I have configured Metricbeat to capture system level metrics, Metricbeat is intsalled as a service in Redhat linux , i installed metricbeat using rpm package.
Bellow is my metricbeat configuration .
> #============================ Config Reloading ==============================
> metricbeat.config.modules:
>
> # Glob pattern for configuration reloading
> path: ${path.config}/conf.d/*.yml
>
> # Period on which files under path should be checked for changes
> reload.period: 10s
>
> # Set to true to enable config reloading
> reload.enabled: false
>
> # Maximum amount of time to randomly delay the start of a metricset. Use 0 to
> # disable startup delay.
> metricbeat.max_start_delay: 10s
>
> #------------------------------- System Module -------------------------------
> - module: system
> metricsets:
> - cpu # CPU usage
> - load # CPU load averages
> - memory # Memory usage
> - network # Network IO
> - process # Per process metrics
> - process_summary # Process summary
> - uptime # System Uptime
> #- core # Per CPU core usage
> #- diskio # Disk IO
> #- filesystem # File system usage for each mountpoint
> #- fsstat # File system summary metrics
> #- raid # Raid
> #- socket # Sockets and connection info (linux only)
> enabled: true
> period: 10s
> processes: ['.*']
>
> # Configure the metric types that are included by these metricsets.
> cpu.metrics: ["percentages"] # The other available options are normalized_percentages and ticks.
> core.metrics: ["percentages"] # The other available option is ticks.
>
>
> #----------------------------- Logstash output ---------------------------------
> output.logstash:
> # Boolean flag to enable or disable the output module.
> #enabled: true
>
> # The Logstash hosts
> hosts: ["localhost:5044"]
And logstash is also installed as service in Redhat linux using rpm package.
bellow is my logstash configuration where i am trying to read inputs from
beat.input {
beats {
port => 5044
}
}
output {
elasticsearch {
host => "localhost:9200"
index => "metricbeat_logs"
}
}
bellow is my user and group permissions for both logstash and metricbeat
cd /etc/logstash
ls -lrt
-rw-------. 1 apelkdev apa 1696 Aug 18 02:29 startup.options
> -rw-r--r--. 1 apelkdev apa 285 Aug 18 02:29 pipelines.yml
> -rw-r--r--. 1 apelkdev apa 342 Aug 18 02:29 logstash-sample.conf
> -rw-r--r--. 1 apelkdev apa 4466 Aug 18 02:29 log4j2.properties
> -rw-r--r--. 1 apelkdev apa 1846 Aug 18 02:29 jvm.options
> -rwxr-xr-x. 1 apelkdev apa 8154 Feb 8 07:41 logstash.yml
> drwxrwxr-x. 2 apelkdev apa 4096 Feb 8 10:29 conf.d
cd /etc/metricbeat
ls -lrt
-rw-r--r--. 1 apelkdev apa 57809 Aug 18 00:28 metricbeat.reference.yml
-rw-r--r--. 1 apelkdev apa 76697 Aug 18 00:28 fields.yml
-rw-r--r--. 1 apelkdev apa 0 Feb 7 06:24 metricbeat.
-rw-------. 1 apelkdev apa 7892 Feb 8 08:14 metricbeat.yml
and I am running both the services using bellow commands
sudo service metricbeat start
sudo service logstash start
I am really not getting what went wrong here, when we check metricbeat logs it is having captured metrics details for current timestamp, not very sure what happens to logstash and why it is not reading metricbeat events.
You haven't enabled output to logstash in code.
> output.logstash:
> # Boolean flag to enable or disable the output module.
> #enabled: true
On above please change to
enabled: true
Related
I wanted to delete .pdf files, i used "find /export/reports -mtime +112 -type f -delete", however i did not applied any filter for .pdf file and end up deleting required files as well.
Can any one please help me with how to recover them?
you can try this:
Use debugfs to view a filesystems log
$ debugfs -w /dev/mapper/wks01-root
At the debugfs prompt
debugfs: lsdel
Sample output
Inode Owner Mode Size Blocks Time deleted
23601299 0 120777 3 1/ 1 Tue Mar 13 16:17:30 2012
7536655 0 120777 3 1/ 1 Tue May 1 06:21:22 2012
2 deleted inodes found.
Run the command in debugfs
debugfs: logdump -i <7536655>
5) Determine files inode
> ... ... .... output truncated
> Fast_link_dest: bin
> Blocks: (0+1): 7235938 FS block 7536642 logged at sequence 38402086, journal block 26711
> (inode block for inode 7536655):
> Inode: 7536655 Type: symlink Mode: 0777 Flags: 0x0 Generation: 3532221116
> User: 0 Group: 0 Size: 3
> File ACL: 0 Directory ACL: 0
> Links: 0 Blockcount: 0
> Fragment: Address: 0 Number: 0 Size: 0
> ctime: 0x4f9fc732 -- Tue May 1 06:21:22 2012
> atime: 0x4f9fc730 -- Tue May 1 06:21:20 2012
> mtime: 0x4f9fc72f -- Tue May 1 06:21:19 2012
> dtime: 0x4f9fc732 -- Tue May 1 06:21:22 2012
> Fast_link_dest: bin
> Blocks: (0+1): 7235938 No magic number at block 28053: end of journal.
With the above inode info run the following commands
dd if=/dev/mapper/wks01-root of=recovered.file.001 bs=4096 count=1
skip=7235938 file recovered.file.001 file: ASCII text, with very long
lines
Files been recovered to recovered.file.001.
there are also some tools which can be helpful:
Recovery Tools - Command Line :
testdisk,
photorec,
extundelete
Recovery Tools - Gui :
R-Linux,
R-Studio,
UFS Explorer,
Recovery Explorer
System Info:
OS : Gentoo Linux x86_64
Kernel : Linux 5.4.38
CPU : Intel core i7-7820HQ
RAM : 16GiB
CC : GCC 9.3.0
This problem always happens when I install the emerge software.
My ccache directory is mounted on /dev/sda2, which is a primary partition in btrfs.
The corresponding directory permissions have been set.
/etc/fstab I posted below.
This is one of error messages:
==> COMPILING "OBJ/amd64-linux-cc/pic/fcons.o"
+ x86_64-pc-linux-gnu-gcc -fpic -march=native -O2 -pipe -finput-charset=ISO-8859-1 -fexec-charset=UTF-8 -DSCHILY_BUILD -IOBJ/amd64-linux-cc/pic -I../incs/amd64-linux-cc -I../include -Istdio -DUSE_SCANSTACK -DPORT_ONLY -D_GNU_SOURCE -c -o OBJ/amd64-linux-cc/pic/fcons.o stdio/fcons.c
ccache: error: Failed to create temporary file for /var/cache/ccache/7/d/f/cc59f6a892af180b36bf0d7b73f8c-148524.o.tmp.stdout: Permission denied
make[2]: *** [../RULES/r-gmake.obj:51: OBJ/amd64-linux-cc/pic/fcons.o] Error 1
make[2]: Leaving directory '/var/tmp/portage/app-cdr/cdrtools-3.02_alpha09-r2/work/cdrtools-3.02/libschily'
make[1]: *** [../RULES/rules.mks:23: all] Error 2
make[1]: Leaving directory '/var/tmp/portage/app-cdr/cdrtools-3.02_alpha09-r2/work/cdrtools-3.02/libschily'
make: *** [RULES/rules1.dir:25: all] Error 2
* ERROR: app-cdr/cdrtools-3.02_alpha09-r2::gentoo failed (compile phase):
* emake failed
*
* If you need support, post the output of `emerge --info '=app-cdr/cdrtools-3.02_alpha09-r2::gentoo'`,
* the complete build log and the output of `emerge -pqv '=app-cdr/cdrtools-3.02_alpha09-r2::gentoo'`.
* The complete build log is located at '/var/tmp/portage/app-cdr/cdrtools-3.02_alpha09-r2/temp/build.log'.
* The ebuild environment file is located at '/var/tmp/portage/app-cdr/cdrtools-3.02_alpha09-r2/temp/environment'.
* Working directory: '/var/tmp/portage/app-cdr/cdrtools-3.02_alpha09-r2/work/cdrtools-3.02'
* S: '/var/tmp/portage/app-cdr/cdrtools-3.02_alpha09-r2/work/cdrtools-3.02'
Failed to emerge app-cdr/cdrtools-3.02_alpha09-r2, Log file:
'/var/tmp/portage/app-cdr/cdrtools-3.02_alpha09-r2/temp/build.log'
ccache config & status:
(default) base_dir =
(environment) cache_dir = /var/cache/ccache
(/var/cache/ccache/ccache.conf) cache_dir_levels = 3
(/var/cache/ccache/ccache.conf) compiler = gcc
(/var/cache/ccache/ccache.conf) compiler_check = %compiler% -v
(/var/cache/ccache/ccache.conf) compression = true
(/var/cache/ccache/ccache.conf) compression_level = 1
(default) cpp_extension =
(default) debug = false
(default) depend_mode = false
(default) direct_mode = true
(default) disable = false
(default) extra_files_to_hash =
(default) hard_link = false
(default) hash_dir = true
(default) ignore_headers_in_manifest =
(default) keep_comments_cpp = false
(default) limit_multiple = 0.8
(default) log_file =
(default) max_files = 0
(/var/cache/ccache/ccache.conf) max_size = 100.0G
(/var/cache/ccache/ccache.conf) path = /usr/bin:/usr/local/bin
(default) pch_external_checksum = false
(default) prefix_command =
(default) prefix_command_cpp =
(default) read_only = false
(default) read_only_direct = false
(default) recache = false
(default) run_second_cpp = true
(default) sloppiness =
(default) stats = true
(default) temporary_dir =
(default) umask =
cache directory /var/cache/ccache
primary config /var/cache/ccache/ccache.conf
secondary config (readonly) /etc/ccache.conf
stats updated Sat May 23 16:40:07 2020
cache hit (direct) 4029
cache hit (preprocessed) 860
cache miss 19704
cache hit rate 19.88 %
called for link 3119
called for preprocessing 2708
multiple source files 2
compiler produced stdout 4
compiler produced empty output 30
compile failed 1624
preprocessor error 247
couldn't find the compiler 2
bad compiler arguments 464
autoconf compile/link 5507
unsupported compiler option 835
unsupported code directive 4
could not write to output file 90
no input file 1576
cleanups performed 0
files in cache 52712
cache size 1.2 GB
max cache size 100.0 GB
some info of /var/cache/ccache:
drwxrwsr-x 1 root portage 66 May 23 16:40 0
drwxrwsr-x 1 root portage 66 May 23 16:38 1
drwxrwsr-x 1 root portage 66 May 23 16:39 2
drwxrwsr-x 1 root portage 66 May 23 16:38 3
drwxrwsr-x 1 root portage 66 May 23 16:38 4
drwxrwsr-x 1 root portage 66 May 23 16:38 5
drwxrwsr-x 1 root portage 66 May 23 16:38 6
drwxrwsr-x 1 root portage 66 May 23 16:38 7
drwxrwsr-x 1 root portage 66 May 23 16:38 8
drwxrwsr-x 1 root portage 66 May 23 16:38 9
drwxrwsr-x 1 root portage 66 May 23 16:38 a
drwxrwsr-x 1 root portage 66 May 23 16:38 b
drwxrwsr-x 1 root portage 66 May 23 16:38 c
-rwxrwxr-x 1 root portage 209 May 23 11:17 ccache.conf
drwxrwsr-x 1 root portage 66 May 23 16:38 d
drwxrwsr-x 1 root portage 66 May 23 16:40 e
drwxrwsr-x 1 root portage 66 May 23 16:38 f
drwxrwsr-x 1 portage portage 0 May 23 16:38 tmp
fstab :
UUID=EA7D-E1DB /boot vfat defaults,noatime,discard 0 2
UUID=4f174448-dcef-4e12-ae0a-f5c79cfe3da6 none swap sw,discard 0 0
UUID=1bb4ace3-1fba-4068-bea7-e7d307d56fa3 / btrfs noatime,discard 0 1
UUID=81210f26-8349-4aed-9ad4-55626fc10be9 /home btrfs noatime,discard 0 1
UUID=c8f65f22-8271-4457-a891-4e877fb2b98c /var/cache/ccache btrfs noatime,discard 0 1
make.conf :
COMMON_FLAGS="-march=native -O2 -pipe"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"
PORTDIR="/var/db/repos/gentoo"
DISTDIR="/var/cache/distfiles"
PKGDIR="/var/cache/binpkgs"
LC_MESSAGES=C
MAKEOPTS="-j2 -l2"
GENTOO_MIRRORS="https://mirrors.tuna.tsinghua.edu.cn/gentoo"
INPUT_DEVICES="libinput evdev vmmouse touchpad joystick synaptics"
VIDEO_CARDS="nvidia"
USE_PYTHON="3.7"
PYTHON_TARGETS="python3_7"
USE="static-libs systemd dbus policykit udisks acpi bluetooth X alsa qt5 gtk kde wayland pulseaudio mysql networkmanager thunderbolt zsh-completion apparmor -ssh"
CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt sse sse2 sse3 sse4_1 sse4_2 ssse3"
PORTAGE_ELOG_CLASSES="log"
PORTAGE_ELOG_SYSTEM="save"
FEATURES="ccache nostrip"
CCACHE_DIR="/var/cache/ccache"
The same job can be executed as root, but it can't execute as a standard user.
Is it permission problem or I need to change anything, I have no idea on it.
Thanks
SunOS 5.10 Generic_150400-30 sun4v sparc SUNW,SPARC-Enterprise-T5120
Command:
1) login as a root
2) crontab -l
* * * * * /usr/bin/date > /tmp/root.log
3) /tmp/root.log is here
1) login as a Non-root user
2) crontab -l
* * * * * /usr/bin/date > /tmp/non-root.log
3) /tmp/non-root.log is not here
The following permissions are OK for the binary file date
-bash-3.2# ls -l /usr/bin/date
-r-xr-xr-x 1 root bin 11056 Jan 22 2005 /usr/bin/date
-bash-3.2#
If the permissions are OK check your cron log on /var/cron/log file
-bash-3.2# tail /var/cron/log
< root 24592 c Fri Oct 20 18:50:21 2017
> CMD: /usr/bin/date > /tmp/non-root.log
> user 25192 c Fri Oct 20 18:51:00 2017
< user 25192 c Fri Oct 20 18:51:00 2017
> CMD: /scripts/collectdata.sh > /dev/null 2>&1
> root 25769 c Fri Oct 20 18:52:00 2017
< root 25769 c Fri Oct 20 18:52:00 2017
> CMD: /scripts/collectdata.sh > /dev/null 2>&1
> root 26853 c Fri Oct 20 18:54:00 2017
< root 26853 c Fri Oct 20 18:54:00 2017
-bash-3.2#
Thanks all, I finally found out the issue.
The reason is that non-root account is locked out, I think it maybe someone did many failure attempt which make this locked.
After I passwd -u "Account", the job can be run as expected. Thanks~
I want to forward an SMS using gammu-smsd RunOnReceive.
That is the script I want to run (/var/spool/gammu/forward.sh) and it goes perfectly if I run it from a sudoer or using sudo -u gammu -g gammu /var/spool/gammu/forward.sh
#!/bin/bash
SMS_MESSAGES=1
for i in `seq $SMS_MESSAGES`
do
number="SMS_${i}_NUMBER"
text="SMS_${i}_TEXT"
eval "gammu-smsd-inject TEXT my_number_goes_here -text \"${!number}: ${!text}\""
done
And here is the problem I am experiencing:
Thu 2015/01/29 23:08:57 gammu-smsd[2549]: Starting run on receive: /var/spool/gammu/forward.sh IN20150130_000850_00_+37368214400_00.txt
Thu 2015/01/29 23:08:57 gammu-smsd[2154]: Process failed with exit status 2
Output of ls -l /etc/gammu-smsdrc /var/spool/gammu/ /usr/bin/gammu-smsd*:
-rw-r--r-- 1 root root 457 Jan 29 22:44 /etc/gammu-smsdrc
-rwxrwxrwx 1 root root 14336 Jun 10 2012 /usr/bin/gammu-smsd
-rwxrwxrwx 1 root root 51164 Jun 10 2012 /usr/bin/gammu-smsd-inject
-rwxrwxrwx 1 root root 9972 Jun 10 2012 /usr/bin/gammu-smsd-monitor
/var/spool/gammu/:
total 24
drwxrwxrwx 2 gammu gammu 4096 Jan 28 16:02 error
-rwxrwxrwx 1 gammu gammu 189 Jan 29 22:13 forward.sh
drwxrwxrwx 2 gammu gammu 4096 Jan 29 23:08 inbox
-rw-rw-r-- 1 gammu gammu 3702 Jan 29 23:08 log
drwxrwxrwx 2 gammu gammu 4096 Jan 29 23:07 outbox
drwxrwxrwx 2 gammu gammu 4096 Jan 29 23:07 sent
What happens if I just do ./forward.sh (not root) - so all is OK:
gammu-smsd-inject[2606]: Created outbox message OUTC20150029_231213_00_my_number_here_sms0.txt
Written message with ID /var/spool/gammu/outbox/OUTC20150029_231213_00_my_number_here_sms0.txt
Here is my /etc/gammu-smsdrc
# Configuration file for Gammu SMS Daemon
[gammu]
port = /dev/ttyUSB0
connection = at
[smsd]
service = files
logfile = /var/spool/gammu/log
debuglevel = 2
commtimeout = 1
sendtimeout = 15
statusfrequency = 0
outboxformat = unicode
transmitformat = unicode
RunOnReceive = /var/spool/gammu/forward.sh
inboxpath = /var/spool/gammu/inbox/
outboxpath = /var/spool/gammu/outbox/
sentsmspath = /var/spool/gammu/sent/
errorsmspath = /var/spool/gammu/error/
ps -fe | grep gammu:
gammu 2154 1 0 23:05 ? 00:00:02 /usr/bin/gammu-smsd --daemon --user gammu --pid /var/run/gammu-smsd.pid
cubie 2644 2403 0 23:20 pts/0 00:00:00 grep gammu
Please, help
I had the same problem and I solved it this way:
First add gammu user to sudoers, with no password:
type: $ sudo visudo
and add: gammu ALL=(ALL) NOPASSWD: ALL
Then run gammu-smsd as root user:
in /etc/init.d/gammu-smsd
change USER=gammu to USER=root
save it and don't forget to restart daemon: service gammu-smsd restart
In RunOnReceive script add sudo in front of gammu-smsd-inject:
e.g.: sudo gammu-smsd-inject TEXT my_tel_num -text "Hello world!"
I hope this will work for you too!
P.S.: I use Gammu version 1.31.90.
I need to clear the content of an logfile. Then I tryed to use "cat /dev/null > logfile".
In fact, it works!
But there is a strange behavior who I can't understand. Immediatelly after clear the file is the size been displayed as 0 bytes, but after a single modification, the size came back to the previous value. With a "du" i can see that this value is wrong.
Am I doing it right? How can I correct it?
my cat command:
jorplov#sg0080b:/applications/fsc/base/logs> ls -lah
-rw-r--r-- 1 jorplov svcusr 10G 2013-11-15 05:18 sg0080b_jorplov_startup.log
jorplov#sg0080b:/applications/fsc/base/logs> df -h .
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg00-fsc 2.0G 1.8G 90M 96% /applications/fsc
jorplov#sg0080b:/applications/fsc/base/logs> cat /dev/null > sg0080b_jorplov_startup.log
jorplov#sg0080b:/applications/fsc/base/logs> df -h .
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg00-fsc 2.0G 365M 1.6G 20% /applications/fsc
jorplov#sg0080b:/applications/fsc/base/logs> ls -lah
total 20K
-rw-r--r-- 1 jorplov svcusr 0 2013-11-15 05:25 sg0080b_jorplov_startup.log
after a few seconds:
jorplov#sg0080b:/applications/fsc/base/logs> ls -lah
-rw-r--r-- 1 jorplov svcusr 10G 2013-11-15 05:26 sg0080b_jorplov_startup.log
jorplov#sg0080b:/applications/fsc/base/logs> stat sg0080b_jorplov_startup.log
File: `sg0080b_jorplov_startup.log'
Size: 10718153084 Blocks: 32 IO Block: 4096 regular file
Device: fd03h/64771d Inode: 82380 Links: 1
Access: (0644/-rw-r--r--) Uid: (30013/ jorplov) Gid: (21459/ svcusr)
Access: 2013-11-15 05:34:00.000000000 +0100
Modify: 2013-11-15 05:34:12.000000000 +0100
Change: 2013-11-15 05:34:12.000000000 +0100
a second try:
jorplov#sg0080b:/applications/fsc/base/logs> > sg0080b_jorplov_startup.log
jorplov#sg0080b:/applications/fsc/base/logs> stat sg0080b_jorplov_startup.log
File: `sg0080b_jorplov_startup.log'
Size: 0 Blocks: 0 IO Block: 4096 regular empty file
Device: fd03h/64771d Inode: 82380 Links: 1
Access: (0644/-rw-r--r--) Uid: (30013/ jorplov) Gid: (21459/ svcusr)
Access: 2013-11-15 05:34:00.000000000 +0100
Modify: 2013-11-15 05:46:55.000000000 +0100
Change: 2013-11-15 05:46:55.000000000 +0100
jorplov#sg0080b:/applications/fsc/base/logs> ls -lah
-rw-r--r-- 1 jorplov svcusr 0 2013-11-15 05:46 sg0080b_jorplov_startup.log
again, few seconds later:
jorplov#sg0080b:/applications/fsc/base/logs> stat sg0080b_jorplov_startup.log
File: `sg0080b_jorplov_startup.log'
Size: 10718153546 Blocks: 32 IO Block: 4096 regular file
Device: fd03h/64771d Inode: 82380 Links: 1
Access: (0644/-rw-r--r--) Uid: (30013/ jorplov) Gid: (21459/ svcusr)
Access: 2013-11-15 05:34:00.000000000 +0100
Modify: 2013-11-15 05:53:12.000000000 +0100
Change: 2013-11-15 05:53:12.000000000 +0100
jorplov#sg0080b:/applications/fsc/base/logs> ls -lah
-rw-r--r-- 1 jorplov svcusr 10G 2013-11-15 05:53 sagm061_jorplov_startup.log
jorplov#sg0080b:/applications/fsc/base/logs> du -h sagm061_jorplov_startup.log
16K sagm061_jorplov_startup.log
It is due the to process that is writing text into this log file.
If the process is writing into logs like this:
command > log.txt
And you truncate the logs externally then as soon as next line is added by command into log it will write it after previous file pointer position and fill the file with null bytes \0 from start to that file pointer position. Therefore size of log file will become same as it was before you truncated the log file.
Solution:
However if log is being written as:
command >> log.txt
That log will be written in "append mode". In this mode before writing next line it will always move the file pointer to the end of file and that will avoid this situation. You can truncate the log file anytime.