Leap 15.2 Install party @ GOLEM - A quick report

Italian Linux users did an openSUSE Leap 15.2 Launch Party, at the local LUG (it’s called GOLEM, it’s in a small town in central Italy), and Dario Faggioli made a quick report.

We have space outside, so we could do an actual physical event and still respect the social distancing restrictions which are continue to hold here in Italy.

Leap Release Party outdoors at GOLEM

First of all, this meant that I could bring and distribute the super- awesome swags that Doug sent me. And I really want to thank him a lot one more time for shipping them over extremely quickly. They are great and people loved them!

Leap Release Party outdoors at GOLEM Leap Release Party outdoors at GOLEM

Ah, the event was also recorded, but they still have to let me know whether that worked well or not.

I decided to do a live install as I think our installer is great, and wanted to show it off a bit. :-) In fact, I’ve heard a few times people saying that installing openSUSE is difficult, and I wanted to give it a shot to busting that myth.

I showed how it is possible to install the distro with just a few clicks, which is the opposite of difficult. After that, I went back and explained all the various possible customizations that one can make – but only if she wants to– at each stage.

Feedback on this was extremely good, and I think I’m going to reuse this same approach for other similar occasions.

While the installer was copying packages, there was the time to talk a bit about the characteristics of Leap such as its goals, release cycle, development process, relationship with SLE, etc.

I quickly mentioned the maintenance process, taking advantage of some slides kindly provided by Marina (thanks to you again as well!), and this also was perceived as very interesting.

After the system was ready, I had the time to showcase YaST a little, to explain how to add Packman repos for the codecs and to introduce BTRFS snapshots, snapper and demo a reboot into a previous snapshot and the rollback.

I managed to hint quickly at OBS, but there was only the time to mention OpenQA, and I couldn’t give them a meaningful tour of these two.

People where curious and interested, so I call the event a success.

They asked questions mainly about YaST, BTRFS and zypper. Plus two more, rather specific ones: 1) Why don’t we ship/install multimedia codec by default (even the proprietary and patent encumbered ones), like Ubuntu and even Debian? 2) Why don’t we use an LTS kernel for Leap?

Just to be clear, I’m not actually asking the questions here. :-)

I just felt it would be useful to report this, especially considering that I hear these being asked pretty often, during various events or in various channels or forums.

Anyways, I honestly think the event was a good one, considering that we’re a small LUG from a small place and that we’re still elbow deep inside a pandemic. :-/

And we’re already planning a similar event about Tumbleweed! Not a release party, probably… or maybe yes: I just have to make it coincide with the publishing of a TW snapshot, which should not be too difficult after all. :-P

Turn off Monitor using CLI

This is another gift to future me from present me. I made the mistake of not properly writing this down before so I had to search for the answer. The problem is, sometimes, it seems as though Plasma is not shutting off my external screens consistently. I can’t say why but I have a suspicion that it is due to a specific communication application as I can almost guarantee that it is preventing my screens from turning off. I don’t have definitive proof of this so I am not going to put it in writing.

My intent is to have a shortcut for turning off all my screens instead of just locking them and hoping that the desktop environment will do its job of turning them off. I do want to point out that when I was using Windows, both 7 and 10, I had this problem too so it is absolutely not an issue with Desktop Linux.

It is fun being able to understand how to talk to a Linux machine through the terminal using the CLI (Command Line Interface). The more you know about how to work with it, the more you will ultimately enjoy your journey in Linux. Here is my solution.

The Commands

The commands I found out there in the vastness of the world wide web lead me to this that I have tested on multiple machines. Two were running Tumbleweed with Plasma and the other Leap 15.2 with Plasma.

xset -display :0 dpms force off

The other command is to force the screen on. This is useful as I have had issues where after undocking my machine, my screen would forget to turn on. I can’t say the reason why but this could also use a Global Shortcut

xset -display :0 dpms force on

The Script

I created a little shell script for turning off my screen called screenoff.sh. I can’t say for sure how all distributions handle this but I have a bin directory in my home folder, so this is where I have chosen to place this script. ~/bin

Using nano, I created a bash script for this.

nano ~/bin/screenoff.sh

Then filled it in with this information

#!/bin/bash

sleep 1
xset -display :0 dpms force off

The purpose of the sleep 1 line is to give me a chance to get my hand away form the keyboard and mouse so I don’t inadvertently cause the desktop environment to wake the screen.

Next I made the file executable. There are many ways to do it but since we are playing in the terminal:

chmod +x ~/bin/screenoff.sh

To test this out, using krunner or open a terminal and type screenoff.sh should turn off your screen. If not, something is wrong and maybe we can figure it out…

Custom Shortcut

It is not real practical to open up krunner or a terminal just to shut off the screen when I have the power to create a custom shortcut in Plasma. Here is how to do it. First open up System Settings and choose the shortcuts module. Your system settings may look a bit different but I am sure you can figure it out. I have faith in you.

Next you have to select the “Custom Shortcuts” submodule.

At the bottom of the list there is an Edit button with a down arrow. Select that > New > Global Shortcut > Command/URL

Name it whatever makes sense for you. I chose the name “Screen Off” to make it pretty clear. Set your shortcut. I chose Meta+Alt+O.

Next, Select the Action tab and enter the path of the script you just created. In my case, it is:
~/bin/screenoff.sh

Select Apply and test it out!

Final Thoughts

Plasma is real easy to customize to your liking. I am very happy with this small modification to make my desktop experience a bit more suited to my personal taste. I don’t expect that this is a very common use case but since I know I am an edge case in much of what I do, this helps me to remember and hopefully there will be at least one person that can use or adapt this to their own case.

I am not a terminal expert so if there is any way that this can be improved, please contact me or comment below

References

Terminal Applications
https://askubuntu.com/questions/62858/turn-off-monitor-using-command-line
https://unix.stackexchange.com/questions/16815/what-does-display-0-0-actually-mean

Aug 3rd, 2020

Candidates list for the openSUSE Ad-hoc Board Election

The Call for Nominations for the openSUSE Ad-hoc Board Election ended last night. The Election Committee received the nominations of two openSUSE members and both nominees accepted to run as candidate for this election.

The names of the candidates are:

The announcement was made on the project mailing list by Ariez Vachha on behalf of the Election Committee.

As from today the election campaign begins. Electronic vote will begin on the 17th of August and ballots will close on the 30th of August.

All the best to both candidates! 👍

Tmux Desktop on openSUSE Linux

I can’t say that I ever spent my childhood wishing I had the ultimate terminal desktop but the more I have played on Linux, the more I have spent time in the terminal and I really can’t explain why I find it so charming. Perhaps it is the low memory usage of the applications? The clever modern implementation of certain terminal applications? I can’t really say, but there is something incredibly charming about the terminal.

My pursuit of having a terminal based “desktop” was Inspired by Linux Unplugged Presentation. A rather nice article and I fell into this hole of terminal excitement

Build your own Desktop in the Terminal Linux Unplugged Article

After some exploration and some fiddling. I have put together a little resource for today me and future me. Hopefully this has some interest for you and I am open to other suggestions for making my Terminal based Desktop even better.

Tmux Terminal Desktop

The possibilities are seemingly endless as the bandwidth required to sustain this is really quite low.

LG 29″ UltraWide | Monitor Upgrade and Configuration on Linux

I have historically made my hardware decisions based on price, generally I get what I can get for as low or as reasonable as possible. Basically, I go for free or near-free and fabri-cobble something together. After seeing some other computer setups, I have really thought that I want to be able to function more effectively and efficiently than I had been. One of the areas that I have been less than happy has been my monitor layout. I have been pushing 3 displays with my Dell Latitude E6440 and for the most part, it has been meeting my needs but there were some work flows that have not been working out so well.

What I had before was a kind of ah-hoc solution. I started with one monitor than wanted more screen real estate so I placed it off to one side because that is just what made sense at the time.

What I had here was a laptop screen with 1920×1080 (FDH) resolution. A monitor directly above with a resolution of 1440×900 (WXGA+) and off to the top right a screen with the resolution of 1280×1024 (SXGA). Both of those monitors I purchased for $10 each from a company upgrading everything. I was pretty happy as going from one monitor to a second was fantastic and adding a third made it even better.

The problem I ran into was that the monitor above was not Full HD and sometimes it made for some usability issues with certain applications. That was compounded by having a monitor to the right with a physically slightly taller display but pixel wise, quite a bit taller and it just made things weird when moving from monitor to monitor.

The solution presented to me by my e-friend, Mauro Gaspari is ultimately what I started to pursue when he sent me a picture of his screen setup on Telegram. What he had (probably still has) is a 1440p monitor. I had never seen such a thing, it was so clean and made so much sense, especially with the ability to tile windows. So, began my search and measuring to see what was feasable. Fast forward to about eight months later, I purchased the LG 29WK50S-P. This is a 2560×1080, 29″ with a 60Hz refresh rate.

Initially I wanted to go with a 3440×1440 (WQHD) screen but I couldn’t get one at the size and price I wanted. Since I don’t have a whole lot of space and the distance it will be away from my face, any bigger than 29″ diagonal would take up too much space. I also didn’t want to spend a whole lot so what I payed was $179.10 for this monitor and I am quite happy with the price. Sure, more than the $10 I spent on the last monitor but a heck of a lot more pixels.

Features

The description of this this monitor is a 29 Inch Class 21:9 UltraWide® Full HD IPS LED Monitor with AMD FreeSync. It has the following features

  • AMD FreeSync™ Technology
  • Dynamic Action Sync
  • Black Stabilizer
  • OnScreen Control
  • Smart Energy Saving
  • Screen Split to give you different picture choices with the monitor.

None of these features were all that important to me. What I was most concerned about was the resolution and VESA mount. The split screen feature, to which I mostly don’t care about, is intriguing as I could use the second display input and do some testing on other distributions with another computer.

I really wasn’t asking for much in a monitor, really. I am going to take advantage of the AMD FreeSync at this time either but it is nice to know it’s there.

Initial Setup

I have been spoiled in openSUSE Linux for years and years. I haven’t really had to fiddle with anything to get my computer to use hardware. I expected this ultra-wide monitor to be just as un-fiddly but it wasn’t. For whatever reason. The display didn’t recognize to computer its proper resolution.

I don’t know why if it is because it falls under the “other” resolution category or if there is some other issue. I am running Tumbleweed so I do have the latest drivers and since this monitor has been around for a while, I wasn’t expecting any issues.

The Plasma Display Settings didn’t give me the option of 2560×1080 at all, a quick DuckDuckGo search which brought me to the solution to my troubles here on the openSUSE forum. I started out by using some “old school” xrandr commands.

First I started out by defining a new mode:

xrandr --newmode "2560x1080_60.00"  230.76  2560 2728 3000 3440  1080 1081 1084 1118  -HSync +Vsync

Then I added a mode to the specific output.

xrandr --addmode HDMI-3 2560x1080_60.00

Then I sent the command to change the mode of the screen

xrandr --output HDMI-3 --mode 2560x1080_60.00

This worked but it is not a permanent solution as the next time I were to reboot, I would lose these settings. That made it time to do an Xorg configuration file for this monitor. Thankfully, it is just one simple text document.

Permanent Solution

Using the handy dandy terminal, once again, I navigated to the appropriate folder

cd /etc/X11/xorg.conf.d/

Then instead of creating a standard type of file that could be overwritten like “50-monitor.conf“, I created a custom one for this particular monitor.

sudo nano 49-LG29WK50S.conf

There is not much in this configuration file, just the modeline and preferred mode along with the Identifier of HDMI-3:

Section "Monitor"
   Identifier "HDMI-3"
   Modeline "2560x1080_60.00"  230.76  2560 2728 3000 3440  1080 1081 1084 1118  -HSync +Vsync
   Option "PreferredMode" "2560x1080_60.00"
EndSection

This allowed for the Plasma Display module to now have the proper mode available in the drop down and for me to do arrange the screen properly.

And now doing something like video editing feels a lot cleaner and the width only makes this task so much nicer to accomplish.

It’s not a perfect setup but it is a more perfect setup than what I had. What is nice is that I can very easily tile windows and jump to different applications without playing the, “where did I go” game.

I don’t know if I have any games yet that take advantage of the ultra-wide screen layout but from a productivity standpoint, this is fantastic.

I have been using it as the monitor with which I do CAD and I do like the wider display much better as the side menus are never in the way of the model itself. Also, the extended design history is almost entirely seen on larger models too.

Final Thoughts

Although the DPI is not the same between the laptop and the ultra-wide, I am happy with it. I don’t even know if I would want this monitor smaller or if maybe it is time to go up to a 15″ laptops screen. That would make the DPI closer to being the same between the laptop and the monitor. I am happy with it after one day of usage and over time, I am sure I will find irritations with the setup.

I want to note that I didn’t go for the curved screen. I don’t think I am quite ready for such a “radical” idea of having a screen curved towards me. Would it have been better? Maybe, I can’t really say and maybe the next screen I purchase will be curved so that I can compare. The way I see it, going from 16:9 resolution to 64:27 (21:9) was enough of a jump. Adding another bit of unfamiliarity of a curve in the display might have just thrown me off (insert smile emoji).

I have more “testing” to do with the monitor but for the $179.10 I spent on it, I think it was worth it. The contrast is nice, the brightness is nice, everything is very pleasing. This might very well be one of the best technology purchases I have made. I much prefer this to the ad-hoc, fabri-cobbled setup I previously had.

References

Ultrawide Monitor Help on the openSUSE Forum
LG 29WK50S-P Ultrawide LED Monitor product page
Display Resolutions on Wikipedia

Noodlings | Designing, Replacing and Configuring

A prime number podcast but not a prime podcast

17th Noodling of technical musings

I’d like to say something interesting about the number 17, it’s a prime number, the last year you are a minor in the United States, perhaps other places… Team 17 was a great video game house in the 90s that made the game Worms, that was cool. Played that quite a lot some years back…

Fusion 360 Architectural Design

Used Fusion 360 on Linux to help me design a major renovation project. I need a new space for my dusty projects, a place to make wood and metal chips and other non-electronics friendly tasks like welding.

MechBoard64 | Replacement Commodore 64 Keyboard

Modern replacement keyboard project for the Commodore 64. Not in production but all the plans to build your own are available.

Zoom Meeting Large UI Elements | Fix

Over-sized UI elements

TUXEDO Pulse 15 | Possible AMD Linux Laptop Upgrade

First New Piece of Hardware that excites me and just may be my next laptop

BDLL Followup

  • Ubuntu Cinnamon Remix is struggling with their process to become an official distribution due to 3rd party packages
  • FerenOS reaches 5 years
  • Community feedback, concerning getting into Network Administrator, get your hands on, buy some cheap used equipment, get the Debian network administrator handbook. Get real equipment seems like the best way to learn.
  • For me, Ocular for reading. For managing ebooks, I use Calibre. Folio was talked about but it looks to Gnome.

openSUSE Corner

openSUSE + LibreOffice Virtual Conference Extends Call for Papers

Organizers of the openSUSE + LibreOffice Virtual Conference are extending the Call for Papers to August 4. Participants can submit talks for the live conference past the original deadline of July 21 for the next two weeks. The conference is scheduled to take place online from Oct. 15. – 17.

The length of the talks that can be submitted are either a 15-minute short talk, a 30-minute normal talk and/or a 60-minute work group session. Organizers believe shortening the talks will keep attendees engaged for the duration of the online conference.

The conference will have technical talks about LibreOffice, openSUSE, open source, cloud, containers and more. Extra time for Questions and Answers after each talk is possible and the talks will be recorded. The conference will schedule frequent breaks for networking and socializing.

The conference will be using a live conferencing platform and will allow presenters with limited bandwidth to play a talk they recorded should they wish not to present a live talk. The presenter will have the possibility to control the video as well as pause, rewind and fast-forward it.

Attendees can customize their own schedule by adding sessions they would like to participate in once the platform is ready. More information about the platform will be available in future news articles.

Organizers have online, live conference sponsorship packages available. Interested parties should contact ddemaio (at) opensuse.org for more information.

Release Team Asks for Feedback on openSUSE Leap “15.2”

The openSUSE release team is would like feedback from users, developers and stakeholders about the release of the of community-developed openSUSE Leap 15.2 through a survey. The survey is available at https://survey.opensuse.org. openSUSE Leap 15.2 was released on July 2. The survey centers on these two questions: what went well and what didn’t go well?

Tumbleweed Roundup

  • 20200728 Pending Stable 99
    • ffmpeg-4
    • sudo (1.9.1 -> 1.9.2)
      Subpackages: sudo-plugin-python
  • 20200727 Pending Stable 99
    • yast2 (4.3.15 -> 4.3.17)
  • 20200726 Pending Stable 99
    • Mesa (20.1.3 -> 20.1.4)
    • Mesa-drivers (20.1.3 -> 20.1.4)
    • fourth bugfix release for the 20.1 branch
    • just a few fixes here and there, nothing major
    • gnome-disk-utility (3.36.1 -> 3.36.3)
    • Fix creating partitions by using special parameter when requesting the maximal partition size.
    • Updated translations.
  • 20200724 Stable 97
    • NetworkManager (1.24.2 -> 1.26.0)
    • flatpak (1.6.4 -> 1.8.1)
    • kernel-firmware (20200702 -> 20200716)
    • pipewire
    • Subpackages: libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools
  • 20200721 Stable 94
    • MozillaFirefox
    • Add mozilla-libavcodec58_91.patch to link against updated soversion of libavcodec (58.91) with ffmpeg >= 4.3.
      libzypp (17.24.0 -> 17.24.1)
      Fix bsc#1174011 auth=basic ignored in some cases (bsc#1174011)
      Proactively send credentials if the URL specifes ‘?auth=basic’ and a username.
    • ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log (bsc#1174011)
    • version 17.24.1 (22)
  • 20200720 Stable 95
    • kernel-source (5.7.7 -> 5.7.9) Numerous fixes
      protect ring accesses with READ- and WRITE_ONCE
      KVM: arm64: vgic-v4: Plug race between non-residency and v4.1 doorbell (bnc#1012628).

Computer History Retrospective

Computer Chronicles – Microchip Technology

Value of computers today is enormous and this put that into some of its perspective.

Final Thoughts

It is never good to live in fear. The world is indeed a dangerous place, filled with so many things that reWe are often focused on the negative in the world. The things that are bad or could be improved and often become far too resentful as a consequence. If we spend more time focusing on the miracles that bring us the technology and comforts we get to enjoy day in and day out. I think the world would be a better place

openSUSE Tumbleweed – Review of the week 2020/31

Dear Tumbleweed users and hackers,

Week 31 has seen a steady flow of snapshots. The biggest snapshot was 0721, for which we had to do a full rebuild due to changes in the krb5 package, that moved some files around. In order for all packages to keep up with this change, the full rebuild was needed. The week in total has seen 7 snapshots being published (0721, 0724, 0726, 0727, 0728, 0729 and 0730)

The changes included in those snapshots were:

  • krb5 file system layout changes (moved to default locations)
  • Mesa 20.1.3 & 20.1.4
  • NetworkManager 1.26.0
  • Flatpak 1.8.1
  • Python3 package was renamed to python38, allowing for further parallel packages like python39
  • sudo 1.9.2
  • KDE Plasma 5.19.4
  • Mozilla Firefox 79.0
  • Nano 5.0

The changes currently in stagings are around the topics of:

  • grub2 to address Boothole issues (will come with a new signing key for grub/kernel/shim)
  • GCC 10.2
  • LibreOffice 7.0rc2
  • Change of /tmp to tmpfs
  • openSSL 3.0
  • RPM changes: %{_libexecdir} is being changed to /usr/libexec. This exposes quite a lot of packages that abuse %{_libexecdir} and fail to build. Additionally, the payload compression is being changed to zstd

openSUSE 15.1 to 15.2 upgrade notes

In a previous article I showed how to upgrade a distro using zypper, but after the first reboot some issue might always happen, that’s why I collected all the changes and the tweaks I applied switching from openSUSE 15.1 to 15.2.

oneAPI compatibility with all openSUSE

As leader of the openSUSE Innovator initiative, openSUSE member and official oneAPI innovator, I tested the new release of the tool on openSUSE Leap 15.1, 15.2 and Tumbleweed. With the total success of the work, I made available in the SDB an article on how to install this solution on the openSUSE platform. More information here: https://en.opensuse.org/SDB:Install_oneAPI.

oneAPI is an Unified, Standards-Based Programming Model. Modern workload diversity necessitates the need for architectural diversity; no single architecture is best for every workload. XPUs, including CPUs, GPUs, FPGAs, and other accelerators, are required to extract high performance.

This technology have the tools needed to deploy applications and solutions across these architectures. Its set of complementary toolkits—a base kit and specialty add-ons—simplify programming and help developers improve efficiency and innovation. The core Intel oneAPI DPC++ Compiler and libraries implement the oneAPI industry specifications available at https://www.oneapi.com/open-source/.

Some features

DPC++: Data Parallel C++ (DPC++) is an open, standards-based evolution of ISO C++ that incorporates Khronos SYCL and community extensions to simplify data parallel programming.

CUDA Source Code Migration: The DPC++ Compatibility Tool is a migration engine that transforms CUDA code into a standards-based DPC++ code.

AI: Designed for end-to-end machine learning and data science pipelines, these toolkits are comprised of optimized Python libraries and high-performance, deep learning frameworks and tools based on oneAPI libraries.

Libraries : Powerful libraries—including deep learning, math, and video and media processing-are preoptimized for domain-specific functions and custom coded to accelerate compute-intense workloads.

For more information: https://software.intel.com/content/www/us/en/develop/tools/oneapi.html

Jul 28th, 2020

Jump-starting ESK: Elasticsearch, syslog-ng and Kibana

If you want to test drive syslog-ng or just want to learn something new, I recommend you checking out the BLACK ESK project. By running a single script, you can set up a containerized test environment, complete with Elasticsearch, Kibana and a syslog-ng server. All network connections among them are encrypted and the syslog-ng configuration showcases many interesting syslog-ng features, including PatternDB and JSON parsing, GeoIP, in-list filtering and the new Elasticsearch destination. Once it is installed, all you need are some logs directed at this server and a browser to reach Kibana. You can learn a lot from reading through the setup scripts and the different configuration files.

I must thank @uidz3ro, who created BLACK ESK and fixed a number of problems while I tested it and even implemented a little feature request. This way it is possible to create maps (like the one below mapping IP addresses from failed ssh logins) without any further configuration.

Oops, China is active...

Before you begin

Getting started with BLACK ESK is easy, as it does not have much external dependencies. On the container side it needs Docker and docker-compose (I did not check Podman, as podman-compose is still under development) and you need git to check out sources from GitHub. And of course you need syslog to send log messages to this containerized ESK stack. In my example, I use syslog-ng, but any other should work just fine.

If you have a firewall on the host you want to install BLACK ESK, make sure that port 514 (syslog) and 5601 (Kibana) are open. The syslog-ng configuration file lists a few more ports, but those are not forwarded by the supplied Docker configuration.

Installation

As a first step, you have to check it out from GitHub:

git clone https://github.com/amitn322/blackesk

Change to the freshly created blackesk directory and start the installer script:

cd blackesk
sh install.sh single-node

You can now sit back and relax. It takes some time to download and build all the necessary software. The “single-node” parameter here means that only a single Elasticsearch container is created. The installation script prints many lines on your screen. At the end, you should see something like this on your terminal:

Generating Some Fake Logs, you can delete the index and start over..
10 Logs generated
Everything should have been completed, please login to https://ipaddress:5601 with following user:
--------------------------------------------------
Username: elastic
Password: pQc85zA7vAnRIL5JaKL0
--------------------------------------------------
The initial set of credentials are stored in .creds.txt in the current Directory

There are many things to note here:

  • There are some fake logs uploaded by the installer, so you can easily check how the web interface works even before you send your own data

  • As all passwords are randomly generated, I have no problem sharing the actual output here

  • Make sure that you enter “https://” before the IP address, as unencrypted communication does not work here and browsers give all sorts of strange error messages (know by experience…).

  • Replace “ipaddress” with the IP address of the host, where you installed BLACK ESK

  • Do not worry if the user name and password are not retained on your terminal: they are also saved in the .creds.txt file

You can now log in and look around in Kibana. Click on “Discover” and you should see some log messages from syslog-ng.

Starting/stopping

For me, this was the first time I used docker-compose, so it took a while to figure out how to stop and restart the containers. Assuming that you successfully installed BLACK ESK and after some experimenting you want to stop it, enter the following command while in the blackesk directory:

docker-compose -f docker-compose-singlenode.yml stop

And you can start it up again using:

docker-compose -f docker-compose-singlenode.yml up -d

Getting logs

Obviously, it is not much worth having syslog-ng with a NoSQL back end and a fancy graphical user interface without logs. The bundled configuration expects legacy (RFC 3164) syslog messages on port 514 using both TCP and UDP. The easiest is to install syslog-ng on the host running BLACK ESK and forward all logs to port 514. Just add some similar lines to your syslog-ng configuration:

destination d_blackesk {
    tcp("127.0.0.1" port("514"));
};
log {source(src); destination(d_blackesk);};

The name of the source might be different on your system, “src” is used in the syslog-ng.conf of openSUSE/SLES, “s_sys” on Fedora/RHEL/CentOS.

A similar configuration snippet but with a different IP address could be used from other hosts on your network.

Playing with syslog-ng

BLACK ESK comes with a nice and complex syslog-ng configuration showcasing many syslog-ng features. It includes JSON and PatternDB message parsing, many different kinds of filters, including the in-list filter for black- and whitelisting, GeoIP to find the geolocation of IP addresses and of course an Elasticsearch destination.

Luckily the syslog-ng configuration is available in an easy to access location right in your blackesk directory, under syslog-ng/conf/syslog-ng.conf. Before making any changes, create a backup of this file. Then open it in your favorite text editor and start making changes. Do not forget to check your changes before reloading syslog-ng:

localhost:~/blackesk # docker exec syslog01 syslog-ng -s
Error parsing afsocket, inner-src plugin myerror not found in /etc/syslog-ng/syslog-ng.conf:40:22-40:29:
35      source s_windows{
36      	tcp( ip(0.0.0.0) port(5515) flags(no-parse));
37      };
38      
39      source s_network {
40---->     tcp(ip(0.0.0.0), myerror(), port(514));
40---->                      ^^^^^^^
41          udp(ip(0.0.0.0), port(514));
42          unix-stream("/var/run/syslog-ng/syslog-ng.sock");
43      };
44      
45      #Templates

This runs a syntax check in an already running syslog-ng container. Here I added an error just to demo it. Once the syntax check runs without error, you can make your configuration live:

localhost:~/blackesk # docker exec syslog01 syslog-ng-ctl reload
Config reload successful

Of course, some spelling mistakes are not spotted by this, but can still ruin your configuration. In this case try to fix your configuration and then start the container using:

docker start syslog01

Uninstalling

There is also an uninstall script included. Just enter:

sh uninstall.sh

Note, that it removes all data, but not the container images. You have to do that manually. It is also an easy way to hard reset your test environment and do a fresh start using install.sh. In this case the install script runs much faster, as it does not need to create the container images, just the keys for TSL and a few configurations.

If you have questions or comments related to syslog-ng, do not hesitate to contact us. You can reach us by email or even chat with us. For a list of possibilities, check our GitHub page under the “Community” section at https://github.com/syslog-ng/syslog-ng. On Twitter, I am available as @PCzanik.