Monitoring

Goals: collect observables from supported feeds collect observables from unsupported feeds with elastic-tip Setup elasticsearch and kibana for filebeat We could use superuser elastic to setup filebeat but we are going to use a dedicated user with just the minimum permissions. Open Kibana and go to Stack Management > Security > Roles. Click Create role and enter the following settings: Role name: filebeat_threatintel_setup Cluster privileges: monitor, manage_ilm, manage_ml Index privileges: Indices: filebeat-* Privileges: manage, write, read Click Create role....

To have rsyslogd automatically create directories and files with whatever you send at it, just put this in your rsyslog.conf file (or a .conf file in /etc/rsyslog.d): # provide UDP syslog reception $ModLoad imudp $UDPServerRun 514 $template DynFile,"/var/log/syslogs/%fromhost-ip%-%fromhost%/%$YEAR%-%$MONTH%-%syslogfacility-text%" # log everything from remote servers to one file per host+month+facility if $inputname == 'imudp' or $inputname == 'imtcp' then ?DynFile # stop logging from remote servers if $inputname == 'imudp' or $inputname == 'imtcp' then ~ All directories and files are created under /var/log/syslogs, one directory per ip-hostname pair, and one file per facility per month....

Just some thoughts and things I’ve done. The hardware is the following: the Microserver itself, 2x 4GB DDR3, one 16GB USB flash drive, some 2TB SATA hard drives, Logitech S-150 USB speakers, and a GT520 HDMI+DVI graphic card. Installation on USB flash drive. There’s an USB port on the motherboard, so I plugged a 16GB USB flash drive and installed Ubuntu to it. The filesystem is ext4 because I trust it a lot more than btrfs and because it seems it’s quite good on a flash drive (source , it’s old, I know)....

Vos machines virtuelles sont lentes, vous pensez que le CPU n’est pas en cause parce que vous avez une utilisation faible des pCPU ? Regardez-y à deux fois, il se pourrait que vos VM attendent du pCPU disponible! Pour vérifier que vos VM n’attendent pas pour avoir du CPU, allez dans l’onglet performance, advanced, CPU. Dans chart options, choisissez “Ready (ms)”. C’est bien joli, mais ça ne vous dit pas encore grand chose....

Short story C’est l’histoire d’un bug dans un logiciel, Munin. Le bug rend impossible la génération des graphes en CGI lorsque l’hôte appartient à un sous-groupe. Le patch corrigeant ce bug est disponible ici. Long story Ce bug a été rapporté chez Debian au plus tard le 23 mai 2010, et corrigé partiellement dès le lendemain. (lien) En fait, ce bug était connu chez Munin depuis le 4 janvier 2010, et aussi corrigé partiellement très vite....