Skip navigation

How to ease your System Administration email workload with Splunk

  • January 7, 2011 – 23:30
  • Posted in Uncategorized
  • Leave a Comment

Systems generate a lot of email. If you’re a sysadmin, you already know this. If you work with sysadmins, then you’re to blame (ok, maybe not). In either case, dealing with system email is time consuming, and the signal-to-noise ratio is low. More often than not these emails are ignored (procmail FTW!).
Is this a good thing? No.
Why?
These emails are generated for a reason, and that reason is usually that there’s something amiss on your system. Instead of /dev/null’ing all of these useful nuggets, why not mine them with Splunk?

In this How To we’ll setup a catch-all Postfix server and use it to Splunk all of your system generated email.
Read More »

It’s time to give up the 44.x.x.x address block

  • October 22, 2010 – 18:29
  • Posted in Uncategorized
  • Comments (2)

From Bruce Perens K6BP:

Dear Fellow Amateurs,
You may have seen the news that Interop has returned its IP address
block to ARIN. See
arstechnica.com/business/news/2010/10/embargoed-interop-gives-back-a-months-worth-of-ipv4-addresses.ars

This was done as a means of prompting other organizations that hold
large, mostly-unused blocks – that means us – to return them now that we
are approaching the exhaustion of available IPV4 addresses.

Amateur Radio holds a block of 16 million IP addresses that are mostly a
relic of past operation. When TCP/IP over 1200 baud packet was
interesting, the IP address pool was far from exhaustion and holding
that block had no cost to the general public. Now, Amateur Radio is a
very significant contributor to the problem of global IPV4 address
exhaustion.

Obviously it is true that everybody must convert to IPV6. As Amateurs,
technically competent and in complete control of our own networking
infrastructure, this is an easy place for us to lead. It isn’t so for
the global internet. Commercial internet providers must struggle with a
tremendous technically-naive user pool who must be guided through
conversion or provided with address translation kludges that will cause
service problems, routing hardware that can’t be converted to IPV6, and
a tremendous expense of converting all of this infrastructure and
training users and their own staff that has come at a really bad time
economically.

Thus, I suggest that Amateurs would be fulfilling their social duty to
the public by returning an address pool that they no longer need as soon
as possible, and leading in conversion of their remaining and future
TCP/IP operations to IPV6.

This isn’t like giving up a frequency band that will never be returned -
equivalent IPV6 address blocks are available to us, and the IPV6 address
space is astronomical in size compared to IPV4.

Many Thanks

Bruce Perens K6BP

San Francisco Public-Safety Answering Point

  • September 27, 2010 – 23:36
  • Posted in Uncategorized
  • Tagged ampledata.org
  • Leave a Comment

According to San Francisco’s very own @sf311, the Public-Safety Answering Point (PSAP) Emergency number is 415-553-8090. The Non-Emergency number is 415-553-0123. Enjoy.

…and I’m only publishing this here because it’s near impossible to find via Google on an iPhone.

How to install Chef on Solaris 10

  • September 9, 2010 – 00:22
  • Posted in Uncategorized
  • Comments (2)

Required Packages

From the Solaris 10 OS Companion Software CD install the packages below, this will get you up and running with Ruby 1.3.5:

  1. SFWruby
  2. SFWrline
  3. SFWncur
  4. SFWcoreu

Install & Update RubyGems

In this step we’ll install a version of RubyGems compatible with our version of Ruby, 1.3.5.

cd /tmp
wget production.cf.rubygems.org/rubygems/rubygems-1.3.5.tgz
gtar -zxf rubygems-1.3.5.tgz
cd rubygems-1.3.5
/opt/sfw/bin/ruby setup.rb
/opt/sfw/bin/gem install rubygems-update
/opt/sfw/bin/gem update --system

Who the hell is Steve?

To avoid the error message below, run:

mkdir -p /export/home/steve/work/usr/src/tools
ln -s /usr/sfw/bin/gcc /export/home/steve/work/usr/src/tools/gcc

make
/export/home/steve/work/usr/src/tools/gcc -I/usr/sfw/include -I/export/home/steve/work/proto/root_i386/opt/sfw/include -I. -I/opt/sfw/lib/ruby/1.8/i386-solaris2.10 -I/opt/sfw/lib/ruby/1.8/i386-solaris2.10 -I. -fPIC -g -O3 -Wall -c generator.c
sh: /export/home/steve/work/usr/src/tools/gcc: not found

Install Chef with RubyGems

gem install chef

Oh no!

At this point you’ll get this error when attempting to run ‘chef-client’:

ld.so.1: ruby: fatal: relocation error: file /opt/sfw/lib/ruby/gems/1.8/gems/json-1.4.2/ext/json/ext/json/ext/parser.so: symbol RSTRING_PTR: referenced symbol not found
Killed

Worry not! See below.

Replace json with json_pure

gem uninstall json
gem install json_pure --version 1.4.2
cat /opt/sfw/lib/ruby/gems/1.8/specifications/json_pure-1.4.2.gemspec | sed s/json_pure/json/g > /opt/sfw/lib/ruby/gems/1.8/specifications/json-1.4.2.gemspec
cp -pr /opt/sfw/lib/ruby/gems/1.8/gems/json_pure-1.4.2 /opt/sfw/lib/ruby/gems/1.8/gems/json-1.4.2

Victory!

chef-client

[Wed, 08 Sep 2010 17:21:09 -0700] INFO: Client key /etc/chef/client.pem is not present – registering
[Wed, 08 Sep 2010 17:21:10 -0700] WARN: HTTP Request Returned 404 Not Found: Cannot load node stress10.
[Wed, 08 Sep 2010 17:21:11 -0700] INFO: Starting Chef Run (Version 0.9.8)
[Wed, 08 Sep 2010 17:21:11 -0700] WARN: Node stress10. has an empty run list.
[Wed, 08 Sep 2010 17:21:11 -0700] INFO: Chef Run complete in 0.830921 seconds
[Wed, 08 Sep 2010 17:21:11 -0700] INFO: Running report handlers
[Wed, 08 Sep 2010 17:21:11 -0700] INFO: Report handlers complete

Done!

How to single boot Ubuntu 10.04 Lucid Lynx on a MacBook Pro

  • August 20, 2010 – 20:31
  • Posted in Uncategorized
  • Leave a Comment

Following up on my article on single booting Solaris on a MacBook Pro, what follows are almost identical instructions for single booting Ubuntu 10.04 Lucid Lynx on a MacBook Pro. There are two key differences with this procedure:

  1. A Master Boot Record (MBR) partition table is not necessary to boot Ubuntu.
  2. The hard drive must be blessed after installation.

Prerequisites

  1. MacOS X Install DVD (any version, OEM or full)
  2. Ubuntu 10.04 Install CD (server or desktop)

Overview

  • Using a MacOS X Install DVD format the disk with a single partition. (Phase I)
  • Boot from the Ubuntu 10.04 Install CD and install Ubuntu. (Phase I)
  • Boot from the MacOS X Installation DVD once more and bless the hard drive. (Phase II)

Read More »

Rock Med Embed

  • – 01:51
  • Posted in Uncategorized
  • Leave a Comment

spacer

“Health Care Is A Right, Not A Privilege”

Outside of my day job I spend a vast amount of my time providing volunteer disaster response and communications for the American Red Cross Bay Area. This past weekend, however, I was invited to embed with the Rock Medicine team at San Francisco’s Outside Lands 2010 festival in Golden Gate Park. This volunteer group of medical professionals and care takers provide free-of-charge emergency medical services at large events throughout California. (For more information on Rock Medicine please see the Haight Ashbury Free Clinic or the San Francisco Medical Society.) What follows are observations I made while in the field with Rock Med. Read More »

How to use Notifo to receive Splunk alerts on your iPhone

  • August 16, 2010 – 22:00
  • Posted in Uncategorized
  • Leave a Comment

In this article I’ll describe how I use Splunk and Notifo to alert me whenever someone tries to login to my system with invalid credentials. Notifo is push-based notification service for mobile phones, in our example we’ll be using the iPhone.

Overview

  1. Setup a Notifo account.
  2. Install the Notifo app on your iPhone.
  3. Install the notifo.py Python module.
  4. Install the splunknotifo.py Python alert script.
  5. Setup splunknotifo.py
  6. Setup saved search.

Assumptions

  • This process assumes that you’ve got Splunk installed and monitoring a file containing sshd log messages.

Steps

Read More »

Quick & Dirty SSH “Invalid User” Message Generator

  • August 10, 2010 – 17:09
  • Posted in Uncategorized
  • Comments (2)

Say you’re working at a log search company and you need to quickly generate some SSH Invalid User errors for searching or alerting within your product.

while true; do 
  ssh -o PreferredAuthentications=publickey bob$RANDOM@localhost;
  sleep 240;
done

This should generate some messages in your logs (/var/log/secure.log under MacOS) like:


Aug 10 10:06:03 jupiter sshd[73325]: Invalid user bob30582 from ::1

Wedding Vows & Speech

  • August 5, 2010 – 15:53
  • Posted in Uncategorized
  • Tagged ampledata.org
  • Leave a Comment

About two months ago I was lucky enough to marry the most beautiful girl in the world (depending on the world). No, seriously, she could be a part time model. Check out my Facebook profile for pictures. We were married in Los Angeles California’s Koreatown by our friend Leslie, whom we had deputized by the county of Alameda (that’s where Oakland lives). The vows below were those spoken by Leslie, Curi (my wife) and me.

Our Vows:
Read More »

How to setup a Nagios Network Monitoring System Kiosk

  • August 2, 2010 – 17:14
  • Posted in Uncategorized
  • Leave a Comment

Set aside everything you think you know about Network Monitoring Systems, or NMSs. Here’s the rules:

  1. They All Suck.
  2. Use Nagios.

At this point you’re saying:

  • “My NMS has a SQL back-end!”
  • “My NMS has auto discovery!”

Odds are, those features both suck and blow at the same time.

. Now I’ll show you how to setup a simple kiosk web page for your NMS. This will focus primarily on Nagios, but could easily be adapted for other NMSs.

Read More »

Follow

Get every new post delivered to your Inbox.

Powered by WordPress.com
Related searches:
install posted system ubuntu splunk
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.