How To Setup a CentOS 7 Syslog Server

Today we learn how to build a syslog server.  Having a couple SuperMicro Builds, Switches and Firewalls, I want to be able to know what is going on by looking at one central source.   Easiest way to do this, and one that most Network Devices and SuperMicro Motherboards support is syslog.

First step is to build a quick CentOS 7 VM.  Next we install rsylog and other packages we will use later.  If you have installed the Minimum CentOS 7 image you will need the vim and net-tools packages.

yum install rsyslog vim net-tools

Next we open the syslog.conf file to allow the server to listen for syslog messages.

vim /etc/rsyslog.conf:

Then we un-comment the following four lines to allow syslog messages to be received on UDP and TCP Ports 514.

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514

becomes

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

Then we restart the syslog service.

systemctl restart rsyslog.service

Then we want to verify that the service is listening on port 514.

netstat -an | grep 514

We should see that TCP is listening and that UDP is now showing for port 514.

Capture.PNG

Finally we want to allow TCP and UDP 514 through the firewall.

firewall-cmd –permanent –zone=public –add-port=514/tcp

firewall-cmd –permanent –zone=public –add-port=514/udp

firewall-cmd –reload

Now that we have the syslog server up and listening, lets configure one of our servers to forward its message.

For my SuperMicro servers, we log into the IPMI page and click on the Configuration Tab and then Syslog.  We click “Enable Syslog” and then we enter in the IP and Port for our Syslog Server.  Finally we click Save.

Capture

For ESXi we need to login to the CLI of each ESXi host and run the following command, replacing the below IP with your syslog IP.

esxcli system syslog config set –loghost=’tcp://10.11.12.13:514′

Capture

For me Dell X1052 Switch, we log into the Administrator Web GUI and Click Log and Alerts, Expand Remote Log Servers, and Click Edit.

Capture

Then we click Add.

Capture.PNG

Then we enter the required information for our Syslog Server.

Capture.PNG

Eventually as events are generated you will see them in /var/log/messages on the your syslog server.  Once we configured our Dell Switch we saw the following message generated.

Capture

How to Verify Hard Disk Health from a Live CD

I’m in the process of selling a VMware Server Lab build that has outlived it’s usefulness. Priorities have changed, and when you can sell a parted out server for the cost of a home insulation job or a new heating system, it’s time to do that.

I came across a unique situation, I needed to verify health of my HGST HUSML4040ASS600 400GB SAS Hard Drives, but how do you do that?  I grabbed my USB to SATA adapter and used a Windows Program like HDSentinel or CrystalDiskInfo.  Unfortunately that doesn’t work because the SAS to Sata Adapters doesn’t allow a connection.  Same with my SATA HDD Dock.

Notice the Prongs on the end of the Adapter.  It prevents me from plugging it in.  DSC_0033.JPG

I figured I’d plug in the drives into a motherboard and off I go.  How about the SAS Controller, still no go.  Okay, lets try a new system.  Still no, go.  Okay getting annoyed now, let’s try my HBA in passthrough mode.  Here we go success!

So how did I do it?  It’s simple, GParted and the Command Line.

I won’t go into detail how I was able to create a GParted Live USB as its detailed on their page.  I went the UNetBootin route on Windows 10 and booted from my Storage Server via IPMI.

gparted

Once booted, I fired up the Terminal and proceeded to figure out what the command was to get the required SMART Information.

Eventually I received the information I needed.  Essentially the command outputs all information for the Device /dev/sdX where X is the drive letter indicated by Linux.

sudo smartctl -a /dev/sdX

The command output the following

capture

Hopefully this will save someone the two hours it took me of digging and searching for a Utility that worked for me.

 

Install WMIC on Debian Jessie for Observium

Modified from here to work with Debian Jessie Observium Turnkey VM

Step 1 – Install Required Packages

apt-get install autoconf bzip2 make build-essential

Step 2 – Download the ‘wmic’ source to /tmp

cd /tmp

wget http://www.openvas.org/download/wmi/wmi-1.3.14.tar.bz2

Step 3 – Untar the source

tar -jxvf wmi-1.3.14.tar.bz2

Step 4 – Go into the directory and add a line of text to the top of ‘GNUmakefile’

cd wmi-1.3.14/

#Edit ‘GNUmakefile’ and add the following at the top (just after the License Info) Step 5
ZENHOME=../..

Step 5 – Compile

make “CPP=gcc -E -ffreestanding”
#You will see an error, but if the bin file exists the build worked
Step 6
cp bin /bin/wmic