ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Final Call ... XenServer Boot Media

    Scheduled Pinned Locked Moved IT Discussion
    178 Posts 10 Posters 23.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said in Final Call ... XenServer Boot Media:

      @BRRABill said in Final Call ... XenServer Boot Media:

      Is everything going? We can be confident of that?

      Yes, there is literally zero reason for the concern to have arisen. It's a false worry based on nothing, then weird doubt of injecting a weird "if we send all logs somewhere, how can we be sure it is ALL logs." Um... you sent them ALL, period. If you think that the most used syslog software in the world randomly doesn't send logs of its own accord just to trick you, you are either into a realm of not trusting the platform whatsoever and this discussion is moot, or you are going crazy and need a tinfoil hat.

      What would make you even ask this question?

      what made me think of a question like that was the break out of all of the log information in the config file. But the . at the end does kind of imply that all things would go to the listed place.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • scottalanmillerS
        scottalanmiller @BRRABill
        last edited by

        @BRRABill said in Final Call ... XenServer Boot Media:

        If you are trying to tell me that this ONE system that is set up like this is the norm, and all the others are incorrect or just plain dumb, well, then, fine.

        General good practice (rule of thumb, NOT best practice) is to "always" use UTC for all service based systems (servers and similar devices.) End users set time for the user, not the system, so this does not normally apply to end users. But we've always set all servers to UTC since the late 1990s. It protects against time bugs from the 1990s, it makes logs way clearer, it keeps people like @Minion-Queen from causing time problems from getting confused on time zones, it lets teams in different regions work together seamlessly. Yes, UTC on everything for IT.

        DashrenderD 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @Dashrender
          last edited by

          @Dashrender said in Final Call ... XenServer Boot Media:

          @scottalanmiller said in Final Call ... XenServer Boot Media:

          @BRRABill said in Final Call ... XenServer Boot Media:

          Is everything going? We can be confident of that?

          Yes, there is literally zero reason for the concern to have arisen. It's a false worry based on nothing, then weird doubt of injecting a weird "if we send all logs somewhere, how can we be sure it is ALL logs." Um... you sent them ALL, period. If you think that the most used syslog software in the world randomly doesn't send logs of its own accord just to trick you, you are either into a realm of not trusting the platform whatsoever and this discussion is moot, or you are going crazy and need a tinfoil hat.

          What would make you even ask this question?

          what made me think of a question like that was the break out of all of the log information in the config file. But the . at the end does kind of imply that all things would go to the listed place.

          But we stopped breaking out.

          1 Reply Last reply Reply Quote 0
          • BRRABillB
            BRRABill @scottalanmiller
            last edited by

            @scottalanmiller said in Final Call ... XenServer Boot Media:

            @BRRABill said in Final Call ... XenServer Boot Media:

            @DustinB3403 is still on XS 6.5, and he saw the same issues I did. When you comment out the local logging, XS just re-writes the file.

            It does? It rewrites the xenserver.conf file?

            Well, in 6.5 it is located at /etc/syslog.conf.

            If you make changes to it, it gets re-written on service restart.

            At least that is what I saw. And also what happened to @DustinB3403. And also people in the comments left that it had happened to them. (You could make it read only which stopped this.)

            scottalanmillerS 2 Replies Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @BRRABill
              last edited by

              @BRRABill said in Final Call ... XenServer Boot Media:

              Every system I have ever used always adjusts to local time. Even XS asks you that. All the Linux distros do as well.

              No, every system adjusts to local time if you tell it to. Every system uses UTC too, if you tell it to.

              1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @scottalanmiller
                last edited by

                @scottalanmiller said in Final Call ... XenServer Boot Media:

                @BRRABill said in Final Call ... XenServer Boot Media:

                But if I buy an alarm clock, I expect it to be in regular time, just like every other clock ever. Unless it is a special clock that clearly states UTC on the box.

                I don't even understand this statement. UTC is regular time as much as anything else.

                I think he meant local time, not regular time.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @BRRABill
                  last edited by

                  @BRRABill said in Final Call ... XenServer Boot Media:

                  Well, in 6.5 it is located at /etc/syslog.conf.

                  You sure? That goes against what we had determined.

                  BRRABillB DashrenderD 2 Replies Last reply Reply Quote 0
                  • DashrenderD
                    Dashrender @scottalanmiller
                    last edited by

                    @scottalanmiller said in Final Call ... XenServer Boot Media:

                    @BRRABill said in Final Call ... XenServer Boot Media:

                    If you are trying to tell me that this ONE system that is set up like this is the norm, and all the others are incorrect or just plain dumb, well, then, fine.

                    General good practice (rule of thumb, NOT best practice) is to "always" use UTC for all service based systems (servers and similar devices.) End users set time for the user, not the system, so this does not normally apply to end users. But we've always set all servers to UTC since the late 1990s. It protects against time bugs from the 1990s, it makes logs way clearer, it keeps people like @Minion-Queen from causing time problems from getting confused on time zones, it lets teams in different regions work together seamlessly. Yes, UTC on everything for IT.

                    Huh, first time I've ever heard this - even being in SW for better than 5 years.

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • BRRABillB
                      BRRABill @scottalanmiller
                      last edited by

                      @scottalanmiller said in Final Call ... XenServer Boot Media:

                      @BRRABill said in Final Call ... XenServer Boot Media:

                      Well, in 6.5 it is located at /etc/syslog.conf.

                      You sure? That goes against what we had determined.

                      Determined where? All we determined was that the article was from 6.2 and in 7 they changed everything.

                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @BRRABill
                        last edited by

                        @BRRABill said in Final Call ... XenServer Boot Media:

                        It does? It rewrites the xenserver.conf file?

                        If you make changes to it, it gets re-written on service restart.

                        At least that is what I saw. And also what happened to @DustinB3403. And also people in the comments left that it had happened to them. (You could make it read only which stopped this.)

                        It should be what you saw since the documentation that you provided in that link stated that exactly this would happen on 6.5 if you used that file instead of the correct one.

                        Those people in the comments were just pointing out that you were using the wrong file (and they were too) and for some reason they suggested making it read only instead of suggesting editing the right file.

                        BRRABillB 1 Reply Last reply Reply Quote 0
                        • scottalanmillerS
                          scottalanmiller @BRRABill
                          last edited by

                          @BRRABill said in Final Call ... XenServer Boot Media:

                          @scottalanmiller said in Final Call ... XenServer Boot Media:

                          @BRRABill said in Final Call ... XenServer Boot Media:

                          Well, in 6.5 it is located at /etc/syslog.conf.

                          You sure? That goes against what we had determined.

                          Determined where? All we determined was that the article was from 6.2 and in 7 they changed everything.

                          No, we determined that it was 6.2 and that all evidence said that the change was in 6.5. We know 100% that things had changed by 7, and there is zero reason to not think that it changed in 6.5 and everything in that thread showed that it had indeed changed in 6.5.

                          DashrenderD 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @scottalanmiller
                            last edited by

                            @scottalanmiller said in Final Call ... XenServer Boot Media:

                            @BRRABill said in Final Call ... XenServer Boot Media:

                            Well, in 6.5 it is located at /etc/syslog.conf.

                            You sure? That goes against what we had determined.

                            chuckle - well, here are more semantics. that is the location that the system reads, but as shown above, XS has a script that changes that file upon startup, so the real place you need to edit is the location listed previously.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              Think of it this way....

                              We know that in 1860 there were no computers. We know for sure, because we saw them, that there were computers in 1990. We have obvious reports of computers being sighted in 1975.

                              That we know computers existed in 1990 in no way suggests that that is when they first appeared, only that that is the first time we confirmed them personally. But it is likely that they didn't just appear right as we looked. That we have the obvious evidence of them being there in 1975 tells us with reasonable certainty that in 1975 they existed already

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Dashrender
                                last edited by

                                @Dashrender said in Final Call ... XenServer Boot Media:

                                @scottalanmiller said in Final Call ... XenServer Boot Media:

                                @BRRABill said in Final Call ... XenServer Boot Media:

                                Well, in 6.5 it is located at /etc/syslog.conf.

                                You sure? That goes against what we had determined.

                                chuckle - well, here are more semantics. that is the location that the system reads, but as shown above, XS has a script that changes that file upon startup, so the real place you need to edit is the location listed previously.

                                Correct, it is not the place where the configuration of the system is stored or made, it is where it is temporarily placed while running, it's a scratch file.

                                DashrenderD 1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @scottalanmiller
                                  last edited by

                                  @scottalanmiller said in Final Call ... XenServer Boot Media:

                                  @BRRABill said in Final Call ... XenServer Boot Media:

                                  @scottalanmiller said in Final Call ... XenServer Boot Media:

                                  @BRRABill said in Final Call ... XenServer Boot Media:

                                  Well, in 6.5 it is located at /etc/syslog.conf.

                                  You sure? That goes against what we had determined.

                                  Determined where? All we determined was that the article was from 6.2 and in 7 they changed everything.

                                  No, we determined that it was 6.2 and that all evidence said that the change was in 6.5. We know 100% that things had changed by 7, and there is zero reason to not think that it changed in 6.5 and everything in that thread showed that it had indeed changed in 6.5.

                                  Right - it's like the GPO example given above. XS has a script (like GPO) that it runs that edits /etc/syslog.conf so editing /etc/syslog.conf directly is pointless, like editing a windows machine registry is pointless because they will be over written by the script/GPO

                                  BRRABillB 1 Reply Last reply Reply Quote 0
                                  • BRRABillB
                                    BRRABill @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Final Call ... XenServer Boot Media:

                                    @BRRABill said in Final Call ... XenServer Boot Media:

                                    It does? It rewrites the xenserver.conf file?

                                    If you make changes to it, it gets re-written on service restart.

                                    At least that is what I saw. And also what happened to @DustinB3403. And also people in the comments left that it had happened to them. (You could make it read only which stopped this.)

                                    It should be what you saw since the documentation that you provided in that link stated that exactly this would happen on 6.5 if you used that file instead of the correct one.

                                    Those people in the comments were just pointing out that you were using the wrong file (and they were too) and for some reason they suggested making it read only instead of suggesting editing the right file.

                                    I didn't pick that up from the comments.

                                    In fact, now that I went back and re-read them, I think this is actually FOR 6.5 Because the poster in the comments said he was on 6.2, and the blog author says: "Thanks for the comment and pardon the delay! I needed to check on some things between XenServer 6.2 and 6.5 to answer your question."

                                    scottalanmillerS 1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @BRRABill
                                      last edited by

                                      @BRRABill said in Final Call ... XenServer Boot Media:

                                      @scottalanmiller said in Final Call ... XenServer Boot Media:

                                      @BRRABill said in Final Call ... XenServer Boot Media:

                                      It does? It rewrites the xenserver.conf file?

                                      If you make changes to it, it gets re-written on service restart.

                                      At least that is what I saw. And also what happened to @DustinB3403. And also people in the comments left that it had happened to them. (You could make it read only which stopped this.)

                                      It should be what you saw since the documentation that you provided in that link stated that exactly this would happen on 6.5 if you used that file instead of the correct one.

                                      Those people in the comments were just pointing out that you were using the wrong file (and they were too) and for some reason they suggested making it read only instead of suggesting editing the right file.

                                      I didn't pick that up from the comments.

                                      In fact, now that I went back and re-read them, I think this is actually FOR 6.5 Because the poster in the comments said he was on 6.2, and the blog author says: "Thanks for the comment and pardon the delay! I needed to check on some things between XenServer 6.2 and 6.5 to answer your question."

                                      I thought that the commenter was on 6.5. When I read it, I read it as the author was on 6.2 and the commenter was on 6.5.

                                      BRRABillB 1 Reply Last reply Reply Quote 0
                                      • BRRABillB
                                        BRRABill @Dashrender
                                        last edited by

                                        @Dashrender said in Final Call ... XenServer Boot Media:

                                        @scottalanmiller said in Final Call ... XenServer Boot Media:

                                        @BRRABill said in Final Call ... XenServer Boot Media:

                                        @scottalanmiller said in Final Call ... XenServer Boot Media:

                                        @BRRABill said in Final Call ... XenServer Boot Media:

                                        Well, in 6.5 it is located at /etc/syslog.conf.

                                        You sure? That goes against what we had determined.

                                        Determined where? All we determined was that the article was from 6.2 and in 7 they changed everything.

                                        No, we determined that it was 6.2 and that all evidence said that the change was in 6.5. We know 100% that things had changed by 7, and there is zero reason to not think that it changed in 6.5 and everything in that thread showed that it had indeed changed in 6.5.

                                        Right - it's like the GPO example given above. XS has a script (like GPO) that it runs that edits /etc/syslog.conf so editing /etc/syslog.conf directly is pointless, like editing a windows machine registry is pointless because they will be over written by the script/GPO

                                        The other file ALSO got overwritten.

                                        @DustinB3403 can check and confirm or deny this, as well.

                                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                                        • DashrenderD
                                          Dashrender @scottalanmiller
                                          last edited by

                                          @scottalanmiller said in Final Call ... XenServer Boot Media:

                                          @Dashrender said in Final Call ... XenServer Boot Media:

                                          @scottalanmiller said in Final Call ... XenServer Boot Media:

                                          @BRRABill said in Final Call ... XenServer Boot Media:

                                          Well, in 6.5 it is located at /etc/syslog.conf.

                                          You sure? That goes against what we had determined.

                                          chuckle - well, here are more semantics. that is the location that the system reads, but as shown above, XS has a script that changes that file upon startup, so the real place you need to edit is the location listed previously.

                                          Correct, it is not the place where the configuration of the system is stored or made, it is where it is temporarily placed while running, it's a scratch file.

                                          I'm sorry - what is a scratch file? If you're saying that /etc/syslog.conf is a scratch file, I don't currently agree. it's the file that almost all of linux systems use to set the syslog settings. To me that makes it the actual config file.
                                          If I'm thinking about that wrongly, please explain where my thinking goes awry.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • BRRABillB
                                            BRRABill @scottalanmiller
                                            last edited by BRRABill

                                            @scottalanmiller said

                                            I thought that the commenter was on 6.5. When I read it, I read it as the author was on 6.2 and the commenter was on 6.5.

                                            Here is the post...

                                            COMMENT POSTER:
                                            Following your article, I updated /var/lib/syslog.conf and commented out the local storage lines for /var/log/messages and /var/log/xensource.log since we are logging to a remote ELK (Elasticsearch, Logstash, Kibana) stack.

                                            However, when I restart syslog, /var/lib/syslog.conf get rewritten back to the original configuration, changing my commented lines back to active.

                                            This is on XenServer 6.2.

                                            Any idea why this is happening and how to make my changes stick?

                                            AUTHOR RESPONSE:
                                            Thanks for the comment and pardon the delay! I needed to check on some things between XenServer 6.2 and 6.5 to answer your question.

                                            1. In XenCenter, did you enable "Log Forwarding"?

                                            2. If you didn't, that is odd.

                                            3. If you did, here is a dirty, dirty trick you can do. It will not live through a major upgrade, so be sure to make a backup of these conf files.... and I don't recommend it, but if you back it up... I'd like to hear how it went!!

                                            • Make the changes to /var/lib/syslog.conf as you want
                                            • Make a backup of /etc/syslog.conf, as in:
                                              cd /etc
                                              cp /etc/syslog.conf /etc/backup.syslog.config
                                            • Then, replace /etc/syslog.conf with /var/lib/syslog.conf by executing:
                                              cp /var/lib/syslog.conf /etc/syslog.conf
                                            • Finally, make /etc/syslog.conf and /var/lib/syslog.conf READ ONLY:
                                              chmod 400 /etc/syslog.conf
                                              chmod 400 /var/lib/syslog.conf

                                            This is a permanent cludge to ensure that:

                                            • Whenever the syslog daemon is restarted (along with elastic syslog) any scripts, such as items mentioned in Tobias' comments above, don't make a copy of /etc/syslog.conf, inject the destination IP over and over again, and muck up your /var/lib/syslog.conf
                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 8
                                            • 9
                                            • 3 / 9
                                            • First post
                                              Last post