Archive

Archive for June, 2010

Bandwidth monitor: simple but efficient

June 21st, 2010 No comments

Today, I was looking for a small tool to display interface usage on Solaris, I tried first iftop. However, after spent few hours to try to build it (including ncurses, libpcap) I finally got a binary, but it’s not working! After google for few minutes, I found Bandwitdth monitor NG. It’s a very simple software, which uses only few libraries, and works like a charm!

Here a snapshot:

Bandwith Monitor NG screenshot

And for information, ldd output :

% ldd /opt/tools/bwm-ng-0.6/bin/bwm-ng
libcurses.so.1 => /lib/libcurses.so.1
libkstat.so.1 => /lib/libkstat.so.1
libc.so.1 => /lib/libc.so.1
libm.so.2 => /lib/libm.so.2

Categories: OpenSolaris, Solaris Tags:

How to clone search’s dashboard in splunk

June 14th, 2010 No comments

After few weeks trying to persuade my boss to buy Splunk, I start to put it in production. My first goal was to clone the search application’s dashboard using a dedicated index. Indeed, I have few splunks agent reading some tomcat’s logs and forward them to my splunk instance. All these logs are going to a dedicated index, named rtlnet. Our webdeveloppers want to use splunk to see the production’s logs. While it was easy to create the rtlnet index, I wanted to clone the search’s dashboard to give them an overview of logs by application, or by host. However, while it was easy to add index=rtlnet in the metadata search, I was not able to add the index in the search computed when you click on a result (for example the sourcetype).

Here the original code which produce one of the three panel:

      <module name="SearchLinkLister">
        <param name="settingToCreate">list1</param>
        <param name="search">| metadata type=sources</param>
        <param name="searchFieldsToDisplay">
          <list>
            <param name="label">source</param>
            <param name="value">source</param>
          </list>
          <list>
            <param name="label">totalCount</param>
            <param name="labelFormat">number</param>
          </list>
        </param>
        <module name="ConvertToIntention">
          <param name="settingToConvert">list1</param>
          <param name="intention">
            <param name="name">addterm</param>
            <param name="arg">
              <param name="source">$target$</param>
            </param>
          </param>
          <module name="ViewRedirector">
            <param name="viewTarget">flashtimeline</param>
            <param name="uriParam.auto_pause">true</param>
          </module>
        </module>
      </module>

As I said, adding index=rtlnet in the metadata search is trivial. However, when a user click on a result (in that case on a source), the computed search was only source=$target so there was no result, since it the index is not specified. After spending few hours trying to understand how to add the index in the existing intention, I finally understood I need to nest it into a new HiddenIntention. Here the new module definition:

      <module name="SearchLinkLister">
        <param name="settingToCreate">list1</param>
        <param name="search">| metadata type=sources index=rtlnet </param>
        <param name="searchFieldsToDisplay">
          <list>
            <param name="label">source</param>
            <param name="value">source</param>
          </list>
          <list>
            <param name="label">totalCount</param>
            <param name="labelFormat">number</param>
          </list>
        </param>
        <module name="HiddenIntention">
          <param name="intention">
            <param name="name">addterm</param>
            <param name="arg">
              <param name="index">rtlnet</param>
            </param>
          </param>
          <module name="ConvertToIntention">
            <param name="settingToConvert">list1</param>
            <param name="intention">
              <param name="name">addterm</param>
              <param name="arg">
                <param name="source">$target$</param>
              </param>
            </param>
            <module name="ViewRedirector">
              <param name="viewTarget">flashtimeline</param>
              <param name="uriParam.auto_pause">true</param>
            </module>
          </module>
        </module>
      </module>

As you can notice, I embedded the existing ConvertToIntention module in a new HiddenIntention. Cheers!

Categories: Sysadmin Tags:

rsyslog, split file by hostname

June 10th, 2010 1 comment

Here a rsyslog snippet to create a file by day, by device. Indeed, the %now variable take a value like 2010-05-24. Note that HOSTNAME will be replace by the hostname send by the syslog client. If you want to use IP, you can use %fromhost-ip%, and if you want the DNS name resoved by the rsyslog server, use %fromhost%.


$template default,"/data/logs/%HOSTNAME%/%$now%.log"

*.* ?default

Categories: Sysadmin Tags:

Séminaire sysadmin le 2 août

June 4th, 2010 4 comments

Alors que la liste sysadmin@asyd.net va bientôt fêter ses 4 ans d’existence (création le 17 septembre 2006), avec un total de 157 abonnés, nous commençons l’organisation du premier séminaire.

Au programme :

Horaire Titre Intervenant
9h00 → 9h45 Puppet Alban Peigner
10h00 → 10h45 ZFS ce qui nous plait et comment on l’utilise Olivier Delhomme
11h00 → 11h45 Retour d’expérience sur la haute disponibilité Arnaud Gomes Do Vale
14h00 → 14h45 Splunk, use case et retour d’expérience Bruno Bonfils
15h00 → 15h45 Annuaire LDAP et interface de gestions Benoît Mortier
16h00 → 16h45 FusionInventory David Durieux
17h00 → 17h45 iTop Erwan Taloc
18h00 → xxx Confs éclairs NA

Pour les confs éclairs, la liste ne fait que commencer, mais on y trouvera :

  • JRDS, un cacti like en Java
  • PowerDNS

N’hésitez pas à vous manifester pour proposer une conf éclair !

Cet événement prendra place à l’école des mines à Paris, 60 Boulevard Saint Michel. Pour des raisons pratiques d’organisation, les participants sont invités à s’enregistrer.

Categories: Sysadmin Tags: