The night is so dark, it sticks to your skin. The young geek wanders lost through thick foliage, branches grabbing his sleeves, the glow from his pitiful penlight only serving to accentuate the crushing blackness all around. Suddenly branches snap under mysterious feet somewhere ahead, his heart base jumps into his mouth, and he nearly swallows his penlight in a vain attempt to stay hidden.
The unseen feet draw inexorably closer as the geek desperately tries to hide without making any noise, his eyes popping wide as he succeeds in a close encounter with a birch twig enema. Then the branches part before him and soft luminescence spills over his sobbing fetal form.
"Would you like a cookie, dear?" It's his mom with a tray of fresh-baked Toll Houses. He was in his backyard the whole time.
Sure, that might have been me on a Cub Scout campout, but too often, that's exactly what network security means to a harried administrator. With all kinds of real-life problems on your mind, monitoring security just isn't a day-to-day concern. Then suddenly something happens — a crash, a slowdown, a server that sounds like R2-D2 with gas. The physical checks turn up nothing, so suddenly the dreaded "What if…?" comes to mind. And then you're wandering the midnight forest with a penlight, trying to scratch up enough security expertise and data to make any kind of guess at what the problem might have been. Meanwhile, your useless supervisor turns into Jiminy Cricket, perched on your shoulder chirping his little mantra in your ear, "If only you'd paid more attention to security. If only…"
Well, swat the little insect. With a little forethought, a little planning, and a little automation, you can turn that midnight terror trudge into a calm garden stroll — or at least give yourself a bigger flashlight. On the Microsoft side, do yourself a favor and actually read the documentation on reporting. Microsoft has done loads of work on its reporting engine, yet most administrators dump this stuff right away because it's too much work, the learning curve is in the way, and it usually involves asking your boss for a SQL Server box and license. Well, bite the bullet, dent the budget, and RTFM (read the effing manual) because combined with platforms such as System Center, a regular schedule of reports can save your life when you're hunting the network for a bad-guy bug.
Even something as basic as System Center Essentials (SCE) 2007 (the SMB version of the full System Center package) has upward of 30 prepackaged reports ready to run. And if you take the time to become a true aficionado of the platform, you can create custom reports, no trouble. All you need is SCE on the front and a SQL Server 2005 box on the back — and some quality time with your schedule. Out of the box, pick summary reports — stuff that lets you see what's connected to the network and as many view slices of what's on the network as you can comprehend. Then schedule them. SCE will run these automatically and store them. You just pick a day each week (or month if you like living on the edge) to run a manual set of these checks, then compare them across stored history. While you're at it, purge history that's too old to be useful and spare your server from choking.