Posts

Posted on

A German rsyslog forum…

Some of you may know that I am a native German speaker. I thought I started an interesting experiment: the “deutsches rsyslog forum” (which means “german-language rsyslog forum” ;)). It is targeted to those who prefer to express themselves in German language.

The interesting question, though, is if this forum will actually attract much attention. In German IT, there is a tendency to think that almost everyone speaks sufficiently well English so that he or she can obtain enough information to get the job done. If that proves true, there would be very little benefit in localizing any of the documentation into German language. So before seriously considering that, it is probably a good idea to do some testing. For the very same reason, my buddy Tom Bergfeld currently translates the rsyslog home page, mainly the announcements, into German. We will do a similar experiment to phpLogCon and evaluate both together after some time has progressed.

Please drop me a note if you have an opinion on this, or on localization at all.

Thanks,
Rainer

Posted on

NASA’s Ares I Rocket Passes Review To Reach Critical Milestone

NASA has taken a major step toward building the nation’s next generation launch vehicle with Wednesday’s successful completion of the Ares I rocket preliminary design review.

Starting in 2015, the Ares I rocket will launch the Orion crew exploration vehicle, its crew of four to six astronauts, and small cargo payloads to the International Space Station. The rocket also will be used for missions to explore the moon and beyond in the coming decades.

The preliminary design review is the first such milestone in more than 35 years for a U.S. rocket that will carry astronauts into space. The review was conducted at NASA’s Marshall Space Flight Center in Huntsville, Ala. It examined the current design for the Ares I launch vehicle to assess that the planned technical approach will meet NASA’s requirements for the fully integrated vehicle. That ensures all components of the vehicle and supporting systems are designed to work together.

“This is a critical step for development of the Ares I rocket,” said Rick Gilbrech, associate administrator of the Exploration Systems Mission Directorate in Washington. “Completing the preliminary design review of the integrated vehicle demonstrates our engineering design and development are on sound footing, and the Ares I design work is taking us another step closer to building America’s next mode of space transportation.”

The preliminary design review included more than 1,100 reviewers from seven NASA field centers and multiple industry partners. The review is the final step of this design process. Teams representing each major part of the Ares I rocket — the upper stage engine, first stage and upper stage — all have conducted similar reviews during the past year.

The preliminary design review is one of a series of reviews that occurs before actual flight hardware can be built. As the review process progresses, more detailed parts of the vehicle design are assessed to ensure the overall system can meet all NASA requirements for safe and reliable flight. This process also identifies technical and management challenges and addresses ways to reduce potential risks as the project goes forward.

“Risk assessment is a very important part of the process,” said Steve Cook, manager of the Ares I rocket at Marshall. “It allows us to identify issues that might impact the Ares I rocket. For example, we identified thrust oscillation – vibration in the first stage – as a risk. In response to this issue, we formed an engineering team. The team conducted detailed analyses and reviewed previous test data, and then recommended options to correct the problem.”

“We intend to hold a limited follow-up review next summer to fully incorporate the thrust oscillation recommendations into the stacked vehicle design,” Cook added. “Identifying risks that can impact the project and resolving them is a necessary and vital part of the development process.”

With the completion of this review, each element of the Ares I rocket will move to the detailed design phase. A critical design review will mark the completion of the detailed design phase and allows for a more thorough review of each system element to ensure the vehicle design can achieve requirements of the Ares program.

This week, the J-2X engine will be the first Ares I element to kick off the critical design review process. The engine will power the Ares I upper stage to orbit after separation from the first stage.

“We’re excited about getting into full system engine tests with the new J-2X engine,” Cook said. “This will be one of the safest, most affordable and highest performing rocket engines ever built, and testing is critical as we begin preparation for future flights.”

Marshall manages the Ares projects and is responsible for design and development of the Ares I rocket and Ares V heavy cargo launch vehicle. NASA’s Johnson Space Center in Houston manages the Constellation Program, which includes the Ares I rocket, the Ares V vehicle, the Orion crew capsule and the Altair lunar lander. NASA’s Kennedy Space Center in Florida is responsible for ground and launch operations. The program also includes multiple project element teams at NASA centers and contract organizations around the U.S.

For more information about the Ares rockets, visit:

http://www.nasa.gov/ares

For more information about NASA’s Constellation Program, visit:

http://www.nasa.gov/constellation

Posted on

a logging appliance

The IT world is increasingly turning towards appliances: pre-configured systems, which do exactly one job an do it well. Like a household appliance, all you need to do is plug it into your infrastructure, maybe change a setting or two and you are ready to go. While previously appliances always had a co-notation of a hardware box being delivered, the increasing popularity of virtualization enables to build pure software appliances.

One of the things we intend to investigate is create a logging appliance, using VMWare tools. We will set up a standard Linux, use MySQL and Apache with it and install rsyslog and phpLogCon. That in a “ready to use” fashion where only the devices need to be pointed to the right IP address of this virtual box.

This is one of my next projects and feedback on such an effort is very much appreciated.

Posted on

Software hack e-gold download free

Hey, am I getting spammy? Have I been hacked? Or do I change the profession and become a top-notch e-gold hacker? lol… nice idea. But no, not really. But have a look at this post:

Download now : [some random crappy free webhost]

Send us an e-mail ,we will send you the working copy of software & as soon as you make the payment e-gold $50 1234567.We will give you the password .

Get the copy today

GoldTresor is a known software in E-Gold accessing since 2002. Now our software is very stronger than before. It accesses any E-Gold account in a few minutes and give you some ability such as transfer balance or know passphrase. Generally GoldTresor is used for those who forgot their passphrase. Also in new feature of E-Gold site that named AccSent, if you forgot your e-mail or you can’t access e-mail account, this software helps you to find your e-mail address or transfer balance to other account.

Thank you very much
[some random gmail address]

In a conversation I had with a friend of mine who runs the syslog.org forum He pointed me to his site statistics: http://www.syslog.org/forum/index.php?action=stats. While we were talking about site usage, the top notch content item of this deeply technical site drew my attention. It is the spam you can see above.

Mutex, the site owner, once decided keep a sample of the what the forum spammer left for him. Very interestingly, over time this seems to have been evolved into a the top page for egold hack downloads. At least if you do a google search “hack egold download”, his syslog site is right there in the top spot of the search results.

And what I find really interesting is that this spam accounts for nearly 10% of a quality site’s traffic – a leftover just to show off the spammers. And, no, I don’t think he gains much from that traffic, at least I tend to think that folks looking to break into e-gold suddenly turn out to be interested in the beauty of syslog ;)

Posted on

Hubble “Repair” looks good

It looks good for the Hubble space telescope. According to the NASA web site (quote below), the switch to a backup system looks promising. With that, hubble could operate while the ground folks prepare final repair plans. Repairs are scheduled to be carried out as part of the space shuttle’s hubble servicing missing, which now tenatively has been moved to mid-February (some sources say Feb, 17th 2009).

From the NASA site:

The Hubble Space Telescope team completed switching the required hardware modules to their B-sides about 9:30 a.m. this morning and received telemetry that verified they had good data. Everything at this point looks good.

The 486 computer on Hubble was reloaded with data around noon and successfully performed a data dump back to the ground to verify all the loads were proper. At 1:10 p.m. this afternoon the team brought Hubble out of safe mode and placed the 486 computer back in control. Late this afternoon, Gyro #4 (which was needed for safe mode) will be turned off.

The team will reconfigure Side B of the Science Instrument Command & Data Handling (SIC&DH) computer later today and verify it is functioning properly.

Around 6 p.m. this evening the spacecraft will begin executing a pre-science command load, which involves sending normal commands to control the spacecraft and resume communications satellite tracking with the HST high gain antennas.

“We won’t know if we’ve been completely successful until around midnight Wednesday when we demonstrate that the SIC&DH Side B is talking to the instruments and able to pass data to the ground,” said HST Operations Deputy Project Manager Keith Kalinowski at NASA’s Goddard Space Flight Center in Greenbelt, Md.

Posted on

Expedition 18 on the Way to ISS

A new crew that will live and work aboard the International Space Station rocketed into orbit early Sunday aboard a Soyuz spacecraft. U.S. astronaut E. Michael Fincke, Russian cosmonaut Yury Lonchakov and Richard Garriott, a U.S. computer game developer, lifted off from the Baikonur Cosmodrome in Kazakhstan at 2:01 a.m. CDT.

Fincke, the only American to launch twice on a Soyuz, will serve as commander of the six-month Expedition 18 mission. The mission’s main focus will be preparing the station to house six crew members on long-duration missions.

The Expedition 18 crew is scheduled to arrive at the station Tuesday, with docking to the Zarya module scheduled for 3:33 a.m. After the hatches are opened, Expedition 17 Commander Sergey Volkov and spaceflight participant Garriott will become the first children of previous space fliers to greet each other in orbit. Garriott is the son of former NASA astronaut Owen Garriott, who was a member of the Skylab-3 crew in 1973. Volkov is the son of veteran cosmonaut Alexander Volkov, who flew three Soyuz missions.

Garriott will spend nine days on the station under a commercial agreement with the Russian Federal Space Agency. He will return to Earth on Oct. 23 with Volkov and Expedition 17 Flight Engineer Oleg Kononenko, who have worked aboard the station since April 10.

Expedition 17 Flight Engineer Greg Chamitoff, who arrived at the station in June, will be replaced in November by NASA astronaut Sandra Magnus. Space shuttle Endeavour will deliver Magnus and return Chamitoff to Earth.

Endeavour’s November STS-126 mission also will deliver equipment to the station necessary for supporting a six-member crew, including a water recycling system, sleeping quarters, a new kitchen, a second toilet, and an advanced exercise device.

Although they will be in space on Election Day, Chamitoff and Fincke have arranged for the chance to cast their ballots from the station.

Reproduced from JSC News. To obtain it directly, follow the procedure outlined below:

NASA Johnson Space Center Mission Status Reports and other information are available automatically by sending an Internet electronic mail message to listserv@listserver.jsc.nasa.gov. In the body of the message (not the subject line) users should type “subscribe hsfnews” (no quotes). This will add the e-mail address that sent the subscribe message to the news release distribution list. The system will reply with a confirmation via e-mail of each subscription. Once you have subscribed you will receive future news releases via e-mail. To unsubscribe, send an e-mail to listserv@listserver.jsc.nasa.gov with the following command in the body of your e-mail message: “unsubscribe hsfnews” (no quotes) or from another account, besides the account used to subscribe: “unsubscribe hsfnews youremail@yourdomain.com” (no quotes).

Posted on

rsyslog work

I have not blogged that much the past weeks. Rsyslog work is still progressing quite nicely. I am currently working on (large) performance enhancements. Thanks to David Lang for his help on this topic.

I am also hunting another threading bug. This one manifests only when running on high-end hardware and seems to have to do with synchronization. Interestingly, the problem does not show up under valgrind (a memory and threading debugger), which usually points to flaws very well. Hard to find… Especially hard to find because I do not have the right hardware to reproduce it. I managed to get a faster box last week, but still it is not fast enough (and does not have enough cores…) to reliably trigger the problem. Since them, I have seen it a couple of times, but no indication yet of what is going on.

Also, I need to help some other Adiscon projects and do a bit of my consulting chores, so that the time allocated to rsyslog is a bit limited. But, hey, I have worked nearly full time on it this year and it has evolved very well. So I don’t think it is a problem going at a somewhat lower pace for the time being (plus, of course, I hope some other sources of funding will appear which enable me to go back to “full time rsyslog” mode).

In any case, the future has exciting things to come up with. I personally would like to see a customizable message parser, which would enable users to work with different sender formats at the same time.

Posted on

rsyslog and SuSe Linux

I got good news but I unfortunately forgot to blog about it (it has been soooo busy the past weeks…).

Suse now is doing an official rsyslog package. With that, I think there is now a rsyslog package for almost all major distributions available. Unfortunately, some of the current distributions do not have a good one, but it the next version will have. So over time things will be much better.

For now, let’s welcome Novell/SuSe Linux to the camp of those that natively support rsyslog :)

Posted on

Hubble Servicing Missing Postponed

Finally, I can come back to look a bit more at my space interests. My rsyslog project kept me so busy that I couldn’t follow space as much as I liked.

The first thing I see is that the Hubble Servicing missing has been postponed. There is a problem with a critical component inside HST, which, if not fixed, causes fatal problems. Thankfully, the faulty element is designed so that it can be replaced during a servicing mission. Also it was great luck that the component failed now, and not after the (final) hubble servicing mission.

The HST flight has been postponed to early 2009 (NASA tells mid-February as a “no earlier than” date) so that analysis can be completed and repair procedures be created.

As bad as it was, last year’s flight delays now have helped saved Hubble! Why? Simply: if not for the delays, the hubble servicing mission would already have been flown by the time the component failed. That would have been the death of hubble. So bad luck sometimes turns into good luck again :)

Posted on

syslog fragmentation

Hi all, I was asked about the current (and past) state of syslog splitting a single syslog message into multiple smaller messages. The question came up because of a broken syslogd implementation which permits to receive 256 bytes (octets) at most. I thought I re-post my reply to the blog as it may be of interest for you, too. Here we go:

Hi all,

I have now reviewed all of the discussion.

Let me start with the broken receiver. With 255 octets, any (generic)
fragmentation method would need to be ultra-compact which of course is
doable but not (with reasonable overhead) in the context we set up with
the version of syslog-protocol that will turn into a normative RFC.
Note, also, that RFC3164 will be superseded by that RFC once it is out.

As has been described here, fragmentation can either be done at the
protocol layer or at the application layer. In the later case, the
application needs to consider a sensible maximum and needs to emit
message sequences which are somewhat atomic. sendmail seems to do that,
and I know of some other examples, too. Some database servers seem to do
verbose logging in a similar way, in that they log parts of the
statement within different log messages. However, it is often quite
complicated to re-unite those application logs to the original message
(much of the complexity of log analysis stems from that).

A protocol based approach solves these issues. But as it has been
rejected by the syslog-sec WG it is not considered useful by the IETF
syslog community. We may want to try give it another shot, but that
should be done inside the framework layed out in the new IETF series and
as such it would not be a good solution for a broken receiver. Actually,
the new RFC series requires a minimum maximum length of 480 octets
(stemming back to IPv4 UDP available payload size). The recommended
minimum maximum length is 2K and more is permitted if sender and
receiver support it. There is no upper limit per se, but a receiver may
either truncate the message or even discard it as whole. If truncation
happens, it must truncate at the end and without paying any attention to
syntax and semantics of the message. This is specified in [1]’s section
6.1 and it was the result of very elaborate discussions. Most
importantly, the syntax- and semantic-agnostic truncation was a
requirement out of this discussion.

As Tina mentioned, my company Adiscon and me personally are doing
Windows event log to syslog conversion for quite a while. Windows event
messages can be large and keep growing larger. We are converting them to
syslog for over 10 years now and at the time we started the only common
ground was the 1K limit already mentioned. Note that at that time some
implementations could experience serious malfunction if messages over
this size arrived (I remember the Solaris syslogd immediately
segfaulting as one sample of more). We thought about how to best address
the issue. We were tempted to do an app-level split, much as sendmail
does, but refused to do that for two reasons:

1) the messages to be logged did not originate from ourselves (other
than in the sendmail case). This implies that we do not exactly know
what makes sense to put together. While there is a potentially large set
where this can be properly concluded from context, there is also a set
where this is not the case. The later would have required a more
protocol-like generic approach and thus specialised parsers on the end
systems – something we did not really like.

2) this is somewhat similar to the parser problem. In general, log
analysis is even harder if a single logical log entry is distributed
over several physical records. Especially if you take into account that
the order of appearance does not necessarily (in practice almost never)
reflect the order of creation. So processing such a log requires a
consolidation phase. It is especially hard for a human reviewer do this
while reviewing logs and thus considered a big disadvantage.

So we looked at what was available at that time. While the 1K size limit
was universally accepted, most syslog receivers either supported larger
sizes by default, could configured to do so or being recompiled to
handle it (sysklogd, the then-omnipresent syslogd on Linux is a premier
example for the later – #define MAXLINE 1024 needed to be changed and
you were basically done [within UDP constranints]). The real limit
turned out to be the UDP max size, 64K in theory but with different
default/hard coded limits in various stacks. In 2005 a did a bit
research[2] and found that 4K seems to be the typical real-world limit.
But even many years before, allmost every Windows event record fit into
4K (the exception being records with dumps in them…). Also, we already
had plain TCP-based syslog at that time, which did not experience any
size issues.

So the practical solution for our Windows to syslog size problem was
simply to ignore it and tell customers how to configure/recompile their
syslogd. That worked on Windows at least for WinSyslog and Kiwi Syslog.
and on the *nix side at least for sysklogd, syslog-ng, some variants I
don’t remember by name and now rsyslog. We recommended to switch to a
product that supported larger sizes where the stock solution did not do
that. Or we used interim, specialised, receivers who logged data into
separate databases or files.

When I was unable to convince the syslog-sec WG to specify fragmentation
as part of the syslog protocol itself, I was at least able to put that
spirit into the I-D: so we now have the ability to use large sizes if
everybody configures the systems correctly. Part of that spirit, funny
as it may sound, is to place important information early in the packet
as this improves chances it will actually be delivered.

I have to admit this is not a perfect way to do it, but at least it
works if everything is setup up correctly. The current main “problem” is
that RFC 3195 (somewhat vaguely) sets an upper limit of 1K for messages
and also does not talk about truncation. So if there is a RFC3195 system
inside a relay chain, the maximum size for the whole chain goes down to
1K – there is nothing we can do about this. This is also the reason why
a new revision of 3195 is needed. This is underway, as far as I know.
One should also note that this limitation is of no practical importance
for the time being (thus no real “problem”), because 3195 did not find
widespread support. To the best of my knowledge, the only commercially
available implementations are Cisco’s and ours with us also providing
the only (more or less, due to low priority) fully supported 3195
implementation inside an open source syslogd. There was SDSC syslog, but
the project is to the best of my knowledge no longer alive. It also
never spread to become the default syslogd on any important Linux
distribution and can be considered “exotic” at best.

I hope this description is useful for you. The bottom line is that there
is no standard, and there is, at least was, no support for specifying
one. Even if we change that, the end-result will most probably not
support down-level reveivers below the 480 octet limit set forth in the
upcoming RFC series.

Best regards,
Rainer

[1] http://tools.ietf.org/html/draft-ietf-syslog-protocol-23
[2] http://www.monitorware.com/Common/en/articles/ihe-syslog.php