Some functions related to presentation and appearance won't be working properly if you don't have enabled JavaScript in your browser
Ed recent photo Follow earactingi on Twitter

Blogroll Links

Sign up to receive post notifications:


My Diggs



March 09, 2009 at 10:34 PM

WRT300N on Amazon.com
[caption id="attachment_108" align="alignnone" width="493" caption="WRT300N on Amazon.com"]WRT300N on Amazon.com[/caption]

I know it is a good gadget, but for ten grands, I don't think so "Super Deal"!

| TrackBack (0) | | Digg! del.icio.us


Log Management and Rotation

December 09, 2008 at 10:33 PM

Log Management and Rotation with Syslog-ng:

This is a flexible and very simple way to configure Syslog-ng and use it's powerful features to manage Linux messages, network device logs and Windows events: First, if you don't know what syslog-ng is.. (or even what syslog mean) go to http://www.campin.net/syslog-ng/faq.html

After you understand why syslog-ng is more powerful than syslog, let check out how we can capture logs from multiple devices and systems spread them to different locations, rotate them (zip and delete) in a simple flexible way.
- First you need to install syslog-ng, check your distro repositories and package managers like yum install syslog-ng or apt-get install syslog-ng. you can always download and compile from source.

The config file is in

# vi /etc/syslog-ng/syslog-ng.conf

These are examples of some log locations, four information need to be defined: source (the incoming source), destination (where to store the logs, can be sent to a pipe file for realtime monitoring), filter (what to store) and log ( to tie source, destination and a filter)

#pipe files

destination d_pix_pipe { pipe("/root/pixlog.pipe"); };

destination d_web_pipe { pipe("/root/weblog.pipe"); };

destination d_dc_pipe { pipe("/root/dclog.pipe"); };



#specify storage paths

destination d_isa { file("/var/log/mylogs/isa/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR");};

destination d_pix_dir { file("/var/log/mylogs/pix/$R_YEAR/$R_MONTH/$R_DAY/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR");};

destination d_win{ file("/var/log/mylogs/win/$R_YEAR/$R_MONTH/$R_DAY/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR");};

destination d_dc{ file("/var/log/mylogs/dc/$R_YEAR/$R_MONTH/$R_DAY/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR");};

destination d_webfilter{ file("/var/log/mylogs/web/$R_YEAR/$R_MONTH/$R_DAY/$R_YEAR-$R_MONTH-$R_DAY-$R_HOUR");};



#filters, how to identify incoming logs

filter f_pix   { match("ourasa")and not match("ICMP"); };

filter f_isa   { facility(local6); };

filter f_net   { facility(local5); };

filter f_wifi   { facility(local17); };

filter f_antivirus { match("198.168.20.45"); };

filter f_pix_deny   { match("Deny"); };

filter f_pix_icmp   { match("ICMP"); };

filter f_webfilter   { match("http_scan"); };

filter f_win   { facility(local3); };

filter f_chh_dc   { facility(local2); };

You can use grep and awk to search the logs for information of interest

Rotation


One issue of concern is the growing size of logs and how to make sure the hard drive doesn't fill up quickly. File can be compressed and/or moved on a regular basis.

To configure a log rotation and retention policy, you need to define a cron job to run daily and compress older files.

Edit /etc/cron.daily/logrotate

# compress all files older than 1 day

find /var/log/chh/ -type f -mtime 1 -exec gzip {} \;

# delete all files older than 31 days

find /var/log/chh/ -mtime +31 -exec rm -f {} \;



You can still search your logs using zgrep or zcat which would work on zipped files just fine.

| TrackBack (0) | Info Security | Digg! del.icio.us


Why should VMware open source ESX Server

March 20, 2007 at 12:51 PM

For some time, I started thinking that VMware should open ESX server to the open source community, not because I am an open source advocate, but for many reasons I'm listing here, and I think many of you agree:


  • ESX is already using many open source technologies and components, whether we say it's built on top of Linux OS, using Linux kernel, or is a Linux derivative, it is built on an open source foundation.

  • ESX Server make Linux users feel at home, and Linux community are used to find, evaluate and use open source projects before they recommend it to their employers and use it in the enterprise, imagine a project called OpenESX, and fully open source and free virutualization project where anyone if the world can contribute to the design, development, testing, and documenting of every part of it just like Fedora project and Redhat. VMware will sponsor the project and support the development.

  • It will provide rapid progress, more innovation, closeness to the users, and larger user exposure: open source's advantages.

  • It is Microsoft Virtual Server's competitor, many Open Source contributors build their environments on open source platforms and never user Microsoft's software unless they have to, those users and developers will definitely contribute to an open source project that will integrate with their current network, provide enterprise class support, without migrating to Windows hosts or Microsoft technologies.

  • By saying open source, and I'm not saying ESX will be totaly free and VMware going out of business, I admire VMware innovation and I actually think VMware business will be in a good shape with Open Source community support, (I don't want to go through the debate of opening Microsoft Windows source now, but I think the open source business model will be suitable for VMware)
  • It is the best way to [defeat] Open Source rivals, Xen, Qemu and other open source alternatives' advantage is user contribution and rapid progress, Vmware will soon realize that once those products are mature, it will be competing with them in the enterprise market along with the pressure of Microsoft.
  • VMware has always supported and relied on user community, VMTN is a big strength for VMware because of the users forums, blogs, local groups and add-ons, and they can give those users access to the core technologies where they can suggest, enhance and innovate to the seek of virtualization users back to VMware clients.
  • VMware already experience how much users base was expanded by giving away Vmware Server for free, those users most likely are going to recommend VMware as solution provider for virutalization after evaluating the product, and ESX will have much more powerful but similar affect.

When I say open source, I mean ESX OS, VMkernel, VMotion and VMFS, imagine how much users can contribute to those technologies, and how fast this development is going to be.
If you think that this is impossible, VMware is never going to release ESX Server's code, just think about Java, and solaris, after 10 years, Sun decided to open source those to stay in the competition (I think Solaris was open sourced too late that it may not recover easily anyway).

--------------------------------------------------------------------
Netflix, Inc.
Links to this:
http://vmblog.com/archive/2007/03/21/should-vmware-open-source-esx-server.aspx
http://blog.scottlowe.org/2007/04/05/open-source-virtualization-thoughts/
http://tarrysingh.blogspot.com/2007/03/should-vmware-open-source-esx-server.html

| Comments (2) | TrackBack (0) | Virtualization | Digg! del.icio.us