While surfing through internet I came accross rsyslog term which is something like monitoring and logging tool. Fer points that I collected :
1.Multi-threading
2.TCP, SSL, TLS, RELP
3.MySQL, PostgreSQL, Oracle and more
4.Filter any part of syslog message
5.Fully configurable output format
6.Suitable for enterprise-class relay chains
Similarly Packetbeat is used to monitor network packets and uses elasticsearch and Kibana. Packetbeat also monitors TCP, MySql etc.
So what is the prime diff between these two?
Rsyslog is basically for unix and unix like operating system while on the other hand Packetbeat provides support for all the operating systems.
Apart from that Packetbeat can be used to analyze following protocols:
ICMP (v4 and v6)
DNS
HTTP
Mysql
PostgreSQL
Redis
Thrift-RPC
MongoDB
Memcache
While rsyslog provides support for following protocols:
3195
auditd
gssapi
journal
klog
kmsg
mark
ptcp
relp
solaris
tcp
udp
uxsock
zmq3
So the use cases of both rsyslog and packetbeat varies like if you want to monitor your REST API transactions , mongo DB transactions then you can use packetbeat which when integerated with kibana can be used to visualise the traffic on the ports where you API server is running.
Related
I'm running ECK cluster with rancher2. There are 3 nodes: 2 for elasticsearch, 1 for kibana.
I want to change Elastic-server configuration with operator, for example, disable ssl communication.
But what right way to do it? Mount config-file from host? Please give some ideas
Quoting the documentation:
You can explicitly disable TLS for Kibana, APM Server, Enterprise Search and the HTTP layer of Elasticsearch.
spec:
http:
tls:
selfSignedCertificate:
disabled: true
That is generally useful when you want to run ECK with Istio and want to let that manage TLS.
However, you cannot disable TLS for the transport communication (between the Elasticsearch nodes). For security reasons that is always enabled.
PS: For a highly available cluster, you'd want at least 3 Elasticsearch nodes. Having 2 isn't helping you — if one of them is going down, the other one will degrade as well, since Elasticsearch is built around a majority based consensus protocol.
I have written a oracle client program using OCI library.
client send a request to server and hung because server crashed and not intimated to client.
How can i find server status from client side(using OCI API).?
Thanks
I think Oracle db module for Asterisk had a nice DCD(dead connection detection) implemented. There are various approaches(server side, client side).
In your case the easiest way would be to use TCP keepalive. Use enable=broken directive in tnsnames.ora.
Purpose
The keepalive feature on the supported TCP transports can be enabled
for a net service client by embedding (ENABLE=BROKEN) under the
DESCRIPTION parameter in the connect string. Keepalive allows the
caller to detect a dead remote server, although typically it will take
2 hours or more to notice. Operating system TCP configurables, which
vary by platform, define the actual keepalive timing details.
net_service_name=
(DESCRIPTION=
(enable=broken)
(ADDRESS=(PROTOCOL=tcp)(HOST=sales1-svr)(PORT=1521))
(ADDRESS=(PROTOCOL=tcp)(HOST=sales2-svr)(PORT=1521)))
(CONNECT_DATA=(SERVICE_NAME=sales.us.example.com))
Just beware you will also need root privileges. With default setting Linux kernel starts sending keepalive packets after 2 hours of inactivity. So you also have to change tcp_keepalive_time and tcp_keepalive_intvl in /etc/sysctl.conf. This is global server side settings and Oracle can not yet set keepalive interval for a single TCP connection.
One more comment: I recall there is some function called OCIPing.
This one can be used for testing too. But I'm not sure how to distinguish long running queries from dead server situation.
PostgreSQL supports using unix sockets rather than TCP sockets. How do I configure the following block to use unix sockets.
# Configure your database
config :my_app, Sample.Repo,
adapter: Ecto.Adapters.Postgres,
database: "ecto_simple",
username: "postgres",
password: "postgres"
As of March 2018, Postgrex now supports connecting via sockets.
This can be done by supplying a socket or socket_dir option. Here's the changelog from where I picked this up and the source code where you can see an exhaustive list of all options.
From the source code:
:socket_dir - Connect to Postgres via UNIX sockets in the given directory;
The socket name is derived based on the part. This is the preferred method
for configuring sockets and it takes precedence over the hostname. If you are
connecting to a socket outside of the Postgres convention, use :socket instead;
:socket - Connect to Postgres via UNIX sockets in the given path.
This is especially useful (I suppose) if you're on AppEngine which requires you to connect through an SQL proxy through localhost (127.0.01) which works only through a proxy connection.
PostgreSQL prefers unix sockets to TCP sockets on the grounds of performance and privacy. If not already available: TCP can be enabled on the server if you follow simple documentation and have access to do so.
The avenue of client connection is set via environment variables, in particular: PGHOST. From experience drivers such as libpq expect to work that way - it would be shocking if Postgrex did not.
See: https://hexdocs.pm/postgrex/Postgrex.html
The value to supply in PGHOST varies according to the configuration of the server as seen in the file: "postgresql.conf".
It is possible that you may need to create a directory for sockets and set permissions. The following should help: http://iamvery.com/2013/06/17/postgresapp-with-unix-socket.html
To get a more precise answer you will need to mention your operating system and version; also your version of PostgreSQL.
I have a client host and a different rethinkdb server host. I need to set the firewall rules among this servers related to the rethinkdb client driver. I already know that the rethinkdb server should accept tcp connections in port 28015, but I don't know which local port uses the client driver in the client host to request data and to receive data from the rethinkdb server. So my question is which port use the rethinkdb client driver for request data and for receive data from the rethinkdb server host ? In case the client driver uses random ports, how can I set the client driver to use a specific port to request and to receive data from the rethinkdb server?
As #Daniel Mewes said:
The local outgoing port on the client cannot be set (at least not with
the official drivers). It is automatically assigned by the operating
system. Note that the client never listens to any incoming connections
though.
Can you mark this as answered #nerva13?
I have to test the value from client to server using different protocols (Tcp , UDP , Sctp).
Please guide how it can be possible. Is there any way in windows to change the protocol or is there anyway to find it by using software like packet tracer .
Thanks
While the question is not entirely clear, it sounds as though your interested in seeing the information sent between the client and the server when each of those protocols is used.
Windows does not provide a built in utility to view packet data but it can be viewed using a packet analyser such as Wireshark.
In order to see the values sent by each protocol you must run a client for each of the protocols and use it to connect to the server for that protocol. If you don't have a server to connect to, you may need to run one on your local machine.
You can narrow down the data captured to just the protocol you're interested in using a filter in Wireshark If you don't know the protocol being used, you can filter by the port number used for that connection which can be established using the netstat command.
You may need to use netstat -b to show you which programs are using which ports.
If you just have to generate packets using different protocols then the tool like netcat can also help. It supports TCP and UDP and has been ported to windows .