13/03/2017

Goaccess

One of the best software I start using this year is goaccess, it’s AWSOME!

Basically goaccess is a web log analyzer, like awstats or webalizer, like them It’s simple, it’s quick, it’s very useful, but unlike them it produces very very beautiful reports.

Just be careful, goaccess it’s not like Google Analytics or Piwik, it doesn’t track uses via javascript and does not analyze visitors but only access logs.
That’s another reason why I love it, if you need to quickly analyze your logs to find a problem or to find the reason of a particular load spike goaccess is your tool.

Another great feature if this tool is that you can simply pipe stdout to feed goaccess, for example you can parse your logs with sed, awk and grep and get a quick analysis.

Goaccess install is really simple, it’s included in the most used repositories for the major GNU/Linux distros, but I strongly suggest to clone it from the official git repository and follow the simple compile syntax, just remember some requirements:

  • GeoIP and GeoIP-devel
  • autoconf and automake
  • tokyocabinet and tokyocabinet-devel (for incremental analysis)

Last but not least goaccess has a very good support from its maintainer and the community, if you have a question, a problem or a request open an issue and you’ll have a quick answer from kind and collaborative people.
Recently I had a problem with some strange logs, I asked for a solution, I discussed directly with the project maintainer and he agreed to add a new feature to fix this kind of logs; if I had this problem with some sort of super-enterprise commercial software from IBM, Oracle or any other big company I will surely had to open tickets over tickets (with an active support subscription), write mails over mails, get some huge conference calls with people all over the world and *perhaps* have a workaround and the promise of a patch in the next major version of the product… :\

Here is a simple cheatsheet of goaccess syntaxes I use the most of times.

A simple analysis from command line (change COMBINED with COMMON if you want to analyze logs with common format):

goaccess --log-format=COMBINED -f /var/log/httpd/access_log*

Html output (very very beautiful for presentations or visual reports)

goaccess --log-format=COMBINED -f /var/log/httpd/access_log* -o /tmp/report.html

Parse logs from several directories

cat /var/log/httpd/access_log /var/log/apache2/request.log | goaccess --log-format=COMBINED

Exclude a pattern from the analysis

grep -v "GET \/exclude_this_path\/" /var/log/httpd/access_log | goaccess --log-format=COMBINED

Exclude several patterns from the analysis

grep -vE "GET \/exclude_this_path\/|file_to_exclude.html|gif_to_exclude.gif" /var/log/httpd/access_log | goaccess --log-format=COMBINED

Analyze only logs between two specific hours (for example 8:00AM to 9:10AM)

sed -n '/01/Mar\/2017:08:00/,/01\/Mar\/2017:09:10/ p' access_log | goaccess --log-format=COMBINED

Analyze COMMON logs with X-Forwarded-For ip format (xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy, zzz.zzz.zzz.zzz)

goaccess --log-format='%h,| %^ %e [%d:%t %^] "%r" %s %b %^' --date-format='%d/%b/%Y' --time-format='%T' -f /var/log/httpd/access_log

Keep your goaccess database open for incremental analysis (database files in /tmp)…

goaccess --log-format=COMBINED -f /var/log/httpd/access_log --keep-db-files

…and add new logs to the analysis and keep the database open (database files in /usr/local/temp)

goaccess --log-format=COMBINED -f /var/log/httpd/access_log --load-from-disk --keep-db-files --db-path=/usr/local/temp

Give it a try and I’m sure you’ll love it!

27/02/2017

Windows 10 reset network stack

Recently a friend of mine had a problem with his new Dell laptop upgraded to Windows 10 x64; the OS seems to connect to the LAN via wifi nic, it reaches the default gateway but no web browsing and ping on a reachable host (for example www.google.com) returned “general failure error”

DNS resolution OK
Routing table clear
No blocking firewall or security application
No suspect malware or anything strange on software
No hardware problem (checked with a live GNU/Linux distro)
No network problem with other devices
No useful trace on event log

It seems the Windows network stack went crazy so I tried to reset it to default parameters.
Start command prompt with administrative rights and launch:

  • netsh winsock reset catalog

    for reset WINSOCK entries to installation defaults.

  • netsh int ipv4 reset

    for reset IPv4 TCP/IP stack to installation defaults.

  • netsh int ipv6 reset

    for reset IPv6 TCP/IP stack to installation defaults.

  • restart

Problem fixed ;)

10/02/2017

Rhel 3 P2V

Welcome to 2017!

One of my working goals for 2016 was to get rid of old systems, old OS’s and old products.
Well, I partially reach that goal but I still have some old monsters which still run on some prehistoric hardware and software.

Recently I had problems with and old Oracle 9i instance running on RedHat Enterprise Linux 3 on a glorious IBM x365 server and IBM DS4300 Fibre Channel SAN.
We already planned to migrate this Oracle database to a new Oracle instance installed on a beautiful blade server, but some problems on the SAN caused some performance issues and pushed us to accelerate this process.

The problem is that developers are not ready for this migration so I had to think to a temporary solution to fix the performance problem while people working on the migration. The SAN problem required some spare parts that does not exist anymore (that’s the direct response from IBM) so I had to find another way: virtualize!
I already tried some Rhel 3 P2v on Vmware ESXi, and after a lot of googling I found this procedure which seems to work very well.

The only requirement is a Rhel3 boot ISO from RedHat Network or from cdrom, you only need the first ISO/CD.

Install Vmware Converter Standalone and create the vm based on the physical system, you can do a live clone, just pay attention to your services, specially if they are locking files or things like that (think about Oracle tablespaces datafiles in my case).
I don’t explain this step because it’s full of how-to on Vmware Converter, it’s basically a “next next next” process…

After P2v finished you can try to startup your vm (always pay attention to network settings to avoid ip conflicts, disconnect virtual nic) but that’s the result. :(

Change the scsi controller on vm settings to BusLogic. I know it’s labeled as old and deprecated, but hey.. are we working on an old and deprecated OS or what? ;)

Now boot the vm using your Rhel3 ISO and start GNU/Linux in rescue mode typing “linux rescue” and press enter.

Choose language, keyboard layout, ignore network and when you are at the shell prompt you have to chroot using “chroot /mnt/sysimage”

Now you have to edit your /etc/modules.conf file adding BusLogic scsi module and nic module, this is my modules.conf file before…

…and that’s after

Now you have to create a new init image with these modules using your current kernel, look at /boot/grub/grub.conf file, as you can see the line starting with “default” has a value (zero in my screenshot).
This number identify (starting from zero for the first configuration) the default configuration which is loaded by the grub boot manager, in my example the first (zero) configuration is the one using 2.4.21-52.ELsmp kernel.

Use the same kernel version you are booting on the physical server and create a new init image with mkinitrd.
I suggest to not overwrite any other image, just use a different filename (initrd-2.4.21-52.ELsmp.vmware.img istead of initrd-2.4.21-52.ELsmp.img).

Now edit /boot/grub/grub.conf file adding a new configuration, you can copy the existing configuration for your kernel version and change only the title and initrd image path to the new image you created.
You can put it on the 1st place (zero) and leave the default directive as it is, or put the new configuration wherever you want, just remember to use that configuration by default as you complete the P2V prcedure.

The final step is to reinstall the boot manager using grub-install command.

That’s all, now you can boot your vm properly and install vmware tools.
Live long and prosper!

07/10/2016

Steve Jobs

Five years ago Steve Jobs passed away, I want to remember him with Richard Stallman’s words:

Steve Jobs, the pioneer of the computer as a jail made cool, designed to sever fools from their freedom, has died.
As Chicago Mayor Harold Washington said of the corrupt former Mayor Daley, "I'm not glad he's dead, but I'm glad he's gone."

Nobody deserves to have to die - not Jobs, not Mr. Bill, not even people guilty of bigger evils than theirs. 
But we all deserve the end of Jobs' malign influence on people's computing.

Unfortunately, that influence continues despite his absence. We can only hope his successors, as they attempt to carry on his legacy, will be less effective.

30/09/2016

Upgrade MySQL 5.1 to 5.7

I love RedHat/Centos 6.x, I think it’s one of the most stable and reliable GNU/Linux distros in the recent history of this OS, it’s actually one of the most used, and yes, I love it because it doesn’t use the cursed systemd (I can get used to it but don’t ask me to love it…).

Despite of all its good features Rhel/Centos 6.x family has one big fault, it has too many old packages, and MySQL is one of them.
Consider that the MySQL version distribuited by the official repository is 5.1 which was released in 2005, 11 years ago!!!
Recently I decided to upgrade some of our MySQL instances and I struggled searching for the right procedure to reach the goal.

Apparently everything seems easy, install the official MySQL community yum repository…

01

…and launch a “yum upgrade”, right? Well, no….

02
Check MySQL error log and the cause seems to be the innodb_file_format.

03

Googling around I found an easy solution, add “innodb_data_file_path = ibdata1:10M:autoextend” to your my.cnf file and restart, easy!
Well again no…

04

But how can I run mysql_upgrade if my MySQL instance doesn’t start?
Ok take a breath and rollback to 5.1, this time let’s try the upgrade step by step, for instance let’s upgrade from 5.1 to 5.5 and then from 5.5 to 5.7.

For the upgrade to version 5.5 I suggest to use Remi repository, enable it and EPEL using rpm packages.
Remember to enable Remi repository and not only Safe Remi repository (change enable=o to enable=1 in /etc/yum.repos.d/remi.repo file).

05

Now launch “yum upgrade”, check that MySQL is running with “service mysqld status” and eventually start it with “service mysqld start” and launch mysql_upgrade

06 08

Now if you try to upgrade to MySQL 5.7 via the official MySQL Community repo you will get this bad conflict with some libraries

09

To avoid that mess you have to:

  1. install MySQL-shared-compat-5.6.33-1.el6.x86_64.rpm (rpm -ivh MySQL-shared-compat-5.6.33-1.el6.x86_64.rpm)
  2. remove compat-mysql51-5.1.54-1.el6.remi.x86_64 (rpm -e compat-mysql51-5.1.54-1.el6.remi.x86_64) and remove Remi and EPEL repositories if you don’t need them
  3. install MySQL Community repository
  4. check your repository

10

After that upgrade to MySQL 5.7 launching “yum upgrade”

11

Ok, now check that MySQL 5.7 is running, launch mysql_upgrade and follow instructions for upgrade tables or anything else.

12

« Post precedenti