On a Linux system there are plenty of methods for listing the current TCP connections for a given port by connecting IP but: how can I count the total number of connections to a port per source IP for period of time?
I have a directory with many log files, all of which I would like to rotate daily. For organizational purposes I would like to be able to move the rotated logs into a different directory (or subdirectory) named by date, keeping the last week of logs.
I can use logrotate to achieve most of this by roatating the files in-place or even move them to a single different directory using the olddir directive but I'm having trouble finding a solution for making individual sub-directories per rotation. How can I achieve this?:
Logs to rotate: /var/log/example/*
Desired target directories (keeping a week):
/var/log/example/20121006/*
[ ... ]
/var/log/example/20121012/*
I have a number of systems and services that send email alerts when some sort of event takes place. This works fine for a small number of systems but as the number of alerts grows the important message become less visible among the informational notices. Email filtering can only be effective to a point.
What sort of solution can I use in place of emails that will allow me to send arbitrary alerts from various services and that will scale easily as the number of services grows?
I am trying to copy an LVM logical volume with an ext3 filesystem from one system to a file on another system that I will be able to mount as a loopback device. I have tried the following command to copy the volume:
dd if=/dev/VolGroup01/example-volume bs=1M | ssh target-system dd of=/backup/example-volume-image bs=1M
This gives me a file with the same size as the logical volume however when I try to mount it I get:
[root@target-system backup]# mount -o loop example-volume-image /mnt
mount: you must specify the filesystem type
[root@target-system backup]# mount -o loop -t ext3 dev2-endeca1-rootfs /mnt
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
missing codepage or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
Am I not copying the volume correctly or is it just possibly corrupt?
I would like to restrict outbound traffic to only localhost using iptables. I already have a default DROP policy on OUTPUT and a rule REJECTing all traffic. I need to add a rule above that in the OUTPUT chain.
I have seen a couple different examples for this type of rule, the most common being:
-A OUTPUT -o lo -j ACCEPT
and
-A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
Is there any reason to use the latter rather than the former? Can packets on lo have an address other than 127.0.0.1?
I am using HAproxy in front of an app that is on multiple other servers. I would like to set up a vhost in a local nginx instance that only serves a 503 for every request (to use as the 'backup' server when all backends are down). I know how to set the custom error page (as in How can I make Nginx return HTTP 503 when my proxied app server is down?) but how I can make it so that every request to nginx returns a 503?
I have been put in charge of setting up a CDN account for streaming video but am not actually running the site that will host the content. How can I test that a published RTMP URL is working? Do I need to create a test page with a Flash video player or is there a simple tool that can consume RTMP streams that can be used to test? The URL is in the following format:
rtmp://example.fcod.llnwd.net/a1111/e11/test/example/file.flv
I have just installed munin-node from the base repo on Fedora 14 and then started it. I found that my munin server is not able to collect data from this node so I tried connecting via telnet to test. When connecting via telnet I see that no plugins are listed:
[dave@host ~]# telnet localhost 4949
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
# munin node at host.example.com
list
quit
Connection closed by foreign host.
[dave@host ~]#
I did not modify anything after the installation. The munin-node.conf is allowing connections from 127.0.0.1 and the default set of plugins in /etc/munin/plugins/ are symlinked to the plugins in /usr/share/munin/plugins/.
Here is the working output of the telnet test of the 'list' command should look like (this is on a Fedora 13 host):
[dave@www ~]$ telnet localhost 4949
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
# munin node at www.example.com
list
apache_accesses apache_processes apache_volume cpu df df_inode entropy forks fw_packets if_err_eth0 if_err_eth1 if_eth0 if_eth1 interrupts iostat iostat_ios irqstats load memory munin_stats mysql_ mysql_bytes mysql_innodb mysql_queries mysql_slowqueries mysql_threads netstat open_files open_inodes postfix_mailqueue postfix_mailvolume proc_pri processes swap threads uptime users vmstat yum
quit
Connection closed by foreign host.
[dave@www ~]$
Edited to show output of munin-node-configure:
[root@host ~]# munin-node-configure
Plugin | Used | Extra information
------ | ---- | -----------------
acpi | no |
amavis | no |
...
http_loadtime | no |
if_ | yes | eth1 eth0
if_err_ | yes | eth0 eth1
ifx_concurrent_sessions_ | no |
interrupts | yes |
...
uptime | yes |
users | yes |
varnish_ | no |
vserver_resources | no |
yum | yes |
zimbra_ | no |
Any suggestions on what to check next?
The server doesn't identify its version in the header so that's no help. FTP management options are available in IIS (7) Manager and there is no IIS6 Manager installed so I'm assuming it's 7.0 or 7.5 but I can't find any way to check this.
I am restoring a 30GB database from a mysqldump file to an empty database on a new server. When running the SQL from the dump file, the restore starts very quickly and then starts to get slower and slower. Individual inserts are now taking 15+ seconds. The tables are mostly MyISAM with one small InnoDB. The server has no other active connections. SHOW PROCESSLIST; only shows the insert from the restore (and the show processlist itself).
Does anyone have any ideas what could be causing the dramatic slowdown?
Are there any MySQL variables that I can change to speed the restore while it is progressing?
I'm looking for a way to monitor and record Apache traffic, separated by virtual host. I am currently using Munin to capture this and other data for the entire server however I can't seem to find a way to do this by vhost.
This link describes using a module called mod_watch which is apparently no longer in development:
http://www.freshnet.org/wordpress/2007/03/08/monitoring-apaches-virtualhost-with-munin/
The file that is listed as being compatible with Apache 2.x is reported to have problems with missing vhosts an reporting data correctly.
Does anyone know of a reliable way to determine real-time traffic per vhost? If I can find this it should be easy enough to write a new Munin plugin.
Edit:
What I'd really like to see is something similar to the Apache server-status scoreboard page with the number of connections / requests as that point in time separated by virtual host. This would give me the ability to check which vhost may be experiencing a spike in traffic in real time and would also provide the data needed for a Munin module (or some alternative performance monitoring / analysis system.)
I have another service that needs to use multiple ports on one IP of a server. When IIS starts, it uses all unused IPs so the other service fails to bind its IP. If I start the other service first it is able to use the IP but I can't rely on the order of services starting or that they won't need to be restarted at some point. Is there any way to make IIS not use an IP at all?
I need to be able to remotely monitor the disk space on a SQL 2005 server. To do this I need to give a sql server user the ability to run the following stored procedure:
EXEC xp_fixeddrives;
Ideally this user wouldn't have permission to run other stored procedures or do much of anything else.
The new user I just created currently doesn't have permission to run the stored procedure at all. What is the best way to give the user permission to do this and nothing else?
I would like to force users of a system to send email only using a submission port (such as 587) and then disable authentication on port 25 so I don't have users trying to authenticate using plain text.
What configuration changes would I need to make to disable authentication on 25 so users have to use a submission port to relay?
I currently only allow connections on port 25 from a mail filtering service's IPs.
I have Exim running on an alternate port for SMTP submission. This port needs to allow non-encrypted connections for now so I can't rely on forcing TLS on the port.
I would like to configure Exim to drop non-authenticated SMTP connections on the alternate port to prevent spammers from connecting and sending spam directly to users.
How would I configure this ACL?
Is it possible to change the size limit on ntext fields in SQL Server 2005 or must one convert the field to varchar(max)?
I would like to configure qmail to send email for certain domains using specific IPs for the outbound traffic. All other domains could continue to use the system's primary IP as usual. Is this possible? If so, how would I configure it?
Is there any way to display the effective configuration values that Apache is using?
I have a cPanel server that uses multiple include files and there are some server-wide settings that are defined in multiple places. I'd like to find a way of confirming which value Apache is actually using while it's running.
I am working on an application that will be used to verify new domains are configured correctly as they're set up for hosting. Part of this checks the validity of SPF, DomainKey, DKIM records, etc.
I currently use a default TTL of one hour for most of these records. Occasionally a mistake is found in one of the records so it needs to be updated. Currently, if I've just tested the domain I have to wait for the system's resolver's cached record to expire before I can verify it is correct with my application. (Yes, I can check manually but I wrote the application so I don't have to).
I would like to set up a DNS server on the system to act as a normal caching resolver except that it will expire records in a maximum of a set time such as five minutes or just not cache at all. Not all of the domains have DNS hosted on my normal name servers so this system would have to query the authoritative name servers for a domain rather that use upstream resolvers (which would just use their cached records).
This machine is not currently running DNS of any kind so I can install BIND or djbdns (or something else if there's a good suggestion.
I recently installed Munin on a development web server to keep track of system usage. I've noticted that the system's inode usage is climbing by about 7-8% per day even though the disk usage has barely increased at all. I'm guessing something is writing a ton of tiny files but I can't find what / where.
I know how to find disk space usage but I can't seem to find a way to summarize inode usage.
Is there a good way to determine inode usage by directory so I can locate the source of the usage?