Final Call ... XenServer Boot Media
-
@Dashrender said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
I figured out why Graylog wasn't "working".
It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.
what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?
I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.
-
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.
The . (at the very end) what purpose does that server?
No idea.
And I wonder if we really NEED those logs.
It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.
So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.
Didn't say that.
Do you think any of those things are needed/useful?
I mean, again, the ML recommendation is to use USB. If it's the wrong recommendation or we have no idea what it is doing, perhaps it should be amended.
-
@BRRABill
@DustinB3403
Who is going to start a new thread regarding no local logging for XS?
It seems you're both happy with the current situation? -
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.
The . (at the very end) what purpose does that server?
No idea.
And I wonder if we really NEED those logs.
It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.
So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.
Didn't say that.
Do you think any of those things are needed/useful?
I mean, again, the ML recommendation is to use USB. If it's the wrong recommendation or we have no idea what it is doing, perhaps it should be amended.
What things? Everything is going to the Graylog, so I don't know what things you are referencing.
-
@BRRABill said in Final Call ... XenServer Boot Media:
@Dashrender said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
I figured out why Graylog wasn't "working".
It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.
what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?
I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.
Which means nothing was ever "not working."
Instead you were searching incorrectly. -
@FATeknollogee said in Final Call ... XenServer Boot Media:
@BRRABill
@DustinB3403
Who is going to start a new thread regarding no local logging for XS?
It seems you're both happy with the current situation?@DustinB3403 is still on XS 6.5, and he saw the same issues I did. When you comment out the local logging, XS just re-writes the file.
It seems to work perfectly with XS 7. But I'll check in the morning because the last thing we thought worked perfectly crashed the server!
-
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
I would still assume based on what you've presented that you need to comment out the local storage folders on both XS6.5 and XS7 to disable logging locally.
The . (at the very end) what purpose does that server?
No idea.
And I wonder if we really NEED those logs.
It's just to disable defaults. It's meaningless given the remote command that you've added. Feel free to comment it out or delete it as you have overridden it already.
So, you don't think there are also things that might not get sent to the remote syslog server? I guess we could test that as well.
Didn't say that.
Do you think any of those things are needed/useful?
I mean, again, the ML recommendation is to use USB. If it's the wrong recommendation or we have no idea what it is doing, perhaps it should be amended.
What things? Everything is going to the Graylog, so I don't know what things you are referencing.
Is everything going? We can be confident of that?
Why do you keep asking Mr. Migayi type questions? LOL.
-
@JaredBusch said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@Dashrender said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
I figured out why Graylog wasn't "working".
It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.
what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?
I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.
Which means nothing was ever "not working."
Instead you were searching incorrectly.Well, I did put "working" in quotes.
But I disagree I was searching incorrectly. If you want to play a word game, I would consider it correct searching of data that was incorrectly entered.
-
@BRRABill said in Final Call ... XenServer Boot Media:
Is everything going? We can be confident of that?
Yes, there is literally zero reason for the concern to have arisen. It's a false worry based on nothing, then weird doubt of injecting a weird "if we send all logs somewhere, how can we be sure it is ALL logs." Um... you sent them ALL, period. If you think that the most used syslog software in the world randomly doesn't send logs of its own accord just to trick you, you are either into a realm of not trusting the platform whatsoever and this discussion is moot, or you are going crazy and need a tinfoil hat.
What would make you even ask this question?
-
@BRRABill said in Final Call ... XenServer Boot Media:
@JaredBusch said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@Dashrender said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
What log server are you using to collect the logs?
What changes did you make to the config file for the logs?
I was using Graylog, which was working before. However now it is NOT working.
Trying to reinstall GrayLog.
I figured out why Graylog wasn't "working".
It installs with a timezone of straight UTC. I set my timezone to America/New_York and rebooted. And VOILA! It is now working again.
what about it wasn't working? your time based searches were off? or because the time zones didn't match, it didn't work?
I was searching for traffic from, say, the past 30 minutes, and nothing was showing up.
Which means nothing was ever "not working."
Instead you were searching incorrectly.Well, I did put "working" in quotes.
But I disagree I was searching incorrectly. If you want to play a word game, I would consider it correct searching of data that was incorrectly entered.
I don't think that that is possible. The issue was that you had the wrong time on the system, right? So the data was entered correctly, but searched for incorrectly. Isn't that what actually happened? UTC data is not going to cause a time problem, that's why we use it. The issue was that you had the wrong time on the box and then did a search in the future rather than for the current data?
-
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 is still on XS 6.5, and he saw the same issues I did. When you comment out the local logging, XS just re-writes the file.
It does? It rewrites the xenserver.conf file?
-
@scottalanmiller said
What would make you even ask this question?
Didn't you say the same thing about redirecting /var/log?
-
@scottalanmiller said
I don't think that that is possible. The issue was that you had the wrong time on the system, right? So the data was entered correctly, but searched for incorrectly. Isn't that what actually happened? UTC data is not going to cause a time problem, that's why we use it. The issue was that you had the wrong time on the box and then did a search in the future rather than for the current data?
Again, if we want to play a semantics game of ... hey all the Linux gurus in the world use UTC, and if you don't, well you just don't know what you are doing, then fine, it was a searching error, and all mine. I'm not saying that isn't true.
But if I buy an alarm clock, I expect it to be in regular time, just like every other clock ever. Unless it is a special clock that clearly states UTC on the box.
Every system I have ever used always adjusts to local time. Even XS asks you that. All the Linux distros do as well.
If you are trying to tell me that this ONE system that is set up like this is the norm, and all the others are incorrect or just plain dumb, well, then, fine.
So, you are telling me on your desktop, the clock is UTC? Do you use UTC in your daily life?
-
@BRRABill said in Final Call ... XenServer Boot Media:
So, you are telling me on your desktop, the clock is UTC? Do you use UTC in your daily life?
Yes, I sometimes even set my desktop to it and I have it on my watch. UTC is by far the most useful timezone and saves a lot of headaches.
-
@BRRABill said in Final Call ... XenServer Boot Media:
Again, if we want to play a semantics game of ... hey all the
LinuxIT gurus in the world use UTC, and if you don't, well you just don't know what you are doing, then fine, it was a searching error, and all mine. I'm not saying that isn't true.FTFY
-
@BRRABill said in Final Call ... XenServer Boot Media:
But if I buy an alarm clock, I expect it to be in regular time, just like every other clock ever. Unless it is a special clock that clearly states UTC on the box.
I don't even understand this statement. UTC is regular time as much as anything else.
-
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
Is everything going? We can be confident of that?
Yes, there is literally zero reason for the concern to have arisen. It's a false worry based on nothing, then weird doubt of injecting a weird "if we send all logs somewhere, how can we be sure it is ALL logs." Um... you sent them ALL, period. If you think that the most used syslog software in the world randomly doesn't send logs of its own accord just to trick you, you are either into a realm of not trusting the platform whatsoever and this discussion is moot, or you are going crazy and need a tinfoil hat.
What would make you even ask this question?
what made me think of a question like that was the break out of all of the log information in the config file. But the . at the end does kind of imply that all things would go to the listed place.
-
@BRRABill said in Final Call ... XenServer Boot Media:
If you are trying to tell me that this ONE system that is set up like this is the norm, and all the others are incorrect or just plain dumb, well, then, fine.
General good practice (rule of thumb, NOT best practice) is to "always" use UTC for all service based systems (servers and similar devices.) End users set time for the user, not the system, so this does not normally apply to end users. But we've always set all servers to UTC since the late 1990s. It protects against time bugs from the 1990s, it makes logs way clearer, it keeps people like @Minion-Queen from causing time problems from getting confused on time zones, it lets teams in different regions work together seamlessly. Yes, UTC on everything for IT.
-
@Dashrender said in Final Call ... XenServer Boot Media:
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
Is everything going? We can be confident of that?
Yes, there is literally zero reason for the concern to have arisen. It's a false worry based on nothing, then weird doubt of injecting a weird "if we send all logs somewhere, how can we be sure it is ALL logs." Um... you sent them ALL, period. If you think that the most used syslog software in the world randomly doesn't send logs of its own accord just to trick you, you are either into a realm of not trusting the platform whatsoever and this discussion is moot, or you are going crazy and need a tinfoil hat.
What would make you even ask this question?
what made me think of a question like that was the break out of all of the log information in the config file. But the . at the end does kind of imply that all things would go to the listed place.
But we stopped breaking out.
-
@scottalanmiller said in Final Call ... XenServer Boot Media:
@BRRABill said in Final Call ... XenServer Boot Media:
@DustinB3403 is still on XS 6.5, and he saw the same issues I did. When you comment out the local logging, XS just re-writes the file.
It does? It rewrites the xenserver.conf file?
Well, in 6.5 it is located at /etc/syslog.conf.
If you make changes to it, it gets re-written on service restart.
At least that is what I saw. And also what happened to @DustinB3403. And also people in the comments left that it had happened to them. (You could make it read only which stopped this.)