DOCSLIB.ORG

Preparing the System

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Preparing the System _____________________________________________________________ Preparing the System System Recommendations General Symas OpenLDAP will run on any system that meets the minimum requirements for the operating system where it is installed. Additional disk space and memory may be required to accommodate the application’s data. CPU Symas OpenLDAP makes very efficient use of the system CPUs. In most cases, systems with 1 to 4 processors are adequate for all but the heaviest workloads. For those, up to 8 processors may be appropriate, but beyond that the factors that affect performance the most are the amount of memory and the bandwidth between it and the processors, network bandwidth, and disk I/O bandwidth. Disk The Symas OpenLDAP packages will require approximately 25MB. In addition, there should be enough space to accommodate the projected database size, the index files, and the transaction logs. These will be in separate file systems. Memory As with any database-type application, having sufficient memory is the key to performance. The system should have approximately 10% more memory than is needed to accommodate the entire database and its index files, plus the base amount of memory recommended by the OS vendor. Preparing the System To prepare your system to host Symas OpenLDAP directory services we recommend the following: Disks & File Systems LDAP databases serviced by the back-mdb (preferred), back-hdb and back-bdb backends can be stored on direct-attached disks (best) or iSCSI network-attached storage (your mileage will vary). • For optimum performance, Symas recommends the use of at least three separate disk spindles (drives) for bdb/hdb backends and 2 spindles (drives) for mdb backends, each with its own independent file system. The first of these file systems should be dedicated to the database and its environment files, the second should contain the operating system and applications, and the final is for the database transaction logs (bdb/hdb only). The swap partition can be placed on the same drive as the operating system. This arrangement reduces drive head contention to the lowest possible point. RAID arrays do not enhance performance, but can be used to improve fault tolerance. df -h Example Output: Filesystem Size Used Avail Use% Mounted on /dev/mapper/centos-root 17G 2.2G 15G 13% / /dev/sda1 472M 169M 279M 38% /boot /dev/sdb1 470G 91G 356G 21% /var/symas /dev/sdc1 470G 429G 17G 97% /var/log • Test disk write speed (time it takes to sync data from cache to disk) by running the following command multiple times (to get an average). Requires BASH. sync; dd if=/dev/zero of=1g.bin bs=1G count=1 >/dev/null 2>&1; TIMEFORMAT="%Es Cache to Disk Sync Time"; time sync; rm -f 1g.bin Example Output: 1.275s Cache to Disk Sync Time 1.173s Cache to Disk Sync Time 1 | P a g e 3.833s Cache to Disk Sync Time Consider how many write operations per minute will be expected. If the Cache to Disk Sync Time when multiplied by 60 (seconds per minute) exceeds the expected writes per minute and the database backend to be used is MDB, see SLAPD.conf Customization → Database Section → Configuration → MDB section for optimization instructions. Warning: If MDB optimizations are required skip the following step. DO NOT disable journaling. • NOTE: For EXT4 partitions which are a journaling file system, disable the journaling for the file system that holds the database (MDB, HDB and BDB) and transaction log (HDB and BDB only) files. Since the Berkeley DB performs its own transaction management and journaling, file-system-based journaling only slows things down without adding any gains in reliability. mkfs –t ext4 –O ^has_journal <device> tune2fs –O ^has_journal <device> Example: mkfs –t ext4 –O ^has_journal /dev/xvdf/1 tune2fs –O ^has_journal /dev/xvdf/1 NOTE: Because journaling cannot be disabled for xfs file systems, we do NOT recommend using XFS. However, if XFS must be used, we recommend externalizing journaling to reduce the performance impact on the file system. To reserve an external journal with a specified size when you create an XFS file system, specify the -l logdev=device,size=size option to the mkfs.xfs command. If you omit the size parameter, mkfs.xfs selects a journal size based on the size of the file system. To mount the XFS file system so that it uses the external journal, specify the -o logdev=device option to the mount command. • Add the “noatime” (preferred) or “relatime” flag ONLY to the LDAP database partition sudo vi /etc/fstab UUID=foo /var ext4 noatime,errors=continue 1 1 sudo mount -a Swappiness Tune the OS disk cache for best performance Add new values to /etc/sysctl.conf: sudo vi /etc/sysctl.conf vm.dirty_background_ratio = 50 vm.dirty_ratio = 90 vm.swappiness = 0 vm.dirty_writeback_centisecs = 500 vm.dirty_expire_centisecs = 60000 For more information on Disk caching and Performance tuning, please see the following: https://lonesysadmin.net/2013/12/22/better-linux-disk-caching-performance-vm- dirty_ratio/ https://www.kernel.org/doc/Documentation/sysctl/vm.txt 2 | P a g e Processes Minimize the number of unneeded processes running on the system, particularly any that use a lot of memory or processor bandwidth, as these will have an adverse impact on directory server performance. In particular, be on the lookout for Java processes, as these tend to use large quantities of processing time and available memory. Additionally, ensure any processes using network ports required for OpenLDAP are disabled. Network & Firewall The default ports used by Symas OpenLDAP are 389/TCP for LDAP, 636/TCP for LDAP over SSL, and 88/TCP and 88/UDP for Kerberos key distribution (kdc). On many systems the netstat command can tell you about the ports that are in use and the processes that are using them. IPTables First, let’s ensure IPTables is installed which iptables For newer versions it is important to disable FirewallD before installing IPTables sudo systemctl stop firewalld sudo systemctl disable firewalld sudo systemctl mask firewalld sudo yum install iptables-services -y sudo systemctl enable iptables Adjust iptables to save changes on stop/restart by inserting the following: sudo vi /etc/sysconfig/iptables-config IPTABLES_SAVE_ON_STOP="yes" IPTABLES_SAVE_ON_RESTART="yes" Adjust iptables allow LDAP and LDAPS protocol. This is done by adding the rules in red lines below. sudo vi /etc/sysconfig/iptables sudo apt-get update sudo apt-get install iptables-persistent Adjust iptables to allow LDAP and LDAPS protocol. This is done by exporting the current settings and adding the rules in red below. sudo iptables-save > iptables.rules 3 | P a g e sudo vi iptables.rules :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [192:19802] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 389 -j ACCEPT -A INPUT -p tcp -m tcp --dport 636 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT Be aware that the order is critical in the rules. Port 22 is for SSH Port 389 is for LDAP and LDAP over TLS 636 is for LDAPS Save the Changes to IPTables Note: The IPTables config is stored in /etc/sysconfig/iptables, and this is the file you have to update, otherwise the info will not be kept. Restart of the IPTables service. sudo systemctl restart iptables.service Or sudo service iptables restart Save the changes sudo service iptables save Verify the changes iptables –L -nv Import the iptables.rules file and save the changes sudo iptables-restore < iptables.rules sudo service iptables-persistent save Restart the IPTables Service sudo service iptables-persistent reload Verify the changes iptables -S 4 | P a g e FirewallD FirewallD is frontend controller for iptables used to implement persistent network traffic rules. It provides command line and graphical interfaces and is available in the repositories of most Linux distributions. Working with FirewallD has two main differences compared to directly controlling iptables: 1. FirewallD uses zones and services instead of chain and rules. 2. It manages rulesets dynamically, allowing updates without breaking existing sessions and connections. Note: FirewallD is a wrapper for iptables to allow easier management of iptables rules-it is not an iptables replacement. While iptables commands are still available to FirewallD, it’s recommended to use only FirewallD commands with FirewallD. FirewallD is included by default with RedHat 7+ but it’s inactive. Controlling it is the same as with other systemd units. To start the service and enable FirewallD on boot: sudo systemctl start firewalld sudo systemctl enable firewalld To stop and disable it: sudo systemctl stop firewalld sudo systemctl disable firewalld To check the firewall status. The output should say either running or not running. sudo firewall-cmd --state To view the status of the FirewallD daemon: sudo systemctl status firewalld Example output: firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled) Active: active (running) since Wed 2015-09-02 18:03:22 UTC; 1min 12s ago Main PID: 11954 (firewalld) CGroup: /system.slice/firewalld.service └─11954 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid To reload a FirewallD configuration: sudo firewall-cmd reload sudo systemctl enable firewalld Configuring FirewallD Firewalld is configured with XML files. Except for very specific configurations, you won’t have to deal with them and the firewall-cmd should be used instead. 5 | P a g e Configuration files are located in two directories: /usr/lib/FirewallD Holds default configurations like default zones and common services.
Load more

Recommended publications
  • Solaris 10 End of Life
    Solaris 10 end of life Continue Oracle Solaris 10 has had an amazing OS update, including ground features such as zones (Solaris containers), FSS, Services, Dynamic Tracking (against live production operating systems without impact), and logical domains. These features have been imitated in the market (imitation is the best form of flattery!) like all good things, they have to come to an end. Sun Microsystems was acquired by Oracle and eventually, the largest OS known to the industry, needs to be updated. Oracle has set a retirement date of January 2021. Oracle indicated that Solaris 10 systems would need to raise support costs. Oracle has never provided migratory tools to facilitate migration from Solaris 10 to Solaris 11, so migration to Solaris has been slow. In September 2019, Oracle decided that extended support for Solaris 10 without an additional financial penalty would be delayed until 2024! Well its March 1 is just a reminder that Oracle Solaris 10 is getting the end of life regarding support if you accept extended support from Oracle. Combined with the fact gdpR should take effect on May 25, 2018 you want to make sure that you are either upgraded to Solaris 11.3 or have taken extended support to obtain any patches for security issues. For more information on tanningix releases and support dates of old and new follow this link ×Sestive to abort the Unix Error Operating System originally developed by Sun Microsystems SolarisDeveloperSun Microsystems (acquired by Oracle Corporation in 2009)Written inC, C'OSUnixWorking StateCurrentSource ModelMixedInitial release1992; 28 years ago (1992-06)Last release11.4 / August 28, 2018; 2 years ago (2018-08-28)Marketing targetServer, PlatformsCurrent: SPARC, x86-64 Former: IA-32, PowerPCKernel typeMonolithic with dynamically downloadable modulesDefault user interface GNOME-2-LicenseVariousOfficial websitewww.oracle.com/solaris Solaris is the own operating system Of Unix, originally developed by Sunsystems.
    [Show full text]
  • Salt Documentation Release 2014.7.6
    Salt Documentation Release 2014.7.6 SaltStack, Inc. May 19, 2015 Contents 1 Introduction to Salt 1 1.1 e 30 second summary ........................................... 1 1.2 Simplicity ................................................... 1 1.3 Parallel execution ............................................... 1 1.4 Building on proven technology ....................................... 2 1.5 Python client interface ............................................ 2 1.6 Fast, flexible, scalable ............................................. 2 1.7 Open ...................................................... 2 1.8 Salt Community ................................................ 2 1.9 Mailing List .................................................. 2 1.10 IRC ....................................................... 3 1.11 Follow on Github ............................................... 3 1.12 Blogs ...................................................... 3 1.13 Example Salt States .............................................. 3 1.14 Follow on ohloh ................................................ 3 1.15 Other community links ............................................ 4 1.16 Hack the Source ................................................ 4 2 Installation 5 2.1 ick Install .................................................. 5 2.2 Platform-specific Installation Instructions ................................. 5 2.3 Dependencies ................................................. 26 2.4 Optional Dependencies ............................................ 27 2.5 Upgrading
    [Show full text]
  • Log-Management-Tenshi.Pdf
    Network Monitoring and Management Log Management Network Startup Resource Center www.ws.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Log Management & Monitoring • Keep your logs in a secure place • Where they can be easily inspected • Watch your log file • They contain important information – Many things happen – Someone needs to review them – It’s not practical to do this manually Log Management & Monitoring On your routers and switches And, on your servers Log Management • Centralize and consolidate log files • Send all log messages from your routers, switches and servers to a single node – a log server. • All network hardware and UNIX/Linux servers can be monitored using some version of syslog (we use either syslog-ng or rsyslog for this workshop). • Windows can, also, use syslog with extra tools. • Save a copy of the logs locally, but, also, save them to a central log server. Syslog Basics Uses UDP protocol, port 514 Syslog messages have two attributes (in addition to the message itself): Facility Level Auth Security | Emergency (0) Authpriv User | Alert (1) Console Syslog | Critical (2) Cron UUCP | Error (3) Daemon Mail | Warning (4) Ftp Ntp | Notice (5) Kern News | Info (6) Lpr | Debug (7) Local0 ...Local7 | Centralized Logging Configuring Centralized Logging Cisco hardware – At a minimum: logging ip.of.logging.host Unix and Linux nodes – In syslogd.conf, or in rsyslog.conf, add: *.* @ip.of.log.host – Restart syslogd, rsyslog or syslog-ng Other equipment have similar options – Options to control facility and level Receiving Messages – syslog-ng • Identify the facility that the equipment is going to use to send its messages.
    [Show full text]
  • NXLOG Community Edition Reference Manual for V2.9.1716 I
    Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 i NXLOG Community Edition Reference Manual for v2.9.1716 Ed. v2.9.1716 Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 ii Copyright © 2009-2014 NXLog Ltd. Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 iii Contents 1 Introduction 1 1.1 Overview . .1 1.2 Features . .1 1.2.1 Multiplatform . .1 1.2.2 Modular architecture . .1 1.2.3 Client-server mode . .2 1.2.4 Log message sources and destinations . .2 1.2.5 Importance of security . .2 1.2.6 Scalable multi-threaded architecture . .2 1.2.7 High performance I/O . .2 1.2.8 Message buffering . .2 1.2.9 Prioritized processing . .3 1.2.10 Avoiding lost messages . .3 1.2.11 Apache-style configuration syntax . .3 1.2.12 Built-in config language . .3 1.2.13 Scheduled tasks . .3 1.2.14 Log rotation . .3 1.2.15 Different log message formats . .4 1.2.16 Advanced message processing capabilites . .4 1.2.17 Offline processing mode . .4 1.2.18 Character set and i18n support . .4 2 Installation and quickstart 5 2.1 Microsoft Windows . .5 2.2 GNU/Linux . .6 2.2.1 Installing from DEB packages (Debian, Ubuntu) . .6 2.2.2 Installing from RPM packages (CentOS, RedHat) . .6 2.2.3 Configuring nxlog on GNU/Linux . .6 Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 iv 3 Architecture and concepts 7 3.1 History .
    [Show full text]
  • Fedora 16 System Administrator's Guide
    Fedora 16 System Administrator's Guide Deployment, Configuration, and Administration of Fedora 16 Jaromír Hradílek Douglas Silas Martin Prpič Eva Kopalová Eliška Slobodová Tomáš Čapek Petr Kovář Miroslav Svoboda System Administrator's Guide John Ha David O'Brien Michael Hideo Don Domingo Fedora 16 System Administrator's Guide Deployment, Configuration, and Administration of Fedora 16 Edition 1 Author Jaromír Hradílek [email protected] Author Douglas Silas [email protected] Author Martin Prpič [email protected] Author Eva Kopalová [email protected] Author Eliška Slobodová [email protected] Author Tomáš Čapek [email protected] Author Petr Kovář [email protected] Author Miroslav Svoboda [email protected] Author John Ha Author David O'Brien Author Michael Hideo Author Don Domingo Copyright © 2011 Red Hat, Inc. and others. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
    [Show full text]
  • Ubuntu Server Guide Basic Installation Preparing to Install
    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
    [Show full text]
  • Nagios Plugins - Installing Nagios Plugins from Source
    Nagios Plugins - Installing Nagios Plugins From Source Article Number: 569 | Rating: 2.4/5 from 7 votes | Last Updated: Mon, Feb 15, 2021 at 1:24 PM O ve r vie w This KB article provides instructions on installing Nagios Plugins from source. You will have observed that most of the existing documentation already includes steps on installing the plugins. However there are some plugins that require other libraries which are not included in those instructions. The goal of this documentation is to provide the instructions to install every possible plugin that exists. Nagios Plugins 2.3.3 is what this guide instructs you to install, however future versions should also work fine with these steps. Some considerations: It is assumed that you are logged onto the machine you are installing Nagios Plugins as the ro o t user, or a user with sufficient privileges. All of the steps below were tested on the operating systems (OS) listed after a clean install of the OS. Some OS's like Ubuntu and SUSE have stricter user permissions, in those cases the listed commands have sudo in front of them to ensure you are able to complete the steps. A best effort has been made to ensure if you follow all the relevant steps you will end up with a working installation of Nagios Plugins. The KB article is broken up into the following steps: Install Prerequisites - Common Install Prerequisites - Package XYZ Some plugins (MySQL for example) require addtional libraries and have their own section. They are also in their own section as not everyone requires to monitor that specific item.
    [Show full text]
  • Microservices
    Implementing DevOps with Ansible 2 Build, develop, test, deploy, and monitor in seconds Jonathan McAllister BIRMINGHAM - MUMBAI Implementing DevOps with Ansible 2 Copyright © 2017 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: July 2017 Production reference: 1200717 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78712-053-2 www.packtpub.com Credits Author Copy Editors Jonathan McAllister Madhusudan Uchil Stuti Srivastava Reviewer Project Coordinator Matthew Fisher Virginia Dias Acquisition Editor Proofreader Meeta Rajani Safis Editing Content Development Editor Indexer Sharon Raj Aishwarya Gangawane Technical Editor Graphics Vishal Kamal Mewada Kirk D'Penha Production Coordinator Aparna Bhagat About the Author Jonathan McAllister has been creating software and automations since he was a child.
    [Show full text]
  • Linux and Open Source for (Almost) Zero Cost PCI Compliance
    Linux and Open Source for (Almost) Zero Cost PCI Compliance Rafeeq Rehman 2 Some Introductory Notes ¡ Payment Card Industry (PCI) standard is not a government regulaon. ¡ Who needs to comply with PCI? ¡ Twelve major requirements covering policy, processes, and technology to protect Credit Card Data. ¡ What is Credit Card Data? ¡ Few Clarificaons ¡ Payment Card Industry (PCI) requires some tasks to be performed by external vendors depending upon merchant level. There is no other way around, unfortunately. ¡ Open Source soluCons do need people. That is why it is almost free but not totally free. 9/10/11 3 What the Auditors Look For? ¡ Is PCI just a checklist? ¡ Are auditors genuinely interested in securing the PCI data? ¡ Does it maer if you use an open source or commercial product to meet PCI requirements? ¡ What if you meet PCI requirements while improving security and spending less money? 9/10/11 4 Is it viable to use Open Source for PCI Compliance? ¡ Is there a real company who uses Open Source soQware to achieve PCI compliance? Is it even possible? ¡ PCI 2.0 focuses more on Risk based approach. ¡ PCI (or any compliance) is boring! Make it interesCng by using Open Source. 9/10/11 5 PCI Biggest Expenses 1. Log Management (Storage and archiving, Monitoring and Alerng) 2. Vulnerability Scanning 3. Network Firewalls and Network Segmentaon 4. Intrusion DetecCon System 5. EncrypCon for data-at-rest 6. File Integrity Monitoring 7. IdenCty Management (Password controls, Two factor for remote access, Role based access) 9/10/11 6 AddiConal PCI
    [Show full text]
  • Admin Guide 3.9.6 Solaris Revision:2037 Generated:02/10/2020 14:30 | Contents | Ii
    High-Speed Endpoint Admin Guide 3.9.6 Solaris Revision:2037 Generated:02/10/2020 14:30 | Contents | ii Contents Introduction............................................................................................................... 6 Installation and Upgrades........................................................................................8 Before Upgrading or Downgrading......................................................................................................................8 Installing HST Endpoint.....................................................................................................................................10 Upgrade Follow up.................................................................................................................................11 Configuring the Firewall.................................................................................................................................... 12 Securing Your SSH Server.................................................................................................................................14 Changing and Securing the TCP Port....................................................................................................14 Configuring Transfer Server Authentication With the Host-Key Fingerprint........................................16 Testing a Locally Initiated Transfer................................................................................................................... 17 Updating the Product License...........................................................................................................................
    [Show full text]
  • Red Hat Openstack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide
    Red Hat OpenStack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide An In-Depth Guide to OpenStack Logging, Monitoring, and Troubleshooting Last Updated: 2021-05-13 Red Hat OpenStack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide An In-Depth Guide to OpenStack Logging, Monitoring, and Troubleshooting OpenStack Team [email protected] Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
    [Show full text]
  • Rsyslog Doc Documentation Release 8.18.0.Master
    Rsyslog Doc Documentation Release 8.18.0.master foo bar March 09, 2016 Contents 1 Manual 3 2 Reference 275 3 Sponsors and Community 317 4 Related Links 319 i ii Rsyslog Doc Documentation, Release 8.18.0.master Rsyslog is a rocket-fast system for log processing. It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to • accept inputs from a wide variety of sources, • transform them, • and output the results to diverse destinations. Rsyslog has a strong enterprise focus but also scales down to small systems. It supports, among others, MySQL, Post- greSQL, failover log destinations, ElasticSearch, syslog/tcp transport, fine grain output format control, high precision timestamps, queued operations and the ability to filter on any message part. Contents 1 Rsyslog Doc Documentation, Release 8.18.0.master 2 Contents CHAPTER 1 Manual 1.1 Configuration Rsyslogd is configured via the rsyslog.conf file, typically found in /etc. By default, rsyslogd reads the file /etc/rsyslog.conf. This can be changed by a command line option. Note that configurations can be built interactively via the online rsyslog configuration builder tool. 1.1.1 Basic Structure This section describes how rsyslog configuration basically works. Think of rsyslog as a big logging and event pro- cessing toolset. It can be considered a framework with some basic processing that is fixed in the way data flows, but is highly customizable in the details of this message flow.
    [Show full text]