Enable Syslog for PowerDNS Recursor

  1. Enable Logging in PowerDNS Recursor Config
  2. Edit Systemd Unit File for PowerDNS to Allow Syslog
  3. Enable Logging in rsyslog Config File

The following links were helpful in setting things up.

https://doc.powerdns.com/recursor/running.html
https://www.reddit.com/r/linuxadmin/comments/9lc4jl/logging_queries_in_pdnsrecursor/

Enable logging in PowerDNS Recursor Config

First we need to find the line that says “disable-syslog” and uncomment/change it to

disable-syslog=no

Next find the line that says “quiet” and uncomment/change it to

quiet=no

Some other lines you may want to check and change

logging-facality=1
loglevel=6

Edit Systemd Unit File for PowerDNS to allow Syslog

Next we need to modify the Systemd unit file to allow PowerDNS Recursor to log to syslog.

systemctl edit --full pdns-recursor.service

On the ExecStart Line, remove the part that says

--disable-syslog

The resulting line should look something like

[Service]
ExecStart=/usr/sbin/pdns_recursor --socket-dir=%t/pdns-recursor --socket-dir=%t/pdns-recursor --daemon=no --write-pid=no --log-timestamp=no

Save the file.

Enable Logging in rsyslog Config File

Edit the rsyslog file

sudo vim /etc/rsyslog.conf

Add the following line

local1.*        /var/log/pdns_recursor.log

This should now log all of the PowerDNS Recursor log info to “/var/log/pdns_recursor.log”

Restart the rsyslog and PowerDNS Recursor service

sudo systemctl restart rsyslog
sudo systemctl restart pdns-recursor

You should now see DNS request in the log file.

tail /var/log/pdns_recursor.log

They should also show up in the “/var/log/messages”

How to Find Yesterdays Date in Linux

The wrong way to find yesterdays date:

I had a command that was used to see if. It used some arithmetic operators to subtract 1 from the current day. That would give us yesterdays day which we could then use to check if a backup was created then.

day=$(date +%d) ; date=$(($day - 1)) ; echo "yesterday date is $date"

It worked great, unless you happened to be on the 8th or 9th of the month. Looks like bash is interpreting 08 and 09 in octal format. https://stackoverflow.com/questions/24777597/value-too-great-for-base-error-token-is-08

-bash: 08: value too great for base (error token is "08")

The better way

Fortunately there is an easier and more reliable way to do this. Using the date command, you can specify yesterday and it will print out yesterdays date.

date --date=yesterday +%d

Much easier to use.

Some more info.

https://www.cyberciti.biz/tips/linux-unix-get-yesterdays-tomorrows-date.html?cf_chl_captcha_tk=N9iBfod_b0qUxjB2jIGlETgiZ.JXSxGpLmvQ83CzBvY-1636407896-0-gaNycGzNBmU

https://stackoverflow.com/questions/18180581/subtract-days-from-a-date-in-bash

Linux commands for CPU, RAM and GPU info

Some helpful commands for showing hardware information on Linux.

Show memory speed

sudo dmidecode --type 17

Show CPU Frequency in MHz

cat /proc/cpuinfo | grep MHz

Show a bunch of system info with inxi, may need to install it.

inxi 

Another cool program is screenfetch. Gives a nice overview of system specs

sudo dnf install screenfetch

and run with

screenfetch

Enable Logging for firewalld

Enabling logging on firewall rules can be beneficial for tracking why a certain rule is not behaving as you intended.

Enabling logging is relatively straight forward.

  • Enable Firewall Logging
  • Check Logs
  • Disable Firewall Logging (Optional)

Enable Firewall Logging

Quickest way to enable logging is to run

sudo firewall-cmd --set-log-denied=all

This changes the options in the /etc/firewalld/firewalld.conf config file. Options include all, unicast, broadcast, multicast, and off

Enable Log option for firewalld

The command also reloads the firewall so manually restarting the firewall is necessary.

Checking Logs

You can use dmesg to view the failed attempts or you can follow the messages log and filter to just show the rejects

sudo tail -f /var/log/messages | grep -i REJECT

You can now try to access the server or run a test to trigger a log event. In my case I tried initiating a SSH connection.

Oct  1 16:32:10 localhost kernel: FINAL_REJECT: IN=eno1 OUT= MAC=f8:ab:98:12:fe:11:a1:ec:a6:00:67:3e:97:00 SRC=192.168.1.1 DST=192.168.88.2 LEN=60 TOS=0x08 PREC=0x40 TTL=59 ID=43080 DF PROTO=TCP SPT=38192 DPT=22 WINDOW=52240 RES=0x00 SYN URGP=0

Interesting bits are bolded. Our destination port it 22 “ssh” and our source address is 192.168.1.1. If I want this IP to access the server, I’ll need to add the 192.168.1.1 IP range in the allowed IP ranges.

Disable Logging (Optional)

After you have finished troubleshooting your problem, you may want to turn the logging feature off so you don’t fill up the logs with failed entries.

You can turn it off with

sudo firewall-cmd --set-log-denied=off

We can verify that logging is off by running

sudo firewall-cmd --get-log-denied 

If the firewall logging option is off it will return “off”

The following site has some more information and alternative ways

https://www.cyberciti.biz/faq/enable-firewalld-logging-for-denied-packets-on-linux/

Set coolbits value on Fedora Linux

You sometimes need to set the coolbits value to overclock your GPU on Linux

You’ll need to install nvidia-xconfig

sudo dnf install nvidia-xconfig

Then you can set the cool bits value with the following command. Change 24 to the appropriate cool bits value. Refer to the link below.

sudo nvidia-xconfig --cool-bits=28

It’ll create a new xorg config file. Reboot to take advantage of cool bits being enabled.

Multiple GPUs

If you have multiple GPUs, you will need to do the following to enable cool bits on each GPU.

sudo nvidia-xconfig -a --cool-bits=28 --allow-empty-initial-configuration

https://wiki.archlinux.org/title/NVIDIA/Tips_and_tricks#Enabling_overclocking

LibreNMS Error Running ./validate.php – Database: incorrect column…

LibreNMS error while running ./validate.php

Recently I started getting the following error while running ./validate.php.

$ sudo -u librenms ./validate.php
====================================
Component | Version
--------- | -------
LibreNMS  | 21.8.0-41-g0a76ca4
DB Schema | 2021_08_26_093522_config_value_to_medium_text (217)
PHP       | 7.4.20
Python    | 3.6.8
MySQL     | 10.5.10-MariaDB
RRDTool   | 1.4.8
SNMP      | NET-SNMP 5.7.2
====================================

[OK]    Composer Version: 2.1.6
[OK]    Dependencies up-to-date.
[OK]    Database connection successful
[FAIL]  Database: incorrect column (notifications/datetime)
[FAIL]  Database: incorrect column (users/created_at)
[FAIL]  We have detected that your database schema may be wrong, please report the following to us on Discord (https://t.libren.ms/discord) or the community site (https://t.libren.ms/5gscd):
        [FIX]:
        Run the following SQL statements to fix.
        SQL Statements:
         SET TIME_ZONE='+00:00';
         ALTER TABLE `notifications` CHANGE `datetime` `datetime` timestamp NOT NULL DEFAULT '1970-01-02 00:00:00' ;
         ALTER TABLE `users` CHANGE `created_at` `created_at` timestamp NOT NULL DEFAULT '1970-01-02 00:00:01' ;

Reading online it sounds like some of the recent changes are causing the issue. Looks fairly easy to resolve though.

First we’ll need to get a MySQL prompt. We’ll do that by running

mysql -u librenms -p librenms

It’ll ask use for the librenms user’s mysql password.

Once we have the MySQL prompt we can just copy and paste the commands in.

SET TIME_ZONE='+00:00';
ALTER TABLE `notifications` CHANGE `datetime` `datetime` timestamp NOT NULL DEFAULT '1970-01-02 00:00:00' ;
ALTER TABLE `users` CHANGE `created_at` `created_at` timestamp NOT NULL DEFAULT '1970-01-02 00:00:01' ;

Type ‘quit’ to exit MySQL and lets run the validate script again.

sudo -u librenms ./validate.php

Everything should check out OK.

Simple SH Ping script to scan a /24

This is a very simple ping script I created to run on a remote UniFi device to scan for other IP addresses on it’s network. It works on SH environments as well as Bash.

Paste the script in a ping.sh file and then

chmod +x ping.sh

run like so, replacing 192.168.1. with the IP range you want to scan.

sh ping.sh 192.168.1.

#!/bin/sh
# simple ping scan utility

# i.e. 192.168.0.
ipFirstPart=$1

ip=0
while [ $ip -ne 255 ] 
do 
  ip=$(($ip+1))
  ping -w1 $ipFirstPart${ip} | grep "64 bytes from"
done