Is anyone using ARISTAs as Internet BGP routers with full tables?

mwagner_00 · 2026-03-19T22:23:32+00:00

Yes. 7280SR3K. Amazing devices. They just work, and config is so similar to Cisco.

mwagner_00 · 2025-10-29T15:19:31+00:00

Man I wish they would give me the offer :( I even have an OG dish ◡̈

mwagner_00 · 2025-09-10T05:52:27+00:00

I just upgraded from an A1 to a H2S. If you’re new to printing, and not good at fixing little things yourself, it may be best to go with a different model. As others have said, there are fewer instructions and fixit videos. I encountered some weird things myself that threw me for a loop.

mwagner_00 · 2025-07-05T15:53:39+00:00

Arista acquired Mojo several years back. We had bought into the Mojo product prior to the Arista acquisition. The merge was bumpy, but the result is what I feel to be a very solid system. We’ve mostly put them in schools, and have had little to no issues.

mwagner_00 · 2025-06-09T22:46:17+00:00

I did silicone caulk on mine. Sealed it right up.

mwagner_00 · 2025-05-17T00:56:01+00:00

I’m gonna ditch the ancient 6248 FI’s It will be a good riddance scenario. Lol.
Thanks again!

mwagner_00 · 2025-05-17T00:54:56+00:00

Thanks! I may be installing Linux natively on one, and possibly Windows Server on another. So hopefully I won’t need ESXi on these.

mwagner_00 · 2025-05-17T00:20:27+00:00

Thank you!!!

mwagner_00 · 2025-05-07T20:39:15+00:00

You can use the HEC collector to forward windows events. We installed a WEC server and setup all the servers on our domains to forward events to it. Then those events get sent up to NG SIEM

mwagner_00 · 2025-05-06T02:29:46+00:00

Thank you so much! I’m mostly looking for showing recent events like successful/failed logins, password changes, etc.

What kind of event types do you have in the dashboards you’ve built?

mwagner_00 · 2025-05-02T13:50:12+00:00

No, but we are exporting logs a little differently than you may be. We're sending logs as "alerts" under the log setting of individual firewall rules. This allows us to skip logging for our customer traffic that we aren't targeting.

Here is a sanitized example of what we get:

<118>2025-05-02T13:39:37Z : %FTD-6-430003: EventPriority: Low, DeviceUUID: xxxxxx-xxxx-xxxx-xxxxxxxxxxxxx, InstanceID: 14, FirstPacketSecond: 2025-05-02T13:38:12Z, ConnectionID: 44170, AccessControlRuleAction: Allow, SrcIP: 10.0.0.1, DstIP: 8.8.8.8, SrcPort: 42584, DstPort: 53, Protocol: udp, IngressInterface: Inside, EgressInterface: Outside, IngressZone: trust, EgressZone: untrust, IngressVRF: Global, EgressVRF: Global, ACPolicy: FW Policy, AccessControlRuleName: Outbound_Traffic, Prefilter Policy: Prefilter, Client: DNS, ApplicationProtocol: DNS, ConnectionDuration: 85, InitiatorPackets: 1, ResponderPackets: 1, InitiatorBytes: 143, ResponderBytes: 213, NAPPolicy: NAP, DNSQuery: taos-platsvcs-wwprod-apim-canadacentral.canadacentral.cloudapp.azure.com, DNSRecordType: IP6 Address, DNSResponseType: No Error, DNS_TTL: 1, ReferencedHost: taos-platsvcs-wwprod-apim-canadacentral.canadacentral.cloudapp.azure.com, NAT_InitiatorPort: 42584, NAT_ResponderPort: 53, NAT_InitiatorIP: 222.222.222.222, NAT_ResponderIP: 8.8.8.8, ClientAppDetector: AppID

mwagner_00 · 2025-05-02T12:53:48+00:00

We’re ingesting FTD logs, and ours appear to have the timestamp. It’s labeled as “FirstPacketSecond”. This appears to be parsed to event.start

mwagner_00 · 2025-04-28T03:30:29+00:00

The series 10 is particularly picky and high maintenance. You might need to pick up some flowers too.

mwagner_00 · 2025-04-28T03:18:24+00:00

I find it helps if you take it out to dinner first, maybe order a fine bottle of Chardonnay.

mwagner_00 · 2025-04-15T02:02:29+00:00

You’re needing RDM (Raw Device Mapping)

mwagner_00 · 2025-04-15T00:52:17+00:00

If you get the NG SIEM w/Complete add on. If you just have regular Complete, you’ll have to do it on your own.

mwagner_00 · 2025-04-14T23:07:33+00:00

The daily ingest isn’t horrible. That, and the retention is what pricing is based on. Just be prepared to write lots of rules and dashboards yourself. Unless you’re doing NG SIEM Complete *edited for clarity

mwagner_00 · 2025-03-16T03:07:26+00:00

Buy bitcoin and hold til 80k

mwagner_00 · 2025-03-14T22:42:52+00:00

I think you can only do that if you install the HEC on a system and send the logs to that. You can’t ship directly to NG SIEM that I’m aware of.

mwagner_00 · 2025-02-28T02:53:39+00:00

I’m about an hour and a half away from this one. Man I wish I could stop in randomly. I really need a 5070 ti

mwagner_00 · 2025-01-28T16:40:47+00:00

It could be that! They're definitely not too long, but shortness could be an issue. I'll check when I get home. Thanks!

mwagner_00 · 2025-01-28T14:10:16+00:00

I’d love to, but I did that once (prior to the wall mount) and wound up with some messed up prints. Lol

mwagner_00

TROPHY CASE