• Home
  • Work
  • Blog
  • Security
  • Links
  • Archive for the ‘Linux’ Category

    Elasticsearch + Nginx Access Log using Kibana and FileBeat

    2017 - 11.27

    Long time no see. Very short post today, very fast howto to implement access log logging to elasticsearch using simple utilities.

    First of all, I expect you have already setup your elastic cluster with Kibana or Grafana or whatever.


    Rsyslog + Elasticsearch/Redis backend template

    2016 - 09.19

    Here is example of template when using redis or Elasticsearch backend for rsyslog. Very usefull along with logstash and kibana.


    template(name="ls_json" type="list" option.json="on")
       { constant(value="{")
         constant(value="\"timestamp\":\"")         property(name="timegenerated" dateFormat="rfc3339")
         constant(value="\",\"message\":\"")         property(name="msg")
         constant(value="\",\"host\":\"")            property(name="fromhost")
         constant(value="\",\"host_ip\":\"")         property(name="fromhost-ip")
         constant(value="\",\"logsource\":\"")       property(name="fromhost")
         constant(value="\",\"severity_label\":\"")  property(name="syslogseverity-text")
         constant(value="\",\"severity\":\"")        property(name="syslogseverity")
         constant(value="\",\"facility_label\":\"")  property(name="syslogfacility-text")
         constant(value="\",\"facility\":\"")        property(name="syslogfacility")
         constant(value="\",\"program\":\"")         property(name="programname")
         constant(value="\",\"pid\":\"")             property(name="procid")
         constant(value="\",\"syslogtag\":\"")       property(name="syslogtag")
    *.* action(


    RIPE-Atlas Anchor installation

    2016 - 02.28

    Ripe-Atlas project Anchor installation.

    Anchor is high capacity RIPE-Atlas probe for internet measurements.

    Anchor mainly consist of  Soekris Net6501-70 board (can find on kd85.com) and running Centos 6.x.



    Analyzing Spam – Visualization

    2016 - 02.28

    Beautiful image of visualization spam traffic on primary mailserver.

    Every blue path is spam detected and delivered to mailbox spam folder, every yellow path is rejected spam.



    How to handle thousands of reports from servers – Logstash, ElasticSearch, Kibana

    2015 - 06.05

    Many services and server audit utilities like logcheck, logwatch, cron daemon, aide, ZRM, etc. are sending emails to local user or root. Some of them, can be easily configured but some of them not.

    Best way in my case is to deal with emails directly, but how ?


    Gitolite recover from lost authorized_keys

    2015 - 03.19

    Sometimes bad things happed and you have to recover your git server from backup or you have corrupted authorized_keys for git user.

    First of all, you should know what paths and user you using. For this example we have:

    User: git

    Home: /home/git

    Repositories: /data/git (linked into /home/git as repositories)


    Samsung SSD 840 PRO – performance degradation

    2014 - 12.03

    About year ago I wrote blogpost about endurance and performance test of Samsung SSD 840 PRO. Some things has changed, especially firmware of disks.

    I performed test on disk with firmware DXM04B0Q. When you want to buy this disk now you probably have firmware DXM05B0Q or DXM06B0Q.

    Problem is, both new firmwares has the same performance degradation issue.

    Since my first blogpost we bought about 100 disks and after few months we’re started observing some problems on database servers. Servers and disks was very slow, we are talking about 10 MB/s continuous write speed.

    First of all, we repeat our direct disk test, then we started to test disk with different filesystems.



    Command Line Tool for iRedMail (MySQL backend only)

    2014 - 03.13


    if anyone is interested in  open source mail server solution iRedMail and use MySQL as backend should now use my small cli script. Script has limited functions but it’s perfect for things like importing new domains or creating many email accounts.

    Script is opensource and use some functions from original iredadmin web management. So you need iredadmin installed, which is default option.

    iRedMail CLI Tool on Github


    Forgotten Skills: Build your own linux kernel

    2013 - 09.23

    Firt we will talk about WHY. Many people have many opinions on that and I’d like to present you mine.

    I work as System Specialist. During my work I often came to point that normal kernel from distribution doesn’t work. Whole or part of server was unusable because one of these common reasons:

    • Virtualization support with combination of new HW
    • Missing driver for some Raid Controllers
    • Missing driver for network cards
    • Security hardening patches for specific systems

    I don’t remember which of the reason was the first when I must build my own kernel to be able use server or computer with all it’s hardware. In few next years another big reason appear.

    • New kernel have fixed some performance issues

    Now we can talk about how to do it.


    HowTo use Grub rescue mode

    2013 - 06.07

    Sometimes when you upgrade or migrate your linux from one disk to another, boot should hang out on line  “grub rescue>“,

    what now ?