Jason Cheng
Jason Tools Co., Ltd. | Founder & Technical Director
- Report this post
Proxmox VE has a lot of details that need to be paid attention to in daily maintenance. By sending logs to Graylog for centralized storage and analysis, together with Extractor, Dashboard and other functions, we can create an easy-to-read visual dashboard to quickly determine problems.-โถ Figure 1You can quickly see which nodes have recently experienced replication failures, backup failures, disk errors, node fence, disk I/O errors, and Ceph OSD errors, etc., so that you can easily grasp where the major problems of each system are currently located at once.Although Proxmox VE already provides email alerts for these major issues, it is integrated with a dashboard dashboard and can easily query past events and sort statistics, making it easier for administrators to view.On the left side of the picture, you can see that the number of replication failures is quite high, which is not visible if you don't look at the interface of Proxmox VE. This is because the target node of the guest machine has been taken offline, so it cannot be scheduled for replication to the target node and continues to cause replication failure events.-โถ Figure 2In the second picture, the OOM-Killer event block in the upper left corner is very important. If you don't monitor this event in Linux, there is no way to quickly determine the time and cause when the process is killed.I wrote my own API program, which provides the Node, CT/VM information of Proxmox VE to Graylog's Lookup Table function for searching and comparing, so that we can match the CT of the Node where the OOM-Killer occurred on the dashboard.On the left is the Guest HA log block. If a node failure triggers the HA high availability mechanism, this area makes it easy to keep track of when the HA event occurred on that VM/CT and the complete information on the node from which it was moved to.At the bottom, we have a event of users accessing the Console, so you can easily see which VMs often access the Console from the Proxmox VE management interface, and which users do so at what time.-โถ Figure 3The last picture shows the audit of Proxmox VE node login authentication failure events, including Proxmox VE WebUI or login via SSH, to know whether malicious account guessing and other information security behaviors have been performed.The Corosync status below is used to understand the health of the cluster network connection, even though Ring 0 and Ring 1 have been configured as backups for the cluster using independent two-sided networks, it is still important to know when potential problems may occur. The Link 1 Down event (Ring 1) occurred in the figure because the backup to Proxmox Backup Server was in progress and I did not limit the bandwidth usage during the period, so the Corosync connection on the Ring 1 side was disrupted for 3 seconds. This can be avoided by taking measures such as network bandwidth control.-#ProxmoxVE #PVE #Graylog
47
2 Comments
Jonas Sterr
๐ Senior Solution Engineer, Proxmox & Ceph
11mo
- Report this comment
Yes. Especially because node fencing can still happen on high ring0 latency, even when having a second link.. ring1 only helps when your ring0 is completly down.
3Reactions 4Reactions
Nicolas Janzen
Cloud Engineer
11mo
- Report this comment
You can determine when an oom event occurred:dmesg -T
3Reactions 4Reactions
To view or add a comment, sign in
More Relevant Posts
-
Wagner Souza
Analista de Seguranรงa da Informaรงรฃo | Exin Information Security Officer | Comptia Security+ | SOC | Threat Hunting | Elastic Contributor
- Report this post
๐จ Elastic Security Report ๐จ- Fleet Server Insertion of Sensitive Information into Log File (ESA-2023-20)https://lnkd.in/dKVafwhD- Elastic Endpoint Insertion of Sensitive Information into Log File (ESA-2023-21)https://lnkd.in/dyZYzEXA#elastic #elasticsecurity #cybersecurity #report
5
Like CommentTo view or add a comment, sign in
-
Stephan Schweizer
Chief Executive Officer at NEVIS Security AG
- Report this post
Another fully packed development cycle has been successfully completed with the publication of the Nevis Security #IdentitySuite May release. The following Medium article of Davide Cucuzzella provides a great overview about the new features:https://lnkd.in/eqZKvF82With the improved support of #openshift we support our customers to perform their #cloudtransformation even more efficient by providing additional options for #hybridcloud deployments! #security #ciam #passwordless #privatecloud #letsretirepasswords
32
1 Comment
Like CommentTo view or add a comment, sign in
-
Stefan Hinker
- Report this post
Innovation in #Security. Supported, endorsed and soon implemented by #Oracle. Creating an #Open #Standard. Welcome to the future!Zero Trust Packet Routing will be a huge step towards interoperable data security and will change the way admins and users think about it.Oracle is collaborating with Applied Invention and other industry leaders to create an open standard for network and data security. Find out more: https://lnkd.in/eA23gqya #CloudWorld
4
Like CommentTo view or add a comment, sign in
-
Tripwire
17,322 followers
- Report this post
Tripwire Enterprise seamlessly integrates with IBM i without the need for extensive code changes. Ron Adams details the simple setup process using PASE and how it maximizes efficiency and security:โคต๏ธhttps://lnkd.in/dVAEWSDJ#IBMi #Infosecurity #Cybersecurity
8
Like CommentTo view or add a comment, sign in
-
DT Asia Pte Ltd
416 followers
- Report this post
Optimize Your Log Forwarding To SIEM with syslog-ng Store Box (SSB): Learn How to Easily Configure Splunk HEC and Microsoft Sentinel Destinations!The syslog-ng Store Box (SSB) appliance, built on syslog-ng Premium Edition (PE), offers a streamlined solution for log analysis and SIEM optimization. With intuitive GUI, SSB inherits PE's robust features, enabling seamless integration with Splunk HEC and Microsoft Sentinel. To get expert tips on configuring and testing SSB for optimal performance: https://lnkd.in/eG5jrEzf #DTAsia #OneIdentity #OI #syslog-ng #SIEMOptimization #LogAnalysis #cybersecurityOne Identity
12
Like CommentTo view or add a comment, sign in
-
Karolina Matylewska
Test Automation Engineer
- Report this post
๐ก Essentials of Identity and Authorization - OAuth 2.0!Are you ready to unlock the secrets behind secure and seamless access control? Dive into this article, where Cloudentity demystifies the world of OAuth 2.0 and its fundamental role in modern authentication.In this article you will learn:โ What is OAuth 2.0?โ How Does it Work?โ How basic authorization flows look like?Whether you're an aspiring developer, a seasoned IT professional, or simply curious about the magic behind secure data sharing, this article is your gateway to unraveling the power of OAuth 2.0!Read the full article here:https://lnkd.in/dcgJPB4G#OAuth2 #IdentityAndAuthorization #Cybersecurity #AccessControl #Authentication #Authorization #TechInsights #SecureDataSharing #Cloudentity
3
Like CommentTo view or add a comment, sign in
-
-
Brian Cameron
Senior Systems Engineer / Network Infrastructure / Virtualization / Hybridization
- Report this post
The largest cyberattack of its kind recently happened. Hereโs how.ยฉCharles Krupa/APA trio of internet giants revealed on Tuesday that they had fought off an โunprecedentedโ distributed denial-of-service (DDoS) attack โ used to disrupt the availability of systems like websites and services โ that registered as the biggest on record, by far.Cloudflare, Google and Amazon Web Services (AWS) said the attack relied on a previously undisclosed vulnerability in a key piece of internet architecture.And it was massive.โFor a sense of scale, this two minute attack generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023,โ Google wrote in a blog post.News of the attack comes as maintainers of a foundational open-source internet tool announced severe vulnerabilities, and as four federal agencies published guidance on the security of open-source software (OSS).HTTP/2 โRapid ResetโThe attack, known as HTTP/2 โRapid Reset,โ abuses a weakness in the HTTP/2 protocol. HTTP stands for Hypertext Transfer Protocol and is used to load webpages. HTTP/2 was a revision of an earlier version, meant to make pages load faster, among other improvements.โThe DDoS events AWS detected were a type of HTTP/2 request flood, which occurs when a high volume of illegitimate web requests overwhelms a web serverโs ability to respond to legitimate client requests,โTom Scholl, vice president and distinguished engineer at the company, andMark Ryland, AWSโs director of the office of chief information security officer, wrotein a blog post.
Like CommentTo view or add a comment, sign in
-
Mike Strickland
Founder and President at G2 Solutions
- Report this post
๐ ๐ถ๐ฐ๐ฟ๐ผ๐๐ผ๐ณ๐ ๐๐๐๐ต๐ฒ๐ป๐๐ถ๐ฐ๐ฎ๐๐ถ๐ผ๐ป ๐๐ถ๐ฏ๐ฟ๐ฎ๐ฟ๐ ๐ฐ.๐ฑ๐ฐ.๐ฌ ๐ฆ๐๐ฝ๐ฝ๐ผ๐ฟ๐๐ ๐ ๐ฎ๐ป๐ฎ๐ด๐ฒ๐ฑ ๐๐ฑ๐ฒ๐ป๐๐ถ๐๐ถ๐ฒ๐Boosting Security: Microsoft Authentication Library 4.54.0 empowers developers with enhanced protection as it now supports Managed Identities. Simplify authentication processes while ensuring robust security measures for your applications.#MicrosoftAuthenticationLibrary #ManagedIdentities #SecurityEnhancements #DeveloperTools #AuthenticationSimplificationhttps://lnkd.in/gkDqcgVA
Like CommentTo view or add a comment, sign in
-
SquareCows
67 followers
- Report this post
AWS Verified Access now provides improved logging functionality, making it easier to author and troubleshoot application access policies. Verified Access enables you to provide secure access to your corporate application using zero-trust principles. You can use end-user context, such as user groups and device risk score, from your existing third-party identity and device security services to define access policies. Starting today, you can log all the end-user context received from third-party services, simplifying policy authoring and troubleshooting.
Like CommentTo view or add a comment, sign in
589 followers
- 340 Posts
View Profile
Follow