ALL Archives - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Posts Tagged ‘ALL’

How to Install and Use auditd for System Security Auditing on Linux

Thursday, September 25th, 2025

System auditing is essential for monitoring user activity, detecting unauthorized access, and ensuring compliance with security standards. On Linux, the Audit Daemon (auditd) provides powerful auditing capabilities for logging system events and actions.

This short article will walk you through installing, configuring, and using auditd to monitor your Linux system.

What is auditd?

auditd is the user-space component of the Linux Auditing System. It logs system calls, file access, user activity, and more — offering administrators a clear trail of what’s happening on the system.

1. Installing auditd

The auditd package is available by default in most major Linux distributions.

On Debian/Ubuntu

# apt update
# apt install auditd audispd-plugins

On CentOS/RHEL/Fedora

# yum install audit

After installation, start and enable the audit daemon

# systemctl start auditd

# systemctl enable auditd

Check its status

# systemctl status auditd

2. Setting Audit Rules

Once auditd is running, you need to define rules that tell it what to monitor.

Example: Monitor changes to /etc/passwd

# auditctl -w /etc/passwd -p rwxa -k passwd_monitor

Explanation:

-w /etc/passwd: Watch this file. When the file is accessed, the watcher will generate events.
-p rwxa: Monitor read, write, execute, and attribute changes
-k passwd_monitor: Assign a custom key name to identify logs. Later on, we could search for this (arbitrary) passwd string to identify events tagged with this key.

List active rules:

# auditctl -l

3. Common auditd Rules for Security Monitoring

Here are some common and useful auditd rules you can use to monitor system activity and enhance Linux system security. These rules are typically added to the /etc/audit/rules.d/audit.rules or /etc/audit/audit.rules file, depending on your system.

a. Monitor Access to /etc/passwd and /etc/shadow

-w /etc/passwd -p wa -k passwd_changes
-w /etc/shadow -p wa -k shadow_changes

Monitors read/write/attribute changes to password files.

b. Monitor sudoers file and directory

-w /etc/sudoers -p wa -k sudoers
-w /etc/sudoers.d/ -p wa -k sudoers

Tracks any change to sudo configuration files.

c. Monitor Use of chmod, chown, and passwd

-a always,exit -F arch=b64 -S chmod -S fchmod -S fchmodat -k perm_mod
-a always,exit -F arch=b64 -S chown -S fchown -S fchownat -k perm_mod
-a always,exit -F arch=b64 -S passwd -k passwd_changes

Watches permission and ownership changes.

d. Monitor User and Group Modifications

-w /etc/group -p wa -k group_mod
-w /etc/gshadow -p wa -k gshadow_mod
-w /etc/security/opasswd -p wa -k opasswd_mod

Catches user/group-related config changes.

e. Track Logins, Logouts, and Session Initiation

-w /var/log/lastlog -p wa -k logins
-w /var/run/faillock/ -p wa -k failed_login
-w /var/log/faillog -p wa -k faillog

Tracks login attempts and failures.

f. Monitor auditd Configuration Changes

-w /etc/audit/ -p wa -k auditconfig
-w /etc/audit/audit.rules -p wa -k auditrules

Watches changes to auditd configuration and rules.

g. Detect Changes to System Binaries

-w /bin/ -p wa -k bin_changes
-w /sbin/ -p wa -k sbin_changes
-w /usr/bin/ -p wa -k usr_bin_changes
-w /usr/sbin/ -p wa -k usr_sbin_changes

Ensures core binaries aren't tampered with.

h. Track Kernel Module Loading and Unloading

-a always,exit -F arch=b64 -S init_module -S delete_module -k kernel_mod

Detects dynamic kernel-level changes.

l. Monitor File Deletions

-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -k delete

Tracks when files are removed or renamed.

m. Track Privilege Escalation via setuid/setgid

-a always,exit -F arch=b64 -S setuid -S setgid -k priv_esc

Helps detect changes in user or group privileges.

n. Track Usage of Dangerous Binaries (e.g., su, sudo, netcat)

-w /usr/bin/su -p x -k su_usage
-w /usr/bin/sudo -p x -k sudo_usage
-w /bin/nc -p x -k netcat_usage

Useful for catching potentially malicious command usage.

o. Monitor Cron Jobs

-w /etc/cron.allow -p wa -k cron_allow
-w /etc/cron.deny -p wa -k cron_deny
-w /etc/cron.d/ -p wa -k cron_d
-w /etc/crontab -p wa -k crontab
-w /var/spool/cron/ -p wa -k user_crontabs

Alerts on cron job creation/modification.

p. Track Changes to /etc/hosts and DNS Settings

-w /etc/hosts -p wa -k etc_hosts
-w /etc/resolv.conf -p wa -k resolv_conf

Monitors potential redirection or DNS manipulation.

q. Monitor Mounting and Unmounting of Filesystems

-a always,exit -F arch=b64 -S mount -S umount2 -k mounts

Useful for detecting USB or external drive activity.

r. Track Execution of New Programs

-a always,exit -F arch=b64 -S execve -k exec

Captures command execution (can generate a lot of logs).

A complete list of rules you can get from the hardening.rules auditd file place it under /etc/audit/rules.d/hardening.rules
and reload auditd to load the configurations.

Tips

Use ausearch -k <key> to search audit logs for matching rule.
Use auditctl -l to list active rules.
Use augenrules –load after editing rules in /etc/audit/rules.d/.

4. Reading Audit Logs

Audit logs events are stored in:

/var/log/audit/audit.log

By default, the location, this can be changed through /etc/auditd/auditd.conf

View recent entries:

# tail -f /var/log/audit/audit.log

Search by key:

# ausearch -k passwd_monitor

Generate a summary report:

# aureport -f

# aureport

Example: Show all user logins / IPs :

# aureport -au

5. Making Audit Rules Persistent

Rules added with auditctl are not persistent and will be lost on reboot. To make them permanent:

Edit the audit rules configuration:

# vim /etc/audit/rules.d/audit.rules

Add your rules, for example:

-w /etc/passwd -p rwxa -k passwd_monitor

Apply the rules:

# augenrules –load

7. Some use case examples of auditd in auditing Linux servers by sysadmins / security experts

Below are real-world, practical examples where auditd is actively used by sysadmins, security teams, or compliance officers to detect suspicious activity, meet compliance requirements, or conduct forensic investigations.

a. Detect Unauthorized Access to /etc/shadow

Use Case: Someone tries to read or modify password hashes.

Audit Rule:

-w /etc/shadow -p wa -k shadow_watch

Real-World Trigger:

sudo cat /etc/shadow

Check Logs:

# ausearch -k shadow_watch -i

Real Output:

type=SYSCALL msg=audit(09/18/2025 14:02:45.123:1078):

syscall=openat

exe="/usr/bin/cat"

success=yes

path="/etc/shadow"

key="shadow_watch"

b. Detect Use of chmod to Make Files Executable

Use Case: Attacker tries to make a script executable (e.g., malware).

Audit Rule:

-a always,exit -F arch=b64 -S chmod -k chmod_detect

Real-World Trigger:

# chmod +x /tmp/evil_script.sh

Check Logs:

# ausearch -k chmod_detect -i

c. Monitor Execution of nc (Netcat)

Use Case: Netcat is often used for reverse shells or unauthorized network comms.

Audit Rule:

-w /bin/nc -p x -k netcat_usage

Real-World Trigger:

nc -lvp 4444

Log Entry:

type=EXECVE msg=audit(09/18/2025 14:35:45.456:1123):

argc=3 a0="nc" a1="-lvp" a2="4444"

key="netcat_usage"

d. Alert on Kernel Module Insertion

Use Case: Attacker loads rootkit or malicious kernel module.

Audit Rule:

-a always,exit -F arch=b64 -S init_module -S delete_module -k kernel_mod

Real-World Trigger:

# insmod myrootkit.ko

Audit Log:

type=SYSCALL msg=audit(09/18/2025 15:00:13.100:1155):

syscall=init_module

exe="/sbin/insmod"

key="kernel_mod"

e. Watch for Unexpected sudo Usage

Use Case: Unusual use of sudo might indicate privilege escalation.

Audit Rule:

-w /usr/bin/sudo -p x -k sudo_watch

Real-World Trigger:

sudo whoami

View Log:

# ausearch -k sudo_watch -i

f. Monitor Cron Job Modification

Use Case: Attacker schedules persistence via cron.

Audit Rule:

-w /etc/crontab -p wa -k cron_mod

Real-World Trigger:

echo "@reboot /tmp/backdoor" >> /etc/crontab

Logs:

type=SYSCALL msg=audit(09/18/2025 15:05:45.789:1188):

syscall=open

path="/etc/crontab"

key="cron_mod"

g. Detect File Deletion or Renaming

Use Case: Attacker removes logs or evidence.

Audit Rule:

-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -k file_delete

Real-World Trigger:

# rm -f /var/log/syslog

Logs:

type=SYSCALL msg=audit(09/18/2025 15:10:33.987:1210):

syscall=unlink

path="/var/log/syslog"

key="file_delete"

h. Detect Script or Malware Execution

Use Case: Capture any executed command.

Audit Rule:

-a always,exit -F arch=b64 -S execve -k exec

Real-World Trigger:

/tmp/myscript.sh

Log View:

# ausearch -k exec -i | grep /tmp/myscript.sh

l. Detect Manual Changes to /etc/hosts

Use Case: DNS hijacking or phishing setup.

Audit Rule:

-w /etc/hosts -p wa -k etc_hosts

Real-World Trigger:

# echo "1.2.3.4 google.com" >> /etc/hosts

Logs:

type=SYSCALL msg=audit(09/18/2025 15:20:11.444:1234):

path="/etc/hosts"

syscall=open

key="etc_hosts"

8. Enable Immutable Mode (if necessery)

For enhanced security, you can make audit rules immutable, preventing any changes until reboot:

# auditctl -e 2

To make this setting persistent, add the following to the end of /etc/audit/rules.d/audit.rules:

-e 2

Common Use Cases

Here are a few more examples of what you can monitor:

Monitor all sudo usage:

# auditctl -w /var/log/auth.log -p wa -k sudo_monitor

Monitor a directory for file access:

# auditctl -w /home/username/important_dir -p rwxa -k dir_watch

Audit execution of a specific command (e.g., rm):

# auditctl -a always,exit -F arch=b64 -S unlink,unlinkat -k delete_cmd

(Adjust arch=b64 to arch=b32 if on 32-bit system.)

9. Managing the Audit Log Size

Audit logs can grow large over time. To manage log rotation and size, edit:

# vim /etc/audit/auditd.conf

Set log rotation options like:

max_log_file = 8

num_logs = 5

Then restart auditd:

# systemctl restart auditd

Conclusion

The Linux Audit Daemon (auditd) is a powerful tool to track system activity, enhance security, and meet compliance requirements. With just a few configuration steps, you can monitor critical files, user actions, and system behavior in real time.

References

man auditd
man auditctl
Linux Audit Wiki

Tags: access, after, ALL, ALLOW, Edit, Example Monitor, file, Installing, Linux Auditing System, make, rack, Reading Audit Logs, real time, report, Search, security standards, Setting Audit Rules, sudo, systemctl, username
Posted in Computer Security, Linux, Monitoring | No Comments »

Father Archimandrite Ivan of Novi Han, Protector of Poor and Homeless passed away to Christ

Tuesday, September 16th, 2025

Father Ivan with his shepherd stick

On September 14, the 80-year-old Archimandrite Joan (John) , known simply as Father Ivan from Novi Khan.
Father Ivan was well known in Bulgarian society as the only Monk father of the Fatherless. and a great benefactor who dedicated his life to the sick, poor, needy and, the homeless people in Bulgaria.

The Requiem service will be consecrated on September 16 from 12:00 pm in the church "The Holy Trinity" in Novi Khan (a Church situated in the improvised homeless shelter organized in an old Monastery (Saint Nicholas) by Father Ivan himself. by Bishop John of Branitsky, former Vicar Bishop of Patriarch Daniel.

Father Ivan Dimitrov Ivanov was born on March 31, 1945. in the Bulgarian village of Blagovo, Montana region. He received his basic and secondary education in the High Professional School "Peter Beron" in city of Sofia. Next He attended a university degree from the Theological Academy "St. Clement of Ohrid" (which was re-established in the distant year 1981) already in grown age after working different other jobs. He merried and with his wife Todorka Grigorova Ivanova had two sons – Ivaylo and Grigor. On October 19, 1981 he was ordained a deacon, and on 26 October same year – ordained for a priest by Metropolitan Filaret of Vidin. Since 1987 he was appointed as a priest at the Church "Holy Trinity" in the town of Novi Han, region of Elin Pelin. In year 2011 he has been consecrated as monk the name Ioan by the Bishop of Devol Theodosij (Theodosius). In 2015 in Montana he was promoted to archimandrite dignity by Vidin Metropolitan Dometian.

Along with his pastoral work, he devotes all his strength to caring for the poor. His selfless service remains misunderstood by many, and for a long time he does not receive support from the leadership of the Bulgarian Orthodox Church. In 2014, His Holiness Patriarch Neophyte of Bulgaria came to visit the “Holy Trinity” shelter in Novi Han. In addition to food and gifts, he also gave a sign of empathy with the great priest’s work.

Otec_Ivan_Novi-Han-s-patriarh-Neofit

Father Ivan began his work in the distanct 1993, short after the fall of Communism regime in Bulgaria when he restored the abandoned building of the monastery "Holy Trinity" in Novi Han. He revived the liturgical life in the monastery church (that was abondoned for many years due to the dictatorship regime in Bulgaria) and created the shelter "Saint Nicholas", in which he sheltered a dozen homeless people. Gradually, the orphanage expanded and it housed mainly women and children deprived of home and protection, but also found shelter for the elderly and homeless. The priest gave pregnant girls left without any financial support and shelter, the opportunity to give birth to their children and take care of them in the shelter for free. Several generations of children were born and raised under the care of Father Ivan. Today, some of them were the first to express their grief over the death of the father on social networks.

otec_Ivan-with-his-children

Even though his genuine kindness and great good deeds Father Ivan has suffered a lot from people who hate the light of Christ, being a victim of various life hardships, road incidents, and a lot of health issues, which he endevoured with stoicism. He has multiple times has shared when we met that many people being pushed by the devil has done him a lot of badness.
As a mean to finance the homeless people Father Ivan with the help of his orpans, take care about animals such as chickens, cows, sheeps.
Not on a signle occasion animals belonging to him and his shelter has been stolen.
He fought many battles in his life time but never lost hope neither he fall in spirit always counting on the help of the Almighty, like the ancient saints.
Father Ivans deed for that hard times can be compared to the great deeds of the ancients and for the Bulgarian society his meaning and inspiration was similar
to the old testamental important of Moses who led the people.
His servence of a priest was always given for the good example and people respected him and loved him for his deeds in Bulgaria over the last 40 years.

Otec_Ivan-stuck-with-a-knife

In 2013, the father bought several houses in the Montana village of Yakimovo, where he housed also homeless families and their children (the houses hosting homless families reached about 80+ houses ! which accomodated about 180 people, together with the people in the orphanage in Novi Han they were more than 250+ people).

The last years of his life he spend living in his small living Room (monastic Cell) in the Saint Nicolas Monastery in prayer and last spiritual cares for his many children.

Father Ivan of Novi Han and his son Grigorij

The priest's work is continued by his son (who also took the path of his father) Fr. Grigoriy, who now takes care of the orphanages. Fr. Ivan remains in our recent church history as an example of complete dedication to the service of his neighbors, without seeking reward or gratitude. Something unique and unrepeatable fhat inspired many to be more merciful and benevolent for the poor and needy and by this he incarnated the example of Christ who teached us to always have the poor and needy with us and in our hearts. Generous to the life's misfortunes of his "children", Fr. Ivan set an example of a servant of Christ, whose love "does not seek its own… bears all things, believes all things, hopes all things, endures all things" (1 Cor. 13:5-7).

I had the blessing to meet father Ivan of Novi Han a couple of times together with Bishop Ierotey Agathopolski (who used to be in the past under the spiritual guidance of Father Ivan). And my personal impressions are that father Ivan was a highly spiritual person and true monk. I had the chance one time in the distant 2011 to meet him in Novi Khan afer a pilgrimage to Holy Mount Athos we have been guests to Father Ivan in the monastery for a night and even had the chance to be and serve as a ipodeacon on a Holy Liturgy led by Father Ivan. I still remember how much he worried about the children God has sent him for care and how much he worried if financially he can make it to give a good life to all the new inhabitants who recently come to his shelter.

The Children and old homeless people for whom Father Ivan of Novi Han took care

I remember he had to buy some food for the shelter and I wanted to help him to carry the stuff and we were to the SuperMarket together to buy food and goods for the children.
Father Ivan had a great temper and a great sense of humor even though he has been already aging and his spirit was lifted even though the hardships both with suffering heavy form of diabetes and other multitude of physical infirmity.

Film Sparks (Movie about the Shleter of Saint Nicolas created by Father Ivan of Novi Han)

Father Ivan and his Children an Interview Movie by Fr Ivan

Movie about The Life Story hardships of Father Ivan of Novi Khan and what made him decide to serve the sick, the poor and the lonely

Father Archimandrite Ivan one worthy Bulgarian

In above interview, father Ivan talks about how he decided to become a priest and how he promised God that he will make an orphanage home. He was accused during the communistic times in Bulgaria for being a priest only to serve as a spy for the West. He was kept in Montana Police station interrogated for 7 months in a small dark police carcer (small police room for prisoners), trying and the police tried to brain wash him that he is guilty for things he is not for all the time being asked the same questions again and again with a light lamp infront of his eye sight. He tells in short in the interview, how he managed to restore the Holy Trinity monastery, after a lot of hardships and miracles of God who helped me to do so. On multiple times his orphanage house has been tried to be (closed) and even destroyed by the local people of Novi Han unsuccesful. He has a lot of abusers who tried to run the deeds of his life the oprphanage but God by his great grace and his powers did not allow this to happen! But right on the contrary helped him and the children and provided him everything he needs to fulfill the dead of his life to help the salvation of tens of thousands to find his path to God and multitudes of people to physically survive a life of horror for years. He put a multitude of lost souls for whom noone cared back on the track of life and by his mercifulness he preached the Gospel not only words but in deeds.

Let God forgive him, Have mercy on his Soul and Forgive him if he sinned as a man and Receive him in his heavenly kingdom ! And Let us have his prayers to Christ ! Amen

Tags: about, after, age, ALL, amen, ancients, and, animals, ANY, are, basic, being, birth, bishop, blessing, Bought, building, bulgaria, Bulgarian, bulgarian orthodox church
Posted in Christianity, Curious Facts, Everyday Life | No Comments »

Christ is Risen Eastern Orthodox Resurrection Paschal Greeting in Different Languages

Friday, April 24th, 2020

Happy Easter to All Orthodox Christians worldwide !
We are the the bright week – this is the week after The Feast of Feasts Resurrection of Christ. This year in 2020, we Orthodox Christians celebrated this feast on 19th, 20th and 21st of April. The celebrations of the Feast of Christians and the Paschal joy continues for the whole week, so I found some time to quickly blog to share the Joy of the Resurrection of the Savior Jesus Christ who has freed all People from the Fear of the Death by Manifestating Death has been overtaken by Life Eternally.
Earlier years, I've blogged shortly on the Christ is risen in many languages. But this time I decided to extend my previous blog by adding some more details on which are the Member Churches consisting the Christ body of Holy Orthodoxy, What is the Creed of Faith (Symbol of Faith) difference Between Orthodox Christians and Roman Catholics and why we're not catholics and do celebrate Easter on a different date from Roman Catholics. Finally I will post the Paschal Greeting translated to as many languages I could find.

In the Eastern Orthodox Christian world which is the True Church of Christ consists of 15 National Churches each traced back to the Holy Apostles of Christ, each of Churches is in eucharistic Communion with the other.

Canonical Orthodox Christ Churches as of year 2020 are the following:

1. Orthodox Church of Constantinople
2. Orthodox Church of Alexandria
3. Orthodox Church of Antiochia
4. Jerusalem Patriarchal Orthodox Church
5. Bulgarian Orthodox Church
6. Georgian Orthodox Church
7. Serbian Orthodox Church
8. Russian Orthodox Church
9. Romanian Orthodox Church
10. Orthodox Church of Cyprus (archibishopship)
11. Greek Orthodox Church
12. Albanian Orthodox Church
13. Polish Orthodox Church
14. Orthodox Church of Chech Lands and Slovakia
15. American Orthodox Church

Historically Christ Church was one before the Great Schism that was perhaps the greatest tragedy of mankind after Christ's Crucifix it occured in 1054 A.D. About this saddening events, the manuscripts and contemporary saints says with this terrible event, the whole world shaked its basis. The result of the Bulla brought by Pope's messangers in Hagia Sophia Cathedral in Constantinople in the Holy Alter of the Church putting in document of official schism and the Church of the east condeming the Western Church Cuhrch action headed by the pope due to the false Creed of faith inclusion legallized by the pope with the so called 'Filioque' word formula that changed the original agreement of Church fathers decisions on the First Ecumenical Council of Constantinople in 381 A.D. (which by the way puts Anathemas on anyone who dares to change the Creed of Faith as well change by the Popes in the well known ancient Baptism Formulas like oilment (receving the sign of the holy spirit during baptism).

The historical number of Orthodox Churche dioceses were much more numerous but with the time and the hardships this are the only ones that left as official Churches, many dioceses were destroyed by the Muslims Conquests and Roman Catholics orders like the Jesuits whose fight against orthodoxy has been severe in their attempt to make the whole world to turn to the pope, this is very well known by the many remains of Uniates around Europe, especially in nowadays Ukraine. There is a lot of nations like Chechz and Hungarians whose for many centuries confessed orthodoxy but due to the economic relations with the West and the converion of their rulers (princes / Kings) etc. to Roman Catholicism has gradually converted their Eastern Churches to Roman Catholics.

The origional Nicean Creed (Nicea-Constantinople) creed of faith reads as this:

Nicean Creed of Faith ( Agreed on 381 Anno Dommini in Emperor Constantine City of Byzantine Empire Constantinople)

We believe in one God, the Father Almighty, Maker of heaven and earth, and of all things visible and invisible.

And in one Lord Jesus Christ, the only-begotten Son of God, begotten of the Father before all worlds (æons), Light of Light, very God of very God, begotten, not made, consubstantial with the Father;

by whom all things were made;

who for us men, and for our salvation, came down from heaven, and was incarnate by the Holy Ghost and of the Virgin Mary, and was made man;

he was crucified for us under Pontius Pilate, and suffered, and was buried, and the third day he rose again, according to the Scriptures, and ascended into heaven, and sitteth on the right hand of the Father;

from thence he shall come again, with glory, to judge the quick and the dead. ;

whose kingdom shall have no end.

* And in the Holy Ghost, the Lord and Giver of life, who proceedeth from the Father, who with the Father and the Son together is worshiped and glorified, who spake by the prophets.

In one Holy Catholic and apostolic Church; we acknowledge one baptism for the remission of sins; we look for the resurrection of the dead, and the life of the world to come. Amen.

The Western Church head Bishop the Pope and local priests due to some historical regions of Spain and other parts of Western Europe's aim to fight heresies included the word Latin word Filioque in above translated text (Word which is translated as "And from the Son") in above starred line 'And in te Holy Ghost, The Lord Giver of Life who proceedeth from the Father' become 'And in the Holy Ghost, The Lord Giver of Life who proceedeth from the Father (Filioque) = and from the Son.' this was acceptable for the Eastern Churches until the moment when this Confession of Faith has been legalized for the Whole Western Church with a decree so called pope 'Bulla' with which it become the official confession of faith for the whole Catholic Church. The Eastern Church of course was following the accepted Canon rules from the first Ecumenical Council in 381 A.D. and rejected to accept the definition of the Pope at first in the Face of Saint Patriarch Photios I of Constantinople (year 810 – 893) and become official in 1054 by the rule of Pope Leo whose legates tried to claim Headship of the Pope over the whole Church and questioned the title of the Constantinople Ecumenical Patriarch Michael I Cerularius.
Along with the chages of the Creed of Faith the West, the years during centuries VII and IX centuries has already put a lot of differences in the East and West Church along doctrinal, theological, linguistic, political, and geographical lines so the split was a reflection of all this. The Latin Church was much more power hungry and more progressive for its time and authoritarian, trying to combine the Worldly power with the Spiritual one given by the line of Apostoles from Christ Ceasaris-Papism, where the Eastern Church was governed in the ancient model of the Worldly power in face of Eastern Roman empire Emperor and the Patriarch who was a governor of the Spiritual power. The schism was worsened also by the many Latins raids in the Eastern Empire Christian brothers and the sacking of Constantinople in 8-13 April year 1204. Of course both Wester and Eastern Roman Empire had an appetite for a conquest over the other and often this has lead the secular rulers on both sides to try to manipulate activities of the spiritual leaders of both to work for their interests, but the schism would never occur if the spiritual establishment of the Church which are the Holy Canons (decision of the Ecumenical Councils) were not breached by the Western Church.
One of this breaches of the Ancient canons is the Celebration of Eastern Pascha which says the Christian Pascha should never coincide with Jewish Pascha. However in the Western Church this rule was breached and nowadays The Eastern (The Day of the Resurrection of Christ) in the Roman Catholic Church (Western Church) coincides most of the years with Jewish Pascha (both Roman Catholics and the executors of Christ who never accepted him the Jews celebrate together … a sad fact).

Nowadays most of the Ancient Churches of the East together with the Eastern Orthodox Churches, who are confessing the Faith of Christ such as it was handed by the Saint Fathers has a very specific ancient way of confession of faith similar to the Creed of Faith which was a very common short ancient way to confess the faith when two Christians met it is perhaps originating from the times of the Heresies in the 1st century right after the Christ Crucifix, when the pupil of Christ used it to confirm the Glorious and unexplainable Miracle of the Resurrection of the Lord Jesus Christ from the Death in Real Body in the 3rd day from the Grave in the Cave where his body was buried.

The Greeting Formula is the well known in the Eastern Orthodox Churches such as in Bulgaria / Greece / Russia / Serbia etc. Christ is Risen.
On every easter Almost everyone in the Orthodox Christian Countires greats everyone else both in homes on the street at work or anywhere relatives friends and even unfamiliar people who has to do business deeds with the immersely joyful greeting.

ХРИСТОС ВОСКРЕСЕ / CHRIST IS RISEN !!!!! !!!

Then the greeted Person answers back

ВОЙСТИНУ ВОСКРЕСЕ / TRULY HE IS RISEN (INDEED HE IS RISEN) !!!!!!!!

In the Orthodox Churches, believers do greet themselves with this heartful joyful greeting for the whole 40 days after the Feast of Resurrection of Christ.

In Russia, Ukrain, Belarus and the surrounding Slavonic lands there is this tradition that the greeting is repeated 3 times as an interaction between person A and person B, for example.

Person A (3 times) greets:
ХРИСТОС ВОСКРЕСЕ = CHRIST IS RISEN !!!
Person B (3 times) answers:
ВОЙСТИНУ ВОСКРЕСЕ = TRULY HE IS RISEN !!!

Below is a good list with Paschal Resurrection Greeting in multiple languages, for those who has curious polyglot minds who want to learn few words in different languages.

Indo-European languages

Greek: Χριστὸς ἀνέστη! Ἀληθῶς ἀνέστη! (Khristós anésti! Alithós anésti!)

Voskresenie-Gospoda-Nashego-Iisusa-Hrista-Mosaic

Slavic languages

Church Slavonic: Хрїсто́съ воскре́се! Вои́стинꙋ воскре́се! (Xristósŭ voskrése! Voístinu voskrése!

Bulgarian: Христос воскресе! Воистину воскресе! (Khristos voskrese! Voistinu voskrese!), as if in Church Slavonic; Христос възкресе!

Belarusian: Хрыстос уваскрос! Сапраўды ўваскрос! (Chrystos uvaskros! Sapraŭdy ŭvaskros!)

Наистина възкресе! (Khristos vâzkrese! Naistina vâzkrese!) in Modern Bulgarian

In Georgia Christ is risen! Truly is risen would be: " ქრისტე აღსდგა![Qriste Agsdga],—– ჭეშმარიტად! [Cheshmaritad].

Croatian: Krist uskrsnu! Uistinu uskrsnu!

: Kristus vstal z mrtvých! Vpravdě vstal z mrtvých!

Macedonian: Христос воскресе! Навистина воскресе! (Hristos voskrese! Navistina voskrese!), traditional; or Христос воскресна! Навистина воскресна! (Hristos voskresna! Navistina voskresna!)

Polish: Chrystus zmartwychwstał! Prawdziwie zmartwychwstał!

Russian: Христос воскрес(-е)! Воистину воскрес(-е)! (Khristos voskres(-е)! Voistinu voskres(-е)!) (the version with -e is in Church Slavonic, one without it is in modern Russian; both are widely used)

Rusyn: Хрістос воскрес! Воістину воскрес! (Hristos voskres! Voistynu voskres!)

Serbian: Христос васкрсе! Ваистину васкрсе! (Hristos vaskrse! Vaistinu vaskrse!) or Христос воскресе! Ваистину воскресе! (Hristos voskrese! Vaistinu voskrese!)

Slovak: Kristus vstal z mŕtvych! Skutočne vstal (z mŕtvych)! (though the Church Slavonic version is more often used)

Slovene: Kristus je vstal! Zares je vstal!

Ukrainian: Христос воскрес! Воістину воскрес! (Khrystos voskres! Voistynu voskres!)

Tosk Albanian: Krishti u ngjall! Vërtet u ngjall!

Armenian

Western Armenian: Քրիստոս յարեա՜ւ ի մեռելոց: Օրհնեա՜լ է Յարութիւնն Քրիստոսի: (Krisdos haryav i merelotz! Orhnyal e Haroutyunen Krisdosi!)

eastern dialect, Քրիստոս հարյա՜վ ի մեռելոց: Օրհնյա՜լ է Հարությունը Քրիստոսի: (Khristos haryav i merelotz! Orhnyal e Harouthyoune Khristosi!); literally "Christ is risen! Blessed is the resurrection of Christ!")

Germanic languages

Anglic languages

Scots: Christ has ryssyn! Hech aye, he his ain sel!

English: Christ is risen! He is risen indeed! Or Christ is risen! Truly, he is risen!

Old English: Crist is ārisen! Hē is sōþlīċe ārisen!

Middle English: Crist is arisen! Arisen he sothe!

Danish: Kristus er opstanden! Sandelig Han er Opstanden!

West Frisian: Kristus is opstien! Wis is er opstien!

German: Christus ist auferstanden! Er ist wahrhaft auferstanden! or Der Herr ist auferstanden! Er ist wahrhaftig auferstanden!

Icelandic: Kristur er upprisinn! Hann er sannarlega upprisinn!

Faroese: Kristus er upprisin! Hann er sanniliga upprisin!

Low Franconian languages

Dutch: Christus is opgestaan! Hij is waarlijk opgestaan! (Netherlands) or Christus is verrezen! Hij is waarlijk verrezen! (Belgium)

Afrikaans: Christus het opgestaan! Hy het waarlik opgestaan!

Norwegian

Bokmål: Kristus er oppstanden! Han er sannelig oppstanden!

Nynorsk: Kristus er oppstaden! Han er sanneleg oppstaden!

Swedish: Kristus är uppstånden! Han är sannerligen uppstånden!

Italic languages

Latin: Christus resurrexit! Resurrexit vere!

Romance languages

Aromanian: Hristolu anyie! Di alihea anyie!

Catalan: Crist ha ressuscitat! Veritablement ha ressuscitat!

French: Le Christ est ressuscité ! En vérité il est ressuscité! Or Le Christ est ressuscité ! Vraiment il est ressuscité !

Galician: Cristo resucitou! De verdade resucitou!

Italian: Cristo è risorto! È veramente risorto!

Portuguese: Cristo ressuscitou! Em verdade ressuscitou! or Cristo ressuscitou! Ressuscitou verdadeiramente!

Arpitan: Lo Crist es ressuscitat! En veritat es ressuscitat!

Romanian: Hristos a înviat! Adevărat a înviat!

Romansh: Cristo es rinaschieu! In varded, el es rinaschieu!

Sardinian: Cristu est resuscitadu! Aberu est resuscitadu!

Sicilian: Cristu arrivisciutu esti! Pibbiru arrivisciutu esti!

Spanish: ¡Cristo resucitó! ¡En verdad resucitó!

Walloon: Li Crist a raviké! Il a raviké podbon!

Baltic languages

Latvian: Kristus (ir) augšāmcēlies! Patiesi (viņš ir) augšāmcēlies!

Lithuanian: Kristus prisikėlė! Tikrai prisikėlė!

Celtic languages

Goidelic languages

Old Irish: Asréracht Críst! Asréracht Hé-som co dearb!

Irish: Tá Críost éirithe! Go deimhin, tá sé éirithe!

Manx: Taw Creest Ereen! Taw Shay Ereen Guhdyne!

Scottish Gaelic: Tha Crìosd air èiridh! Gu dearbh, tha e air èiridh!

Brythonic languages

Breton:Dassoret eo Krist! E wirionez dassoret eo!

Cornish: Thew Creest dassorez! En weer thewa dassorez!

Welsh: Atgyfododd Crist! Yn wir atgyfododd!

Indo-Iranian languages

Ossetian:Чырысти райгас! Æцæгæй райгас! Or бæлвырд райгас! (Ḱyrysti rajgas! Æcægæj rajgas or bælvyrd rajgas!)

Persian: مسیح برخاسته است! به راستی برخاسته است!‎ (Masih barkhaste ast! Be rasti barkhaste ast!)

Hindi: येसु मसीह ज़िन्दा हो गया है! हाँ यक़ीनन, वोह ज़िन्दा हो गय یسوع مسیح زندہ ہو گیا ہے! ہاں یقیناً، وہ زندہ ہو گیا ہے!‎ (Yesu Masīh zindā ho gayā hai! Hā̃ yaqīnan, voh zindā ho gayā hai!)

Marathi: Yeshu Khrist uthla ahe! Kharokhar uthla ahe!

Abkhazian: Kyrsa Dybzaheit! Itzzabyrgny Dybzaheit!

Afro-Asiatic languages

Semitic languages

Standard Arabic: المسيح قام! حقا قام!‎ (al-Masīḥ qām! Ḥaqqan qām!) or المسيح قام! بالحقيقة قام! (al-Masīḥ qām! Bi-l-ḥaqīqati qām!)

Aramaic languages

Classical Syriac: ܡܫܝܚܐ ܩܡ! ܫܪܝܪܐܝܬ ܩܡ!‎ (Mshiḥa qām! sharīrāīth qām! or Mshiḥo Qom! Shariroith Qom!)

Assyrian Neo-Aramaic: ܡܫܝܚܐ ܩܡܠܗ! ܒܗܩܘܬܐ ܩܡܠܗ!‎ (Mshikha qimlih! bhāqota qimlih!)

Turoyo: ܡܫܝܚܐ ܩܝܡ! ܫܪܥܪܐܝܬ ܩܝܡ!‎ (Mshiḥo qāyem! Shariroith qāyem!)

East African languages

Tigrinya: Christos tensiou! Bahake tensiou!

Amharic: Kristos Tenestwal! Bergit Tenestwal!

Hebrew: המשיח קם! באמת קם!‎ (Hameshiach qam! Be'emet qam!)

Maltese: Kristu qam! Huwa qam tassew! or Kristu qam mill-mewt! Huwa qam tassew!

Egyptian

Coptic: (Pi'Christos aftonf! Khen oumetmi aftonf!)

Judeo-Berber: Lmasih yahye-d ger lmeytin! Stidet yahye-d ger lmeytin!

Dravidian languages

Tamil: கிறிஸ்து உயிர்த்தெழுந்தார், மெய்யாகவே அவர் உயிர்த்தெழுந்தார்.

Malayalam: ക്രിസ്തു ഉയിര്ത്തെഴുന്നേറ്റു! തീര്ച്ചയായും ഉയിര്ത്തെഴുന്നേറ്റു! (Christu uyirthezhunnettu! Theerchayayum uyirthezhunnettu!)

Eskimo–Aleut languages

Aleut: Kristusaaq Aglagikuk! Angangulakan Aglagikuk!

Pacific Gulf Yupik: Kristusaq ungwektaq! Pichinuq ungwektaq!

Central Yupik: Kristuussaaq unguirtuq! Ilumun unguirtuq!

Mayan languages

Tzotzil: Icha'kuxi Kajvaltik Kristo! Ta melel icha'kuxi!

Tzeltal: Cha'kuxaj Kajwaltik Kristo! Ta melel cha'kuxaj!

Austronesian languages

Malayo-Polynesian

Batak: Tuhan nunga hehe! Tutu do ibana hehe!

Carolinian: Lios a melau sefal! Meipung, a mahan sefal!

Cebuano: Nabanhaw Si Kristo! Nabanhaw gayud!

Waray: Hi Kristo nabanwaw! Matuod nga Hiya nabanhaw!

Chamorro: La'la'i i Kristo! Magahet na luma'la' i Kristo!

Fijian: Na Karisito tucake tale! Io sa tucake tale!

Filipino: Nabuhay muli Si Kristo! Nabuhay talaga!

Hawaiian: Ua ala hou ʻo Kristo! Ua ala ʻiʻo nō ʻo Ia!

Indonesian: Kristus telah bangkit! Dia benar-benar telah bangkit!

Kapampangan: Y Kristû sinûbli yáng mèbié! Sinûbli ya pin mèbié!

Malagasy: Nitsangana tamin'ny maty i Kristy! Nitsangana marina tokoa izy!

Cook Islands Māori: Kuo toetu’u ‘ae Eiki! ‘Io kuo toetu’u mo’oni!

Austroasiatic languages: Mon-Khmer

: Preah Christ mean preah choan rous leong vinh! trung mean preah choan rous leong vinh men!

Vietnamese

: Chúa Ki-tô đã sống lại! Ngài đã sống lại thật!

Thai

Thai: พระคริสต์เป็นขึ้นจากความตาย! or พระคริสต์ทรงกลับคืนพระชนม์ชีพ!

Basque

Basque: Cristo Berbiztua! Benetan Berbiztua!

Japanese

Japanese: ハリストス復活！実に復活！ (Harisutosu fukkatsu! Jitsu ni fukkatsu!)

Korean

Korean 그리스도 부활하셨네! 참으로 부활하셨네! (Geuriseudo buhwalhasyeonne! Chameuro buhwalhasyeonne!)

Na-Dené languages

Athabaskan languages

Navajo: Christ daaztsą́ą́dę́ę́ʼ náádiidzáá! Tʼáá aaníí daaztsą́ą́dę́ę́ʼ náádiidzáá!

Tlingit: Xristos Kuxwoo-digoot! Xegaa-kux Kuxwoo-digoot!

Niger–Congo languages

: Kristo Ajukkide! Kweli Ajukkide!

Swahili: Kristo Amefufuka! Amefufuka kweli kweli!

Gikuyu: Kristo ni muriuku! Ni muriuku nema!

Quechuan languages

Quechua: Cristo causarimpunña! Ciertopuni causarimpunña!

Mongolic languages

Classical Mongolian: Есүс дахин амилсан, Тэр үнэхээр амилсан! (Yesus dahin amilsan, ter uneheer amilsan)

Turkic languages

Turkish: Mesih dirildi! Hakikaten dirildi!

Uyghur: ‫ئەيسا تىرىلدى! ھەقىقەتىنلا تىرىلدى!‬‎ (Əysa tirildi! Ⱨəⱪiⱪətinla tirildi!)

Azerbaijani: Məsih dirildi! Həqiqətən dirildi!

Chuvash: Христос чĕрĕлнĕ! Чăн чĕрĕлнĕ! (Hristos čĕrĕlnĕ! Čyn čĕrĕlnĕ!)

Khakas: Христос тірілді! Сыннаң тірілді! (Hristos tíríldí! Sınnañ tíríldí!)

Uzbek: Масих тирилди! Хақиқатдан тирилди! (Masih tirildi! Haqiqatdan tirildi!)

Sino-Tibetan languages

Chinese: 基督復活了！他確實復活了！ (Jīdū fùhuó-le! Tā quèshí fùhuó-le!) or 耶穌復活了，真的他復活了！ (Yēsū fùhuó-le, Zhēnde tā fùhuó-le!)

Uralic languages

Estonian: Kristus on üles tõusnud! Tõesti on üles tõusnud!

Finnish: Kristus nousi kuolleista! Totisesti nousi!

Hungarian: Krisztus feltámadt! Valóban feltámadt!

Karelian: Hristos nouzi kuollielois! Tovessah nouzi!

Constructed languages

International auxiliary languages

Esperanto: Kristo leviĝis! Vere Li leviĝis!

Ido: Kristo riviveskabas! Ya Il rivivesakabas!

Interlingua: Christo ha resurgite! Vermente ille ha resurgite! or Christo ha resurrecte! Vermente ille ha resurrecte!

Quenya: (Hristo Ortane! Anwave Ortanes!)

Klingon: Hu'ta' QISt! Hu'bejta'!

Tags: about, action, adding, after, again, against, aim, ALL, amen, American, ancient churches, and, anno, Apostles, Arabic, are, around, attempt, Aug, BACK, Batak Tuhan, Below, christ risen, Church Slavonic Xrist, Classical Mongolian, due, French Le Christ, holy ghost, how many orthodox churches, orthodox easter, roman catholic easter, roman catholics, Slavonic, times, truly
Posted in Christianity, Various | 5 Comments »

Debugging Jitsi Meet Server Problems: A Practical Guide

Saturday, April 26th, 2025

Jitsi Meet is a powerful open-source video conferencing platform. But like any real-time communication system, it can run into issues—from video/audio glitches to full-blown connection failures. Debugging Jitsi Meet can be tricky due to its multi-component architecture. This guide walks you through a systematic approach to identify and resolve common server-side issues.

1. Understand the Architecture

Before diving into logs, it's important to understand Jitsi Meet's core components:

Jitsi Meet (Web UI) – The front-end interface.
Jicofo (Focus component) – Manages conference sessions.
Prosody (XMPP Server) – Handles user authentication and signaling.
JVB (Jitsi Videobridge) – Routes video/audio streams.
Nginx or Apache – Web server proxy (often with HTTPS and WebSocket forwarding).

Knowing how these interact helps pinpoint the failing layer.

2. Check Logs in the Right Places

Each component has its own logs. Check them in the following order:

✅ Prosody Logs

Location: /var/log/prosody/prosody.log and prosody.err
Look for: Authentication issues, connection denials, or component registration problems.

✅ Jicofo Logs

Location: /var/log/jitsi/jicofo.log
Look for: Room creation errors, XMPP connection failures, conference creation attempts.

✅ JVB Logs

Location: /var/log/jitsi/jvb.log
Look for: ICE failures, STUN/TURN issues, packet loss, and bridge reachability.

✅ Web Server Logs (Nginx/Apache)

Location (Nginx): /var/log/nginx/error.log and access.log
Look for: HTTP errors (404, 502), WebSocket connection problems.

✅ Browser Console Logs

Tools: Press F12 in browser → Console/Network tabs.
Look for: WebSocket failures, CORS issues, or media permission problems.

3. Common Problems & Fixes

"Failed to join conference"

Cause: Prosody may not be running or not configured correctly.

Fix: Restart Prosody and check domain configuration in /etc/prosody/conf.avail/

No Audio or Video

Usual Cause: Media not reaching the bridge or blocked by firewall

Fix:

Verify JVB is listening on correct ports (UDP 10000).
Check firewall/NAT settings (especially on cloud VMs).
Use tcpdump or ss to check traffic flow.

WebSocket Connection Fails

Usual Cause: Web server (Proxy) misconfiguration.

Fix:

Ensure Nginx is forwarding WebSocket requests to /xmpp-websocket/.
Add proper proxy settings in nginx.conf

Authentication Not Working

Cause: Misconfigured JWT or internal authentication.

Fix:

Check Prosody's config for authentication method.
If using JWT, verify token structure and shared secret.

4. Use Debugging Tools

Jitsi Meet in debug mode:

Add #config.debug=true to your meeting URL.

ICE Debugging:

Check about:webrtc (Firefox) or WebRTC Internals (Chrome).
Look at ICE candidate gathering and connectivity checks.
Test TURN/STUN:
- Use tools like trickle-ice to validate your server's ICE configuration.

5. Networking and Firewall Checks

Make sure these ports are open:

TCP 443 – HTTPS
UDP 10000 – Media (JVB)
TCP 4443 – (Optional, fallback media)
TCP 5222 – XMPP (if not using BOSH/WebSocket)

# ss -tuln ufw status

6. Component Health Checks

Do
# systemctl status for each main jitsi component services:

# systemctl status prosody # systemctl status jicofo # systemctl status jitsi-videobridge2

Check uptime, errors, or failure restarts.

7. Enable More Verbose Logs

Increase logging levels for deeper debugging:

Prosody: Edit /etc/prosody/prosody.cfg.lua → set log = { ... debug = "*" }.
Jicofo/JVB: Edit /etc/jitsi/jicofo/logging.properties and /etc/jitsi/videobridge/logging.properties
→ change log level to FINE or ALL.

8. Update & Restart Services

Sometimes updates or configs don’t apply until services are restarted:

# apt update && apt upgrade systemctl restart prosody jicofo jitsi-videobridge2 nginx

Final Closure Thoughts

Debugging Jitsi Meet requires a structured approach, start from the user-facing symptoms, trace through each service, and verify network and authentication configurations.
Debug the status of prosody, jicofo and jitsi-videobridge2, check the firewall openings are okay to the jitsi server
With some log analysis and a bit of patience, experimentation and the help of forums or Artificial Intelligence tool like ChatGPT, the Jitsi server errors will get solved.

Tags: about, access, ALL, amp, and, ANY, authentication, Cause Prosody, configured, errors, Firewall Checks, HTTPS, Location Nginx, logging, look, Prosody Logs, proxy settings, status, systemctl, traffic flow
Posted in Linux, Linux and FreeBSD Desktop, Linux Audio & Video, System Administration | No Comments »

How to Install and Set Up an NFS Server network Shares on on Linux to easify data transfer across multiple hosts

Monday, April 7th, 2025

How to Configure NFS Server in Redhat,CentOS,RHEL,Debian,Ubuntu and Oracle Linux

Network File System (NFS) is a protocol that allows one system to share directories and files with others over a network. It's commonly used in Linux environments for file sharing between systems. In this guide, we'll walk you through the steps to install and set up an NFS server on a Linux system.

Prerequisites

Before you start, make sure you have:

A Linux system distros (e.g., Ubuntu, CentOS, Debian, etc.)
Root or sudo privileges on the system.
A network connection between the server (NFS server) and clients (machines that will access the shared directories).

1. Install NFS Server Package

On Ubuntu / Debian based Linux systems:

a. First, update the package list

# apt update

b. Install the NFS server package

# apt install nfs-kernel-server

On CentOS/REL-based systems:

2. Install the NFS server package

      # yum install nfs-utils

Once the package is installed, ensure that the necessary services are enabled.

3. Create Shared Directory for file sharing

Decide which directory you want to share over NFS. If the directory doesn't exist, you can create one. For example:

# mkdir -p /nfs_srv_dir/nfs_share

Make sure the directory has the appropriate permissions so that the nfs clients can access it.

# chown nobody:nogroup /nfs_srv_dir/nfs_share
# chmod 755 /nfs_srv_dir/nfs_share

4. Configure NFS Exports ( /etc/exports file)

The NFS exports file (/etc/exports) is perhaps most important file you will have to create and deal with regularly to define the expored shares, this file contains the configuration settings for directories you want to share with other systems.

a. Open the /etc/exports file for editing:

vi /etc/exports

Add an entry for the directory you want to share. For example, if you're sharing /nfs_srv_dir/nfs_share and allowing access to all systems on the network (192.168.1.0/24), add the following line:

/nfs_srv_dir/nfs_share 192.168.1.0/24(rw,sync,no_subtree_check)

Here’s what each option means:

rw: Read and write access.
sync: Ensures that changes are written to disk before responding to the client.

Here is few lines of example of my working /etc/exports on my home running NFS server

/var/www 192.168.0.209/32(rw,no_root_squash,async,subtree_check)
/home/jordan 192.168.0.209/32(rw,no_root_squash,async,subtree_check)
/mnt/sda1/icons-frescoes/ 192.168.0.209/32(rw,no_root_squash,async,subtree_check)
/home/mobfiles 192.168.0.209/32(rw,no_root_squash,async,subtree_check)
/mnt/sda1/icons-frescoes/ 192.168.0.200/32(rw,no_root_squash,async,subtree_check)
/home/hipo/public_html 192.168.0.209/32(rw,no_root_squash,async,subtree_check)
/home/alex/public_html 192.168.0.209/32(rw,no_root_squash,async,subtree_check)
/home/necroleak/public_html 192.168.0.209/32(rw,no_root_squash,async,subtree_check)
/bashscripts 192.168.0.209/32(rw,no_root_squash,async,subtree_check)
/backups/Family-Videos 192.168.0.200/32(ro,no_root_squash,async,subtree_check)

5. Export the NFS Shares with exportfs command

Once the export file is configured, you need to inform the NFS server to start sharing the directory:

# exportfs -a

The -a flag will make it export all the sharings.

6. Start and Enable NFS Services

You need to start and enable the NFS server so it will run on system boot.

On Ubuntu / Debian Linux run the following commands:

# systemctl start nfs-kernel-server
# systemctl enable nfs-kernel-server

On CentOS / RHEL Linux:

# systemctl start nfs-server
# systemctl enable nfs-server

7. Allow NFS Traffic Through the Firewall

If your server has a firewall configured / enabled, you will need to allow NFS-related ports through the firewall.
These ports include 2049 TCP protocol Ports (NFS) and 111 (RPCbind) UDP and TCP protocol , and some additional ports.

On Ubuntu/Debian (assuming you are using ufw [UNCOMPLICATED FIREWALL]):

# ufw allow from 192.168.1.0/24 to any port nfs sudo ufw reload

On CentOS / RHEL Linux:

# firewall-cmd –permanent –add-service=nfs sudo firewall-cmd –permanent –add-service=mountd sudo firewall-cmd –permanent –add-service=rpc-bind sudo firewall-cmd –reload

8. Verify NFS Server is Running

To ensure the NFS server is running properly, use the following command:

# systemctl status nfs-kernel-server

# systemctl status nfs-server

You should see output indicating that the service is active and running.

9. Test the NFS Share (Client-Side)

To test the NFS share, you will need to mount it on a client machine. Here's how to mount it:

On the client machine, install the NFS client utilities:

Ubuntu / Debian Linux

# apt install nfs-common

For CentOS / RHEL Linux

# yum install nfs-utils

Create a mount point (Nomatter the distro),:

# mkdir -p /mnt/nfs_share

Mount the NFS share:

# mount -t nfs <nfs_server_ip>:/nfs_srv_dir/nfs_share /mnt/nfs_share

Replace <nfs_server_ip> with the IP address of the NFS server or DNS host alias if you have one defined in /etc/hosts file.

Verify that the share is mounted:

# df -h

You should see the NFS share listed under the mounted file systems.

10. Configure Auto-Mount at Boot (Optional)

To have the NFS share automatically mounted at boot, you can add an entry to the /etc/fstab file on the client machine.

Open /etc/fstab for editing:

# vi /etc/fstab

Add the following line:

<server-ip>:/nfs_srv_dir/nfs_share /mnt/nfs_share nfs defaults 0 0

Save and close the file.

The NFS share will now be automatically mounted whenever the system reboots.

Debug NFS configuration issues (basics)

You can continue to modify the /etc/exports file to share more directories or set specific access restrictions depending on your needs.

If you encounter any issues, checking the server logs or using

# exportfs -v
/var/www     192.168.0.209/32(async,wdelay,hide,sec=sys,rw,secure,no_root_squash,no_all_squash)
/home/var_data     192.168.0.205/32(async,wdelay,hide,sec=sys,rw,secure,no_root_squash,no_all_squash)
/mnt/sda1/
       192.168.0.209/32(async,wdelay,hide,sec=sys,rw,secure,no_root_squash,no_all_squash)
/mnt/sda2/info
       192.168.0.200/32(async,wdelay,hide,sec=sys,rw,secure,no_root_squash,no_all_squash)
/home/mobfiles   192.168.0.209/32(async,wdelay,hide,sec=sys,rw,secure,no_root_squash,no_all_squash)
/home/var_data/public_html
       192.168.0.209/32(async,wdelay,hide,sec=sys,rw,secure,no_root_squash,no_all_squash)
/var/public
       192.168.0.209/32(async,wdelay,hide,sec=sys,rw,secure,no_root_squash,no_all_squash)
/neon/data
       192.168.0.209/32(async,wdelay,hide,sec=sys,rw,secure,no_root_squash,no_all_squash)
/scripts     192.168.0.209/32(async,wdelay,hide,sec=sys,rw,secure,no_root_squash,no_all_squash)
/backups/data-limited
       192.168.0.200/32(async,wdelay,hide,sec=sys,ro,secure,no_root_squash,no_all_squash)
/disk/filetransfer
       192.168.0.200/23(async,wdelay,hide,sec=sys,ro,secure,no_root_squash,no_all_squash)
/public_shared/data
       192.168.0.200/23(async,wdelay,hide,sec=sys,ro,secure,no_root_squash,no_all_squash)

Of course there is much more to be said on that you can for example, check /var/log/messages /var/log/syslog and other logs that can give you hints about issues, as well as manually try to mount / unmount a NFS stuck share to know more on what is going on, but for a starter that should be enough.

command can help severely in troubleshooting the NFS configuration.

Sum it up what learned ?

We learned how to set up basic NFS server and mounted its shared directory on a client machine.
This is a great solution for centralized file sharing and collaboration on Linux systems (even though many companies are trying to not use it due to its lack of connection encryption for historical reasons NFS has been widely used over the years and has helped dramatically for the Internet as we know it to become the World Wide Web of today. Thus for a well secured network and perhaps not a critical files infrastructure, still NFS is a key player in file sharing among heterogenous networks for multitudes of Gigabytes or Terra Pentabytes of data you would like to share amoung your Personal Computers / Servers / Phones / Tablets and generally all kind of digital computer equipment devices.

Tags: access, alex, alias, ALL, ALLOW, allows, and, bash, clients, Create Shared Directory, file sharing, installed, list, machines, NFS, ports, Start, sudo, system boot, systemctl
Posted in Everyday Life, Linux, Linux and FreeBSD Desktop, Networking, NFS, System Administration | No Comments »

How to reboot stuck Iphone due to Appstore unable to close Pop-up

Friday, November 22nd, 2024

Recently Sonya Ankova which is the most famous youtuber that shares tons video on Orthodox Christianity and friend of mine has bought a brand new IPhone 13. As she is a complete startup with Iphone, just like i was in the old days, she had no idea how to configure the Phone Basics.
She as as a partially technical person do to the constant use of Computers to Edit and Create Videos captured Videos on her Camera and compile videos on various interesting topics on what is the Orthodox Christian believer approach to thinking and life philosophy, managed to Upgrade the Software of Iphone via WI-Fi connection to the latests shipped updates by Iphone and setup some very basic settings on the new Phone, in her desperate update to Migrate her old Android Phone to the new Iphone, but did not managed to completely succeed.

Thus as I already have some experience on setting up, my personal phone and 2 more friends iPhones I already had some knowledge and started configuring her Phone.

As a first logical step to be able to do anything further on the phone of course i had to configure AppStore and started creating her iCloud user that is as usually necessery for login and use of Apple Appstore Magazine.

First on trying to login to AppStore without still having the iCloud created by automatism the phone got locked up exactly on the screen where i have to fill in user login data and pass credentials and this annoying pop-up stayed on the screen even after trying to unlock and i couldn't remove the annoying thing in any way thus I had to find a way to resolve the issue and be able to reboot the phone and unlock and try to fill in the App store new account just created credentials from icloud.com, but that was not possible.

One approach of course is to wait for the Phone to Discharge on couple of days, but i needed a quick fix to continue with setup the phone so after quick googling I found the work around to such buggy stuff by forcing the Iphone to restart itself forcably.

On Iphone that is easy by:

iphone 12 buttons front copy

1. Quickly press and release the Volume Up button.

2. Quickly press and release the Volume Down button.

3. Press and hold the Side (right) button until the Apple logo appears, then release the Side button.

Not that the side right Phone button has to be kept press for about 15 to 30 secs to force the restart, otherwise just the restart
phone Prompt slider appears and you have to slide left to make the Phone restart (the slider did not work, however as the Pop Up from AppStore was blocking me to do anything on the Iphone screen.

After reboot the Phone booted normal and the PopUp from Appstore was no more and Unlocking the screen was possible with configured FaceID Recognition or PIN code unlock prompt.

I've read online that the Same Force Restart iPhone trick is very useful and very much loved by many people,

if due to Bugs or whatever your iPhone is dead frozen and doesn’t want to turn on.

There is a bug in recent generations of iPhones that you might want to be aware of, especially when traveling and heavily relying on your smartphone.

It might happen that all of a sudden your iPhone doesn't turn back on.

If the iPhone isn't responding and you can't turn it off and on, try forcing it to restart.

If Iphone Biten Apple doesn't rise up, don't hurry to you panic, make sure the iPhone is sufficiently charged by connecting it to a known good charger for at least 15 minutes.

Hope this little article helps someone with IPhone stuck, enjoy !

Tags: about, Account, after, ALL, and, annoying, annoying thing, ANY, apple, around, first, How to, IPhone, life philosophy, login, release, screen, trying, use, Videos
Posted in Linux, Mobile Phone Apps & Games, Various | No Comments »

How to Copy / Backup Windows USB drive from one USB to a second

Friday, October 18th, 2024

Did you know that when you copy all the files from a USB Drive you don’t copy all the data?

Did you know that there may be files that are not even visible?

In this tutorial you will discover how to copy all of your USB Drive sector by sector, that is to say, that you will see how to create a copy identical to your USB drive without missing anything!

This can be useful if you have formatted your USB stick in error and want to use it, you can create an image for the USB Drive on your computer and then you can recover the formatted data in the image afterward!

The software used in this tutorial is called ImageUSB, it is free, portable, and easy to use.

Don’t use this method if you want only to copy some files, use this to clone/backup your USB Drive with all its master boot record, partition tables, and data.

Let’s go!

Clone Your USB Drive with ImageUSB on Windows 10

Start by downloading and extracting ImageUSB from this official URL: https://www.osforensics.com/tools/write-usb-images.html

Double-click on imageUSB.exe.

Select your USB Drive from the list, select “Create image from USB drive“. Choose the location for the binary image file (.bin) that will be created from the USB drive.

Click on “Create“.Click “Yes” to confirm your choices.

imageusb clone usb flash drive backup restore 3 create image

Click “Yes” to overwrite the bin file in case it’s already there.

Wait for a couple of minutes…

After the image is created you should see this message. Click “OK“.

Now if you want to restore an image to your USB Drive, just select your USB Drive and choose “Write image to USB drive“. Choose your bin image and click on “Write“.

imageusb clone usb flash drive backup restore 7 write

This program is not recommended on different sizes USB Drives…
Use it mostly for backup/restore on the same USB Drive for your bootable software.

There you have it, the copy of USB to second USB completed !

Enjoy !

Tags: after, ALL, and, are, bin, binary, boot, called, case, choices, Click, clone, com, Computer, copy, couple, create, second, USB, www
Posted in Backups, System Administration, Windows | No Comments »

Recover lost / forgotten root password for CentOS 7 Linux / Boot CentOS 6 into Single User mode to reset admin pass

Friday, September 27th, 2024

If you have some old CentOS 7 Virtual machine hanging for a long time and you don't remember the root password or you don't remember where you have stored it, but you have something important as data left over, you might need to recover root password for your CentOS 7 Virtual Machine.

I recently had to resolve that issue and here is the few easy steps to take to recover the lost root password.

Assuming you have tried to boot the VM and the VM boots fine and your few attempts to input manually some default passwords of yours failed, next

1. Reboot the Virtual Machine to the GRUB boot menu

The GRUB boot screen should appear and be there for few secs

2. Edit the boot loader kernel options ( add add rd.break enforcing=0 )

How to reset root password on CentOS Linux - Clouvider

Press 'e' to Edit the boot loader and modify the boot commands options passed to the linux kernel.

In GRUB edit mode:

add rd.break enforcing=0

to the end of the line starting with linux at the end of passed parameters list as shown in the picture.

When done editing, press Ctrl-x (Control button x key simultaneously) to boot with changed parameters.

ALTERNATIVE WAY TO BOOT THE SYSTEM INTO ROOT WITHOUT PASSWORD PROMPT:

Alternative options to use instead of add rd.break.enforcing=0 are to substitute the rhgb quiet kernel option with init=/bin/bash

As you might wonder for the meaning of the passed 2 parameters:

rd.break breaks the boot process at initramfs while
enforcing=0 disables the SELinux (which often enabled by default on CentOS).

Another way is to

3. Boot in CentOS emergency mode and Reset the root password

When done editing, press Ctrl-x to boot with changed parameters.

As you might wonder for the meaning of the passed parameters:

rd.break breaks the boot process at initramfs while
enforcing=0 disables the SELinux (which often enabled by default on CentOS).

Whence system boots up with the modified kernel options cmd, the switch_root prompt will appear.
As the emerency mode boots the filesystem into read-only mode under /sysroot default directory, in order to be able to
modify the MD5 root password stored hash inside RO mounted /sysroot/etc/shadow you need to remount the Filesystme
in read-write mode.

To Remount the read-only file system /sysroot in write mode:

# mount -o remount,rw /sysroot

As the /sysroot is not the root directory to be able to use a standard passwd command you need to make /sysroot
as the default root folder for the booted linux by chrooting into it.

Generate MD5 password manually (for Hardcore masochistic admins 🙂 )

If you're a hard core linux sysadmin of course, generate your own new md5 password and directly modify /etc/shadow copy pasting the md5 string.

If you want to manually generate the md5 string, you can do it depending on the required encryption algorithm with:

For (md5, sha256, sha512) encrypted pass

# openssl passwd -6 -salt xyz yourpass

For (md5, sha256, sha512) encrypted pwd

# mkpasswd –method=SHA-512 –stdin

For (des, md5, sha256, sha512) encrypted pw

# perl -e 'print crypt("YourPasswd", "salt", "sha512"),"\n"'

Once the string is generated;

# vim /etc/shadow

and exchange the old with new string for MD5

Change password with chroot (the easy common way)

remount read write the filesystem in emergency single user mode CentOS LINUX

# chroot /sysroot

That should drop you into another shell bash-4.x

Reset root user password in CentOS 7

# passwd
Changing password for user root.
New password:
Retype new password:

We need have to sync the entire filesystem we have to use the sync command, for novice sys admins who never heard about this command, below
short description:

The Linux sync command synchronizes cached data to permanent storage.
This data includes modified superblocks, modified inodes, delayed reads and writes, and others. sync uses several system calls:

sync()
syncfs()
fsync()
fdatasync()

For example, the sync command utilizes the sync() system call to write all buffered modifications to file data and metadata to an underlying storage device.

As a Linux systems administrator or developer, understanding the sync command can be crucial for efficient file synchronization. Additionally, sync can be helpful after crashes or when the file system becomes corrupted.

In this tutorial, we’ll explore the various aspects of the sync command. Also, we’ll see how we can use sync in different scenarios.

# sync

# exec /sbin/init

Try out the root password after booting normally into CentOS and the new set administrator pass should work.

Resetting forgotten (lost) root password on CentOS 6

The process is absolutely the same except on the Step 1 (in the modification of GRUB boot menu by pressing e key), add to

rhgb quiet

at the end one 'S'

This S character means 'boot CentOS into Single user mode'

rhgb quiet S

Then, press ENTER key and press b key to boot CentOS 6 into to single user mode.

Tags: about, absolutely, administrator, Admins, after, algorithm, ALL, com, command, default passwords, editing, filesystem, linux kernel, New, password, Reboot, Recover, root password, sync, www
Posted in CentOS, Linux, RedHat, System Administration | No Comments »

All Debian Linux package repository apt sources.list file for Debian versions 6, 7, 8, 9, 10, 11 and 12

Friday, May 31st, 2024

debian-package-management-repositories-for-all-distributions

If you have to administrate legacy Debian servers, that keeps hanging either for historical reasons or just because you didn't have time to upgrade it up to latest versions, machines that are hanging in the hangar or a mid office building Old server room, doing nothing but simply NAT (Network Address Translation), Proxying, serving traffic via Squid / Haproxy / Apache / Varnish or Nginx server but you still want to have the possibility to extend the OS even though it is out of date / End of Life reached and out of support as well as perhaps full of security holes, but due to its unvisibility on the Internet hanging in a Demilitarized network the machine stayed on the Local (DMZ)-ed network and still for example you need to install simple things for administration reasons locally on the machine, for example nmap or netcat or some of the network tools for monitoring such as iftop or iptraf etc. you might find out unfortunately that this is not possible anymore, because the configured /etc/apt/sources.list repository mirror is no longer available at its URL. Thus to restore the functioning of apt and apt-get pkg management tools on Debian you need to correct the broken missing package mirrors due to resructurings on the network with a correct ones, originally provided by Debian or eventually if this doesn't work a possible Debian package archive URL.

In this article, I'll simply provide such URLs you might use to correct your no longer functioning package manager due to package repositoriy unavailibility, below are the URLs (most of which that should be working as of year 2024). To resolve the issues edit and place the correct Debian version you're using.

1. Check the version of the Debian Linux

# cat /etc/debian_version
…

or use the universal way to check the linux OS, that should be working on almost all Linux distributions

# cat /etc/issue
Debian GNU/Linux 9 \n \l

2. Modify /etc/apt/sources.list and place URL according to Debian distro version

# vim /etc/apt/sources.list

3. Repositories URL list Original and Archived for .deb packages according to Debian distro release
Debian 6 (Wheezy)

Original repostiroes (Not Available and Not working anymore as of year 2024)

Old Archived .deb repository for 6 Squeeze

deb http://archive.debian.org/debian squeeze main
deb http://archive.debian.org/debian squeeze-lts main

Debian 7 (Wheezy)

Original repostiroes (Not Available and Not working anymore as of year 2024)

Old Archived .deb repository for Jessie (still working as of 2024) :

deb http://archive.debian.org/debian wheezy main contrib non-free
deb http://archive.debian.org/debian-security wheezy/updates main

( Security updates are not provided anymore.)

NOTE: If you get an error about keyrings, just install it

# apt-get install debian-archive-keyring

Debian 8 (Jessie)
Original .deb package repository with non-free included for Debian 8 "Jessie"

deb http://deb.debian.org/debian/ jessie main contrib non-free
deb http://ftp.debian.org/debian/ jessie-updates main contrib
deb http://security.debian.org/ jessie/updates main contrib non-free

Old Archived .deb repository for 8 Jessie (still working as of 2024):

deb http://archive.debian.org/debian/ jessie main non-free contrib
deb-src http://archive.debian.org/debian/ jessie main non-free contrib
deb http://archive.debian.org/debian-security/ jessie/updates main non-free contrib
deb-src http://archive.debian.org/debian-security/ jessie/updates main non-free contrib

# echo "Acquire::Check-Valid-Until false;" | tee -a /etc/apt/apt.conf.d/10-nocheckvalid

# apt-get update

# apt-get update && apt-get upgrade

If you need backports, first be warned that these are archived and no longer being updated; they may have security bugs or other major issues. They are not supported in any way.

deb http://archive.debian.org/debian/ jessie-backports main

Debian 9 (Stretch)
Original .deb package repository with non-free included for Debian 9 "Stretch":

deb http://deb.debian.org/debian/ stretch main contrib non-free
deb http://deb.debian.org/debian/ stretch-updates main contrib non-free
deb http://security.debian.org/ stretch/updates main contrib non-free

Archived old repository .deb for Stretch :

deb http://archive.debian.org/debian/ stretch main contrib non-free
deb http://archive.debian.org/debian/ stretch-proposed-updates main contrib non-free
deb http://archive.debian.org/debian-security stretch/updates main contrib non-free

Debian 10 (Buster)
Origian repository URL:

deb http://deb.debian.org/debian/ buster main non-free contrib
deb http://deb.debian.org/debian/ buster-updates main non-free contrib
deb http://security.debian.org/ buster/updates main non-free contrib

Fixing unworking backports for Debian 10 Buster

Change the /etc/apt/sources.list URL with this one

deb http://archive.debian.org/debian buster-backports main contrib non-free

If you want to list packages installed via the backports repository only, that needs to be replaced with newer versions (if such available from the repository)

# apt list –installed | grep backports
# dpkg –list | grep bpo
# dpkg –list | grep -E '^ii.*bpo.*'

ii libpopt0:amd64 1.18-2 amd64 lib for parsing cmdline parameters
ii libuutil3linux 2.0.3-9~bpo10+1 amd64 Solaris userland utility library for Linux
ii libzfs4linux 2.0.3-9~bpo10+1 amd64 OpenZFS filesystem library for Linux

Debian 11 (Bullseye)
Origianl repository address:

deb http://deb.debian.org/debian bullseye main contrib non-free
deb http://deb.debian.org/debian bullseye-updates main contrib non-free
deb http://security.debian.org/debian-security bullseye-security main contrib non-free

Debian 12 (Bookworm)
Original Repository :

deb http://deb.debian.org/debian bookworm main contrib non-free-firmware non-free
deb http://deb.debian.org/debian bookworm-updates main contrib non-free-firmware non-free
deb http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware non-free

Add Backports to sources.list

deb http://deb.debian.org/debian bookworm-backports main

Thats all, hopefully that would help some sysadmin out there. Enjoy !

Tags: about, administrate, Administration, ALL, amd64, amp, and, ANY, anymore, apache, apt-get, archive, are, article, available, being, Below, broken, bugs, building
Posted in Debian, Linux, Linux Package Management, Migration, OS Update, Remote System Administration, System Administration | No Comments »

Improve haproxy logging with custom log-format for better readiability

Friday, April 12th, 2024

Haproxy logging is a very big topic, worthy of many articles, but unfortunately not enough is written on the topic, perhaps for the reason haproxy is free software and most people who use it doesn't follow the philosophy of free software sharing but want to keep, the acquired knowledge on the topic for their own and if possible in the capitalist world most of us live to use it for a Load Balancer haproxy consultancy, consultancy fee or in their daily job as system administrators (web and middleware) or cloud specialist etc. 🙂

Having a good haproxy logging is very important as you need to debug issues with backend machines or some other devices throwing traffic to the HA Proxy.
Thus it is important to build a haproxy logging in a way that it provides most important information and the information is as simple as possible, so everyone can understand what is in without much effort and same time it contains enough debug information, to help you if you want to use the output logs with Graylog filters or process data with some monitoring advanced tool as Prometheus etc.

In our effort to optimize the way haproxy logs via a configured handler that sends the haproxy output to logging handler configured to log through rsyslog, we have done some experiments with logging arguments and came up with few variants, that we liked. In that article the idea is I share this set of logging parameters with hope to help some other guy that starts with haproxy to build a good logging readable and easy to process with scripts log output from haproxy.

The criterias for a decent haproxy logging used are:

1. Log should be simple but not dumb
2. Should be concrete (and not too much complicated)
3. Should be easy to read for the novice and advanced sysadmin

Before starting, have to say that building the logging format seems tedious task but to make it fit your preference could take a lot of time, especially as logging parameters naming is hard to remember, thus the haproxy logging documentation log-format description table comes really handy:

Haproxy log-format paremeters ASCII table

Please refer to the table for log-format defined variables :

 +---+------+-----------------------------------------------+-------------+
  | R | var  | field name (8.2.2 and 8.2.3 for description)  | type        |
  +---+------+-----------------------------------------------+-------------+
  |   | %o   | special variable, apply flags on all next var |             |
  +---+------+-----------------------------------------------+-------------+
  |   | %B   | bytes_read           (from server to client)  | numeric     |
  | H | %CC  | captured_request_cookie                       | string      |
  | H | %CS  | captured_response_cookie                      | string      |
  |   | %H   | hostname                                      | string      |
  | H | %HM  | HTTP method (ex: POST)                        | string      |
  | H | %HP  | HTTP request URI without query string (path)  | string      |
  | H | %HQ  | HTTP request URI query string (ex: ?bar=baz)  | string      |
  | H | %HU  | HTTP request URI (ex: /foo?bar=baz)           | string      |
  | H | %HV  | HTTP version (ex: HTTP/1.0)                   | string      |
  |   | %ID  | unique-id                                     | string      |
  |   | %ST  | status_code                                   | numeric     |
  |   | %T   | gmt_date_time                                 | date        |
  |   | %Ta  | Active time of the request (from TR to end)   | numeric     |
  |   | %Tc  | Tc                                            | numeric     |
  |   | %Td  | Td = Tt - (Tq + Tw + Tc + Tr)                 | numeric     |
  |   | %Tl  | local_date_time                               | date        |
  |   | %Th  | connection handshake time (SSL, PROXY proto)  | numeric     |
  | H | %Ti  | idle time before the HTTP request             | numeric     |
  | H | %Tq  | Th + Ti + TR                                  | numeric     |
  | H | %TR  | time to receive the full request from 1st byte| numeric     |
  | H | %Tr  | Tr (response time)                            | numeric     |
  |   | %Ts  | timestamp                                     | numeric     |
  |   | %Tt  | Tt                                            | numeric     |
  |   | %Tw  | Tw                                            | numeric     |
  |   | %U   | bytes_uploaded       (from client to server)  | numeric     |
  |   | %ac  | actconn                                       | numeric     |
  |   | %b   | backend_name                                  | string      |
  |   | %bc  | beconn      (backend concurrent connections)  | numeric     |
  |   | %bi  | backend_source_ip       (connecting address)  | IP          |
  |   | %bp  | backend_source_port     (connecting address)  | numeric     |
  |   | %bq  | backend_queue                                 | numeric     |
  |   | %ci  | client_ip                 (accepted address)  | IP          |
  |   | %cp  | client_port               (accepted address)  | numeric     |
  |   | %f   | frontend_name                                 | string      |
  |   | %fc  | feconn     (frontend concurrent connections)  | numeric     |
  |   | %fi  | frontend_ip              (accepting address)  | IP          |
  |   | %fp  | frontend_port            (accepting address)  | numeric     |
  |   | %ft  | frontend_name_transport ('~' suffix for SSL)  | string      |
  |   | %lc  | frontend_log_counter                          | numeric     |
  |   | %hr  | captured_request_headers default style        | string      |
  |   | %hrl | captured_request_headers CLF style            | string list |
  |   | %hs  | captured_response_headers default style       | string      |
  |   | %hsl | captured_response_headers CLF style           | string list |
  |   | %ms  | accept date milliseconds (left-padded with 0) | numeric     |
  |   | %pid | PID                                           | numeric     |
  | H | %r   | http_request                                  | string      |
  |   | %rc  | retries                                       | numeric     |
  |   | %rt  | request_counter (HTTP req or TCP session)     | numeric     |
  |   | %s   | server_name                                   | string      |
  |   | %sc  | srv_conn     (server concurrent connections)  | numeric     |
  |   | %si  | server_IP                   (target address)  | IP          |
  |   | %sp  | server_port                 (target address)  | numeric     |
  |   | %sq  | srv_queue                                     | numeric     |
  | S | %sslc| ssl_ciphers (ex: AES-SHA)                     | string      |
  | S | %sslv| ssl_version (ex: TLSv1)                       | string      |
  |   | %t   | date_time      (with millisecond resolution)  | date        |
  | H | %tr  | date_time of HTTP request                     | date        |
  | H | %trg | gmt_date_time of start of HTTP request        | date        |
  | H | %trl | local_date_time of start of HTTP request      | date        |
  |   | %ts  | termination_state                             | string      |
  | H | %tsc | termination_state with cookie status          | string      |
  +---+------+-----------------------------------------------+-------------+

    R = Restrictions : H = mode http only ; S = SSL only

Our custom log-format built in order to fulfill our needs is as this:

log-format %ci:%cp\ %H\ [%t]\ [%f\ %fi:%fp]\ [%b/%s\ %si:%sp]\ %Tw/%Tc/%Tt\ %B\ %ts\ %ac/%fc/%bc/%sc/%sq/%bq

Once you place the log-format as a default for all haproxy frontend / backends or for a custom defined ones, the output you will get when tailing the log is:

# tail -f /var/log/haproxy.log

Apr 5 21:47:19 10.42.73.83:23262 haproxy-fqdn-hostname.com [05/Apr/2024:21:46:23.879] [ft_FRONTEND_NAME 10.46.108.6:61310] [bk_BACKEND_NAME/bk_appserv3 10.75.226.88:61310] 1/0/55250 55 sD 4/2/1/0/0/0
Apr 5 21:48:14 10.42.73.83:57506 haproxy-fqdn-hostname.com [05/Apr/2024:21:47:18.925] [ft_FRONTEND_NAME 10.46.108.6:61310] [bk_BACKEND_NAME//bk_appserv1 10.35.242.134:61310] 1/0/55236 55 sD 4/2/1/0/0/0
Apr 5 21:49:09 10.42.73.83:46520 haproxy-fqdn-hostname.com [05/Apr/2024:21:48:13.956] [ft_FRONTEND_NAME 10.46.108.6:61310] [bk_BACKEND_NAME//bk_appserv2 10.75.226.89:61310] 1/0/55209 55 sD 4/2/1/0/0/0

If you don't care about extra space and logs being filled with more naming, another variant of above log-format, that makes it even more readable even for most novice sys admin or programmer would look like this:

log-format [%t]\ %H\ [IN_IP]\ %ci:%cp\ [FT_NAME]\ %f:%fp\ [FT_IP]\ %fi:%fp\ [BK_NAME]\ [%b/%s:%sp]\ [BK_IP]\ %si:%sp\ [TIME_WAIT]\ {%Tw/%Tc/%Tt}\ [CONN_STATE]\ {%B\ %ts}\ [STATUS]\ [%ac/%fc/%bc/%sc/%sq/%bq]

Once you apply the config test the haproxy.cfg to make sure no syntax errors during copy / paste from this page

haproxy-serv:~# haproxy -c -f /etc/haproxy/haproxy.cfg
Configuration file is valid

Next restart graceously haproxy

haproxy-serv:~# /usr/sbin/haproxy -D -f /etc/haproxy/haproxy.cfg -p /var/run/haproxy.pid -sf $(cat /var/run/haproxy.pid)

Once you reload haproxy graceously without loosing the established connections in stead of restarting it completely via systemd sysctl restart haproxy:

2024-04-05T21:46:03+02:00 localhost haproxy[1897731]: 193.200.198.195:50714 haproxy-fqdn-hostname.com [05/Apr/2024:21:46:03.012] [FrotnendProd 10.55.0.20:27800] [BackendProd/<NOSRV> -:-] -1/-1/0 0 — 4/1/0/0/0/0
2024-04-05T21:46:03+02:00 localhost haproxy[1897731]: 193.100.193.189:54290 haproxy-fqdn-hostname.com [05/Apr/2024:21:46:03.056] [FrotnendProd 10.55.0.20:27900] [BackendProd/<NOSRV> -:-] -1/-1/0 0 — 4/4/3/0/0/0
2024-04-05T21:46:03+02:00 localhost haproxy[1897731]: 193.100.193.190:26778 haproxy-fqdn-hostname.com [05/Apr/2024:21:46:03.134] [FrotnendProd 10.55.0.20:27900] [BackendProd/tsefas02s 10.35.242.134:27900] 1/-1/0 0 CC 4/4/3/0/0/0

Note that in that log localhost haproxy[pid] is written by rsyslog, you can filter it out by modifying rsyslogd configurations

The only problem with this log-format is not everyone wants to have to much repeating information pointer on which field is what, but I personally liked this one as well because using it even though occuping much more space, makes the log much easier to process with perl or python scripting for data visualize and very for programs that does data or even "big data" analysis.

Tags: about, address, admin, AES, ALL, and, another, are, article, better, connections, custom, data, fi, handy, haproxy, HTTP, Improve, logging, string
Posted in Haproxy, Linux, System Administration, Various | No Comments »