Thursday, April 10, 2008

Configuring syslog server on debian

Like me, if you also wanted to set up a log server for gathering all the logs from your firewall, router, servers etcetera to a single log server, follow me..

I am running a Debian (lenny; In etch also this should work fine) and I got syslog-ng installed replacing the older, sysklogd package. syslog-ng is the next generation log daemon which has added features, noticeably in the log filtering area. But all I wanted was to get start with collecting and logging logs from my Netscreen firewall. So this is what I did.

Installed necessary packages using apt
apt-get install syslog-ng syslog-summary

(I am yet to try out syslog-summary )

Added the following to the configuration file of syslog-ng (/etc/syslog-ng/syslog-ng.conf)
In the source s_all{}, uncommented "udp();"

under the default destinations, added "destination df_netscreen { file("/var/log/netscreen.log"); };"

Under the default filters, added "filter f_netscreen { facility(LOCAL0); };"

Added to the end of the configuration file, the meat of the new log entry,

log { source(s_all); filter(f_netscreen); destination(df_netscreen); };

And then restarted the syslog-ng service.
sudo /etc/init.d/syslog-ng restart

That much did the main work of setting up the log server.  





"f_netscreen" & "df_netscreen"

These are mere identifiers and since I am setting this up to get my Juniper Netscreen25 logs to be accumulated here, I gave the name "*netscreen*".

"LOCAL0"

This is the log facility I used on the Juniper Netscreen25 for setting it up to send the logs to the newly set up log server. Hence the string "LOCAL0" appeared in the facility description in the filter syntax.

Since my firewall log size grows madly, I had to set up the logrotate to save my computer from running out of space. Adding a file called "netscreen" in the "/etc/logrotate.d" folder with contents as below did the magic for me.
/var/log/netscreen.log {
  rotate 6
  weekly
  compress
  missingok
  notifempty
}

This will rotate my firewall logs weekly and each will be kept until 6 weekly rotations before getting deleted. Read through "man logrotate" for more detailed information on setting up logrotate for your logfile and its always good to restart the crond "sudo /etc/init.d/cron restart" since logrotate uses cron.daily to get itself running every day.

update (2008-04-11): Adding the remote log facility "LOCAL0" to the "not" list of "f_messages" filter will avoid accumulating the remote logs in "/var/log/messages". (Addition is in 'bold letters', below)
filter f_messages {
        level(info,notice,warn)
            and not facility(LOCAL0,auth,authpriv,cron,daemon,mail,news);
};

Most importantly, by default syslog-ng does not seem to enable the cron log. I found it only when I wanted to check why the logrotate did not worked. I had to un-comment the below in "/etc/syslog-ng/syslog-ng.conf".
#log { source(s_all); filter(f_cron); destination(df_cron); };

Wednesday, April 2, 2008

Installing windows vista ultimate on dell laptop (Vostro 1400)

I have an office laptop,a Dell Vostro 1400 and it came with windows vista home basic. After a while, now I wanted to install the MSDN copy of windows vista ultimate in the laptop along with my Ubuntu Gutsy. I got the DVD and get started with the installation. It was all looking fine and the vista installer restarted my machine and went about completing the installation and once it finished and started to come to the login screen after one of the reboot sequel, I was stunned to see that after all the time spend on installing, Vista was giving me a BSOD. Its so fast that I cannot even read the error message or come to know which device driver is giving the trouble. As always I do, I started to suspect the driver for the nvidia card in the laptop. Before I try to disable the graphics card in the BIOS to make the onboard display as default, I was going through all the settings in the BIOS. When I came across AHCI settings for the SATA disk, I wanted to know more about it and went to wikipedia and searched for AHCI. I was reading through and I found everything under "Common problems switching to AHCI under Windows" in that page interesting. I was getting the similar error and I wanted to give a try by disabling the AHCI.

After disabling AHCI I was able to boot up the fresh Vista installation, and I knew what exactly is the trouble. Further search in the Google took me to this thread @ forum.notebookreview.com. I tried to repair the installation with the Vista repair option during the installer run, trying to add the drivers (which came with my dell driver cd) from a floppy/USB memory stick. It was taking a very long time and was not going forward. I didn't had much time to experiment and had to go for a re-install and this time when I did load the drivers (from the dell driver cd) everything was going on fine.
Initially when the windows vista ultimate installation was not going further, I tried to install windows server 2003 R2, which also succumbed to BSOD. From the wiki page about AHCI, its obvious that this is a common problem with most of the windows installations. Loading the appropriate drivers from the vendor while installing should be the solution if you have faced similar trouble.

Update (2008-04-11): After the successful installation of the Vista Ultimate, I never had used Bluetooth, until yesterday when I wanted to connect the laptop to the internet using vodafone mobile connect. I was trying to findout the old "Bluetooth Devices" application/link in my computer where I can enable/search for devices. Unfortunately later I found that the laptop doesn't have the BT (BT=Bluetooth from now on) LED on. This means, the device is not on for the OS even though it is in the BIOS. I checked the BIOS to make sure that BT is on and that the Wifi switch will handle BT as well as the Cellular device (Cellular device is my another mystery to be found out). Desperate to get it working, I called the Dell engineer. After trying all that he asked me to (most of which I had already done, but did for the sake of following a protocol in troubleshooting), we  (me and the dell support engineer) came to a conclusion that there is either connection problem (BT module to the motherboard) or the BT module is not working. Only after scheduling the engineer visit, it occured to me that visiting the dell forum is a good idea, and right there I headed straight. In "Forum Home > Support > Network/Internet/Wireless", the welcome (must read) thread named "Network/Internet/Wireless FAQ **READ FIRST** (Updated 4-11-2008)" I found the answer to my problem in the form of a "patch" (In the forum thread, under 'Bluetooth updates', a link named " Utility to enable Bluetooth radio after downgrade from Vista to XP or Vista to Vista if the radio is software disabled on Vista"). After installing the patch, my BT device LED indication was on, I can see the "BT devices" in the system tray, and It was on, it came back alive.

My advice to all those in distress due to your computer malfunction, head to Dell forums, read and search and read and .... chances are you can get things working by yourself. Dell forum is a great help and its very active. The way they categorized the forum is very neat and easy on the new users.