I’m pretty new to selfhosting, but one thing that I know to take seriously is log collection. Since there are a lot of different type of logs (kernel log, application logs, etc) and logs come in many different formats (binary, json, strings) - it’s no easy task to collect them centrally and look through them whenever...
I’ve just started digging into it myself ! Here’s my current setup (I’ll see how it scales in the long term):
syslog on every host
Telegraf collects and parse logs
InfluxDB stores everything
Grafana for dashboards
I run OpenBSD on all my servers, and configure all the services to log via syslog.
Then I configuré syslog to send only those I care about (https, DNS, …) to a central telegraf instance, using the syslog protocol (RFC3164).
On this collector, telegraf gets all these logs and parse them using custom grok patterns I’m currently building, to make sense out of every log line it receives. The parsed logs are in turns stored in Influxdb, running on the same host.
I then use Grafana to query InfluxDB and create dashboards out of these logs. Grafana can also display the logs “as-is” so you can search through them (it’s not ideal though as you simply search by regex from the full message, so it’s on par with grep at least).
This setup is fairly new and seem to work very well. Telegraf is also very low on resource usage for now. I’ll have to continue adding grok patterns and send more application logs to it to see how it handles the load. I do have a few questions still unanswered for now, but time will tell:
Q: Should I first collect via a central syslog before sending to telegraf ?
This would let syslog archive all logs in plain text, rotate and compress them. I would also only have a single host to configure for sending logs to telegraf. However this would eat up space, and could hide the original sending hostname for each log. I might try that someday.
Q: Should I run telegraf on each host ?
This would distribute the load of the grok parsing amongst all hosts, and then all telegraf processes will send directly to the central one for collection, or even directly into influxdb. I would also benefit from telegraf being install on each host to collect more data (CPU, network stats, …). However it makes the configuration more complex to handle.
Q: What is a good retention period ?
For now, influxDB doesn’t expire any data, as I don’t have much yet. In the long run, I should probably delete old data, but it’s hard to tell what is “old” in my case.
Q: Do I need an interface to read logs ?
I use this setup mostly for graphs, as grafana can make sense of fields like “http_verb”, “http_code” and such. However, it is much more practical for me to dig into the logs right on the server, in /var/log. Having an interface like chronograf or graylog seems practical, but I feel like it’s overdoing it.
That’s the post I took inspiration from for this setup. It does use collectd and custom awk scripts for log ingestion though, where I simply use telegraf.
It’s instant as well in my case, but I don’t have a huge amount of logs yet. I’m still figuring out this whole setup and what are it’s strength and weaknesses.
I’m using influxdb 1.8 though (which is old), because that’s the version shipped with openbsd repos. It crashes fairly often when you perform “illegal” operations, which is annoying. Like, the DELETE FROM command only lets you use the time field in the WHERE clause. Using any other field would crash the DB. I might recompile it from scratch at some point because it lacks too many features from upstream. But for now, it does a decent job, and is really easy to setup (this was the killer feature for me).
Do not use Dendrite for multi-user setups if you plan to run bridges. Contacts handled by the bridges are visible by the whole server, which means that it leaks many information on your contacts (names, phone number, …). I’m also not sure that multi-user puppeting is supported with dendrite.
I would advise you to run Synapse because of that.
I store and query them using influxdb. I checked Loki but apparently it’s main feature is that it store the message as a single field, this not parsing the log at all. I didn’t know about Promtail. Is it better suited than influxdb for my usecase ?
I’ve found that you can use custom grok patterns to parse logs just as grayling extractors do. I’m still trying to figure it out, but so far I could start parsing logs using a [[processor.parser]] block. I’ll document my findings when I get it working as I want it.
You can then query your influxdb using the fields extracted from these patterns:
<pre style="background-color:#ffffff;">
<span style="color:#323232;">> USE telegraf
</span><span style="color:#323232;">> SELECT xff,httphost,request FROM syslog WHERE appname = 'httpd' AND verb = 'GET' ORDER BY time DESC
</span>
I use vis to write code, ^Z and make/mk to build the project. Most of the debugging is done with valgrind and eventually gdb though my use is very limited.
When I work on manpages, I use wendy to automatically preview manpages everytime the source file changes.
I’ve ended up with a number of machines on my network, and a need to name them all in a somewhat logical way. For several years I had them named after the planets, which worked well until the PCs for myself, my girlfriend, servers and Raspberry Pi’s quickly summed up to more than the eight planets. I’ve broadened it...
I just found about this distro, which is relatively new (2021). Its specificity is that it doesn’t features any GNU software by default, which I find interesting.
I only learnt about it today, so I couldn’t check it. I have this project of building my own distro using musl and a non GNU userland, and it is a very annoying process, so I felt like I should share this one.
I already used alpine for a few years, before containers were a thing. I heard about it exactly because it was advertised as a distro without GNU components, which was revolutionary at the time.
You sound weary with that kind of comment, I wonder what bother you so much about seeing a new distro pop up ?
Arguing over licences to judge how much a piece of software is worth is sterile IMO.
If you personally cannot use software that’s not GPL’d, then it’s fine. But there’s no need to sound condescending like this, it brings absolutely nothing to the table. This could only result in a flame war (and it already is unfortunately, seeing the comments below), which is kind of sad.
So yeah, no prob mate, this is not for you, we get it. See you on the next thread 🫡
Yeah it’s definitely young and not for everyone. But you gotta start somewhere ! I do agree that the “shortcomings” are not explicitly defined, but rather implied in the FAQ.
Simple question, difficult solution. I can’t work it out. I have a server at home with a site-to-site VPN to a server in the cloud. The server in the cloud has a public IP....
Short answer: Don’t bother, it’s too complex to setup (unless your app is HTTP or supports the PROXY protocol). You better read your proxy logs instead.
Long answer: What you want is called “IP transparency” and require your proxy to “spoof” the IP address of the client when forwarding packets to the remote server. Some proxies do it (Nginx plus, Avi Vantage, Fortinet) but are paid services. I don’t know for free solutions as I only ever implemented it with those listed above.
This require a fairly complex setup though:
0. IP address spoofing
The proxy must rewrite all downstream request to spoof the client IP address, making it look like the traffic originates from the client at the TCP layer.
1. Backend server routing
As the packet will most likely originate from random IP on the internet, your backend server must have a way to route back the traffic to the proxy, instead of it’s default gateway. Otherwise you’d implement what is called "Direct Server Return*, which won’t work in your case (packet will be dropped by the client as originating from your backend server directly, and not from the proxy).
You have two solutions here:
set your default gateway to the proxy over its VPN interface (don’t do that unless you truly understand all the implications of such a setup)
use packet tagging and VRF on the backend server to route back all traffic coming from the VPN, back to the VPN interface (I’m not even sure this would work with an IPsec VPN though because of ACL…)
3. Intercept and route back return traffic
The proxy must be aware that it must intercept this traffic targeted at the destination IP of the client as part of a proxied request. This require a proxy that can bind on an IP that is not configured on the system.
So yeah, don’t do that unless you NEED to do that (trust me as I had to do it, and hated setting it up).
Edit: apparently haproxy supports this feature, which they call transparent mode
This is only true if the proxy can understand the application layer of the backend (eg. HTTP). For TCP/UDP based proxy, you only get “X connected to Y” type of logs, which isn’t very useful to debug an application.
For TCP/UDP traffic, you’d just move the problem on another box. The application logs would report connections from 127.0.0.1 (the local proxy), and not the client IP.
Hi there, I’m trying to set up AdGuard home and it doesn’t seem to work properly. Maybe I’m getting it wrong on how it’s supposed to work, but I’m kinda confused right now and it seems to me than Win11 is lying to me about my DNS entries …...
Windows does DNS cache by default, so it could be that many domains are still in your local cache. First change your DNS settings, then clear the cache with ipconfig /flushdns.
jami.net perhaps ? I’ve just heard about it and didn’t try it myself, but it’s kind of appealing to see a new decentralized messaging app (I wish tox succeeded in this field, but hey…).
It’s more about trust, than security. When you use a specific distro, you only have to trust the distro packagers. These packages are reviewed by multiple persons, tested thoroughly and (usually) built in a reproductible way. The packagers are usually different from the developers, so they can also review the code itself and eventually patch issues if needed to be in line with the distro’s ideology.
With flatpak, snap and friends, anyone is a potential packager, so for each software you gotta trust this single entity, which is usually the developer itself.
I have several domains that I use for email aliases and I no longer need all of them. I’m worried if I let one expire and someone else purchases the domain, they will be able to set up a catch-all email address and intercept any emails that I don’t specifically migrate accounts/unsubscribe from newsletters. What are my best...
Subscribe to as much shitty free services, mail lists and commercial ads as you can. If someone ever gets the domain, they’ll receive so much spam they won’t bother reading them.
Source: I bought such a domain myself, and I have no idea what the previous owner was up to… I received delivery reports from a beer company in Iceland, password reset requests from like 500 Instagram accounts, and many other emails like that.
However, the domain is totally “sane” and not blacklisted anywhere. I have no idea how that’s possible that my emails get through spam filters given it’s past ^^
So it’s saturday afternoon, a very hot one, so you ask your daddy for an ice cream (hosted service). The shop you go in is very bizarre though, as there is one vendor (TCP port) for each flavor (docker service/virtualhost). But it’s tricky because they’re all roaming in the shop, and you don’t know who’s responsible for each flavor. Your dad is also not very comfortable paying these vendors directly because they only accept cash and do not provide any receipt (self-signed certificate/no TLS).
Hopefully, there is the manager (reverseproxy) ! This girl is right where you expect her: behind the counter (port 80/443), accept credit cards and has a receipt machine (Domain name + associated certificate). She also knows everyone on her team, and who’s responsible for each flavor !
So you and your dad come to see the nice lady, ask for a strawberry + chocolate ice cream, and pay her directly. Once done, she forwards your request directly to the vendors responsible for each flavor, and give you back your ice cream + receipt. Life is good, and tasty !
That one is easy ! Because in a few years (remember, you’re 5), you’ll be a scout ! And to collect a few dollars for your summer camp, you’ll sell pastries to the neighborhood. It’s easier than ever because it’s 2030, and everyone can just order the pastries on your website, and pay online. All you have to do now is hop on your bike, and deliver the pastries (network connections) to your neighbors (online servers). So you grab the first package, and read the label on it:
Mrs. Britneak
And that’s it ! You have no idea who this person is, or where they live ! So you call out your leader (DNS server):
Hi Mr. Leader !
… (nobody ever get my UDP jokes)
So I got this package to deliver to mrs. Brtineak. But I don’t know where she lives
Oh sure, let me lookup the register (zone file). Hold on for a sec… Alright, she’s here: 62.644888, -160.194309
And then he hangs up immediately (this is UDP, remember?).
You write it down (local caching DNS server), and look it up. You’re a scout, so you’re trained to read and find GPS coordinates. You go there in a few minutes and deliver the package in time ! Mrs Britneak is happy, and you go on to the next package:
I am fairly familiar with Linux, I’ve been using different distros for some years now and have done some config editing here and there. I am also a web developer and use the terminal quite a lot and so I always stumble on people’s recommendation to use tmux and how good it is, but I never really understood what it does and,...
Tmux is no different from a terminal app that split the screen in terms of “multi window” functionality. However it’s not a graphical software, so you can start it remotely (eg. over ssh), and detach/reattach to it later without loosing what you where doing.
That’s your use case, but you could also want to share a picture with your family, or some confidential logs with a collegue or support team. However, I wouldn’t trust any online service for this use case though. If some information is confidential, you should encrypt it yourself, share it with your peer (you could use a pastebin), then share the key over a trusted channel that’s different from this pastebin.
I’m currently struggling with upgrading some Postgres DBs on my home-k3s and I’m seriously considering throwing it all away since it’s such a hassle....
I have a single database server because I can’t afford two servers with high storage. The servers that need access to it connect over wireguard VPN. This is slow as f**k don’t do that.
Crux user here. I like the port tree system and simple package building recipes. It’s also a distro that kept things very simple over the years despite the rise of dbus and systems. Also the mascot.
Definitely Ubuntu, it’s the most user friendly for people coming from other OSes
I’d say Ubuntu again, or maybe Debian. You built up skill and learnt the distro so you want to use something you know for work. On your personal computer, try other ones. I personally picked Arch at this time (around 2012), which helped me “understand” how the OS works, rather than simply use it. I reinstalled it quite a few times and broke the system a lot.
Any distro with a simple package management system. My personal choice goes to crux, but it’s very barebones. NixOS or Gentoo would be fine too The point here is to learn how to build packages by building them yourself, and I feel like the “big” packages managers (apt, yum, dnf) are too complex for that. They also decorelate runtime libraries from headers files, which is a pain to work with as a développer IMO.
But it’s just my personal experience, many new distro popped up since then. Also for reference, I’ve been using Linux for 12 years now, and I run Crux on my desktop, Ubuntu at work, and OpenBSD on my servers.
I used to run it on my Xperia, and life was good. Then they announced a version for the Xperia 10 III, so I got hyped and bought the device. When the release came out, it lacks so many features and was riddled with bugs, so I never installed it. As of today (4.5.19), it seems the software still lacks basic features (ability to...
Thanks for the feedback. I didn’t try it because I didn’t want to buy Sailfish OS (again…) just to end up with a broken phone, and rollback to android, especially as it breaks the warranty. I figured I could just wait for the next update for these issues to be fixed, but they never came and I simply did not bother getting the test image at this point.
Would you have a link to the patch for the camera ?
Tor’s shadowy reputation will only end if we all use it | Engadget (www.engadget.com)
How do you deal with the logs on your servers?
I’m pretty new to selfhosting, but one thing that I know to take seriously is log collection. Since there are a lot of different type of logs (kernel log, application logs, etc) and logs come in many different formats (binary, json, strings) - it’s no easy task to collect them centrally and look through them whenever...
Ah yes poe (pawb.social)
Wake up, Neo ... (lemmy.sdf.org)
cross-posted from: lemmy.sdf.org/post/1341812...
[advice] Hosting Matrix Server & Bridges
Hi all,...
Parsing RFC3164 logs for Grafana
Hey everyone ! I finally decided to monitor my applications more closely with Grafana. However I’m having issues building dashboards their logs....
Coders, what is your workflow on Linux
Hello,...
What is your machine naming scheme?
I’ve ended up with a number of machines on my network, and a need to name them all in a somewhat logical way. For several years I had them named after the planets, which worked well until the PCs for myself, my girlfriend, servers and Raspberry Pi’s quickly summed up to more than the eight planets. I’ve broadened it...
Chimera Linux (chimera-linux.org)
I just found about this distro, which is relatively new (2021). Its specificity is that it doesn’t features any GNU software by default, which I find interesting.
Proxy to TCP port with real IP
Simple question, difficult solution. I can’t work it out. I have a server at home with a site-to-site VPN to a server in the cloud. The server in the cloud has a public IP....
What could be happening here? Question about DNS entries
Hi there, I’m trying to set up AdGuard home and it doesn’t seem to work properly. Maybe I’m getting it wrong on how it’s supposed to work, but I’m kinda confused right now and it seems to me than Win11 is lying to me about my DNS entries …...
Signal may soon be getting usernames (nitter.lacontrevoie.fr)
Are packages from flathub always safe?
I usually trust my distro repos without checking. Can the same be applied to flathub without much worry?
How to safely dispose of domain I've used for email aliasing?
I have several domains that I use for email aliases and I no longer need all of them. I’m worried if I let one expire and someone else purchases the domain, they will be able to set up a catch-all email address and intercept any emails that I don’t specifically migrate accounts/unsubscribe from newsletters. What are my best...
What do you recommend to selfhost code repositories?
To use with Git
[ELI5] What is a reverse proxy exactly and how do I use it to run several dockerized services on one machine?
So, I have some idea on what a reverse proxy does and will be using nginx (with the neat proxy manager UI) for my setup....
Old Computer Challenge - Meet sorlag ! (lemmy.sdf.org)
Old computer challenge V3...
Can you please ELI5 tmux?
I am fairly familiar with Linux, I’ve been using different distros for some years now and have done some config editing here and there. I am also a web developer and use the terminal quite a lot and so I always stumble on people’s recommendation to use tmux and how good it is, but I never really understood what it does and,...
Paaster.io - End-to-end encrypted pastebin. (github.com)
What's your approach to databases?
I’m currently struggling with upgrading some Postgres DBs on my home-k3s and I’m seriously considering throwing it all away since it’s such a hassle....
Ubuntu 23.10’s New Software App Will Demote DEBs (Apparently) (www.omgubuntu.co.uk)
A new ‘app store’ is expected to ship as part of Ubuntu 23.10 when it’s released in October — and it’ll debut with a notable change to DEB support.
What do you like about your Linux Distro?
I use Fedora 38, it’s stable, things just work, and the software is up-to-date.
What daily workstation-distro helped or hindered you when learning linux?
Hello Beautiful community!...
Anyone still using Sailfish OS ? (sailfishos.org)
I used to run it on my Xperia, and life was good. Then they announced a version for the Xperia 10 III, so I got hyped and bought the device. When the release came out, it lacks so many features and was riddled with bugs, so I never installed it. As of today (4.5.19), it seems the software still lacks basic features (ability to...
Terminal emulator features and compatibility (lemmy.ml)
Source: github.com/muesli/termenv#compatibility