Nikolay's Dev Blog

Complex systems require monitoring. An important part of this are the log files. The best way to access, search and view multiple log files is the combination of Filebeat, Logstash, Elasticsearch and Kibana. However, configuring them can be difficult. Here I am demonstrating a possible setup. First, some words about each of them, in case you don't know them: Filebeat is a tool, that watches for file system changes and uploads the file contents to a destination (output). Elasticsearch and Logstash are the most commonly used, Kafka and many others are also supported. Logstash is a tool for beautifying the logs. It is based on the input-filter-output model. It can convert the log files into a different format, it can add and remove fields, etc. Elasticsearch is a very famous search engine, based on Lucene. Stores documents inside indices. Kibana is basically the GUI of Elasticsearch. It provides a user interface for searching and displaying data...

If you are using ElasticSearch for storing system or application logs, then your ES cluster can quickly gets very big. Fortunately, ElasticSearch provides functionality for automatic rollover and deletion of indices. Here is how to configure it. Note: all configurations and examples here are based on ELK 7.x. Some functionalities are not available in previous versions. If you are using an older version, consider upgrading. Create lifecycle polices ElasticSearch provides the Index Lifecycle Policies (ilp) functionality, which can rollover indices. It is configured, by defining the phases of an index (hot, warm, cold, delete). When handling logs, we can store them in different indices, which are rolled over automatically on certain conditions (size or time). Additionally old logs indices can be deleted to free up space. In the example below we are creating a lifecycle policy " test ". The "hot" phase, in which the index is ...

TL;DR: I explain here how to setup a home Wi-Fi network, which routes all traffic through a VPN, using a Raspberry Pi. No one wants to get tracked or sniffed while browsing. Even those, who "have nothing to hide".  One of the ways to hide your traffic is to use a VPN. But connecting and disconnecting to it can be annoying. So, I want to setup a home Wi-Fi network, and, when connected to it, to browse automatically through the VPN. There are already many VPN providers out there, the goal of this post is not to compare them. We just need one, which supports OpenVPN. Setup This setup is tested on Raspberry Pi 3 Model B+ with a 2GB SD card. Any Raspberry Pi OS will do. I recommend using the Lite version. Some of the values are based on a home network 192.168.0.0/24 OpenVPN Add to  /etc/network/interfaces : auto lo iface lo inet loopback auto eth0 allow-hotplug eth0 iface eth0 inet dhcp up route add -net 192.168 . 0.0 netmask 255.255 . 255.0 ...

If you are developing software and are using Git on Windows 10 and don't want to push to github, gitlab, etc., you might find this useful.  You can turn your Windows OS into a git server, by just configuring ssh access. 1. Add the features for OpenSSH (part of Windows 10) Open Settings - Apps - Optional Features - Add a feature and install "OpenSSH Server" and "OpenSSH client" 2. Create a git user Create a user git , member of sshusers , who cannot change his password, who is active and whose password never expires. Open Control Panel - Administrative Tools - Computer Management Under System Tools - Local Users and Groups - Right click on Users - New User... 3. Configure the git user Login with the git user and create the c:\Users\git\.ssh directory. Inside, create the " authorized_keys " text file with your public ssh key and make it accessible only by user git . Here is ...

Very often we need certificates, mostly for using SSL/TLS in HTTP, FTP, etc. The fastest and cheapest way is the self-signed certificate. It is generated in just a few steps. However, they don't have to be "self" signed. We can also generate a CA (certification authority) and use it to issue the certificates, e.g. they will be signed by our CA. This give us the possibility to trust all our certificates by just trusting the CA. This post shows how to do it with openssl. Some configuration first It is much easier if you do some configuration for openssl, if not done so already. The configuration is placed in  /etc/ssl/openssl.cnf: Set the default algorithm to sha1: set default_md = sha1 Remove these default values: stateOrProvinceName_default = organizationName_default = In case you are planning to create multiple certificates, you can also configure the common values as defaults to spare some time later. ...

Freshman in the Linux world When you start your Linux journey coming from another OS, which is mostly controlled by the GUI (Windows, OSX), you might have a lot of questions. Although the modern Linux distros provide extremely rich GUIs, the terminal remains the most powerful part of Linux. Here is some know-how, you might need. NOTE: All examples below are only tested in Debian-like distros. Aliases Edit ~/.bashrc and uncomment the line for the ll alias Or better extend it to: alias ll = 'ls -lha' Additionally, you might want to add the following function into   ~/.bash_aliases: cdl () { cd "$1" && ll; } This way, you can change dir and list content in one: nikolay@blog:/ $ cdl /var total 101M drwxr-xr-x 11 root root 4.0K Aug 20 12:47 . drwxr-xr-x 21 root root 4.0K Aug 20 12:47 .. drwxr-xr-x 2 root root 4.0K Nov 7 06:25 backups drwxr-xr-x 9 root root 4.0K Oct 25 11:08 cache drwxr-xr-x 29 root ...