If you are running Redhat/CentOS and want to rename your network interface, this is how I get it done. It doesn’t come up too often, but when it does it can be frustrating if you don’t cover your bases.

Down each interface you want to rename. You may need to do it from the console (Since you may lose your network connection):

Edit the NIC names to be sure it doesn’t add duplicates when UDEV on the next reboot

Open each ifcfg-em* file and edit the “DEVICE” name to match the new interface name.

Rename the /etc/sysconfig/network-scripts/ifcfg-* file to match the new interface name

Credit for this goes to https://kernelpanik.net/rename-a-linux-network-interface-without-udev/ for the initial rename method, but i experienced some issues with UDEV duplicating the NICs, and for hard coded configurations, the network either failed to start on reboot or the NIC was reverted back to the old name after a reboot.

 

I just started using Atom as my primary editor (I absolutely love it), and i went package crazy. I was reading an article and decided to try git-time-machine which is a neat way to look at the commit history in a visual plot style.

timemachine
Image was borrowed from the project page: https://github.com/littlebee/git-time-machine

I was excited, but I ran into an error where git-time-machine was reporting:

Welp, I figured it was because git was not in my path (windows) so i checked by opening a command prompt, typing git and the command worked without a problem. So i went to the git-time-machine page, but it only mentions that the: “git command line utility needs to be in your path”, which it was. So i added it to my Windows path variable again, but that still didn’t help. Well, like most things the fix was simple, just tell Atom where your git projects are stored and it will work!

The Fix:

The error is misleading, since git is actually a working command. To fix it in Atom go to settings, and set the “Project Home” option to the place where you keep your Git projects. Then you will have beautiful visually plotted git history that you can fly through faster than you would believe!

plot

 

Quick and easy way to change your Sublime folder theme to something a little more visually pleasing and easier to click. There are probably a bunch of themes out there, but i like the “Flatland” theme. Here’s how to install it.

Flatland example

Install Package Control for Sublime

ctrl+shift+p (Win, Linux) or cmd+shift+p (OS X) and type “Package Control: Install Package”. (Or just go to Preferences > Package Control: > Install Package.)

In the box that pops up just type “Flatland” and click it.

Once that finishes successfully, just open your user settings (Prefernces> User – Settings) and replace the theme line with this

or

Last thing to do is go to Preferences > Color Scheme > Theme – Flatland  and choose the theme you want.

If you reached this page you probably already know that PiAware is a Raspberry Pi based ADS-B ground station that enables you to track and plot aircraft within range. If you setup this up and have it working, awesome. I ran into an issue where i needed to change the port number that the web interface listens on.

 

image credit: flightaware.com
image credit: www.flightaware.com

1) ssh to your piaware (raspberry pi) with either the pi user or your user account you created. If you didnt create an account, the default username is “pi” and the password is “raspberry”

2) modify the init script that starts dump1090

3) on line 13 in the PROG_ARGS variable add this to the end:

So it should look something like this when you are done:

4) Thats it! Restart dump1090 by either rebooting the pi or:

 

RIAK is an easy to use, fault tolerant decentralized database architecture that’s great for many different storage applications. Once you get it going its virtually maintenance free and its rock solid. Its easy to expand and has a pretty good looking admin interface as well!

Sometimes in testing, building or rebuilding RIAK nodes, the RIAK daemon just doesn’t want to start. This issue has come up numerous times while dealing with RIAK setups so i wanted to get something out there and hopefully help someone else that deals with some of the same issues. At the moment I’m running RIAK version 1.4 on Centos 6.3, and although it seems Basho fixes a lot of these issues over time, there are still some lingering ones that I still bump into pretty often.

And… you get an error similar to the following:

If you followed the instructions to setup RIAK step by step, the first thing you should do is run:

  1. Make sure that output has nothing obvious that you can check. After that here are a few more things you can check:
  2. Ensure all log directories are writable by the RIAK user. I’m not sure why, but RIAK seems to want write access to /var/log/riak as well as platform_log_dir in app.config but wont tell you this in the console output when it has problems writing to the directory. It really should, but it doesn’t.
  3. Ensure any certificates you have specified in app.config exist where they should and are readable by the RIAK user
  4. Clear out the /tmp/riak folder and ensure the RIAK user has write access to /tmp to create the directory. If its able to create the directory it should be OK, but sometimes removing this will delete any locks causing RIAK not to start. (Thanks to Nathan Evans) To fix this just run:

Some additional stuff:

Check permissions on the data directories as well, if these have incorrect permissions you should probably either delete them if its a new installation or just:

Make sure there are no other processes being run by RIAK, if there are kill them:

Then restart riak

To verify things are up to snuff, consider [installing and] running Riaknostic to detect more errors and find suggestions for improvement:

 

Feel free to comment with what may have worked for you and i will gladly add it to this post and give credit!

I didn’t want to leave you hanging without another way to get email alerts from syslog messages! I’ve been messing around with this awesome application called Riemann, and it can pretty much do anything you need it to in the world of real time event monitoring. Although it can do awesome things like show you events in real time and forward events to other places like Graphite, I’m just going to show you a quick and easy way to under-utilize the crap out of it and just send you email alerts when a certain condition is met.

So, go here and follow the installation instructions. If you are on CentOS or Debian just grab the rpm/deb file from the home page

Now, if you read my last post (or you already know what you’re doing), then you already have Logstash running with the Grok filter splitting out your logs to make them queryable. If not… then go do it!!!

All set? Alright edit /etc/logstash.conf and add something like this to the output section:

All this does is tell Logstash to output your stuff to Riemann. Logstash already knows the default port and assumes Riemann is running on the same machine. All we do is stick the status code from your logs into the state event field and set the description of the event equal to the request portion of your log line. Again, I’m basing this off my last post that shows you how to do this if its not already done!

Ok, Logstash is all set. Now edit /etc/riemann/riemann.config (Or wherever you put it). Add this to the bottom:

Restart / reload logstash and Riemann:

OK so all we did here was:

  1. Setup our mailer, and configure outbound settings.
  2. Define our rollup called “tell-ops” where we set thresholds and who gets the message
  3. Create a new stream that looks for “404” inside the state event field and runs tell-ops when it finds a match.

This is different from the Logstash email output because it has the ability to be configured with more options, and thanks to rollup it won’t send you an email every single time it finds a match. IN my example, it will send 3 emails, then wait 3600 seconds (an hour) before sending a full summary of everything that happened since the last email. You can create as many streams as you want to have more control over what emails you get.

The email will come as soon as the event occurs. The subject will contain the host(s), service name and match (404). The body will contain whatever you put in “description” in the Logstash config.

Some quick reminders:

  1. If you are having trouble, tail the Riemann log for clues
  2. Check and make sure you have a running mail transfer agent (like Sendmail)
  3. Make sure Logstash and Riemann are running (e.g. service riemann status)

And there you have it.

How to get email alerts from syslog via Logstash

If you reached this post, you are probably either trying to figure out how to get that dang email output in Logstash to work, which means you already have Logstash up and running. If not, you should probably go over to the Logstash documentation and hang out there for a bit, or maybe you were trying to figure out how to stash logs or something…

I’m posting this because it took me forever to figure it out in part due to missing / incomplete documentation on the email output page. (Just a quick note, you need an MTA in order to send mail, so i suggest you install sendmail or something else and tail the mail log if you want to troubleshoot outbound mail issues.)

So lets say for example you want to send an email alert when there is a particular string or integer such as an error code in your web logs.

You should already have your logs split up in a query-able format with Grok. This is necessary so that you can easily select the fields you want to match in your alerts. Here’s a simple Grok pattern example just in case you have no clue how to get this going.

Lets say you have a log line that looks like this:

Then you could use a Grok pattern like this:

Now, each item in the log line is accessible with the identifier specified above. So, if you want to access the status, anywhere in Logstash, you simply use %{status} and boom! Obviously your log line won’t look exactly like the example, but you can use this awesome Grok debugger to get yours up to snuff.

OK now onto the actual email alert, from here on its easy.

Say you want to get an email alert when a 504 or 404 error shows up in your web log. In the output section of your logstash.conf you would do something like this:

That should do it. Just swap out “status” for whatever you set the name (semantic) to in your Grok filter.