Skip to main content

Posts

Showing posts from January, 2013

Github Repo of Pcaps

I became a little tired manually downloading pcaps from the various, freely available resources on the net so I added a repo to my very basic github repo so that I could simply `git clone` from wherever I am - assuming decent bandwidth and Github don't get to pissed at storing pcaps - as it's only 1.1gb at present, I doubt they will (/me hoping :) ). I'm not really sure what I plan to do with this repo, I guess I'll extend it and add more as I get around to it. My sole goal at the minute is to use the awesome functionality of Github to manage and modify the content, as well as making it easier for me to remember where the pcaps are ;-)

Separate MongoDB Syslog by Facility

In my last post , I showed how you can set up MongoDB v2.2 to syslog its logs off to a remote syslog server. As my `tcpdump` snippets show, the syslog messages hit the syslog server tagged as "user.info", which means that they're assigned to the "user" facility with a severity level of "info". I've received a few questions regarding the possiblity of splitting out syslog messages by facility, however, as everything is currently sent to a "user.info" bucket, so-to-speak, this is not possibility. There is a current feature request for this capability and work will be done on this but if this is important for you, I'd strongly encourage you to vote for this feature. In the meantime, however, (whilst not ideal) you can still do some host filtering with rsyslog as outlined here .

MongoDB Logging to Remote Syslog Server

As per the MongoDB 2.2 release notes , log output for MongoDB can now be redirected to a remote syslog server. Here is an example configuration. MongoDB Instance MongoDB is started as follows (note the extra `syslog` switch): $ mongod --dbpath=/data/db/syslog --fork --syslog The local "/etc/syslog.conf" file (i.e. on the `mongod` instance) is configured to send everything to the syslog server (10.7.100.20): @10.7.100.20:514 Syslog Server I ran my Syslog server on Ubuntu 12.04. There are a tonne of links out there describing how to install syslog on Ubuntu - see here . The syslog "facilities" are configured in the server's `/etc/syslog.conf` file (I left this as default): ################################################################################# # # First some standard logfiles.  Log by facility. # auth,authpriv.*            /var/log/auth.log *.*;auth,authpriv.none        -/var/log/syslog #cron.*                /var/log/cron.log daem