Posts Tagged ‘Fedora’

Why journalctl is cool and syslog will survive for another decade

Wednesday, July 24th, 2013

There was a recent discussion going on if Fedora 20 should drop rsyslog and just using systemd journal. A lot of people are afraid of systemd and its journal, this a pity.

Well, there are pros and cons about this kind of logging. For System administrators daily use, journalctl is a powerful tool simplifying the hunt for log file entries.

On the other hand, there are AFAIK no monitoring tools (yet) that can work with journalctl. Those first need to be developed. A Nagios plug-in should be implemented quite quickly.

Why makes journalctl the life easier?
Instead of grepping trough thousands of lines in /var/log/messages you simply can filter the messages and work on them.

journalctl has auto completion (just hit the tab key) showing you the options to use. I.e.

fedora:~# journalctl  < TAB > 
_AUDIT_SESSION=              _PID=
_BOOT_ID=                    PRIORITY=
_CMDLINE=                    __REALTIME_TIMESTAMP=
CODE_FILE=                   _SELINUX_CONTEXT=
CODE_LINE=                   SYSLOG_FACILITY=
_COMM=                       SYSLOG_IDENTIFIER=
COREDUMP_EXE=                SYSLOG_PID=
__CURSOR=                    _SYSTEMD_CGROUP=
ERRNO=                       _SYSTEMD_OWNER_UID=
_EXE=                        _SYSTEMD_SESSION=
_GID=                        _SYSTEMD_UNIT=
_HOSTNAME=                   _TRANSPORT=
_MACHINE_ID=                 _UDEV_SYSNAME=
MESSAGE=                     _UID=
fedora:~# journalctl 

Quite some filtering options available here. Most of this options are self-explanatory.

If you just want to see the entries made by a particular command, issue journalctl _COMM= and the TAB key.

fedora:~# journalctl _COMM=
abrtd            dnsmasq          mtp-probe        sh               tgtd
anacron          gnome-keyring-d  network          smartd           udisksd
avahi-daemon     hddtemp          polkit-agent-he  smbd             umount
bash             journal2gelf     polkitd          sshd             userhelper
blueman-mechani  kdumpctl         pulseaudio       sssd_be          yum
chronyd          krb5_child       qemu-system-x86  su               
colord           libvirtd         sealert          sudo             
crond            logger           sendmail         systemd          
dbus-daemon      mcelog           setroubleshootd  systemd-journal  
fedora:~# journalctl _COMM=

If you enter journalctl _COMM=sshd you will just see the messages created by sshd.

fedora:~# journalctl _COMM=sshd 
-- Logs begin at Tue 2013-07-23 08:46:28 CEST, end at Wed 2013-07-24 11:10:01 CEST. --
Jul 23 09:48:45 sshd[2172]: Server listening on port 22.
Jul 23 09:48:45 sshd[2172]: Server listening on :: port 22.

Usually one is just interested in messages within a particular time range.

fedora:~# journalctl _COMM=crond --since "10:00" --until "11:00"
-- Logs begin at Tue 2013-07-23 08:46:28 CEST, end at Wed 2013-07-24 11:23:25 CEST. --
Jul 24 10:20:01 CROND[28305]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul 24 10:50:01 CROND[28684]: (root) CMD (/usr/lib64/sa/sa1 1 1)

And why will rsyslog stay another decade or even longer?

There are a lot of tools and scripts which are in place since a long time, some of them even come from a time before Linux was born.

Most of those scripts must be rewritten or at least change its behaviour. I.e taking input from STDIN instead of a log file, so those tools can digest the output from journalctl|

For log digesting tools that are needed to be compatible between different Unix and Linux Systems they probably wont be changed. In this case syslogd will survive until the last of those systems is decommissioned.

Further reading

Kernel 3.5.3 partially broken for virtualization

Wednesday, October 3rd, 2012

Some time ago, Fedora 17 got a Kernel update to 3.5.3-1. Since then, PXE booting virtual machines does not work anymore. It seems that it has not been fixed in the upstream Kernel, but only the 3.5 series of Kernels is affected.

A bug has been filed, but no fix is available. The only solution for now is to stick to Kernel 3.4.5-2. I’ve checked the Fedora annouce mailinglist, looks like there have been no grave bugfixes since then.

The bug only hits when you use PXE boot virtual machines with qemu-kvm. The virtual machine gets just paused, to find out the reason for it, you need to have a closer look to /var/log/libvirt/libvirtd.log. There you can read: “KVM: entry failed, hardware error 0x80000021“.

Someone proposed to use the emulate_invalid_guest_state=y parameter to the kvm_intel module, but according to a Ubuntu bugreport it fails too, but differently.

Hopefully a bug fix will be made available soon.

Having fun? Well, could be worse, could be better.

How to get a RTL2832U based DVB-T stick working on Fedora 17

Sunday, September 16th, 2012

This week I bought a no-name DVB-T stick with the risk to not getting it working with Linux. The device contains a RTL2832u chip which seems to be quite common according to this list. The price tag was just €14, so I was taking the risk.

First experiments shown that there is no chance to get it running on Fedora 17. After digging deeper I figured out that someone wrote a driver and published it on github.

Later on, I figured out that there is a driver also available in upstreams 3.6rc Kernel. Unfortunately the Kernel shipped with Fedora 17 does not support the device yet.

Steps to do

Ensure you have installed the kernel headers package that match your running kernel version. If not, run yum -y install kernel-headers. The package dvb-apps will help you to set up the channels later on, install it with yum -y install dvb-apps

Getting and compiling the kernel module

git clone
cd DVB-Realtek-RTL2832U-2.2.2-10tuner-mod_kernel-3.0.0/RTL2832-2.2.2_kernel-3.0.0/
make && make install

Afterwards you need to scan your DVB-T stick for stations and put it into mplayers channels file. In /usr/share/dvb/dvb-t/ you will find the right setting the region you are living. For me de-Berlin is the right one.

scandvb /usr/share/dvb/dvb-t/de-Berlin -o zap >> ~/.mplayer/channels.conf

Now you are ready to watch digital terrestrial TV on you Fedora box. mplayer "dvb://Das Erste" does the job.

A more comfortable player is kaffeine which has features like EPG (electronic Program Guide), recording facilities etc. It comes with KDE.

Have fun!

FUDCon 2012 Kuala Lumpur, Malaysia

Wednesday, April 4th, 2012
FUDCon 2012 Kuala Lumpur

FUDCon 2012 Kuala Lumpur

Since I’ll be in Kuala Lumpur anyway, I take the chance to visit the upcoming FUDcon (Fedora User and Developer Conference) which will take place May 18th to 20th at the Asia Pacific University College of Technology & Innovation. I dont know yet if I can be there all three days, but at least days 2 and 3.

I’m really glad to meet the Fedora people from another continent. I’ve been visiting Malaysia back in 2009, it is a very beautiful country with nice people. So this time my visit is different, combining vacation and some nice Linux stuff.

Looking at the list of talks, it will be interessting to join those sessions. Unfortunately it is too late for me to prepare a talk. The only thing I miss is the annoucement of a social event, maybe I have overseen it?

See you there… Have fun!

I voted for beefy miracle

Thursday, April 7th, 2011

Beefy miracle


There is a open poll on voting for a name for Fedora 16. I gave my vote to Beefy Miracle. Why I voted for Beefy Miracle? Because it is cool, geeky, freaky, I’m loving hot dogs and it is something new.

The Fedora distribution is geeky, freaky and open to new stuff.

Having fun? Of course!

How to harden RHEL systems

Sunday, March 27th, 2011

Some time ago, the NSA released an excellent guide how to harden RHEL5 systems.

Despite of being written for RHEL5, it partially also applies to RHEL6 and newer versions of Fedora. It is also worth looking at it for users of non-RH breed distributions. To be mentioned: Its clearly focused on server systems, not desktops.

Some of the topics are really basic stuff which is already in place as industries “best practices”, other methods are not that well known.

Most of the items can be implemented very easy, others should be reviewed if the complexity is worth the gain of security.

Minimize Software to Minimize Vulnerability is a good starting point. RHEL5 is quite bad on this point, a default installation comes with a complete desktop environment. RHEL6 made a lot of progress on this issue as I wrote about it in a earlier post.

The default file system layout of most Linux distributions is suboptimal. At least /var, /tmp and /home should be on separate file systems. You can enhance the systems security by setting mount options such as noexec, nodev and nosuid where appropriate.

Always set SELinux to Enforcing mode where possible. Since tools like audit2allow and selinux-polgengui enables users to easily create basic policies, its no more rocket science. For further readings and hints about SElinux, have look on Dan Walsh’s Blog.

Check if only needed daemons are running. I. e if you are not using NFS, disable portmapper and friends.

Other things things disabling rhnsd is IMHO not a good idea. Enabling a warning banner for pre-login texts is just clueless.

NSA provides a nice guide which is really worth reading for server administrators. Some topics described in the guide are maybe overkill and complex, while others are easy to implement and maintain. Hopefully NSA will soon update its paper to RHEL6.

It also shows that Linux distributors have room for improvements to provide a better default security.

Have fun!

Epson scanners on Linux systems

Tuesday, January 11th, 2011

I’ve got a Epson Perfection 1260 Photo scanner.

Fedora like other distributions such as OpenSuse are recognizing the device since a long long time. The back end chosen for the device is plustek.

Unfortunately when using the default configuration one experience very strange effects with colours. The left and the right 50% of the picture have a colored background, even when scanning a empty page.

I had this problem with OpenSUSE since years and still got it with Fedora 1x. Since I only need the scanner for my yearly income tax declaration, I always forget about what I needed to change.

That’s what is needed to change:


[root@bond ~]# diff /etc/sane.d/plustek.conf.orig /etc/sane.d/plustek.conf
< option altCalibration 0
> option altCalibration 1
[root@bond ~]# 

Since I do not have any other scanners I do not know if this is a bug specifically to this type of scanners, or if it is a general bug.

Using different search engines, the web does not disclose some solutions. That is one of the reasons why I’m blogging about it. The other reason is to find other people with the same problem.

At the end of the day, I’ll try to find out if this is a general bug of the Sane back end, or just specific to some Epson scanners. If it is specific to some Epson scanners, it may be worth to create a new specific back end for those scanners affected.

Having fun? Now I have, my stuff is successfully scanned.

Pulp, what is it about it?

Thursday, December 2nd, 2010

Thanks to Máirín’s posting I got aware of the Pulp project.

What is it? I had a brief look at it, it is a Red Hat sponsored project with a similar functionality like Spacewalk and RHN Satellite.

This brings me to the question: Is Pulp is intended to be a replacement of Spacewalk? It can make sense, it is written in Python as Cobbler is. Cobbler and Spacewalk are not really playing nice together. Spacewalk used Java, Perl and Python.

Anyway, Pulp seems to be in its early childhood, but it seems to be a really interesting project. What are the plans for the future? And what are the plans for Spacewalk and thus RHN Satellite?

Having fun? As soon as I get the time to install it and give Pulp a closer look….

Usability Fedora vs Windows

Tuesday, November 30th, 2010

I’m writing this post sitting in a train, connected to the internet via UMTS. The device is a Huawai E220 HSDPA modem connected via USB. Guess who is the winner?

Procedure to get the device running on Fedora (first time usage):

  • Plug in the device on any USB port
  • Enter the PIN in the pop-up
  • Enjoy mobile Internet connection

Steps: 3
Time: approx. 5sec.

Procedure on Windows XP (first time usage):

  • Decide on what USB port you will plug in the device an memorize it, because subsequently it will only work on that USB port
  • Plug in the device
  • A virtual CDROM drive gets mounted, a window with some drivers is appearing
  • Install the driver
  • reboot your notebook
  • Finding and starting the previously installed software
  • Getting a pop-up asking for the PIN
  • Enjoy mobile Internet connection

Steps: 8
Time: approx 10min

Procedure on Windows 7 (first time usage):

  • Decide on what USB port you will plug in the device an memorize it, because subsequently it will only work on that USB port
  • Plug in the device
  • A virtual CDROM drive gets mounted, a window with some drivers is appearing
  • When autorun.inf is enabled, the driver installs automatically (on enterprise systems mostly disabled). if not enabled, read some documentation what to do
  • Finding and starting the previously installed software
  • Getting a pop-up asking for the PIN
  • Enjoy mobile Internet connection

Steps: 7
Time: Between 5min and 30min (depending on your Windows 7 knowledge)

For the subsequent usage on Fedora proceed as it is the first time usage.

On Windows (XP and 7) you need to remember which port you plugged in the device when you installed it. Otherwise you need to uninstall the drivers, reboot and install the drivers again and reboot again. [update]On Windows 7 you do not need a reboot.[/update]

Having fun? With Fedora yes :-) With Windows? Not really…

Joining the Fedora doc and trans-de Teams

Tuesday, November 9th, 2010

The history
Since 1994 I’m a Linux enthusiast. In the year 2000 I was installing the first commercially used Linux Systems in Switzerland’s airline industry. Since then I worked in different companies mostly in the outsourcing business.

From 2001 to 2003 I was also contributing some German translations for KDE, as well as writing two Docbook SGML documentation for TLDP.

The current
Since approx. two years I’m working mostly with Red Hat’s RHEL and its derivatives such as CentOS. Later I also switched my desktop and notebooks from openSUSE to Fedora, for obvious reasons: Fedora is the upstream of RHEL and it is more stable.

I’m also a guy that wrote and writes some Bugzilla entries, mostly for RHN Satellite/Spacewalk. Those guys may already know me, I’ll hope they still like me ;-)

First contact to the Fedora community
My first contact with the Fedora community was at FUDCon 2010 in Zürich, Switzerland, my home town. There I recognized that it is indeed a very nice and international community with a lot of interesting people.

This encouraged me to to something for the Fedora project. What can I do? First of all, I’m having some knowledge about technical documentations, thus joining the doc-team. I also have some experience with GNU gettext and my mother tongue is german, so joining the trans-de team makes sense.

The future
I’m a RHCE with some skills in building RPMs, lets see if I can help the project with that too.

Lets have some fun?