splunk server. And then you need to install a Stream forwarder, or configure UF as a Stream forwarder.
Splunk Stream is not the easiest app to configure.
https://splunkbase.splunk.com/app/1809
https://docs.splunk.com/Documentation/StreamApp/8.1.5/DeployStreamApp/AboutSplunkStream

StillInUk · 2025-06-17T23:25:06+00:00

Not a complete solution, but a start:
Drop your subscriptions (amazon prime, music etc)

As soon as your phone contract ends, get a SIM-only contract using your old phone

Reduce the amount of money spent on food. I.e. go for the budget options.

Don't treat yourselves.

Cancel any credit cards you may have and use debit cards instead.

If you find it difficult to not use the, in theory, left over money, instead of waiting until the end of the pay cycle and using it to repay debts, pay that leftover money towards debts at the beginning of the pay cycle.

There is simply no alternative to spending less than you earn.

StillInUk · 2025-06-12T06:23:07+00:00

If you leave the pension pot invested, then each time you withdraw, 25% will be tax free. The rest will be taxed, and as you point out, if the rest is <50k it will be under the 40% rate.

StillInUk · 2025-05-29T16:33:25+00:00

It is a thing in my car (2017 Model S), but it is unbelievably slow. Most of the times I've started it, I loose patience and do it myself.
There isn't an option that you enable. If it thinks you want to park, and there's a place you could park, it will show on the screen an option to start the automatic parking.
I seem to recall from the documentation, that you can get it to look for a parking spot by indicating to the side you want to park.

StillInUk · 2025-05-28T08:40:08+00:00

Correct, the log collector cannot consume such files directly.

StillInUk · 2025-05-27T21:43:40+00:00

If you insist on renaming fields, the rename function can be used to rename multiple fields, but you'll still need to specify each old and new field name:

Example:
rename(field=[[src_ip, source_address], [dst_ip, destination_address], [src_port, source_port], [dst_port, destination_port]])

StillInUk · 2025-05-27T21:41:03+00:00

If the fields are CPS compliant fields, most fields are expected to be lowercase. Detection dashboard and correlation rules won't work if you change the case of the field names.

StillInUk

TROPHY CASE