bear – Page 7 – 月与灯依旧

Protected: weakness

Posted on 2020-04-15 by bear in 记录生活.Tags: 生活.0 Comments

Ubuntu使用socat进行端口转发

以前写过一篇使用iptables进行端口转发的文章, 今天写一下使用socat将本地端口的流量转发到远程机上的过程. 不要问我这样做有什么用, 我也不知道.

安装

$ sudo apt install socat

转发TCP端口

$ sudo vim /etc/systemd/system/socat.service    # 写入如下内容
[Unit]
Description=socat (https://www.zhukun.net)
After=network-online.target
Wants=network-online.target

[Service]
User=root
Group=root
ExecStart=/usr/bin/socat TCP4-LISTEN:本地端口,reuseaddr,fork TCP4:远程IP:远程端口
Restart=always
RestartSec=2

[Install]
WantedBy=multi-user.target

转发UDP端口

$ sudo vim /etc/systemd/system/socat_udp.service    # 写入如下内容
[Unit]
Description=socat_udp (https://www.zhukun.net)
After=network-online.target
Wants=network-online.target

[Service]
User=root
Group=root
ExecStart=/usr/bin/socat -T5 UDP4-LISTEN:本地端口,reuseaddr,fork UDP4:远程IP:远程端口
Restart=always
RestartSec=2

[Install]
WantedBy=multi-user.target

启动服务

$ sudo systemctl daemon-reload
$ sudo systemctl start socat.service
$ sudo systemctl start socat_udp.service
$ sudo systemctl enable socat.service
$ sudo systemctl enable socat_udp.service

Posted on 2020-04-02 by bear in Linux运维.Tags: Linux, ubuntu.0 Comments

Protected: Grafana中Table视图的设定

Posted on 2020-03-10 by bear in Linux运维.Tags: elk, grafana, Linux.0 Comments

在VMware中快速构建Ubuntu虚拟机

在VMware中快速构建ubuntu虚拟机, 除了本博客先前介绍的Vagrant工具以外, 今天再介绍一个办法.

OVA (Open Virtualization Appliance, 开放虚拟化设备)是一种通用的虚拟机文件, 可以在VMware/Virtualbox等常见的虚拟机中打开. 今天我们的这种方法就是下载一个Ubuntu的ova文件并导入进VMware.

1, 下载如下ova镜像

https://cloud-images.ubuntu.com/releases/bionic/release/ubuntu-18.04-server-cloudimg-amd64.ova

2, 从VMware Workstation或者VMware Player中选择"打开虚拟机", 然后选择刚下载好的.ova文件, VMware会弹出选择虚拟机存放位置, 以及如下设定界面:

3, 等待虚拟机初始化完成, 大约需要1-3分钟时间. 然后就可以在VMware Workstation/Player中登陆了. 默认登陆用户名是ubuntu, 密码即为刚才设定的密码. 首次登陆会要求修改密码

4, 设置ssh远程登陆
如果需要使用Xshell/Putty等工具远程登陆, 可能需要做如下操作

$ sudo vim /etc/ssh/sshd_config    # 修改如下配置, 将no改为yes
...
PasswordAuthentication yes
...

$ sudo systemctl restart sshd

(more…)

Posted on 2020-03-04 by bear in Linux运维.Tags: Linux, ubuntu, 虚拟机.0 Comments

Logstash对Field进行简单数学计算

Logstash解析出Field以后, 可以使用filter的ruby插件进行简单数学计算/大小写转换等操作(官方介绍地址), 下面是配置

input {
  kafka{
    bootstrap_servers => ["www.hizy.net:6667,www.xpdo.net:6667","www.zhukun.net:6667"]
    client_id => "logstash_www.xpdo.net"
    group_id => "www.zhukun.net"
    auto_offset_reset => "latest"
    consumer_threads => 10
    decorate_events => false
    topics => ["www.zhukun.net"]
  }
}

filter {
    mutate {
        gsub =>["message",'\\"','"']
        gsub =>["message",'\\"','\\\\"']
    }
    json {
        source => "message"
        target => "aduser"
    }

    # 将[aduser][action][info][timestamp]映射为@timestamp
    # 需要注意的是, 即使是UNIX时间戳, 也有带毫秒和不带毫秒的, 可能是UNIX或者UNIX_MS
    date {
        match => [ "[aduser][action][info][timestamp]", "UNIX_MS" ]
        target => "@timestamp"
        locale => "cn"
    }

    # 如果这2个Field都存在, 则对它们进行相加, 形成一个新的Field
    if [aduser][action][param][vast][during_time] and [aduser][action][param][resource][during_time] {
        ruby {
            code => 'event.set("[aduser][action][param][vast_resource_during_time]", event.get("[aduser][action][param][vast][during_time]") + event.get("[aduser][action][param][resource][during_time]") )'
        }
    } else {
        drop  { }
    }
    mutate {
        remove_field => [ "message" ]
    }
}

output {
    stdout {
       codec => rubydebug {
    #       metadata => true
        }
    }
}

最后解析出来的样子是这样的

参考文档:
官方介绍地址
 Simple Math Functions with Ruby in Logstash 5.3
Logstash中的数学函数

Posted on 2020-02-21 by bear in Linux运维.Tags: elk, Linux, logstash.0 Comments

redis安装好之后必做的几件事

先来看一段日志

1525:M 21 Nov 11:10:36.412 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
22552:M 19 Jan 10:36:26.936 # Server started, Redis version 3.2.12
22552:M 19 Jan 10:36:26.936 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
22552:M 19 Jan 10:36:26.936 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
22552:M 19 Jan 10:36:26.936 * The server is now ready to accept connections on port 6380

解决办法:

$ echo never > /sys/kernel/mm/transparent_hugepage/enabled

$ vim /etc/rc.local  # 写入下面一行
echo never > /sys/kernel/mm/transparent_hugepage/enabled

$ vim /etc/sysctl.conf  # 写入下面2行
net.core.somaxconn = 1024
vm.overcommit_memory = 1

$ sysctl -p

Posted on 2020-02-18 by bear in Linux运维.Tags: Linux, redis.0 Comments