Final Call ... XenServer Boot Media
-
@BRRABill said in Final Call ... XenServer Boot Media:
@stacksofplates said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
Is there an easy way in Linux to see what files have been written to today?
You could do a find at the root level
find / -path /proc -prune -o -type f -mtime -1
That searches for all files modified in less than a day excluding the /proc directory.
Another quick Linux question...
How does one create a file out of that? It went too far for my Putty window to handle.
pipe it to a file
>> files.txt
-
-
Ah, ML peeps always around to help me navigate Linux!
-
@BRRABill said in Final Call ... XenServer Boot Media:
Ah, ML peeps always around to help me navigate Linux!
-
@JaredBusch said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
Ah, ML peeps always around to help me navigate Linux!
Ah, ML peeps always around to help me navigate Linux even further!
-
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
I figured out why Graylog wasn't "working".
It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.
-
Still good!
-rw-r--r-- 1 root root 38273316 Sep 6 11:25 lastlog -rw-rw-r-- 1 root utmp 43776 Sep 6 11:25 wtmp -rw------- 1 root utmp 768 Sep 6 11:21 btmp drwxr-xr-x 2 root root 4096 Sep 6 11:20 blktap -rw-r--r-- 1 root root 792 Sep 6 11:16 ovs-xapi-sync.log -rw-r--r-- 1 root root 2628 Sep 6 11:15 ovs-ctl.log -rw-r--r-- 1 root root 1784 Sep 6 11:14 restoreeswitchcfg.log -rw-r--r-- 1 root root 348 Sep 6 11:14 interface-rename.log -rw-r--r-- 1 root root 128 Sep 6 11:14 xenstored.log -rw-r--r-- 1 root root 11212 Sep 6 11:14 boot.log
-
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.
The . (at the very end) what purpose does that server?
No idea.
And I wonder if we really NEED those logs.
It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.
So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.
Didn't say that.
-
@BRRABill said in Final Call ... XenServer Boot Media:
@Dashrender said in Final Call ... XenServer Boot Media:
awesome.. where are you sending the logs? to an ELK or Greylog server?
Graylog.
However, my Graylog server that was working two weeks ago is now longer no longer working.
So, trying to remedy that.
DId you use the appliance?
-
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
I figured out why Graylog wasn't "working".
It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.
what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?
-
@Dashrender said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
I figured out why Graylog wasn't "working".
It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.
what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?
I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.
-
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.
The . (at the very end) what purpose does that server?
No idea.
And I wonder if we really NEED those logs.
It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.
So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.
Didn't say that.
Do you think any of those things are needed/useful?
I mean, again, the ML recommendation is to use USB. If it's the wrong recommendation or we have no idea what it is doing, perhaps it should be amended.
-
@BRRABill
@DustinB3403
Who is going to start a new thread regarding no local logging for XS?
It seems you're both happy with the current situation? -
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.
The . (at the very end) what purpose does that server?
No idea.
And I wonder if we really NEED those logs.
It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.
So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.
Didn't say that.
Do you think any of those things are needed/useful?
I mean, again, the ML recommendation is to use USB. If it's the wrong recommendation or we have no idea what it is doing, perhaps it should be amended.
What things? Everything is going to the Graylog, so I don't know what things you are referencing.
-
@BRRABill said in Final Call ... XenServer Boot Media:
@Dashrender said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
I figured out why Graylog wasn't "working".
It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.
what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?
I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.
Which means nothing was ever "not working."
Instead you were searching incorrectly. -
@FATeknollogee said in Final Call ... XenServer Boot Media:
@BRRABill
@DustinB3403
Who is going to start a new thread regarding no local logging for XS?
It seems you're both happy with the current situation?@DustinB3403 is still on XS 6.5, and he saw the same issues I did. When you comment out the local logging, XS just re-writes the file.
It seems to work perfectly with XS 7. But I'll check in the morning because the last thing we thought worked perfectly crashed the server!
-
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.
The . (at the very end) what purpose does that server?
No idea.
And I wonder if we really NEED those logs.
It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.
So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.
Didn't say that.
Do you think any of those things are needed/useful?
I mean, again, the ML recommendation is to use USB. If it's the wrong recommendation or we have no idea what it is doing, perhaps it should be amended.
What things? Everything is going to the Graylog, so I don't know what things you are referencing.
Is everything going? We can be confident of that?
Why do you keep asking Mr. Migayi type questions? LOL.
-
@JaredBusch said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@Dashrender said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
I figured out why Graylog wasn't "working".
It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.
what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?
I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.
Which means nothing was ever "not working."
Instead you were searching incorrectly.Well, I did put "working" in quotes.
But I disagree I was searching incorrectly. If you want to play a word game, I would consider it correct searching of data that was incorrectly entered.
-
@BRRABill said in Final Call ... XenServer Boot Media:
Is everything going? We can be confident of that?
Yes, there is literally zero reason for the concern to have arisen. It's a false worry based on nothing, then weird doubt of injecting a weird "if we send all logs somewhere, how can we be sure it is ALL logs." Um... you sent them ALL, period. If you think that the most used syslog software in the world randomly doesn't send logs of its own accord just to trick you, you are either into a realm of not trusting the platform whatsoever and this discussion is moot, or you are going crazy and need a tinfoil hat.
What would make you even ask this question?
-
@BRRABill said in Final Call ... XenServer Boot Media:
@JaredBusch said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@Dashrender said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
I figured out why Graylog wasn't "working".
It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.
what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?
I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.
Which means nothing was ever "not working."
Instead you were searching incorrectly.Well, I did put "working" in quotes.
But I disagree I was searching incorrectly. If you want to play a word game, I would consider it correct searching of data that was incorrectly entered.
I don't think that that is possible. The issue was that you had the wrong time on the system, right? So the data was entered correctly, but searched for incorrectly. Isn't that what actually happened? UTC data is not going to cause a time problem, that's why we use it. The issue was that you had the wrong time on the box and then did a search in the future rather than for the current data?