Posts Tagged PCL
Syslogd: the logging daemon
Posted by Luis Gallardo in Linux on 15/07/2009
When a service fails, it reports what happened or when something goes wrong in your machine (for instance, an hardware issue) is also reported. Those messages can be found in the /var/log directory. For example, many messages are reported to /var/log/syslog or /var/log/messages file. On the other hand, if a service generates a lot of messages it’s most likely they will be written in a separated file like mail servers or Apache do.
All this is done by a daemon called syslogd, which is a system utility providing support for message logging on *nix systems. But logging is not reserved for system applications, you can also log your messages using syslogd, setting a proper rule in the /etc/syslog.conf file. So, let’s see how to do it…
Configuration file (/etc/syslogd.conf or /etc/rsyslogd.conf)
In the /etc/syslog.conf file (ore /etc/rsyslog.conf) are defined the rules for logging with syslogd, a rule per line. Every rule follows this syntax:
selector action
The selector part is made up of facility.priority, so the complete syntax would be:
facility.priority action
The facility is one of the following keywords:
| Facility | Description |
| auth | Security/authorization messages |
| authpriv | Security/authorization messages (private) |
| cron | Clock daemon (cron and at) |
| daemon | System daemons without separate facility value |
| kern | Kernel messages |
| lpr | Line printer subsystem |
| Mail subsystem | |
| mark | For internal use. Don’t use when making rules |
| news | USENET news subsystem |
| security (same as auth) | Obsolete, use auth instead |
| syslog | Messages generated internally by syslogd |
| user | Generic user-level messages |
| uucp | UUCP subsystem |
| local0 through local7 | Reserved for local use |
The priority can be one of keywords listed on the following table. Al messages will be reported by priority, in ascendant order. For example, if you specify alert priority it will report alert, emer y panic priorities, but it will not report from crit, to debug priorities.
| Priority | Description |
| debug | Used to debug services, for instance if they are not working properly |
| info | Used to report informative messages |
| notice | Like info priority, but making notice something that can be relevant |
| warning | Used to report warnings. It can give you some clues about errors (if any) or just show you if there’s something not working as expected, but it it can be working anyway |
| warn | Same as warning |
| err | Used to report errors. For instance, if you have a misconfiguration in a service, it will report those errors |
| error | Same as err |
| crit | Used to report more critical errors. For example, hardware errors |
| alert | Used to report even more critical errors. Action must be taken immediately. For instance, database corruption. |
| emerg | Used to report really critical errors. Most likely the service is unusable |
| panic | Same as emerg |
| none | Used to disable a facility’s report. |
The action field describes what to do with the reported message. Commonly all messages are written to a file know as logfile, but there are also other actions, like forwarding messages to another host. So, the action field can be one of the following:
| Action | Description |
| /path/to/logfle | Write messages to a logfile |
| | fifo | Use a fifo or named pipe as a destination for log messages. This is handy for debugging or sending mails. Note that the fifo must be created with the mkfifo(1) command before syslogd(8) is started |
| /dev/tty[1-6] | Write messages in /dev/tty[1-6] console. Note, /dev/console will work as well |
| @192.168.0.1 | Forward messages to host 192.168.0.1 via UDP. Due to the nature of UDP, you will probably lose some messages in transit. If you expect high traffic volume, you can expect to lose a quite noticeable number of messages. Note: in order to accept messages, the remote server must run syslogd with the -r option (on Debian this option can be given in the /etc/default/syslogd file or o /etc/default/rsyslog) |
| :omrelp:192.168.0.1:2514 | If you would like to prevent message loss, use RELP |
| lgallard, atorres | List of user. By default, critical messages are sent to root |
Modifiers
Basically there are three modifiers: =, ! and *. The “=” modifier makes syslogd to report only messages with the exact priority . For Instance:
mail.=error /var/log/mail.error
Here syslogd will report only error messages. Without the = modifier it should report error, crit, alert and panic messages. This modifier can only be used with priorities.
The second modifier is the “!”, which inverts the meaning of the rule. For example:
mail.!error /var/log/mail.error
Syslogd will report messages with less than error priority, ergo warning, notice, info and debug. If you want to exclude just one priority, you must use the != combination.
Finally, the “*” modifier lets you select among different facilities or services. For instance:
mail.* /var/log/mail.log
Here, all messages from mail facility will be saved to /var/log/mail.log file, not matter the priority. Another example:
*.info /var/log/info.log
It doesn’t matter what facility, all messages with info priority will be saved to /var/log/info.log file.
Semicolon and colon operators
The semicolon operator lets you write several rules in a more compact way. For example:
mail.=info /var/log/info.log mail.=notice /var/log/info.log auth.=info /var/log/info.log
The above rules can be written in one line:
mail.=info;mail.=notice;auth.=info /var/log/info.log
On the other hand, if you want select several facilities, you can use the colon operator. For instance:
mail.info /var/log/info.log auth.info /var/log/info.log
You can write the above rules in one line, like this:
mail,auth.info /var/log/info.log
The big difference between the semicolon and the colon operator is that the latter only separates facilities and the first one can separate facilities and priorities, even if they are not compatible.
Logging synchronously
Some logs must be monitored in real time, for instance when debugging a service. The thing is that syslogd writes messages when its buffer is full, i.e., asynchronously . If you want to write messages synchronously put a “-” before the log’s file path.
Examples
Here’s some examples I made up, and others taken from /etc/syslog.conf:
local3.info /var/log/mylog
Use local3 facility, reporting info messages to /var/log/mylog file.
auth,authpriv.* /var/log/auth.log
Report all priorities for auth and authpriv facilities to /var/log/auth.log file.
mail.warn -/var/log/mail.warn
Warn messages from mail will be saved into /var/log/mail.warn file synchronously.
mail.!=error /var/log/mail.error
All except error messages will be saved into /var/log/mail.error file.
*.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug
All debug messages will be saved to /var/log/debug synchronously, except those from auth, authpriv, news and mail facilities.
The logger command
If you want to communicate to syslogd, you can use the logger command. For instance, to send a message with info priority and local3 facility, just type:
logger -p local3.info “This is a message”
References
- man syslog
- man logger
- “Todo Linux” magazine. Year 8. Issue 92. Pages 43-47.
Active FTP vs. Passive FTP
Posted by Luis Gallardo in Off-Topic on 23/06/2009
FTP is a TCP service that uses a data port and a control or command port. Commonly those ports are 20 and 21, respectively. But it’s not always that way…specially if you are behind a firewall.
Active FTP
Let’s see how ftp connections works normally:
- The client connects from a random unprivileged port (N >1024) to ftp server’s command port (21)
- The client starts listening on port N+1 and sends this ftp command port to the server
- The server will connect back to port N+1 from its data port (20)
Active FTP
Here is a connection example:
- Client’ s command port (1026) connects to server’s command port (21) and sends data port 1027
- Server sends back an ACK to the client’s command port
- Server starts a connection between its data port (20) and client’s data port (1027)
- Client sends an ACK to server
Passive FTP
The active mode has a problem, if the client is behind a firewall the server won’t be able to establish a connection to the client’s random data port (the one which is above 1024). In order to fix this problem, there’s another connection method called passive FTP:
- The client opens two random unprivileged ports (N > 1024 and N+1)
- The first port (command port) connects to port 21 on server side (command port) and sends a PASV command
- Then, the server opens a random unprivileged port (P > 1024) and sends the PORT P command back to the client
- Finally, the client starts a connection from port N+1 to port P on the server to transfer data
Passive FTP
Here’ s an example.
- Client’ s command port (1026) connects to server’s command port (21) and sends PASV command
- Server replies to the client with port 2024, the random data port opened for data connections
- The client starts a connection from its data port (1027) to server’s data port (2024)
- Finally, the server sends back an ACK to the client’s data port
Reference
RAID
Posted by Luis Gallardo in Off-Topic on 18/06/2009
According to Wikipedia: “RAID is now used as an umbrella term for computer data storage schemes that can divide and replicate data among multiple hard disk drives. The different schemes/architectures are named by the word RAID followed by a number, as in RAID 0, RAID 1, etc. RAID’s various designs all involve two key design goals: increased data reliability or increased input/output performance. When multiple physical disks are set up to use RAID technology, they are said to be in a RAID array. This array distributes data across multiple disks, but the array is seen by the computer user and operating system as one single disk. RAID can be set up to serve several different purposes”.
The distribution of data across multiple drives can be managed either by dedicated hardware or by software, or even by hybrid RAID based on software ad specific hardware.
According to the RAID you choose, these are some RAID’ s features:
- Data reliability
- Better fault tolerance
- Better performance
- More space
- Integration of low cost disks
Original RAID’s specification suggested some numbers called “RAID levels”, each of them with theoretical pros and cons. Over the years, different RAID concepts have appeared, but most of them differs substantially from the original RAID levels, but it’s still common to use a number (e.g, RAID7)
Read the rest of this entry »
Working with tar
Posted by Luis Gallardo in Linux on 15/06/2009
If you’ve never worked with tar before or if you know few options this post will show how to use tar, at least the basic options. First of all, let’s see an extract from tar’s manual description:
“Tar stores and extracts files from a tape or disk archive. The first argument should be a function; either one of the letters Acdrtux, or one of the long function names.. A function letter need not be prefixed with ‘-’, and may be combined with other single-letter options. Some options take a parameter; with the single-letter form these must be given as separate arguments. A long function name must be prefixed with –”
Ok, let’s see some of those functions and options…
Read the rest of this entry »
The netstat command
Posted by Luis Gallardo in Linux on 21/05/2009
The netstat command
According to Wikipedia, “Netstat (network statistics) is a command-line tool that displays network connections (both incoming and outgoing), routing tables, and a number of network interface statistics”.
By default, netstat without any option shows current connection status by listing connectors. But let’s see other options you can use with the netstat command…
Options
| Option | Description |
| -e | Display additional information. Use this option twice for maximum detail. |
| -r | Displays the contents of the IP routing table (like route command). |
| -i | Displays network interfaces and their statistics. |
| -n | Addresses, port numbers, users are expressed numerically and no attempt is made to determine names. |
| -l | Show only listening sockets. |
| -a | Show both listening and non-listening sockets (displays all active TCP connections and the TCP and UDP ports on which the computer is listening). |
| -s | Display summary statistics for each protocol. The -p parameter can be used to specify a set of protocols. |
| -t | Show only tcp connections. |
| -u | Show only ucp connections. |
| -c | This will cause netstat to print the selected information every second continuously. |
| -p | Show the PID and name of the program to which each socket belongs. |
Understanding the free command
Posted by Luis Gallardo in Linux on 11/05/2009
free command's output and System Monitor
Free displays the amount of free and used memory in the system, according to the manual (man free). But here’s one of the confusing terms in Linux: “used memory”. From others operating systems, we are used to the idea that “used memory” reefers to memory we already used, so we can’t use it in the future. But in Linux, “used memory” stands for memory ẗaken by the system, so it can be used by users or applications. From this point of view in Linux the bigger the used memory, the better. If you have 1 GB RAM and used memory of 900 MB, please don’t buy another extra 1 GB ram, because the more likely you will have 1.9 GB of used memory…again, don’t worry it’s normal.
Review questions for PCL I & II exam (Profesional Certificado Linux)
Posted by Luis Gallardo in Linux on 05/05/2009
If you taking the Profesional Certificado Linux (PCL) curse at ISEIT institute, here’ s a few review questions for the certification exams PCL I y PCL II (in Spanish)
The answers are up to you :)
Institute’s URL : http://ve.iseit.net
Vi Quick reference
Posted by Luis Gallardo in Linux on 30/04/2009
Tire of those non-fancy text editors? You are tied up to a specific editor? Your coworkers make laugh of you because you don’ t understand vi?…Don’t worry anymore!! Here’s a quickguide for vi.
How Vi works?
Maybe you have got tired of vi because anytime you try to use it, you don’t get the results you want. Ok, let’s talk about how vi works. It has three operation modes:
- Command mode: In this mode, vi expects an action to be performed, like copying, pasting or just moving the cursor. This is its default behavior, so when you open a file and start writing you won’t see what you are writing because you are performing commands.
- Inserting mode: In this mode you can in deed write into the file, but before you have to use one of the inserting command like “i”.
- Command extended mode: This is a special mode where you can pass arguments to commands. In order to enter to this mode just write a colon and a command. For instance:
:1,4 y
It means to copy from line 1 to 4. Now lets see some commands grouped according to their function:
Cursor movement
| h | Move left |
| j | Move down |
| k | Move up |
| l | Move right |
| w | Go to start of word (next word) |
| e | Go to end of current word |
| b | Go backward by word |
| 0 | Star of line |
| $ | End of line |
| nG | Go to line n. G alone means got to file’s last line |
| :n | Go to line n |
Terminal’s shortcuts
Posted by Luis Gallardo in Linux on 21/04/2009
How do you clear the screen without typing the clear command? my students always ask about this little trick I do while working on a terminal. Well, the answer is by using this shortcut: Ctrl+l. Immediately after they ask me if there are any other shortcuts, and I reply “Yes, of course…but I don’t remember them. When I start using Linux I read some of them, but I only remember the Ctrl+l shorcut”.
So, I decided it was the time to recheck those shortcuts and post them here…
Terminal’s shortcuts
This table shows some shortcuts. Keep in mind some can work o not depending on the console you use. For instance, Alt+f is a defined shortcut in Gnome’s terminal.
| Shortcut | Description |
| Ctrl+b | Move back one character. |
| Ctrl+f | Move forward one character. |
| Ctrl+d | Delete the character underneath the cursor. |
| Ctrl+_ or Ctrl+x Ctrl+u | Undo the last editing command. You can undo all the way back to an empty line. |
| Alt+u | upcase-word |
| Alt+l | downcase-word |
| Altc+c | capitalize-word |
| Movement Commands | |
| Ctrl+a | Move to the start of the line. |
| Ctrl+e | Move to the end of the line. |
| Alt+f | Move forward a word, where a word is composed of letters and digits. |
| Alt+b | Move backward a word. |
| Ctrl+l | Clear the screen, reprinting the current line at the top. |
| Cut and paste commands | |
| Ctrl+k | Cut the text from the current cursor position to the end of the line, and copy it to the buffer. To cut text is also know as ” killing”. The text killed is saved in a kill-ring for later use by pasting (yanking).
|
| Alt+d | Kill from the cursor to the end of the current word, or, if between words, to the end of the next word. Word boundaries are the same as those used by Alt+f. |
| Alt+DEL | Kill from the cursor to the start of the current word, or, if between words, to the start of the previous word. Word boundaries are the same as those used by Alt+b. |
| Ctrl+w | Kill from the cursor to the previous whitespace. This is different than Alt-DEL because the word boundaries differ. |
| Ctrl+y | Yank the most recently killed text back into the buffer at the cursor. |
| Alt+y | Rotate the kill-ring, and yank the new top. You can only do this if the prior command is Ctrl+y or Alt-y. |
| Commands in the History | |
| Ctrl+r | Search backward in the history for a particular string. |
| Ctrl+s | Search forward through the history (it might work or not) |
| Alt+< | Move to the first line in the history. |
| Alt+> | Move to the end of the input history, i.e., the line currently being entered. |
Shortcuts and arguments
You can pass numeric arguments to terminal commands. For example, to give the Ctrl+d command an argument of 10, you could type
`Alt+1 0 Ctrl+d’, which will delete the next ten characters on the input line.
Custom shortcuts
You can go forward and define your own shortcuts in bash. To do so just add the shortcut you want on your ~/.inputrc file (or /etc/inputrc for all users). For instance, the search forward function didn’t work on my computer so I had to put this one:
“C-h”:history-search-forward
Here “C-h” means Ctrl+h. You can even define a shortcut for a command like ‘ps aux‘ adding this line:
“C-o”:’ps axun’
In order to this changes take effect the inputrc file have to be reread using this shortcut Ctr+x Ctrl+r.
References
The find command
Posted by Luis Gallardo in Linux on 13/04/2009
On Linux we can perform file searching in many ways. For Instance, from Nautilus (the Gnome’s file manager) we can search on the current directory for all mp3′s files using this expression ‘*.mp3′. But if we need to do more complicated searches, for example all mp3′s files greater than 5 MB, Nautilus is not the answer. In this cases we have to use a versatile and powerful command: find.
Address List
Suggestions
Planeta Linux
Follow me