IT Dribble

It seems that Nagios is logging in two places on my CentOS 7 build.
Once in /var/log/nagios/nagios.log and also in /var/log/messages.

Considering I like my builds nice and tidy and don’t want contamination of my log files, I needed to filter out Nagios using rsyslog.

Because rsyslog processes it’s rules in order, we need to insert the following rule

# Stop nagios going into messages - it already has a log
if $programname == 'nagios' then stop

before:

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

Then restart rsyslogd!

If you are downloading and opening a lot of documents directly from Firefox. Firefox, by default will write them to disk with read only permission, causing OpenOffice to open them read only. This is annoying if you want to make minor modifications before copying and pasting into a report. The solutions is within Firefox. Go to “about:config” and set “browser.helperApps.deleteTempFileOnExit” to false.

Recently I had the fun task of migrating our Vasco Identikey RADIUS to a Yubikey based RADIUS server. The only problem was with over 80 clients and 80 different shared secrets I didn’t want to log into 80 servers and retrieve the shared secret from the configuration files.

So to retrieve the shared secrets from the database perform the following on you identikey (linux) installation:

log onto identikey and ’su - root’

vds_chroot /opt/vasco/identikey /bin/bash
su - postgres
/usr/local/pgsql/bin/psql --username=digipass -d postgres 
\pset pager off
select vdslocation, vdspolicyid, vdsprotocolid, vdstcpport, vdssharedsecret from vdscomponent;

The secrets are obfuscated and I haven’t worked out the rest….yet….

For tricky squid ACL troubleshooting situations, it is helpful to be able to see which access control entries a request matches and does not match. This information can be discovered easily using squid’s debugging facility.

Step 1: RTFM

check debug sections avaliable: http://wiki.squid-cache.org/KnowledgeBase/DebugSections

In this case, we can see that squid’s ACLs are managed by section 28.

Step 2: Make squid more chatty

Given the ACL section, we can tell squid to log more information about ACL traversal. We feed him the section (28) and the log level (3, or similar) in squid.conf (near the top usually).

Code:

debug_options 28,3

… and we tell the daemon to re-read the configuration:

service squid reload

Step 3: Test and evaluate

Now check the logs:

tail -f /var/log/squid/cache.log

Note: realistically you probably don’t want to tail the logs, you are best to try your failing web site then open the log with ‘less’ etc and do a search for you website.

In this example my blocklist had downloaded some unfiltered characters and ended up with a zero (”0”) on a line by itself. (Why they ended up there is a different conversation)

2015/01/07 15:51:42.237| ACL::checklistMatches: checking 'zeus_block_list'
2015/01/07 15:51:42.237| aclRegexData::match: checking 'mt0.google.com'
2015/01/07 15:51:42.237| aclRegexData::match: looking for '24b5'
2015/01/07 15:51:42.237| aclRegexData::match: looking for '0'
2015/01/07 15:51:42.238| aclRegexData::match: match '0' found in 'mt0.google.com'
2015/01/07 15:51:42.238| ACL::ChecklistMatches: result for 'zeus_block_list' is 1

Removing the zero from the

zeus_block_list

and reloading squid resolved the issue.

Note that true evaluations are represented by 1, while false evaluations are represented by 0.

Step 4: Post-troubleshooting cleanup

It is important to disable the debug_options when you are finished troubleshooting. They produce a copious amount of logging, and they can generally be a (disk space) liability when you aren’t using them.

To reverse the changes, simply comment out the debug_options line above, and reload squid.

Thanks to FreeBSD forums for the walk-through

<?php
$everything = get_defined_vars();
ksort($everything);
echo '<pre>';
print_r($everything);
echo '</pre>';
?>