![]() You may check the sending abilities by sending yourself an email, via root: echo "Hello, root!" | mail -s "A message for Charlie Root" rootĪnother advantage of having a mailer and aliases set up is that any misconfigured cron jobs will send their output to your email. Root: sure to also refresh the aliases: sudo newaliases Then, the basic relay-only config can be added, replacing the default /etc/postfix/main.cf: ![]() There are lots of mail transfer agents and relays for Linux, but the most well known is probably Postfix.įirst, postfix must be installed from the repositories: sudo apt install -y postfix mailutils libsasl2-2 libsasl2-modules ca-certificates ssl-cert Postfix mail relayĪlmost all of these messages will be sent by email, so having a way for your system to send you messages is the first step towards a working solution. These are all very simple utilities, and are in the default software repositories for Ubuntu or Debian. Logwatch, to create weekly status reports.That’s a journey that every admin has to take for themselves.īut like everything, you can get a good distance for cheap - it’s the rest that’s “expensive” so let’s get the “cheap” parts. I wish I could say there was a magic, universal good configuration for every situation but there isn’t. Worse, too little information means you could miss important signs of failure leading to preventable downtime. Alert fatigue sets in very quickly, and goes away slowly. Too many alerts and reports become tiresome and annoying. Occasional reports so you know everything is okayĪnd of course, there’s a very fine balance to this.Historical utilization data to make good decisions.Actionable alerts that expose meaningful problems.There are three main pieces of information an operator needs about a system: Things should be simple, and simple alerts shouldn’t come from complex systems. However, if you’re using that system for stupid alerts like “An error happened on server XYZ”… Well, you’re doing it wrong. It correlates data from hundreds or thousands of sources, giving very important insights about overall system usage patterns, login activity, audit trails, and more. ![]() You see, the strength of a SIEM or log aggregation system is its numbers. ![]() These methods aren’t a replacement for those systems at all, but a basic way to implement the core basics of monitoring and alerting. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |