Friday, June 24, 2011

Monit on OpenSUSE

Monit可以偵測本機的某些服務,當有異常時,可以透過它重新啟動daemon,以下是實作在OpenSUSE的系統上。

1. 安裝monit:
# zypper in monit
2. 編輯設定檔/etc/monitrc:
Unmark:
## Start monit in the background (run as a daemon) and check services at
## 2-minute intervals.
#
set daemon 60 <- 我把它改成1分鐘。

3. 新增偵測sshd daemon:
- 開啟/etc/monitrc並新增偵測sshd的設定:
check process sshd with pidfile /var/run/sshd.init.pid <- 注意這個檔案名稱是否與你的系統吻合
start program = "/etc/init.d/sshd start"
stop program = "/etc/init.d/sshd stop"
if failed host 127.0.0.1 port 22 protocol ssh then restart
4. 啟動monit:
# /etc/init.d/monit start
# chkconfig monit on
5. 測試:
- 手動將sshd stop:
# /etc/init.d/sshd stop
- 開始monitor:
suse:/var/run # /etc/init.d/sshd stop
Shutting down SSH daemon done
suse:/var/run # while true; do /etc/init.d/sshd status; sleep 1; done
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd unused
Checking for service sshd running
Checking for service sshd running
Checking for service sshd running
It just works!
Reference: http://cha.homeip.net/blog/2011/06/3134.html

Monday, June 20, 2011

於RHEL6配置Log receive server

RHEL6預設的log server由syslog改換成rsyslog,於是乎以往RHEL3/4/5的配置方法可能已經不適用了(也許有人還是習慣用syslog,那麼方法應該就一樣),不過不用擔心萬變不離其宗正是Linux的教條,只要理論有了,配置不過是理論的實現罷了,以下就簡單的說明一下怎麼改變吧。

1. Enable UDP port 514:
rsyslog預設上把port 514關掉了,請手動將它打開。
- Configure /etc/rsyslog.conf:
Unmark UDP syslog:
$ModLoad imudp.so
$UDPServerRun 514

- Restart rsyslog:
# /etc/init.d/rsyslog restart

2. 檢查UDP port 514已開啟:
[root@rhel6 ~]# netstat -tupln | grep 514
udp 0 0 0.0.0.0:514 0.0.0.0:* 2713/rsyslogd
udp 0 0 :::514 :::* 2713/rsyslogd

3. 配置允許接收對方的log events:
# vi /etc/rsyslog.conf to receive log from remote machine:
:fromhost-ip,isequal,"X.X.X.X" /var/log/test1_log
X.X.X.X -> remote IP address

- Restart rsyslog:
# /etc/init.d/rsyslog restart

4. 建立logrotate:
# vi /etc/logrotate.d/test1
/var/log/test1.log{
size +4096k #Trigger logrotate when file size more than 4096k
create 640 root root # File owner and permission
rotate 10 #maximum logrotate
compress
postrotate #restart rsyslog after trigger logrotate
/etc/init.d/rsyslog reload
endscript
}

- Restart rsyslog:
# /etc/init.d/rsyslog restart