In Love with new Features!

Graylog v3.0 unter der Lupe

Teil I

Am “Tag der Liebe” dem Valentinstag 2019 wurde Graylog Version 3 veröffentlicht. Auf den ersten Blick könnte man vermuten, dass sich nichts geändert hat. Dies stimmt aber so nicht!

Es gibt drei Neuerungen in der Open Source Variante, wobei eine elementar ist (dazu unten mehr). In der Enterprise Variante kommen zu diesen Neuerungen dann noch Views und ein Reporting hinzu. Die Enterprise Features sind jedoch für jeden bis zu einer täglichen Log-Menge von 5GB mit einer entsprechenden Lizenz (im letzten Drittel auf der Download-Page anzufordern) frei Nutzbar. In diesem Artikel werden wir uns dem neuen Sidecar, Content Pack Feature und den neuen Grok Debugger kurz anschauen.

Sidecar (Breaking Change)

Mit Graylog Version 3 wird der Sidecar in die Version 1.0.0 gehoben. Bevor wir zu der Umsetzung in Graylog kommen, muss man über die neue Nutzung des Sidecars sprechen. War es doch in den alten Versionen üblich, dass Sidecar die Shipper wie Filebeat, Winlogbeat und NXlog installiert hat, muss man sich jetzt um deren Installation selbst kümmern. Sidecar ist jetzt in der Lage, jegliche Elastic Beats oder Syslog-Daemons parametrisiert zu steuern und zu starten. Hierbei werden die einzelnen Dienste als Prozess mit Commando-Parametern durch den Sidecar aufgerufen.

Beispiel:

[root@graylog ~]# ps aux | grep filebeat
root 12836 0.0 0.6 498340 23524 ? Sl Mär13 0:27 /usr/share/filebeat/bin/filebeat -c /var/lib/graylog-sidecar/generated/filebeat-syslog-sysmodule-ssh-rpmbase.conf --path.home /usr/share/filebeat --modules system -M system.syslog.enabled=false -M system.auth.enabled=true -M system.auth.var.paths=[/var/log/secure]

Um den Filebeat wie oben gezeigt auszuführen, muss man folgende als Wert für die “Excecute Parameter” eingetragen werden:

-c %s --path.home /usr/share/filebeat --modules system -M "system.syslog.enabled=false" -M "system.auth.enabled=true" -M "system.auth.var.paths=[/var/log/secure]"

Hierzu werden Konfigurationen für “Log Collectors” global hinterlegt und als sogenannte “Configurations” genutzt. Diese “Log Collectors” können dann einen Filebeat, Auditbeat oder rSyslog mit der entsprechend generierten Konfiguration, welche auf dem Sidecar-Host unter “/var/lib/graylog-sidecar/generated/” (z.b unter Linux) ausgerollt werden, steuern.

Hier wird der Collector für einen Auditbeat konfiguriert:

Hier ist das Template Beispiel für einen Auditbeat:

auditbeat.modules:
- module: auditd
audit_rules: |
# Things that affect identity.
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/passwd -p wra -k passwd
-a exit,always -F arch=b64 -S clock_settime -k changetime
# Unauthorized access attempts to files (unsuccessful).
-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access
-a always,exit -F arch=b32 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access
-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EACCES -F auid>=1000 -F auid!=4294967295 -F key=access
-a always,exit -F arch=b64 -S open,truncate,ftruncate,creat,openat,open_by_handle_at -F exit=-EPERM -F auid>=1000 -F auid!=4294967295 -F key=access
- module: file_integrity
paths:
- /bin
- /usr/bin
- /sbin
- /usr/sbin
- /etc
- module: system
datasets:
- host # General host information, e.g. uptime, IPs
- user # User information
period: 1m
user.detect_password_changes: true
- module: system
datasets:
- process # Started and stopped processes
- socket # Opened and closed sockets
period: 1s
setup.template.enabled: false
output.logstash:
hosts: ["192.168.0.1:5044"]
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
path:
data: /var/lib/graylog-sidecar/collectors/auditbeat/data
logs: /var/lib/graylog-sidecar/collectors/auditbeat/log

Danach kann man diesen Collector als Konfiguration nutzen und und ebenfalls anpassen:

Unter “Collectors Administration” werden diese dann den einzelnen Sidecars zugeordnet:

In Anbetracht der Tatsache, dass sich so auch die Module eines Filebeats und andere Dienste vielseitiger nutzen lassen, ist der Wegfall der vorher vorhanden Automatisierung beim Rollout zu verkraften. Zumal mit der neuen Umsetzung die Versionsbindung bei den Beats wegfällt.

Wichtig ist auch zu wissen, dass die alten Graylog-Sidecars mit dieser Umsetzung nicht kompatibel sind und es deswegen unter dem Punkt “Collectors (Legacy)” zu verwalten sind. Doch der Umstieg lohnt sich!

Content Packs

Die Zeit der Frustration hat ein Ende! War es doch in der Vergangenheit so, dass man immer wieder geniale Pipeline Konstrukte gebaut hat und sich gedacht hat: Jetzt habe ich hier doch ein gutes Setup, dass würde ich gerne wieder verwenden oder mit meiner Gemeinschaft teilen! Und da war er der Stolperstein, denn Pipelines und Pipeline Rules konnten nicht in einem Content Pack verarbeitet werden. Für Frust sorgte auch, wenn man ein Content Pack herausnehmen und aktualisieren wollte oder gar versehentlich zwei mal installierte! All dies hat jetzt ein Ende!

Mit der neuen Umsetzung der Content Packs lassen sich Element wie Pipelines, Pipeline Rules, Sidecar Collectoren und Configurations sowie die gewohnten Standards verarbeiten und mit einer umfangreichen Description und Herkunftsangabe exportieren, ja sogar Variablen können verwendet werden. Aber noch nicht genug – sind diese einmal erstellt, lassen diese sich in einer Versionierung aktualisieren und neu installieren. Damit ist man nun in der Lage, sich einen validen Werkzeugkasten aufzubauen, um für jeden Einsatz das richtige Werkzeug zu haben.

Grok Debugger

Immer wieder stolperte man über die Tatsache, dass sich die Umsetzung in Java-Grok doch von der bekannten Syntax des Groks in Logstash’s jruby unterscheidet. Man was ich mir schon die Finger wund getippt habe, um Escapes einzufügen, welche die Java-Implementierung fordert. Dies hat nun ein Ende. Will man jetzt einen Grok-Pattern einzeln anlegen oder bearbeiten, wird einem die Möglichkeit geboten, mit einem Beispiel-Datensatz dieses Pattern direkt zu testen.

So das waren jetzt ein paar Kurze Worte zu bereits drei der neuen Features. Aber ich bin mir sicher das jedes einzelne hier in diesem Blog noch mal Beachtung finden wird.

Und weil Spaß macht, dürft Ihr euch auf den nächsten Blogpost freuen, in dem die erste Version des “Graylog Linux Security and System Audit” Content Pack veröffentlicht wird.

Und wer jetzt Lust auf mehr hat der ist herzlich eingeladen eine unserer Schulungen bei NETWAYS (z.b. vom Mai 28 – Mai 29 in Nürnberg) zu besuchen oder sich bei notwendiger Hilfe an unser Sales Team zu wenden, um von den kompetenten Kollegen von NETWAYS Professional Services bei den eigenen Herausforderungen rund um Graylog oder gar Elastic Hilfe zu erfahren.

Wer übrigens oben noch nicht dem Link zum Valentinstag im ersten Satz gefolgt ist hier ein Zitat:

Liebe ist etwas völlig anderes als Verliebtheit.

Holger Kuntze, Paartherapeut
Mal sehen wie lange meine Verliebtheit hier anhält :-)…
Daniel Neuberger
Daniel Neuberger
Senior Consultant

Nach seiner Ausbildung zum Fachinformatiker für Systemintegration und Tätigkeit als Systemadministrator kam er 2012 zum Consulting. Nach nun mehr als 4 Jahren Linux und Open Source Backup Consulting zieht es ihn in die Welt des Monitorings und System Management. Seit April 2017 verstärkt er das Netways Professional Services Team im Consulting rund um die Themen Elastic, Icinga und Bareos. Wenn er gerade mal nicht um anderen zu Helfen durch die Welt tingelt geht er seiner...

NETWAYS Webinare: Geballte Power

Am 20. Februar 2019 gibt es eine Doppelfolge unserer beliebten NETWAYS Webinar-Reihe: Vormittags behandeln wir OpenStack und nachmittags Graylog. Was erwartet unsere Teilnehmer inhaltlich?

OpenStack ist seit vielen Jahren in der IT-Branche ein Begriff und wird auf nahezu allen Konferenzen, die sich mit Automatisierung, Hosting, Rechenzentren usw. beschäftigen, beworben und vorgestellt. Unsere eigene IaaS-Plattform baut ebenso auf OpenStack auf – aber was ist OpenStack eigentlich? Wo kommt es her, welche Vorteile bietet die Lösung und was kann ich damit am Ende tun? Diese Fragen wollen wir in unserem Webinar beantworten und einige Möglichkeiten anhand unserer OpenStack-Plattform demonstrieren.

Graylog ist eine vielseitige und umfangreiche Lösung, wenn es um die zentrale Speicherung, Analyse und Auswertung von Logdaten – egal ob Syslog, Windows Event Log, Log-Dateien oder viele andere – geht. Neben einer übersichtlichen Oberfläche bietet Graylog vor allem die Möglichkeit, nativ Berechtigungen auf Inhalten und Dashboards festzulegen und individuelle Streams, Inputs und Filter zu definieren. In der neuen Version 3.0 stehen viele neue Features wie Views, Reports und die neue Sidecar zur Verfügung. In diesem Webinar wollen wir grundlegend auf die Möglichkeiten von Graylog, vor allem jedoch auf die Neuheiten, eingehen und diese vorstellen.

Für alle Freunde unserer Icinga 2 Webinare haben wir leider schlechte Nachrichten, da wir im März das Thema vorerst abschließen wollen:

Aber niemand muss traurig sein – seht Euch unseren Webinar-Kalender einfach an. Wir sind sicher, dass Euch auch die neue Webinar-Reihe zum Thema OpenStack begeistern wird.

Wir freuen uns, Euch in unseren Webinaren begrüßen zu dürfen!

Nicole Lang
Nicole Lang
Sales Engineer

Ihr Interesse für die IT kam bei Nicole in ihrer Zeit als Übersetzerin mit dem Fachgebiet Technik. Seit 2010 sammelt sie bereits Erfahrungen im Support und der Administration von Storagesystemen beim ZDF in Mainz. Ab September 2016 startete Sie Ihre Ausbildung zur Fachinformatikerin für Systemintegration bei NETWAYS, wo sie vor allem das Arbeiten mit Linux und freier Software reizt. In ihrer Freizeit überschüttet Sie Ihren Hund mit Liebe, kocht viel Gesundes, werkelt im Garten, liest...

OSMC Hackathon: Feature complete?

Our fourth OSMC hackathon started fully packed after an overwhelming conference – free form, and our introduction round provided many interesting topics to keep up with.
MQTT, OpenNMS, NSClient++, Elastic/Graylog, Migration from Nagios to Icinga 2, Zabbix, Prometheus, MySQL, ARM packages, Notification issues, Golang frameworks, Ansible, Puppet, Icinga Web 2 modules, Vsphere, Director, Maps, … holy moly, that’s super effective for just one day. Missed it? Join us next year!
Jens Schanz from Müller (Hint: The environment with 17k hosts and 200k services) mentioned a problem with missing notifications in his OSMC talk on Wednesday. So we did a deep dive in the production environment into one-time delayed notification without recovery for their ticket system integration. Turns out, that we’ve found a bug in Icinga, and also a quick workaround for production. Jens also knows how to use the debug console for future troubleshooting. Real #monitoringlove ❤️
Gian Arb from InfluxDB joined for the first hours, so “everyone who has questions, be quick”. Maybe he’ll stay longer next year, since he’s said that OSMC feels like home already. Rihards Olups shared Zabbix insights and focussed on improving MySQL monitoring. Our friends Tarus Balog and Ronny Trommer from OpenNMS looked into pushing sensor values into MQTT and OpenHAB, Tarus had his first success 🙂 Julien open-sourced an AMPQ adapter which forwards alerts from Prometheus.
Nicolai Buchwitz is building Icinga 2 for ARM hardware, and asked me to look into failing tests during the Debian package build. This turned out to be a very deep analysis with memory access violations and specific gcc and libstdc++ versions on this hardware, x86 works just fine. 50% are solved, more investigation needed.
Michael Medin implemented a huge new feature: Native Powershell support in NSClient++.  Cannot wait to see this being released! Dave Kempe started working on translation for the famous Icinga 2 book, together with Thomas Mr. Icinga Book. Or as they say: “Translating Austrian to Australian (English) …” 😉 Thilo jumped right into Jinja templates for the Icinga Ansible modules, and also offered help on enhancing the graph integration in mail notifications.
Noah and Jean played with the Gin library in Golang, providing an HTTP framework. They also discussed the state logic in Icinga 2 together with Eric and our friends from Syseleven, Max and Maurice. Max also did a deep-dive into new enhancements for Icinga Web 2 with more advanced scheduled downtime options. Together with Eric, he found a bug in the forms too. First time hackathon attendees discovered how to write Icinga Web 2 with the help from Eric.
The Map module for Icinga Web 2 received a docs patch from Jens, while Thomas Mr. Director looked into improvements for the business process module, Director, Cube (PR from Nicolai) and certainly the newly released Vsphere module. Last but not least, Flo was for the rescue and helped Jens to modify his Batman theme for Icinga Web 2. Dave also shared the color blind theme for Icinga Web 2 with Jennifer, and to mention too, Jean helped Jens with a DNS/network problem on Icinga startup.
It is INCREDIBLE what we achieved together as OSMC hacking family. We are never feature complete, always exploring and developing new things. See you next year, mark November 4th–7th, 2019 in your calendar!

Michael Friedrich
Michael Friedrich
Senior Developer

Michael ist seit vielen Jahren Icinga-Entwickler und hat sich Ende 2012 in das Abenteuer NETWAYS gewagt. Ein Umzug von Wien nach Nürnberg mit der Vorliebe, österreichische Köstlichkeiten zu importieren - so mancher Kollege verzweifelt an den süchtig machenden Dragee-Keksi und der Linzer Torte. Oder schlicht am österreichischen Dialekt der gerne mit Thomas im Büro intensiviert wird ("Jo eh."). Wenn sich Michael mal nicht in der Community helfend meldet, arbeitet er am nächsten LEGO-Projekt oder geniesst...

OSMC 2018 – or: The Thirteen-Star Conference


“How many stars do you have?” – Just take a look at the name tag, count the stars and you’re talking. At a lot of participants badges you’ll see a considerable number of them. Once you’ve been to OSMC, you usually come back. Why is that so? Here’s what I found out:
 
My first conversation partner is a big catch: 13 stars – 13 years of OSMC! Stefan Kublik arrived from Neckarsulm and is taking part for Fujitsu TDS GmbH. To the first conferences, at that time still Nagios, he went for another employer. He changed companies, OSMC remained. What Kublik particularly appreciates: “Many people here are working on the same problems. The OSMC is great to get an overview.” Where is the community standing? Where is the journey going? Thruk and Prometheus interest him, the products he uses himself. But Kublik also picks up on new topics and continues researching at home. What has changed over the years? OSMC has become more international, he says. Will he come again? “I have to! The series of stars can’t stop! As long as I work in this field, I will come back!”
 
Two stars: For the second time Kevin Honka is at the OSMC. For his first he has actually been here as a speaker. “I was relatively active in the monitoring portal,” he says. And so he was asked if he would like to report about his activities at the OSMC. “Now I come to every Icinga camp and of course to the OSMC.” He is interested in Icinga, Graylog, Git, virtualization techniques… What he appreciates the most? “The people. And the food,” he says with a grin. And he adds: “I have seldom had better technical discussions.
 
 
Ulrike Klusik has only been working in monitoring for three quarters of a year – but OSMC already has her! Thanks to her boss at ConSol Consulting & Solutions Software GmbH. Klusik thinks the conference is above all a good opportunity to get to know Open Source tools. Besides the ones she knows already – OMD, which they develop themselves, and OpenShift and Prometheus. “I found the lecture on Sensu very interesting,” she says, “or: Oberservability in einer Microservicewelt”. As a newcomer to monitoring, she is particularly interested in lectures on general procedures. She thinks it’s worth coming back: “It’s good to look beyond one’s own nose. Unfortunately, one often has too little time for this in everyday work.”
 
Christian Hager counts and is astonished himself: “Ten stars! “In the beginning I came because I wanted to know something about monitoring with Nagios and Icinga. Now I come for everything else,” he laughs. Smart Home, Refocus, Maps, SLA Monitoring he has joined. When I ask him what else he is interested in, he pulls out a small notebook. This man is prepared! Hager has made a plan for both days. All the more flexible he is during the breaks. “I like to sit down with people I don’t know. That gives me new ideas.” Other conferences may be bigger, but there are many more sales people on the road. “The OSMC gathers a good group of experts, and it’s easy to find specialists to talk to here.” Hager himself comes from the computer centre at the University of Würzburg.
 
I meet Holger Koch and Gudrun Schöllhammer at a bar table in front of room Jacobi. They talk to each other. He joins for DB Systel GmbH from Erfurt, she comes from the University of Vienna. Eight OSMC stars are emblazoned on his name tag, six on hers. “We see each other here once a year,” she says – and he: “The OSMC is like a class reunion.” Unfortunately, we don’t get any further: The next talk begins. The two have a well clocked schedule. Apart from the good conversations with other admins, they are mainly on the hunt for input. Well, then I don’t want to stop them!
 
 

Have fun at the OSMC 2018!

 
And save the date for next year’s OSMC, November 4 – 7, 2019!
 

Julia Hornung
Julia Hornung
Marketing Manager

Julia ist seit Juni 2018 Mitglied der NETWAYS Family. Vor ihrer Zeit in unserem Marketing Team hat sie als Journalistin und in der freien Theaterszene gearbeitet. Ihre Leidenschaft gilt gutem Storytelling, klarer Sprache und ausgefeilten Texten. Privat widmet sie sich dem Klettern und ihrer Ausbildung zur Yogalehrerin.

OSMC: Extend your stay / knowledge!

 
OSMC is coming! Once again the Open Source Monitoring Conference assembles some of the most important representatives of the international Open Source scene. Get in touch and inspired by their talks:
 

>> CHECK OUT THE PROGRAM

 
Besides the lecture program OSMC offers plenty of opportunities to learn even more: Round off your participation with…

  • A pre-conference Workshop | Nov 05. FYI: Prometheus and Icinga 2 / Puppet are sold out. Get your Graylog or Ansible workshop ticket quickly!
  • What the… Hackathon! Team up, define the challenge, collaborate, succeed | Nov 08.
  • OSCAMP on Puppet! Same venue, NEW EVENT with a special focus: Be part of the Puppet Masters League | Nov 08. For more info and your OSCAMP ticket visit: opensourcecamp.de

Don’t miss the chance to extend your stay / knowledge and get your OSMC conference ticket plus add-on!
 

>> REGISTER NOW!

 
We would be happy to see you soon at…

#OSMC | November 5 – 8, 2018 | Nuremberg

Julia Hornung
Julia Hornung
Marketing Manager

Julia ist seit Juni 2018 Mitglied der NETWAYS Family. Vor ihrer Zeit in unserem Marketing Team hat sie als Journalistin und in der freien Theaterszene gearbeitet. Ihre Leidenschaft gilt gutem Storytelling, klarer Sprache und ausgefeilten Texten. Privat widmet sie sich dem Klettern und ihrer Ausbildung zur Yogalehrerin.

Learn more and get inspired: OSMC Workshops!


OSMC, November 5: One day, four experts, four chances to gain knowlegde and come closer to being an expert yourself. The Workshops at OSMC are perfect opportunities for learning, gaining new friendships and bringing helpful and valuable information back to your business. Choose the one that suits your monitoring requirements best:

Prometheus

Prometheus brings monitoring to another level, when everything is about metrics and graphes. It puts the data first, and takes advantage of multiple service discovery systems. This workshop will dive into its ecosystem and teach you how to get the best out of it. Be ready to discover a new and very effective approach to monitoring.

Ansible

This workshop leads you to your very first automated deployment. Starting with the basic concept how Ansible works and how it will support you at your daily tasks. In this session we will guide you step by step to your first playbook and application deployment.

Icinga 2 / Puppet

This workshop is an advanced workshop to show how a distributed Icinga 2 environment is managed by Puppet. We will build a distributed Icinga 2 setup with puppet-icinga2 module using the role/profile concept. Additionally we will spend some time to discuss zones and endpoints in Icinga 2 and also some advanced puppet features used by previous mentioned puppet module.

Graylog

This workshop is a beginners guide to central log management. After talking about fundamental elements of central log management with Graylog we will start to setup a Graylog system from scratch to ingest, and filter and visual individual data.
All courses will take place on November 5th, from 10 am to 5 pm, at the conference venue. To promote a comprehensive training success, the number of participants is limited. Workshops are held in German, Prometheus in English. Attendance requires the purchase of an OSMC & Workshop ticket.
More on osmc.de/workshops/
 

OSMC | November 5 – 8, 2018 | Nuremberg

Julia Hornung
Julia Hornung
Marketing Manager

Julia ist seit Juni 2018 Mitglied der NETWAYS Family. Vor ihrer Zeit in unserem Marketing Team hat sie als Journalistin und in der freien Theaterszene gearbeitet. Ihre Leidenschaft gilt gutem Storytelling, klarer Sprache und ausgefeilten Texten. Privat widmet sie sich dem Klettern und ihrer Ausbildung zur Yogalehrerin.

OSMC program online: Check out who's in!

 

„I’m so excited to be speaking about @Sensu at the OSMC 🤘🎉”, Sean Porter shares on Twitter. And we are very excited to have him and 45 (!) high-level speakers! Never before we’ve had so many, so early speakers and attendees like 2018. Since we released the CfP we received so many Emails, that Markus, our Head of Events, started to shout out loud „OSMC“, every time another submission appeared in his Email-Account. Thanks to all for contributing!
 
 
 
 
 
We are very happy to present you the line-up:
Dave Kempe | Sol1
David Kaltschmidt | Grafana Labs
Gianluca Arbezzano | InfluxData
Jan-Piet Mens
Matthias Crauwels | Pythian
Max Rosin | SysEleven GmbH
Philipp Krenn | Elastic
Sean Porter | Sensu Inc.
Serhat Can | OpsGenie
…and many more!

Study the full program at osmc.de/schedule and get excited!

 
To have all OSMC news and information right away on your mobile device get our Conference App!
 

 
From November 5 – 8, 2018, Open Source Monitoring Conference will take place in Nuremberg – with two days of enlightening presentations on November 6 & 7, preluded by one day of technical workshops on “Prometheus”, “Ansible”, “Icinga 2 / Puppet” and “Graylog” on November 5, and followed by the hackathon on November 8.
Haven’t saved your ticket yet? Don’t wait too long!

 

OSMC | Open Source Monitoring Conference |November 5 – 8, 2018 | Nuremberg

Julia Hornung
Julia Hornung
Marketing Manager

Julia ist seit Juni 2018 Mitglied der NETWAYS Family. Vor ihrer Zeit in unserem Marketing Team hat sie als Journalistin und in der freien Theaterszene gearbeitet. Ihre Leidenschaft gilt gutem Storytelling, klarer Sprache und ausgefeilten Texten. Privat widmet sie sich dem Klettern und ihrer Ausbildung zur Yogalehrerin.

Monthly Snap June


June kept everyone busy with and excited about the Open Source Data Conference in Berlin. Eleven days before OSDC Keya started the „OSDC 2018 Countdown“. Second week of June the NETWAYS headquarter in Nuremberg was quite quiet. Everyone flew off to Berlin. Everyone? Well, not entirely… One small group of NETWAY-ers kept the NETWAYS flag flying in Nuremberg. Thankfully they had sent a great conference reporter out: Every evening Dirk summed up what had happened in „The Future of Open Source Data Center Solutions – OSDC 2018 – Day 1“ and „… 2“. He also wrote about the „Open Source Camp Issue #1“ . OSCamp will give Open Source projects a platform to present themselves to the Community. This year it started with Foreman and Graylog.
Berlin Events are over for this year, but other great events cast their shadows ahead: „Now is the time to register“ for the upcoming Open Source Monitoring Conference. OSMC takes place in Nuremberg, November 5 to 8.
There is this German saying: „Alles neu macht der Mai“ – for NETWAYS it was June: For OSMC we have created new presentations formats, learn more in „OSMC 2018: Choose what suits you!” And: Julia is new. She just started this month as Marketing Manager and introduced herself in our blogseries „NETWAYS stellt sich vor“. Also new: We have published a „Ceph Training “, as Tim is happy to announce.
At times of DSVGO for Christoph it’s time to reconsider data protection of monitoring servers. In „Einfaches verschlüsseltes Backup“ he explains how one can use GPG to encrypt an icinga2 backup. Nicole shared her thoughts on the „Microsoft and GitHub – merge conflict?“ and recommends to get your own GitLab instance, whereas Michael explains „Continuous Integration with Golang and GitLab“. „Wie überwache ich eine Cluster-Applikation in Icinga 2?“, asked Daniel being at a customer – solving the problem with a little help from his friends. Eric explains „Filter for Multiple Group Memberships in SQL“, that will become even more powerful with the upcoming Icinga Web 2 release. In „Fresh from the shelfDavid reports about command-lines with Ranger, Progress and fzf, and Dirk inspired the Open Source Community about „Contributing as a Non-Developer“. One month, so much going on… Stay tuned!

Julia Hornung
Julia Hornung
Marketing Manager

Julia ist seit Juni 2018 Mitglied der NETWAYS Family. Vor ihrer Zeit in unserem Marketing Team hat sie als Journalistin und in der freien Theaterszene gearbeitet. Ihre Leidenschaft gilt gutem Storytelling, klarer Sprache und ausgefeilten Texten. Privat widmet sie sich dem Klettern und ihrer Ausbildung zur Yogalehrerin.

Open Source Camp Issue #1 – Foreman & Graylog

Open Source Camp Issue #1Right after OSDC we help to organize the Open Source Camp, a brand new serie of events which will give Open Source projects a platform for presenting to the Community. So the event started with a small introduction of the projects covered in the first issue, Foreman and Graylog. For the Foreman part it was Sebastian Gräßl a long term developer who did gave a short overview of Foreman and the community so also people attending for Graylog just know what the other talks are about. Lennart Koopmann who founded Graylog did the same for the other half including upcoming version 3 and all new features.
Tanya Tereshchenko one of the Pulp developers started the sessions with “Manage Your Packages & Create Reproducible Environments using Pulp” giving an update about Pulp 3. To illustrate the workflows covered by Pulp she used the Ansible plugin which will allow to mirror Ansible Galaxy locally and stage the content. Of course Pulp also allows to add your own content to your local version of the Galaxy and serve it to your systems. The other plugins a beta version is already available for Pulp 3 are python to mirror pypi and file for content of any kind, but more are in different development stages.
“An Introduction to Graylog for Security Use Cases” by Lennart Koopmann was about taking the idea of Threadhunting to Graylog by having a plugin providing lookup tables and processing pipeline. In his demo he showed all of this based on eventlogs collected by their honey pot domain controller and I can really recommend the insides you can get with it. I still remember how much work it was getting such things up and running 10 years ago at my former employer with tools like rsyslog and I am very happy about having tools like Graylog nowadays which provide this out of box.
From Sweden came Alexander Olofsson and Magnus Svensson to talk about “Orchestrating Windows deployment with Foreman and WDS”. They being Linux Administrators wanted to give their Windows colleagues a similar experience on a shared infrastructure and shared their journey to reach this goal. They have created a small Foreman Plugin for WDS integration into the provisioning process which got released in its first version. Also being a rather short presentation it started a very interesting discussion as audience were also mostly Linux Administrators but nearly everyone had at least to deal in one way with Windows, too.
My colleague Daniel Neuberger was introducing into Graylog with “Catch your information right! Three ways of filling your Graylog with life.” His talk covered topics from Graylogs architecture, what types of logs exists and how you can get at least the common ones into Graylog. Some very helpful tips from practical experience spiced up the talk like never ever run Graylog as root for being able to get syslog traffic on port 514, if the client can not change the port, your iptables rules can do so. Another one showed fallback configuration for Rsyslog using execOnlyWhenPreviousIsSuspended action. And like me Daniel prefers to not only talk about things but also show them live in a demo, one thing I recommend to people giving a talk as audience will always honor, but keep in mind to always have a fallback.
Timo Goebel started the afternoon sessions with “Foreman: Unboxing” and like in a traditional unboxing he showed all the plugins Filiadata has added to their highly customized Foreman installation. This covered integration of omaha (the update management of coreos), rescue mode for systems, VMware status checking, distributed lock management to help with automatic updates in cluster setups, Spacewalk integration they use for SUSE Manager managed systems, host expiration which helps to keep your environment tidy, monitoring integration and the one he is currently working on which provides cloud-init templates during cloning virtual machines in VMware from templates.
Jan Doberstein did exactly what you can expect from a talk called “Graylog Processing Pipelines Deep Dive”. Being Support engineer at Graylog for several years now his advice is coming from experience in many different customer environments and while statements like “keep it simple and stupid” are made often they stay true but also unheard by many. Those pipelines are really powerful especially when done in a good way, even more when they can be included and shared via content packs with Version 3.
Matthias Dellweg one of those guys from AITX who brought Debian support to Pulp and Katello talked about errata support for it in his talk “Errare Humanum Est”. He started by explaining the state of errata in RPM and differences in the DEB world. Afterwards he showed the state of their proof of concept which looks like a big improvement bringing DEB support in Katello to the same level like RPM.
“How to manage Windows Eventlogs” was brought to the audience by Rico Spiesberger with support by Daniel. The diversity of the environment brought some challenges to them which they wanted to solve with monitoring the logs for events that history proved to be problematic. Collecting the events from over 120 Active Directory Servers in over 40 countries generates now over 46 billion documents in Graylog a day and good idea about what is going on. No such big numbers but even more detailed dashboards were created for the Certificate Authority. Expect all their work to be available as content pack when it is able to export them with Graylog 3.
Last but not least Ewoud Kohl van Wijngaarden told us the story about software going the way “From git repo to package” in the Foreman Project. Seeing all the work for covering different operating systems and software versions for Foreman and the big amount of plugins or even more for Katello and all the dependencies is great and explains why sometimes things take longer, but always show a high quality.
I think it was a really great event which not only I enjoyed from the feedback I got. I really like about the format that talks are diving deeper into the projects than most other events can do and looking forward for the next issue. Thanks to all the speakers and attendees, safe travels home to everyone.

Dirk Götz
Dirk Götz
Senior Consultant

Dirk ist Red Hat Spezialist und arbeitet bei NETWAYS im Bereich Consulting für Icinga, Puppet, Ansible, Foreman und andere Systems-Management-Lösungen. Früher war er bei einem Träger der gesetzlichen Rentenversicherung als Senior Administrator beschäftigt und auch für die Ausbildung der Azubis verantwortlich wie nun bei NETWAYS.

We are Ready, Are you Ready for the OSCamp?


Summer is approaching and so the OSCamp #1!
The 14 June 2018 is getting bit closer every day now! The agenda for the day of Open Source Camp is online now with power packed Foreman and Graylog talks!
Supercharge your mind with the talks as:
Manage Your Packages & Create Reproducible Environments using Pulp | Tanya Tereshchenko
An Introduction to Graylog for Security Use Cases | Lennart Koopmann
Orchestrating Windows deployment with Foreman and WDS | Alexander Olofsson & Magnus Svensson
Catch your information right! Three ways of filling your Graylog with life |Daniel Neuberger
Foreman: Unboxing and Review | Timo Goebel
Graylog Processing Pipelines Deep Dive | Jan Doberstein
Errare Humanum Est | Dr. Matthias Dellweg
How to manage Windows Eventlogs |Rico Spiesberger
From git repo to package |Ewoud Kohl van Wijngaarden
Sounds compelling to you? So Hurry up! and Get your Ticket.

Keya Kher
Keya Kher
Marketing Manager

Keya ist seit Oktober 2017 in unserem Marketing Team. Sie kennt sich mit Social Media Marketing aus und ist auf dem Weg, ein Grafikdesign-Profi zu werden. Wenn sie sich nicht kreativ auslebt, entdeckt sie andere Städte oder schmökert in einem Buch. Ihr Favorit ist “The Shiva Trilogy”.