[CentOS] Centralised logging with Gui and alerts?
Hi all, If logging all logs via syslog to a central syslog server that are all Centos based, what GUIs are out there to browse them etc. ? I know about splunk but don't want to go down that route. Also, some servers are hosted and would be best not sending their logs across the net to a central syslog (although we could openvpn them in), so can the same system be setup to receive logwatch emails? Any tips or best practices for this above and beyond just a central syslog server would be very appreciated. Server numbers are in the double figures and some are Windows (would be nice to get some of those 'logs' too - snare?). Thanks. -- Sent from my mobile device http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centralised logging with Gui and alerts?
2009/8/14 Darrin Khan : > Hello Gavin, > > We have a large number of locations around the world with a number of > servers in each. We use rsyslog to handle this, as we are able to use > encrypted connections back to the central servers. > > Also each location has an aggregation host, so not all servers have to > connect back to the central ones. > > check out rsyslog.com, they also have a basic GUI, tho I have not used > it. On the win32 side of things, not sure what you could do there .. Thanks for the tips, will look into it. -- http://www.suretecsystems.com/services/openldap/ http://www.suretectelecom.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS 5.7 eth0, eth1 and arpwatch flip flops
Dear all, Has anyone experienced this whilst running DRBD over eth1 between two CentOS 5.7 servers? eth1 is a private IP address, unroutable. eth0 is the public address. CentOS will reply sometimes once every 3 days or every 14mins~ saying "My public IP is on eth1" to arp requests when it's not, it's eth0. This freezes traffic and causes issues. We've looked at arp* /etc/sysctl.conf etc. and arptables, but wondered if anyone had a recipe? We have this already which didn't help as it happened Christmas Eve too as we kept eth1 up for a few days to test: # For the dual interface - 06.12.12 net.ipv4.conf.eth0.arp_filter = 1 net.ipv4.conf.eth0.arp_ignore = 1 net.ipv4.conf.eth1.arp_filter = 1 net.ipv4.conf.eth1.arp_ignore = 1 net.ipv4.conf.all.arp_filter = 1 eth0 and eth1 are on the same VLAN/broadcast domain, but eth1 is a 169.xx and eth0 is a routable public IP. We're having to shut eth1 down and bring it up for sync at night. Thanks, Gavin. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.7 eth0, eth1 and arpwatch flip flops
>> We're having to shut eth1 down and bring it up for sync at night. > > To what type of equipment are your ethernet devices connected? I'm asking now. > Are they > both connected to the same device? Same VLAN, not sure about same device yet. Checking. > I've seen some devices (particularly > 2Wire) that do not like two interfaces from the same system connected to > them. Reading the arp_filter settings it does match what we're experiencing, but I've never seen it before, but haven't ever been looking for it. Maybe because this is SIP/RTP traffic vs normal data traffic which when the switch switches the MAC <-> IP ARP mappings the voice traffic drops. You wouldn't noticed that on normal data traffic. arpwatch is picking up the flip flops. > You note that eth1 is on a 169.xx IP, and earlier in your email, you note > that it's non-routable. Perhaps that's not the wording you wished, to use, > or perhaps you meant that it's not routed out to the internet, however, > 169.xxx.xxx.xxx is most certainly a "routable" IP block, as far as > internet standards go. You're right. We're using 169.0.0.1-2 when we shouldn't be! It should be either in the ranges below or 169.254.x.x. Doh! > The only "non-routable" (i.e. reserved for private networks) IP blocks are: > > 10.0.0.0 - 10.255.255.255 > 172.16.0.0 - 172.31.255.255 > 192.168.0.0 - 192.168.255.255 > > While certainly not an undertaking to be done lightly, you may wish to > renumber your internal network. For two DRBD interfaces this will be fine but will need an umount or schedule reboot for the pair. Thanks, Gavin. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.7 eth0, eth1 and arpwatch flip flops
> Most of 169/8 is, but presumably he meant 169.254.0.0/16. > >> The only "non-routable" (i.e. reserved for private networks) IP blocks are: > > The list is slightly longer than that: > http://en.wikipedia.org/wiki/Reserved_IP_addresses#Reserved_IPv4_addresses No, Mike was right. 169.x.x.x which is wrong, but will be a local static route so won't matter localling, but the switch may not do anything to private vs publically assigned IP addresses as it's layer 2. Thanks, Gavin. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.7 eth0, eth1 and arpwatch flip flops
First things first... Can you confirm that those are still the values in > place? > > cat /proc/sys/net/ipv4/conf/eth0/arp_filter > cat /proc/sys/net/ipv4/conf/eth0/arp_ignore > cat /proc/sys/net/ipv4/conf/eth1/arp_filter > cat /proc/sys/net/ipv4/conf/eth1/arp_ignore > cat /proc/sys/net/ipv4/conf/all/arp_filter Obviously when we ifdown eth1 the eth1 statements above are 0. Right now eth1 is up with a sysctl -p and all set to 1. Thanks, Gavin. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 5.7 eth0, eth1 and arpwatch flip flops
Couldn't get this to work so had to disable it. On 26 December 2012 19:47, Gavin Henry wrote: > First things first... Can you confirm that those are still the values in >> place? >> >> cat /proc/sys/net/ipv4/conf/eth0/arp_filter >> cat /proc/sys/net/ipv4/conf/eth0/arp_ignore >> cat /proc/sys/net/ipv4/conf/eth1/arp_filter >> cat /proc/sys/net/ipv4/conf/eth1/arp_ignore >> cat /proc/sys/net/ipv4/conf/all/arp_filter > > Obviously when we ifdown eth1 the eth1 statements above are 0. Right > now eth1 is up with a sysctl -p and all set to 1. > > Thanks, > > Gavin. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
