Final Call ... XenServer Boot Media

BRRABill

@JaredBusch said

You rebooted this morning. That would be pretty normal.

Yeah that's what I was thinking (hoping?) ...

I'll run it again tomorrow and see...

BRRABill

@stacksofplates said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

Is there an easy way in Linux to see what files have been written to today?

You could do a find at the root level

find / -path /proc -prune -o -type f -mtime -1

That searches for all files modified in less than a day excluding the /proc directory.

Another quick Linux question...

How does one create a file out of that? It went too far for my Putty window to handle.

JaredBusch

@BRRABill said in Final Call ... XenServer Boot Media:

@stacksofplates said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

Is there an easy way in Linux to see what files have been written to today?

You could do a find at the root level

find / -path /proc -prune -o -type f -mtime -1

That searches for all files modified in less than a day excluding the /proc directory.

Another quick Linux question...

How does one create a file out of that? It went too far for my Putty window to handle.

pipe it to a file >> files.txt

DustinB3403

@BRRABill

It should be as simple as

 find / -path /proc -prune -o -type f -mtime -1 > output.txt

BRRABill

Ah, ML peeps always around to help me navigate Linux!

JaredBusch

@BRRABill said in Final Call ... XenServer Boot Media:

Ah, ML peeps always around to help me navigate Linux!

http://askubuntu.com/a/731237

BRRABill

@JaredBusch said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

Ah, ML peeps always around to help me navigate Linux!

http://askubuntu.com/a/731237

Ah, ML peeps always around to help me navigate Linux even further!

BRRABill

@BRRABill said in Final Call ... XenServer Boot Media:

@DustinB3403 said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

What log server are you using to collect the logs?

What changes did you make to the config file for the logs?

I was using Graylog, which was working before. However now it is NOT working.

Trying to reinstall GrayLog.

I figured out why Graylog wasn't "working".

It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.

BRRABill

Still good!

-rw-r--r-- 1 root root 38273316 Sep  6 11:25 lastlog
-rw-rw-r-- 1 root utmp    43776 Sep  6 11:25 wtmp
-rw------- 1 root utmp      768 Sep  6 11:21 btmp
drwxr-xr-x 2 root root     4096 Sep  6 11:20 blktap
-rw-r--r-- 1 root root      792 Sep  6 11:16 ovs-xapi-sync.log
-rw-r--r-- 1 root root     2628 Sep  6 11:15 ovs-ctl.log
-rw-r--r-- 1 root root     1784 Sep  6 11:14 restoreeswitchcfg.log
-rw-r--r-- 1 root root      348 Sep  6 11:14 interface-rename.log
-rw-r--r-- 1 root root      128 Sep  6 11:14 xenstored.log
-rw-r--r-- 1 root root    11212 Sep  6 11:14 boot.log

scottalanmiller

@BRRABill said in Final Call ... XenServer Boot Media:

@scottalanmiller said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@DustinB3403 said in Final Call ... XenServer Boot Media:

I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.

The . (at the very end) what purpose does that server?

No idea.

And I wonder if we really NEED those logs.

It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.

So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.

Didn't say that.

scottalanmiller

@BRRABill said in Final Call ... XenServer Boot Media:

@Dashrender said in Final Call ... XenServer Boot Media:

awesome.. where are you sending the logs? to an ELK or Greylog server?

Graylog.

However, my Graylog server that was working two weeks ago is now longer no longer working.

So, trying to remedy that.

DId you use the appliance?

Dashrender

@BRRABill said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@DustinB3403 said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

What log server are you using to collect the logs?

What changes did you make to the config file for the logs?

I was using Graylog, which was working before. However now it is NOT working.

Trying to reinstall GrayLog.

I figured out why Graylog wasn't "working".

It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.

what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?

BRRABill

@Dashrender said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@DustinB3403 said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

What log server are you using to collect the logs?

What changes did you make to the config file for the logs?

I was using Graylog, which was working before. However now it is NOT working.

Trying to reinstall GrayLog.

I figured out why Graylog wasn't "working".

It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.

what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?

I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.

BRRABill

@scottalanmiller said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@scottalanmiller said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@DustinB3403 said in Final Call ... XenServer Boot Media:

I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.

The . (at the very end) what purpose does that server?

No idea.

And I wonder if we really NEED those logs.

It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.

So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.

Didn't say that.

Do you think any of those things are needed/useful?

I mean, again, the ML recommendation is to use USB. If it's the wrong recommendation or we have no idea what it is doing, perhaps it should be amended.

FATeknollogee

@BRRABill
@DustinB3403
Who is going to start a new thread regarding no local logging for XS?
It seems you're both happy with the current situation?

scottalanmiller

@BRRABill said in Final Call ... XenServer Boot Media:

@scottalanmiller said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@scottalanmiller said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@DustinB3403 said in Final Call ... XenServer Boot Media:

I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.

The . (at the very end) what purpose does that server?

No idea.

And I wonder if we really NEED those logs.

It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.

So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.

Didn't say that.

Do you think any of those things are needed/useful?

I mean, again, the ML recommendation is to use USB. If it's the wrong recommendation or we have no idea what it is doing, perhaps it should be amended.

What things? Everything is going to the Graylog, so I don't know what things you are referencing.

JaredBusch

@BRRABill said in Final Call ... XenServer Boot Media:

@Dashrender said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@DustinB3403 said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

What log server are you using to collect the logs?

What changes did you make to the config file for the logs?

I was using Graylog, which was working before. However now it is NOT working.

Trying to reinstall GrayLog.

I figured out why Graylog wasn't "working".

It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.

what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?

I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.

Which means nothing was ever "not working."
Instead you were searching incorrectly.

BRRABill

@FATeknollogee said in Final Call ... XenServer Boot Media:

@BRRABill
@DustinB3403
Who is going to start a new thread regarding no local logging for XS?
It seems you're both happy with the current situation?

@DustinB3403 is still on XS 6.5, and he saw the same issues I did. When you comment out the local logging, XS just re-writes the file.

It seems to work perfectly with XS 7. But I'll check in the morning because the last thing we thought worked perfectly crashed the server!

BRRABill

@scottalanmiller said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@scottalanmiller said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@scottalanmiller said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@DustinB3403 said in Final Call ... XenServer Boot Media:

I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.

The . (at the very end) what purpose does that server?

No idea.

And I wonder if we really NEED those logs.

It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.

So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.

Didn't say that.

Do you think any of those things are needed/useful?

I mean, again, the ML recommendation is to use USB. If it's the wrong recommendation or we have no idea what it is doing, perhaps it should be amended.

What things? Everything is going to the Graylog, so I don't know what things you are referencing.

Is everything going? We can be confident of that?

Why do you keep asking Mr. Migayi type questions? LOL.

BRRABill

@JaredBusch said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@Dashrender said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

@DustinB3403 said in Final Call ... XenServer Boot Media:

@BRRABill said in Final Call ... XenServer Boot Media:

What log server are you using to collect the logs?

What changes did you make to the config file for the logs?

I was using Graylog, which was working before. However now it is NOT working.

Trying to reinstall GrayLog.

I figured out why Graylog wasn't "working".

It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.

what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?

I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.

Which means nothing was ever "not working."
Instead you were searching incorrectly.

Well, I did put "working" in quotes.

But I disagree I was searching incorrectly. If you want to play a word game, I would consider it correct searching of data that was incorrectly entered.