Echo provides information sourced from various logs from university systems to Tufts staff for the purpose of providing support to the community.

Dashboard

The dashboard provides a quick overview of events on campus. The "My Groups" and "My VIPS" panels show which support groups and people you are tracking, respectively. The group selections determine which events show up in the "My Recent Events" panel, which only displays events tied to UTLNs supported by the groups you have chosen. The VIPs panel will automatically list any VIPs with current events at the top, with a red exclamation point next to the name. You can edit your groups and vips on the Settings page.

The dashboard also includes a search bar, which allows you to search by UTLN or IP address. These fields are populated as events come in, so if a UTLN or IP address has never had an event since Echo started, it will return "not found". Otherwise, it will take you to the page for the person or machine and list all relevant events.

Finally, the dashboard also has a chart section which shows you some school-wide interesting information.

Events

The events pages list all events in their respective categories, school-wide. An "event" is actually a collation of any number of logs, or "messages" that come in regarding a specific UTLN. Events are collated on a rolling 24-hour basis: if a message comes in within 24 hours of an earlier message for the same UTLN and in the same category, it will be combined into the same event. All event categories have 48 and week views. You can view individual message information on the page for any single event.

Lockouts

Information regarding AD lockouts. Sourced from Microsoft Kerberos lockout logs.

Infections

Information regarding compromised computers. Sourced from FireEye; Trend and Metaflows soon to come.

Metrics

This nascent page is for showing school-wide information and trends in graphical formats. Right now, there is one chart-events over the past week-organized by time on the X axis, severity on the Y axis, and color coded to indicate status: red for VIPs, purple for staff and faculty, and blue for students. I hope to create more charts and metrics; please contact me with any ideas!

Tools

Whowas

Provides user identity information given a UTLN and a timestamp. This currently only searches wired and "normal" wifi connections -- Secure Wifi and VPN are in the planning stages. The information is sourced from DHCP logs and Bluecat Proteus. Please be aware the Proteus can have incorrect information, so in critical situations a second source is recommended.

Settings

Here you can add or remove groups and people (VIPs) to track. Your selections will show up on your dashboard.

Browser not supported