When There Is A “connection refused” Message for Graylog, What Might Be the Problem?

0 Comments

Problem scenario
Using PowerShell you test TCP/IP connectivity over port 9000 to your Graylog instance.  You use these commands:

$tcp = New-Object System.Net.Sockets.TcpClient
$tcp.connect(‘x.x.x.x’, ‘9000’)

You get “Exception calling “Connect” with “2” argument(s): “N connection could be made because the target maching actively refused it.”   

You know there is no firewall blocking port 9000.  Using nmap you test TCP/IP connectivity over port 9000 to your Graylog instance.

Continue reading “When There Is A “connection refused” Message for Graylog, What Might Be the Problem?”

How Do You Install Splunk Enterprise on a RHEL Server?

0 Comments

Problem scenario
You want to install Splunk Enterprise on your RedHat Enterprise Linux server.  How do you do this?

Solution
You can get a free trial here if you input the data the Splunk company requires and can agree to the terms that they have.  Use an SFTP client (e.g., WinSCP)  to move it to your server.

From the Linux server run this:  sudo yum -y localinstall splunk-*

Run this command: sudo /opt/splunk/bin/splunk version

Read the License Agreement. 

Continue reading “How Do You Install Splunk Enterprise on a RHEL Server?”

How Do You Find the Different Logging Levels of the /var/log/syslog?

0 Comments

Problem scenario
You have heard about different operating system events being classified in different levels.  Lesser events can be captured with logging is verbose.  Major events can render a system useless.  You know system logging is normally done in a file called /var/log/syslog.  How do you find out which levels there are from most significant to least significant?

Solution
Use this command: man syslog

Search for the word “level” by typing this: /level <press enter>

Continue reading “How Do You Find the Different Logging Levels of the /var/log/syslog?”

How Do You Get a Docker Container to Run That Was Made for Graylog?

0 Comments

Problem scenario
You are trying to follow the directions for installing Graylog from Docker hub.  You run these commands:

docker pull graylog2/server

docker run –name contint-mongo -d mongo:2

docker run –name contint-elasticsearch -d elasticsearch:2 elasticsearch -Des.cluster.name=”graylog”

docker run –link contint-mongo:mongo –link contint-elasticsearch:elasticsearch -p 9000:9000 -e GRAYLOG_WEB_ENDPOINT_URI=”http://127.0.0.1:9000/api” -d graylog2/server

The first two containers (for MongoDB and ElasticSearch) work and run.  The third for Graylog will not start. 

Continue reading “How Do You Get a Docker Container to Run That Was Made for Graylog?”

How Do You Get Nginx in a Docker Container to Log Web Server Activity to a Regular File inside the Container?

0 Comments

Problem scenario
Normally the Nginx web service logs operations (e.g., a user going to a website with a web browser).  By default Nginx Docker containers do not have good logging for web server usage.  You want regular Nginx logging inside the Docker container.  What do you do?

Solution
1.  Go inside the Docker container (e.g., docker exec -it <containerName> bash).  Go to /etc/nginx/

2. 

Continue reading “How Do You Get Nginx in a Docker Container to Log Web Server Activity to a Regular File inside the Container?”

How Do You Find a Linux Log That Was Modified in the past 10 Minutes?

0 Comments

Problem scenario:  In Linux, you want to view log activity captured recently.  Looking through all the logs in /var/log can take a great deal of time.  How do you correlate a recent event by finding log files that were modified in the past 10 minutes?

Solution
Run this command:
find /var/log -mmin -10

This command will find files in /var/log and its subdirectories. 

Continue reading “How Do You Find a Linux Log That Was Modified in the past 10 Minutes?”

How Do You Find Logs on a Linux Server That Pertain to a Failed mount Command?

0 Comments

Problem scenario
You want to set up a file share through Oracle VirtualBox.  You are trying to mount a file share on a Linux guest running via Oracle VirtualBox on a Windows host.   The mount command fails and you want to find relevant logs.  What do you do?

Solution
To find logs that are appropriate to debugging a mount command that does not work,

Continue reading “How Do You Find Logs on a Linux Server That Pertain to a Failed mount Command?”

The Apparent Story Behind OpenStack Component Log File Names

0 Comments

AWS used to have a separate API package from their CLI package; now the two are the same.  OpenStack components’ command line interface activity is captured in a log when proper thresholds are set (e.g., nova.conf, glance.conf etc.) and later met.  CLI activity (which bypasses Horizon) as well as GUI API activity (e.g., mouse clicks on buttons in Horizon) is written to a file named api.log.  The location of this api.log file follows this convention: /var/log/OpenStackComponentName/api.log (where “OpenStackComponentName” is nova,

Continue reading “The Apparent Story Behind OpenStack Component Log File Names”