Category Archives: Ubuntu

Permalinks Change

I recently did some web server work and redid a lot of this site. One major fix was the permalinks. As a wordpress site the default is some crappy p=random number. Which makes zero sense to anyone looking at website stats or the user as they surf for a resource site. There is tons of sites to fix this problem, either with plug-ins to migrate old links to new ones or crazy changes in the htaccess file, I tried them all. Soon I found out that my apache server was not running mod_rewrite which is very important to this process. This site was the golden ticket for this solution:Site. He describes the process in very plain English on how to fix this and enable the module.

I would love to take the credit for this, but this is all his work:

cd /etc/apache2/mods-enabled
touch rewrite.load
nano rewrite.load (you may use any editor to edit this file)

now paste this following line

LoadModule rewrite_module /usr/lib/apache2/modules/

Then edit /etc/apache2/sites-available/000-default (or default depending on your version)

Find the following

Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all

and change it to

Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all

and finally restart Apache

/etc/init.d/apache2 restart

This was the main fix for this process. If you have any questions post a comment.

Splunk Syslog Server

The idea of a syslog server is simple, it has many devices send it all their logs of its activities. Then the administrator can access the server and views recent information, warnings, or crashes. This is key to making a network function and keep accurate records. When you start seeing a random outage you can now simply access one machine and have all the logs and have them accurately tell you where the problem started and then grew to all in simple charts and event logs.

There are plenty of choices of syslog servers out there, but I am using Splunk Syslog Server as it seems to be:
1) Flexible for many forms of devices
2) Has add-on plugins to make it more fucntional
3) Is an active project (meaning it still has updates and will not break in a few days and no one knows about the server at all).
4) Linux based (which is also currently running on all my servers, so little to no platform change)

Installation on Ubuntu-64 bit:

Step 1 – Download:

sudo wget’

Step 2 – Rename to a working format:

sudo mv download_track\?file\=4.1.7%2Flinux%2Fsplunk-4.1.7-95063-linux-2.6-amd64.deb\&ac\=\&wget\=true\&name\=wget\&typed\=releases splunk-4.1.7-95063-linux-2.6-amd64.deb

Step 3 – Install:

sudo dpkg -i splunk-4.1.7-95063-linux-2.6-amd64.deb

Step 4 – Start the service:

sudo /opt/splunk/bin/splunk start

Configuring the Server:

Step 1 – Getting a device to send syslog to the server:

I have a Cisco device and so there are 3 commands to issue in the router itself to get it to send the server valid logs:

Router(config)# logging on
Router(config)# logging [ip address]
Router(config)# logging trap [emergency | alert | critical | error | warning | notification | informational | debug]

The first command simply turns on logging ( Simple enough). Second, defines where the logs will be sent. Point this to the new Splunk Syslog Server. Third, this is an optional command that will define what level of syslog will be sent. Example, if you informational level then the logs will be sent only with the levels of emergency to informational.

Step 2- Configure the Splunk Server to receive logs:

First go to a web browser on your network and surf to your server’s IP and port 8000 (Example:

Splunk Manager

Once you get to this screen click on “Data Inputs”

Splunk Data Inputs

From this screen click on the Add New button which is right from UDP

Splunk UDP Ports

From here you type 514 in the UDP Port Field, use the drop down under Set Sourcetype to From list, and finally under select source type from list you select syslog. Now you have a port open and the server can identify the type of data.

At this point we have data going into the server, but we don’t have it being displayed in any fashion, let’s fix this. Back on the manager screen you can click on Searches and Reports, from here you can select the button new. In this screen you can define the search parameters, the name is just a title for your purposes the search field is where it gets fun. Some of the strings to put in would be host=”192.168.x.x” (The address of device) or source=”udp:514″ (To see all traffic coming through to your port 514). These are very simple searches, but effective. Then type in a description and hit save. After this head on over to the search app and on the top menu there is a Searches & Reports tab, drop that down, and you’ll find your new search. Hit it and the search will run and display the logs of the desired device. With a little extra tweaking you can create your own dashboard of information via the views tab and get something like this:

Splunk Data Output

Step 3 – Start on boot-up

This is key to keep your syslog server working before and after a power outage or simple shutdown.
sudo /opt/splunk/bin/splunk enable boot-start
Once you type in this final command you should be ready for a production syslog server.

This concludes the post on Splunk Syslog Server and the completion of this project. Thank you for your time.

Helpful Sites: