ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    BRRABill's Field Report With Linux

    Scheduled Pinned Locked Moved IT Discussion
    148 Posts 14 Posters 19.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stacksofplatesS
      stacksofplates @Dashrender
      last edited by

      @Dashrender said in BRRABill's Field Report With Linux:

      @stacksofplates said in BRRABill's Field Report With Linux:

      @scottalanmiller said in BRRABill's Field Report With Linux:

      @BRRABill said in BRRABill's Field Report With Linux:

      @scottalanmiller said in BRRABill's Field Report With Linux:

      @BRRABill said in BRRABill's Field Report With Linux:

      @DustinB3403 said in BRRABill's Field Report With Linux:

      @BRRABill Adding a second drive to a VM is literally nothing though.

      It would be better practice to add a drive, than to try and extend the existing one.

      But in theory, that 15G partition is part of the 19.5GB VHD the GrayLog appliance sets up.

      You're losing the 15G, right?

      I know 15G isn't much, but I was just thinking for future reference, if it was more than 15G.

      Losing 15GB? Not if you are thin provisioned.

      Well, as of right now, this is how things rolled...

      1. Imported the GrayLog OVA appliance to XS.
      2. It creates a 19.5GB virtual disk where it does its magic.
      3. Part of that magic is this 15GB partition that is now full.

      So, even thin provisioned, isn't that space already taken? (AKA once the data fills it, it still uses it even if the data is deleted, correct?)

      Oh sorry, yes. Don't use appliances, build your own with proper specs 😉

      It handles quite a bit for what it is. I used it specifically to test what one server would handle. I changed it to 8 GB RAM and 2x6 CPUs. We're hammering it with around 60-70 million messages per day and it doesn't even blink. I did have to up the journal size, but other than that it's pretty amazing what it's doing.

      At some point I'm going to build a cluster because searching a string over everything takes around 10 seconds, but it's going strong.

      LOL - 10 seconds. what's the business case for putting more money into making the log searches faster? I'm sure there is one, I'm just curious.

      It's going to get much bigger. That was only over around 200 million messages. We have to keep a years worth, so unless I close old indices and manually open them again, it's going to end up taking a while.

      Closing them may be the way to go, but their interface only has an option to do one action after a period of time. I might have to set up a cron job with an API call for that.

      1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller @Dashrender
        last edited by

        @Dashrender said in BRRABill's Field Report With Linux:

        @stacksofplates said in BRRABill's Field Report With Linux:

        @scottalanmiller said in BRRABill's Field Report With Linux:

        @BRRABill said in BRRABill's Field Report With Linux:

        @scottalanmiller said in BRRABill's Field Report With Linux:

        @BRRABill said in BRRABill's Field Report With Linux:

        @DustinB3403 said in BRRABill's Field Report With Linux:

        @BRRABill Adding a second drive to a VM is literally nothing though.

        It would be better practice to add a drive, than to try and extend the existing one.

        But in theory, that 15G partition is part of the 19.5GB VHD the GrayLog appliance sets up.

        You're losing the 15G, right?

        I know 15G isn't much, but I was just thinking for future reference, if it was more than 15G.

        Losing 15GB? Not if you are thin provisioned.

        Well, as of right now, this is how things rolled...

        1. Imported the GrayLog OVA appliance to XS.
        2. It creates a 19.5GB virtual disk where it does its magic.
        3. Part of that magic is this 15GB partition that is now full.

        So, even thin provisioned, isn't that space already taken? (AKA once the data fills it, it still uses it even if the data is deleted, correct?)

        Oh sorry, yes. Don't use appliances, build your own with proper specs 😉

        It handles quite a bit for what it is. I used it specifically to test what one server would handle. I changed it to 8 GB RAM and 2x6 CPUs. We're hammering it with around 60-70 million messages per day and it doesn't even blink. I did have to up the journal size, but other than that it's pretty amazing what it's doing.

        At some point I'm going to build a cluster because searching a string over everything takes around 10 seconds, but it's going strong.

        LOL - 10 seconds. what's the business case for putting more money into making the log searches faster? I'm sure there is one, I'm just curious.

        Same as anywhere else. If you are waiting around for ten seconds for every little log view and you do that with any regularity that is tons of time wasted. And if you need those logs for triage, that might equate to downtime.

        Consider if you do 100 log searches a day (not necessarily from one person) that's 1,000 seconds. That's 17 minutes of people just sitting around waiting each day. But it's far worse than that. Ten seconds starts to disrupt your thinking. A ten second wait on a log might turn into distraction. It might be 30 minutes of lost productivity.

        If your team is $50K each, that's about $15 lost per day or $3,000 annually. Magnify that if you are more distracted, earn over $50K, have lost productivity from the wait, have an impact to triage or do over 100 log lookups per day.

        1 Reply Last reply Reply Quote 1
        • DustinB3403D
          DustinB3403
          last edited by

          Speaking of distractions I'm running a dell diag on my host1 before setting it backup for production use.

          It was acting funky, xByte and Dell Support were wonderful with getting things squared away, but this was one thing I wanted to get completed and didn't.

          Doing it now via iDrac connection. Out of band management is freaking awesome!

          1 Reply Last reply Reply Quote 1
          • DustinB3403D
            DustinB3403
            last edited by

            And I've got an error, now to investigate.

            0_1476289829678_jp2launcher_2016-10-12_12-30-18.png

            1 Reply Last reply Reply Quote 0
            • DustinB3403D
              DustinB3403
              last edited by

              And it's a warning more than an error stating the logs haven't been checked.

              1 Reply Last reply Reply Quote 0
              • BRRABillB
                BRRABill @scottalanmiller
                last edited by

                @scottalanmiller said in BRRABill's Field Report With Linux:

                @DustinB3403 said in BRRABill's Field Report With Linux:

                @scottalanmiller said in BRRABill's Field Report With Linux:

                @BRRABill said in BRRABill's Field Report With Linux:

                @scottalanmiller said in BRRABill's Field Report With Linux:

                @Dashrender said in BRRABill's Field Report With Linux:

                @BRRABill said in BRRABill's Field Report With Linux:

                @scottalanmiller said in BRRABill's Field Report With Linux:

                @BRRABill said in BRRABill's Field Report With Linux:

                @DustinB3403 said in BRRABill's Field Report With Linux:

                @BRRABill Adding a second drive to a VM is literally nothing though.

                It would be better practice to add a drive, than to try and extend the existing one.

                But in theory, that 15G partition is part of the 19.5GB VHD the GrayLog appliance sets up.

                You're losing the 15G, right?

                I know 15G isn't much, but I was just thinking for future reference, if it was more than 15G.

                Losing 15GB? Not if you are thin provisioned.

                Well, as of right now, this is how things rolled...

                1. Imported the GrayLog OVA appliance to XS.
                2. It creates a 19.5GB virtual disk where it does its magic.
                3. Part of that magic is this 15GB partition that is now full.

                So, even thin provisioned, isn't that space already taken? (AKA once the data fills it, it still uses it even if the data is deleted, correct?)

                Sure it is, but after you copy that data to the new drive, you'll delete it from the old drive making it empty... Assuming XS can reclaim now empty space, you'll gain that 15 GB back.

                Yes, in reality this is all that you do. Make a new one, remove the old.

                But in this particular appliance scenario, that is not possible, correct?

                I don't have the appliance in front of me, are there not separate disks for these things?

                No, the OVA imports a single disk with 2 LV's.

                That's bad design.

                Why?

                scottalanmillerS 1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @BRRABill
                  last edited by

                  @BRRABill said in BRRABill's Field Report With Linux:

                  @scottalanmiller said in BRRABill's Field Report With Linux:

                  @DustinB3403 said in BRRABill's Field Report With Linux:

                  @scottalanmiller said in BRRABill's Field Report With Linux:

                  @BRRABill said in BRRABill's Field Report With Linux:

                  @scottalanmiller said in BRRABill's Field Report With Linux:

                  @Dashrender said in BRRABill's Field Report With Linux:

                  @BRRABill said in BRRABill's Field Report With Linux:

                  @scottalanmiller said in BRRABill's Field Report With Linux:

                  @BRRABill said in BRRABill's Field Report With Linux:

                  @DustinB3403 said in BRRABill's Field Report With Linux:

                  @BRRABill Adding a second drive to a VM is literally nothing though.

                  It would be better practice to add a drive, than to try and extend the existing one.

                  But in theory, that 15G partition is part of the 19.5GB VHD the GrayLog appliance sets up.

                  You're losing the 15G, right?

                  I know 15G isn't much, but I was just thinking for future reference, if it was more than 15G.

                  Losing 15GB? Not if you are thin provisioned.

                  Well, as of right now, this is how things rolled...

                  1. Imported the GrayLog OVA appliance to XS.
                  2. It creates a 19.5GB virtual disk where it does its magic.
                  3. Part of that magic is this 15GB partition that is now full.

                  So, even thin provisioned, isn't that space already taken? (AKA once the data fills it, it still uses it even if the data is deleted, correct?)

                  Sure it is, but after you copy that data to the new drive, you'll delete it from the old drive making it empty... Assuming XS can reclaim now empty space, you'll gain that 15 GB back.

                  Yes, in reality this is all that you do. Make a new one, remove the old.

                  But in this particular appliance scenario, that is not possible, correct?

                  I don't have the appliance in front of me, are there not separate disks for these things?

                  No, the OVA imports a single disk with 2 LV's.

                  That's bad design.

                  Why?

                  Using partitions instead of VHDs is pre-virtualization thinking. You lack the control that you should have. You lose benefits and gain none.

                  1 Reply Last reply Reply Quote 0
                  • BRRABillB
                    BRRABill
                    last edited by

                    Linux QOTD (Question Of The Day)

                    My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.

                    How do I remedy that?

                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @BRRABill
                      last edited by

                      @BRRABill said in BRRABill's Field Report With Linux:

                      Linux QOTD (Question Of The Day)

                      My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.

                      How do I remedy that?

                      Do you want it to grab one (DHCP) or to have one (Static)?

                      BRRABillB 1 Reply Last reply Reply Quote 0
                      • BRRABillB
                        BRRABill @scottalanmiller
                        last edited by

                        @scottalanmiller said in BRRABill's Field Report With Linux:

                        @BRRABill said in BRRABill's Field Report With Linux:

                        Linux QOTD (Question Of The Day)

                        My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.

                        How do I remedy that?

                        Do you want it to grab one (DHCP) or to have one (Static)?

                        Grab one.

                        I've never actually had this issue. It has always grabbed one.

                        Not sure what happened to this instance.

                        Stupid Linux.

                        stacksofplatesS 1 Reply Last reply Reply Quote 0
                        • stacksofplatesS
                          stacksofplates @BRRABill
                          last edited by

                          @BRRABill said in BRRABill's Field Report With Linux:

                          @scottalanmiller said in BRRABill's Field Report With Linux:

                          @BRRABill said in BRRABill's Field Report With Linux:

                          Linux QOTD (Question Of The Day)

                          My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.

                          How do I remedy that?

                          Do you want it to grab one (DHCP) or to have one (Static)?

                          Grab one.

                          I've never actually had this issue. It has always grabbed one.

                          Not sure what happened to this instance.

                          Stupid Linux.

                          Is the networking daemon starting when the system starts?

                          What's your /etc/network/interfaces file look like?

                          BRRABillB 1 Reply Last reply Reply Quote 2
                          • BRRABillB
                            BRRABill @stacksofplates
                            last edited by BRRABill

                            @stacksofplates said

                            Is the networking daemon starting when the system starts?

                            What's your /etc/network/interfaces file look like?

                            As a Linux noob, never been in that file before.

                            But after going into it, I immediately know (I think) what the issue was.

                            It has eth1 and ifconfig shows eth0.

                            Yep, that was it. More knowledge, mmmmmm!

                            # This file describes the network interfaces available on your system
                            # and how to activate them. For more information, see interfaces(5).
                            
                            source /etc/network/interfaces.d/*
                            
                            # The loopback network interface
                            auto lo
                            iface lo inet loopback
                            
                            # The primary network interface
                            auto eth1
                            iface eth1 inet dhcp
                            ~
                            
                            1 Reply Last reply Reply Quote 3
                            • momurdaM
                              momurda
                              last edited by

                              I think you mean ip addr
                              ifconfig is old-hat, apparently. I still in habit of using ifconfig myself.

                              BRRABillB 1 Reply Last reply Reply Quote 1
                              • BRRABillB
                                BRRABill @momurda
                                last edited by

                                @momurda said in BRRABill's Field Report With Linux:

                                I think you mean ip addr
                                ifconfig is old-hat, apparently. I still in habit of using ifconfig myself.

                                I started way back in the day of using ifconfig and just haven't broken out of it it.

                                Way back in the day meaning like July.

                                1 Reply Last reply Reply Quote 1
                                • dafyreD
                                  dafyre
                                  last edited by

                                  I'll likely keep typing it until it starts saying:

                                  "Command not found, use ip addr, ya idjit"

                                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller @dafyre
                                    last edited by

                                    @dafyre said in BRRABill's Field Report With Linux:

                                    I'll likely keep typing it until it starts saying:

                                    "Command not found, use ip addr, ya idjit"

                                    You can fix that with an alias.

                                    dafyreD 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller
                                      last edited by

                                      ifconfig is deal, long live ip addr

                                      travisdh1T 1 Reply Last reply Reply Quote 0
                                      • travisdh1T
                                        travisdh1 @scottalanmiller
                                        last edited by

                                        @scottalanmiller said in BRRABill's Field Report With Linux:

                                        ifconfig is deal, long live ip a

                                        FYFY - cause I'm lazy, and that's all I type out

                                        1 Reply Last reply Reply Quote 0
                                        • dafyreD
                                          dafyre @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in BRRABill's Field Report With Linux:

                                          @dafyre said in BRRABill's Field Report With Linux:

                                          I'll likely keep typing it until it starts saying:

                                          "Command not found, use ip addr, ya idjit"

                                          You can fix that with an alias.

                                          True. But at that point, I'd likely just sigh and type the correct command.

                                          1 Reply Last reply Reply Quote 2
                                          • BRRABillB
                                            BRRABill
                                            last edited by

                                            QOTD:

                                            So I installed Ubuntu 16.10 yesterday to set up a Unifi cloud controller.

                                            I followed some pretty simple directions here which had me "setup the iptables" firewall.
                                            https://community.ubnt.com/t5/UniFi-Wireless/Step-by-Step-Walkthrough-Set-up-Unifi-Cloud-Controller-v-4-7-6/td-p/1324666

                                            But I have seen most articles reference ufw as the firewall in Ubuntu, a "front end" for iptables.

                                            So, can someone explain what the heck these two things are? Are they two separate things that should not be used together?

                                            ufw was installed but not enabled on my install. Is iptables enabled by default on fresh installs?

                                            travisdh1T 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 8
                                            • 4 / 8
                                            • First post
                                              Last post