GUIs compatible with syslog-ng

• Splunk
• Elsa
• ElasticSearch, although not just a syslog-ng frontend, it can search through the logs if fed to it as clear text files.
• Graylog2
• fluentd
• LogAnalyzer

• New traffic record for GRNET NOC streaming service, or Scaling Wowza with Varnish proxies
• How to set up Wowza Transcoder NVIDIA NVENC accelerated encoding on CentOS

See also

• 3 Useful Gedit Plugins For Programmers
• Using Snippets

Notes and links on tcpdump.

Capture and output at the same time

This command will make tcpdump save captured packets in a .pcap file, and output their printable format on stdout:

sudo tcpdump -n -s0 -U -vvv tcp port 80 -w - | tee capture.pcap | tcpdump -vvv -n -r -

Options:

-n  : numeric output, don't resolve IPs to names, don't resolve ports to service names
-s0 : don't truncate packets unless they are bigger than 65535 bytes
-U  : don't buffer output, dump to `.pcap` immediately
-w  : write `.pcap`
-r  : read from `.pcap`

See Also

• A tcpdump Primer
• BPF - the forgotten bytecode

With netstat

Run netstat -r or netstat --route. Add -n or --numeric for numeric output. Example from a laptop, on which all traffic is routed out the wireless interface:

marios@rocko ~ $ netstat -rvn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.88.1    0.0.0.0         UG        0 0          0 wlan0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 wlan0
192.168.88.0    0.0.0.0         255.255.255.0   U         0 0          0 wlan0

With route

Run route with optional -n for numeric output. The result is almost identical to that of netstat. Example from the same machine as above:

marios@rocko ~ $ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.88.1    0.0.0.0         UG    0      0        0 wlan0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlan0
192.168.88.0    0.0.0.0         255.255.255.0   U     9      0        0 wlan0

With ip

Run ip route. Example from the same machine as above:

marios@rocko ~ $ ip route
default via 192.168.88.1 dev wlan0  proto static 
169.254.0.0/16 dev wlan0  scope link  metric 1000 
192.168.88.0/24 dev wlan0  proto kernel  scope link  src 192.168.88.253  metric 9

Bps/Par/Bits          : 9600 8N1
Hardware Flow Control : Yes
Software Flow Control : No

tcptrack is a small network utility that displays network connections on a system. Its output is similar to that of netstat, but it refreshes automatically.

Installation

On Ubuntu, it's available from default repositories.

On CentOS, it's available from Repoforge.

See also

• TCPTrack - Simple TCP Connection Monitor

This page is a dump of notes on disk benchmarking in Linux, and is in great need of editing! Use at own peril.

• http://www.westnet.com/~gsmith/content/postgresql/pg-disktesting.htm
• http://archive09.linux.com/feature/139742

hdparm

Buffered disk reads (bypasses cache)

This method reads data sequentially from the disk, disregarding file boundaries.

mariosz@super-mario:~$ sudo hdparm -t /dev/sdb
/dev/sdb:
 Timing buffered disk reads: 228 MB in  3.02 seconds =  75.52 MB/sec

Cached reads

mariosz@super-mario:~$ sudo hdparm -T /dev/sdb
/dev/sdb:
 Timing cached reads:   3158 MB in  2.00 seconds = 1579.16 MB/sec

dd

Writes

mariosz@super-mario:~$ dd if=/dev/zero of=testfile bs=8k count=100k; rm -f testfile
102400+0 records in
102400+0 records out
838860800 bytes (839 MB) copied, 12.7363 s, 65.9 MB/s

Writes and Cache-out

mariosz@super-mario:~$ time sh -c "dd if=/dev/zero of=testfile bs=8k count=100k; sync" ; rm -f testfile
102400+0 records in
102400+0 records out
838860800 bytes (839 MB) copied, 12.6832 s, 66.1 MB/s
real    0m19.304s
user    0m0.020s
sys 0m1.232s

Install iozone

1. Go to [http://www.iozone.org/], get link of latest build.
2. wget http://www.iozone.org/src/current/iozone-3-420.i386.rpm
3. yum install iozone-3-420.i386.rpm

If you also need to create graphs from the results of iozone, you can additionally install gnuplot:

yum install gnuplot

Using iozone

• [http://www.thegeekstuff.com/2011/05/iozone-examples/]

Bonnie++

The bonnie++ benchmark is available on EPEL repository for CentOS. Note that it will put load on the system on which it runs, so it's better run during less productive times.

[root@centos-6-3-minimal ~]# bonnie++ -u root

Bonnie++ will output its data twice, once in an ASCII formatted table, and once more in a single line CSV. Echo the contents of the CSV line through bon_csv2html to get a more readable HTML table.

service nfs stop
service nfslock stop
service portmap stop
service portmap start
service nfslock start
service nfs start

With a default installation of Apache running, a set of modules are configured to load automatically, to serve what the server's and the distribution's developers evaluated to be the most common needs. These modules can be (and probably should be) disabled on a production web server. This might save a very tiny bit of memory for each module, and also can improve security, in case a vulnerability exists in one of the loaded but unused modules.

In fact, if you want to be paranoid about security, you can pretty much disable all Apache modules, and only selectively enable those that are required for the functionality that you want your server to have.

In CentOS, you can see which modules are loaded on a running instance of Apache, with:

httpd -M

mod_proxy and related proxy modules

The mod_proxy and its related modules add the capability to use Apache as a proxy server in front of other Web servers, as well as in front of FTP servers, application servers, FastCGI servers, and other types of servers specified by loading additional modules.

These are not necessary in a setup where Apache is used as a standalone Web server. You can disable these features by commenting out the lines:

    LoadModule proxy_module modules/mod_proxy.so
    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
    LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
    LoadModule proxy_http_module modules/mod_proxy_http.so
    LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
    LoadModule proxy_connect_module modules/mod_proxy_connect.so

The mod_proxy_ajp module provides the ability to proxy HTTP requests coming to the web server to an application server. It is commonly used together with Apache Tomcat. Read more about the Apache Module mod_proxy_ajp.

mod_substitute

The substitute module allows for sed-like regex-based string substitutions in HTTP responses. To disable it, comment out the line:

LoadModule substitute_module modules/mod_substitute.so

Read more about the Apache Module mod_substitute

mod_userdir

Module userdir is used to serve web content from inside users' home directories, and it is loaded but deactivated (with the UserDir disabled directive) by default on CentOS 6. To unload it permanently, edit /etc/httpd/conf/httpd.conf, and comment out the line:

    LoadModule userdir_module modules/mod_userdir.so

You might also comment out the lines in the same file:

    <IfModule mod_userdir.c>
        UserDir disabled
    </IfModule>

mod_dav and mod_dav_fs

Both of these modules provide support for WebDav and can be disabled if WebDav is not going to be used in production. To disable, comment out the lines:

    LoadModule dav_module modules/mod_dav.so
    LoadModule dav_fs_module modules/mod_dav_fs.so

You might also comment out the lines in the same file:

    <IfModule mod_dav_fs.c>
        DAVLockDB /var/lib/dav/lockdb
    </IfModule>

mod_speling

The speling module tries to guess if a visitor has misspelled the URL of a page, and returns the page anyway if the requested misspelled page name and the actual page name are close enought. To disable it, comment out the line:

    LoadModule speling_module modules/mod_speling.so

Read more about the Apache speling module

mod_version

The version module allows you to specify different configuration depending on the version of Apache that is running, by defining that configuration inside <IfVersion> blocks of code. This makes it possible to have the same basic configuration file for many servers, which can be useful to some organizations. To disable this feature, commend out the line:

    LoadModule version_module modules/mod_version.so

Authentication and authorization modules

Apache provides a few ways to handle user authentication (who can do something) and authorization (what they can do). This functionality is provided by modules that contain authn or authz in their names, repsectively. If you don't plan on delegating these features to Apache at all, you can disable all related modules:

• mod_ldap and mod_authnz_ldap: These two modules can be used to delegate authentication to an LDAP directory. To disable, comment out these lines:

  LoadModule ldap_module modules/mod_ldap.so
  LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
  

• mod_auth_basic and mod_auth_digest offer Basic or Digest authentication respectively, and are used in combination with mod_authn_file (which allows the definition of a file that contains user credentials, and makes the use of the htpasswd command possible),mod_authz_user (which allows for different access in different parts of a website, and makes the use of the Require directive possible), and mod_authz_groupfile (which allows for access to be restricted based on group membership, usually defined in a htgroup file). Also, mod_authn_default and mod_authz_default are used to reject credentials if authentication or authorization are enabled but not configured. To disable, comment out these lines:

  LoadModule auth_basic_module modules/mod_auth_basic.so
  LoadModule auth_digest_module modules/mod_auth_digest.so
  LoadModule authn_file_module modules/mod_authn_file.so
  LoadModule authz_user_module modules/mod_authz_user.so
  LoadModule authn_default_module modules/mod_authn_default.so
  LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  LoadModule authz_default_module modules/mod_authz_default.so
  

• mod_authn_alias allows you to create multiple Basic authentication providers, and give them names (aliases) that are then used in the rest of the configuration. To disable, comment out:

  LoadModule authn_anon_module modules/mod_authn_anon.so
  

• mod_authn_anon allows anonymous users to access an otherwise restricted website. In combination with some authorization modules, it can display different content to authenticated and anonymous users. To disable, comment out:

  LoadModule authn_anon_module modules/mod_authn_anon.so
  

• mod_authn_dbm is an alternative to using an htpasswd file as the users' database, and scales better when the number of users exceeds 200. To disable, comment out:

  LoadModule authn_dbm_module modules/mod_authn_dbm.so
  

• mod_authz_host allows restriction of access based on miscellaneous properties of the client, as those are capture in Apache's environment variables, the most common of which are the IP and/or hostname of the client, and the web request sent by it. Access is controlled with the Allow and Deny directives, and the order of application is controlled with the Order directive. To disable, comment out:

  LoadModule authz_host_module modules/mod_authz_host.so
  

  If you disable this module, you will also have to comment out any uses of the combination Order, Allow and Deny in your configuration, since Apache will no longer understand their meaning. Running either httpd -t or service httpd configtest after commenting out the module will tell you the instances of those directives.

  Note that one of the uses of mod_authz_host is to disallow clients from reading .htaccess files. If you disable this module, you will either need to replace the instructions in .htaccess files with configuration inside the main httpd.conf, or to find another way to make those files unreadable.

• mod_authz_owner will authorize access to a user by comparing the username provided to either Basic or Digest authentication with the ownership of the file requested on the underlying filesystem. To disable, comment out:

  LoadModule authz_owner_module modules/mod_authz_owner.so