Linux   Linux – rsyslog: parsing and splitting message fields



Until now I hadn’t used the options and features rsyslog comes with. Let me show a simple example I have done today. This is an example log line rsyslog has received from iptables (I have configured iptables to log certain connections attempts to identify and save devices with malware):

Sep 29 15:30:39 myserver kernel: [malware3] IN=ens192 OUT=ens192 MAC=XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX SRC=10.15.13.17 
Read more

Icinga icon   Icinga – Notification template with notes support



I have just configured an Icinga2 notification template for hosts and services to replace the ugly and impractical default one.

Features

Not big things but useful in my opinion

Clear and nicely formatted layout

State based colors

State based icons

UTF Icons are included depending on the state of the host or service

Notes support

This notifications scripts can include … Read more

Icinga icon   Icinga – Notes section in markdown language



Not sure since what version this feature is available but I have started to use the notes section of the services i am monitoring in Icinga in markdown syntax.

icingaweb2 package version 2.6 that is compiled for Debian 10 (Buster).

Package: icingaweb2
Version: 2.6.2-3

You may think you do not need it for, but in my humble opinion it is … Read more

POWERSHELL   Powershell – Could not create SSL/TLS secure channel



I use Powershell to send monitoring results to the Icinga API (passive checks). For example, to check if the Exchange backups were processed correctly, I run a Exchange powershell and then the results are sent using “Invoke-WebRequest” command.

Since I disabled obsolete and insecure TLSv1 and TLSv1.1 protocols in the Exchange server, the script was not working anymore returning error:… Read more

Checkpoint   Checkpoint – Unexpected high cpu usage and SecureXL



Last monday I realized that the cpu was very high on one of my Checkpoint VSX nodes.
Looking at my Icinga graphs it seemed it started on friday at 3 o’clock:

Running a top directly on the VSX, I delimited the high to one of the virtual systems that runs on that VSX. In this image the fwk2 threads that … Read more

Icinga icon   Icinga – How to configure passive checks made easy (2)



In the previous post I explained what is the difference between Icinga active and passive checks, why can be interesting to use passive checks, what is the result format Icinga is expecting when processing those checks and the way I use to send those results (instead of using snmp traps).

Now it is time to show how to configure it … Read more

Icinga icon   Icinga – How to configure passive checks made easy (1)



As I posted long time ago for Nagios (Nagios – Using passive checks without agent), it is time to show an easy way to configure Icinga to perform passive checks (without using SNMP traps).

This is the first of two posts. In this I only want to make some theoretical explanations and then in the second I will … Read more

Icinga icon   Icinga – Cannot login to Grafana. Forgot admin password



It is not the first time my Icinga suddenlty, stops showing the grafana graphs.
Icinga when cannot show Grafana graphs

Problem

If trying to log to Grafana, admin password is not accepted. I am pretty sure i have not changed the password but I am unable to login to Grafana.
Invalid username or password when login to Grafana
And even worse, given that I still have not configured Grafana SMTP section / admin … Read more

Icinga icon   Icinga2 – Understanding checks and notification types



Here I am trying to present (I hope in an easy way to understand) some Icinga concepts (maybe also applicable in Nagios) like active and passive checks, enabling and disabling freshness checks, soft and hard states,… and the related parameters to configure them.

ACTIVE and PASSIVE services

There are two types of services:

  • ACTIVE: Check initiated by the Icinga
Read more

Linux   Linux – Running top command remotely (SSH)



Maybe you have tried to execute the top command to monitor processes on a remote host.

Error remotely – Run it in batch mode

If so, the following error can be returned:

$ ssh user@remotehost top -n1
TERM environment variable not set.

top does not work remotely in the default “interactive” mode. Use the “-b” parameter to run it in Read more