If you know neither the enemy nor yourself,
you will succumb in every battle.
–Sun Tzu, Art of War (Giles Trans.)
You log data every millisecond of every day. All of the desktops purring under your care, servers, firewalls, intrusion detection systems, covert surveillance systems. Okay, forget I mentioned the last bit. Paranoia and a healthy sense of self preservation have led you to make sure logs are happening, and you look at them periodically. Some of them even send you daily reports. From all this data you have an idea of what is happening on your network.
Yet you are surrounded by treasure troves of data of the most interesting and unexpected kind: Inside the heads of your users. Unlike the data on hard drives, data stored in a gray matter file system (GMFS), sometimes referred to as a meat file system (MFS), cannot be reduced to source files, cannot be dumped and reviewed or rehashed, and follows no standards or rules. So how do you read, record ,and make use of this information? Naldo created three commands for reading and interpreting GMFS data: shsh, peg, and gro.
shsh -u -o polite jimbob | peg -u jimbob > yaklog
Translation: Shoot the bull with Jimbob, ostensibly to be polite. Pipe output into peg to produce enhanced generalizations about Jimbob and file the results in your yaklog. Some people have yaklogs in their gray matter, others have yadalogs, others bslogs. Use you’ve got. This should work fine with Jimbob because he appreciates the argument you added to the -o switch. Most people do, but there are quite a few users who find polite banter to be insipid and somewhat nauseating. You may be one of those people.
Take your yaklog and process it periodically. Maybe once per day.
open (YAK, "<", yaklog);
while (<YAK>){
$line = $_;
for (@users) {
if ($line =~ /$_/){
push @$_, $_;
}
}
}
close YAK;
for (@users) {
for (@$_) {
gro $_ > officeGeneralizations
}
}
Or something like that. In other words, periodically go through what you’ve gathered from all that banter and make some assumptions. Go ahead, infer, deduce, hypothesize. Guaranteed, if you do this regularly you will produce useful knowledge. Get to know your users. All of that banter is useful in other ways than simply gathering information, but I’ll discuss that later.
Posted by lukasa 