BRRABill's Field Report With Linux
-
@Dashrender said in BRRABill's Field Report With Linux:
@stacksofplates said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@DustinB3403 said in BRRABill's Field Report With Linux:
@BRRABill Adding a second drive to a VM is literally nothing though.
It would be better practice to add a drive, than to try and extend the existing one.
But in theory, that 15G partition is part of the 19.5GB VHD the GrayLog appliance sets up.
You're losing the 15G, right?
I know 15G isn't much, but I was just thinking for future reference, if it was more than 15G.
Losing 15GB? Not if you are thin provisioned.
Well, as of right now, this is how things rolled...
- Imported the GrayLog OVA appliance to XS.
- It creates a 19.5GB virtual disk where it does its magic.
- Part of that magic is this 15GB partition that is now full.
So, even thin provisioned, isn't that space already taken? (AKA once the data fills it, it still uses it even if the data is deleted, correct?)
Oh sorry, yes. Don't use appliances, build your own with proper specs
It handles quite a bit for what it is. I used it specifically to test what one server would handle. I changed it to 8 GB RAM and 2x6 CPUs. We're hammering it with around 60-70 million messages per day and it doesn't even blink. I did have to up the journal size, but other than that it's pretty amazing what it's doing.
At some point I'm going to build a cluster because searching a string over everything takes around 10 seconds, but it's going strong.
LOL - 10 seconds. what's the business case for putting more money into making the log searches faster? I'm sure there is one, I'm just curious.
It's going to get much bigger. That was only over around 200 million messages. We have to keep a years worth, so unless I close old indices and manually open them again, it's going to end up taking a while.
Closing them may be the way to go, but their interface only has an option to do one action after a period of time. I might have to set up a cron job with an API call for that.
-
@Dashrender said in BRRABill's Field Report With Linux:
@stacksofplates said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@DustinB3403 said in BRRABill's Field Report With Linux:
@BRRABill Adding a second drive to a VM is literally nothing though.
It would be better practice to add a drive, than to try and extend the existing one.
But in theory, that 15G partition is part of the 19.5GB VHD the GrayLog appliance sets up.
You're losing the 15G, right?
I know 15G isn't much, but I was just thinking for future reference, if it was more than 15G.
Losing 15GB? Not if you are thin provisioned.
Well, as of right now, this is how things rolled...
- Imported the GrayLog OVA appliance to XS.
- It creates a 19.5GB virtual disk where it does its magic.
- Part of that magic is this 15GB partition that is now full.
So, even thin provisioned, isn't that space already taken? (AKA once the data fills it, it still uses it even if the data is deleted, correct?)
Oh sorry, yes. Don't use appliances, build your own with proper specs
It handles quite a bit for what it is. I used it specifically to test what one server would handle. I changed it to 8 GB RAM and 2x6 CPUs. We're hammering it with around 60-70 million messages per day and it doesn't even blink. I did have to up the journal size, but other than that it's pretty amazing what it's doing.
At some point I'm going to build a cluster because searching a string over everything takes around 10 seconds, but it's going strong.
LOL - 10 seconds. what's the business case for putting more money into making the log searches faster? I'm sure there is one, I'm just curious.
Same as anywhere else. If you are waiting around for ten seconds for every little log view and you do that with any regularity that is tons of time wasted. And if you need those logs for triage, that might equate to downtime.
Consider if you do 100 log searches a day (not necessarily from one person) that's 1,000 seconds. That's 17 minutes of people just sitting around waiting each day. But it's far worse than that. Ten seconds starts to disrupt your thinking. A ten second wait on a log might turn into distraction. It might be 30 minutes of lost productivity.
If your team is $50K each, that's about $15 lost per day or $3,000 annually. Magnify that if you are more distracted, earn over $50K, have lost productivity from the wait, have an impact to triage or do over 100 log lookups per day.
-
Speaking of distractions I'm running a dell diag on my host1 before setting it backup for production use.
It was acting funky, xByte and Dell Support were wonderful with getting things squared away, but this was one thing I wanted to get completed and didn't.
Doing it now via iDrac connection. Out of band management is freaking awesome!
-
And I've got an error, now to investigate.
-
And it's a warning more than an error stating the logs haven't been checked.
-
@scottalanmiller said in BRRABill's Field Report With Linux:
@DustinB3403 said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@Dashrender said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@DustinB3403 said in BRRABill's Field Report With Linux:
@BRRABill Adding a second drive to a VM is literally nothing though.
It would be better practice to add a drive, than to try and extend the existing one.
But in theory, that 15G partition is part of the 19.5GB VHD the GrayLog appliance sets up.
You're losing the 15G, right?
I know 15G isn't much, but I was just thinking for future reference, if it was more than 15G.
Losing 15GB? Not if you are thin provisioned.
Well, as of right now, this is how things rolled...
- Imported the GrayLog OVA appliance to XS.
- It creates a 19.5GB virtual disk where it does its magic.
- Part of that magic is this 15GB partition that is now full.
So, even thin provisioned, isn't that space already taken? (AKA once the data fills it, it still uses it even if the data is deleted, correct?)
Sure it is, but after you copy that data to the new drive, you'll delete it from the old drive making it empty... Assuming XS can reclaim now empty space, you'll gain that 15 GB back.
Yes, in reality this is all that you do. Make a new one, remove the old.
But in this particular appliance scenario, that is not possible, correct?
I don't have the appliance in front of me, are there not separate disks for these things?
No, the OVA imports a single disk with 2 LV's.
That's bad design.
Why?
-
@BRRABill said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@DustinB3403 said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@Dashrender said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
@DustinB3403 said in BRRABill's Field Report With Linux:
@BRRABill Adding a second drive to a VM is literally nothing though.
It would be better practice to add a drive, than to try and extend the existing one.
But in theory, that 15G partition is part of the 19.5GB VHD the GrayLog appliance sets up.
You're losing the 15G, right?
I know 15G isn't much, but I was just thinking for future reference, if it was more than 15G.
Losing 15GB? Not if you are thin provisioned.
Well, as of right now, this is how things rolled...
- Imported the GrayLog OVA appliance to XS.
- It creates a 19.5GB virtual disk where it does its magic.
- Part of that magic is this 15GB partition that is now full.
So, even thin provisioned, isn't that space already taken? (AKA once the data fills it, it still uses it even if the data is deleted, correct?)
Sure it is, but after you copy that data to the new drive, you'll delete it from the old drive making it empty... Assuming XS can reclaim now empty space, you'll gain that 15 GB back.
Yes, in reality this is all that you do. Make a new one, remove the old.
But in this particular appliance scenario, that is not possible, correct?
I don't have the appliance in front of me, are there not separate disks for these things?
No, the OVA imports a single disk with 2 LV's.
That's bad design.
Why?
Using partitions instead of VHDs is pre-virtualization thinking. You lack the control that you should have. You lose benefits and gain none.
-
Linux QOTD (Question Of The Day)
My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.
How do I remedy that?
-
@BRRABill said in BRRABill's Field Report With Linux:
Linux QOTD (Question Of The Day)
My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.
How do I remedy that?
Do you want it to grab one (DHCP) or to have one (Static)?
-
@scottalanmiller said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
Linux QOTD (Question Of The Day)
My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.
How do I remedy that?
Do you want it to grab one (DHCP) or to have one (Static)?
Grab one.
I've never actually had this issue. It has always grabbed one.
Not sure what happened to this instance.
Stupid Linux.
-
@BRRABill said in BRRABill's Field Report With Linux:
@scottalanmiller said in BRRABill's Field Report With Linux:
@BRRABill said in BRRABill's Field Report With Linux:
Linux QOTD (Question Of The Day)
My XO instance (Ubuntu 16.04) does not automatically grab an IP address on reboot.
How do I remedy that?
Do you want it to grab one (DHCP) or to have one (Static)?
Grab one.
I've never actually had this issue. It has always grabbed one.
Not sure what happened to this instance.
Stupid Linux.
Is the networking daemon starting when the system starts?
What's your /etc/network/interfaces file look like?
-
@stacksofplates said
Is the networking daemon starting when the system starts?
What's your /etc/network/interfaces file look like?
As a Linux noob, never been in that file before.
But after going into it, I immediately know (I think) what the issue was.
It has eth1 and ifconfig shows eth0.
Yep, that was it. More knowledge, mmmmmm!
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth1 iface eth1 inet dhcp ~
-
I think you mean
ip addr
ifconfig
is old-hat, apparently. I still in habit of using ifconfig myself. -
@momurda said in BRRABill's Field Report With Linux:
I think you mean
ip addr
ifconfig
is old-hat, apparently. I still in habit of using ifconfig myself.I started way back in the day of using ifconfig and just haven't broken out of it it.
Way back in the day meaning like July.
-
I'll likely keep typing it until it starts saying:
"Command not found, use ip addr, ya idjit"
-
@dafyre said in BRRABill's Field Report With Linux:
I'll likely keep typing it until it starts saying:
"Command not found, use ip addr, ya idjit"
You can fix that with an alias.
-
ifconfig is deal, long live ip addr
-
@scottalanmiller said in BRRABill's Field Report With Linux:
ifconfig is deal, long live ip a
FYFY - cause I'm lazy, and that's all I type out
-
@scottalanmiller said in BRRABill's Field Report With Linux:
@dafyre said in BRRABill's Field Report With Linux:
I'll likely keep typing it until it starts saying:
"Command not found, use ip addr, ya idjit"
You can fix that with an alias.
True. But at that point, I'd likely just sigh and type the correct command.
-
QOTD:
So I installed Ubuntu 16.10 yesterday to set up a Unifi cloud controller.
I followed some pretty simple directions here which had me "setup the iptables" firewall.
https://community.ubnt.com/t5/UniFi-Wireless/Step-by-Step-Walkthrough-Set-up-Unifi-Cloud-Controller-v-4-7-6/td-p/1324666But I have seen most articles reference ufw as the firewall in Ubuntu, a "front end" for iptables.
So, can someone explain what the heck these two things are? Are they two separate things that should not be used together?
ufw was installed but not enabled on my install. Is iptables enabled by default on fresh installs?