I have downloaded the esxi level logs. I want to check network errors in those logs. Can anyone please help me to know how can we detect the network level logging in esxi level logs?
Related
On Google Cloud we are using the following:
A Cloud Function that connects to
A service running on a GCE VM
via a VPC Access Connector
Its been running fine for months then all of a sudden it stopped working and all attempts to connect to the service cause the following error in our Cloud Function logs:
Connection to 10.X.X.X timed out. (connect timeout=10)
That IP address is the IP address of the VM.
At this point I'm not sure how to go about diagnosing the problem as GCE networking is unfamiliar to me. What should I be searching for in Cloud Logging to try and determine the root cause of the problem?
You can use Cloud Logging to check the logs of your GCE Networking. You check it on:
Navigation Menu > Logging > Log Explorer
On the right upper part of your GCP console, click Resource.
Scroll down and choose GCE Network.
Once you click GCE Network, it will show you the Network ID of your VPC network
Then choose where your VM instance is located then click “apply”.
For more information about Cloud Logging you can explore this link.
I've discovered that much more detailed logs are available by filtering on
resource.type="gce_subnetwork"
These logs provide much more detailed information about the network traffic.
Imagine having an iot device in a building miles away from you. The device encountered a problem and I want to debug remotely. Is there an place in gcp where I can do that ? (With aws, I can use secure tunneling to establish a secure tunnel and debug the device remotely)
I got a new laptop and planning to dedicate the current laptop as a central log monitoring system for the server clusters already set up on AWS. AWS servers have static IP, while my personal laptop will be connected to Wifi. The clusters receive low to moderate traffic and there aren't many logs generated.
To use the laptop as a central log monitoring system, I can do one of these things:
Stream logs in realtime(Using streams to reduce reconnection overheads)
HTTP Long Polling(Can't push as my ISP doesn't allow me a static IP)
Make a VPN server and figure out some way to push/poll logs.
I think the 1st option(streaming logs) looks the most promising.
Is there some better way to this?
Also, how do I stream logs in this setup considering clients have static IP while my central server has dynamic IP?
Are there any open-source/existing services that achieves this already(Why re-invent the wheel when you have a start!)?
Thank you in advance!
I have qradar setup on one host and vmware vsphere cloud setup on another host.
My Vsphere cloud setup has one esxi host
I want to send logs from of this esxi host to my qradar.
How to do it.Please help.
Go to vSphere Web Client
Click on Esxi host that you want to send logs to qradar
Go to Configure -> Advance System Setting
Click edit and filter keyword 'Syslog.global.logHost'
put value as 'udp://:514' in 'Syslog.global.logHost' field.Click OK.
Go to Configure -> Firewall
Click edit and filter keyword 'syslog'
Checked the syslog check box.Click OK.
I want to add information on point 8, the firewall menu can be accessed via the network tab to restrict access through the firewall
I noticed that my VM in the google cloud platform is generating DOS and wondering where that may be coming from. On further search, I noticed a file that wasn't created by me and deleted the file.
So far, I have changed the ssh port but I'm still getting This project appears to be committing denial of service attacks
I would like suggestions on what else I can do to prevent this in the future.
I'm leaving here some interesting resources you can check to secure your Google Compute Engine instance:
Ubuntu SSH Guard manpage
ArchLinux SSH guard guide (guides you through installation and setup)
Apache hardening guide from geekflare
PHP security cheatsheet from OWASP
MySQL security guidelines
General security advice for Google Cloud Platform instances:
Set user permissions at project level.
Connect securely to your instance.
Ensure the project firewall is not open to everyone on the internet.
Use a strong password and store passwords securely.
Ensure that all software is up to date.
Monitor project usage closely via the monitoring API to identify abnormal project usage.
To diagnose trouble with GCE instances, serial port output from the instance can be useful.
You can check the serial port output by clicking on the instance name
and then on "Serial port 1 (console)". Note that this logs are wipped
when instances are shutdown & rebooted, and the log is not visible
when the instance is not started.
Stackdriver monitoring is also helpful to provide an audit trail to
diagnose problems.
Here are some hints you can check on keeping GCP projects secure.