Logging Apache Access-Log to Syslog / Rsyslog / Papertrail

Using this as a guide ( http://wiki.rsyslog.com/index.php/Working_Apache_and_Rsyslog_configuration )  I was able to get Apache’s access log, filtered, forwarding to my Papertrail instance (via syslog / rsyslog). It may be useful to someone:

Redhat/Centos httpd.conf and/or your virtualhost conf — requires the logger program, which centos has by default:

# (20100219) Rianto Wahyudi - Send apache log to syslog
CustomLog "|/usr/bin/logger -t httpd -p local6.info" combined

rsyslog.conf (preferably above the /var/log/messages filter, so apache logs don’t pollute it)

# Log to papertrail
if $syslogfacility-text == 'local6' and $programname == 'httpd' and not ($msg contains 'stats') and not ($msg contains 'NewRelic') then @logs2.papertrailapp.com:12345
# Prevent logging httpd to /var/log/messages
if $syslogfacility-text == 'local6' and $programname == 'httpd' then ~

Be sure to replace 12345 with your papertrail port. Note that I added the ‘and not’ and ‘contains’ logic for my specific app, which you can remove, but I found helpful in filtering what gets sent to Papertrail. It took me awhile to figure out this logic so I left it in for you. Restart apache and rsyslog, and look at /var/log/messages for any rsyslog errors.

Two Unrelated (No association) Entities in One Form in Symfony2

A lot of tutorials are showing you how to create embedded forms with associations/relations — what about unrelated entities?

I figured out you can pass the second entity as a parameter to the parent form, pass it normally to the embedded form via the ‘data’ parameter, which will let the embedded form update the object. Then just persist() the object back in the controller like normal. No crazy data/request wrangling necessary!

In the parent form:

//...
private $userConfig = null;
public function __construct($userConfig = null) {
    $this->userConfig = $userConfig;
}
public function buildForm(FormBuilderInterface $builder, array $options) {
//...
$builder->add('userConfig', new UserConfigPartialType(), array(
    'label' => false,
    'required' => false,
    'mapped' => false,
    'data' => $this->userConfig
));
//...
}

In the controller:

$form = $this->createForm(new Forms\PeersType($userConfig), $user);
$form->handleRequest($request);
if($form->isValid()) {
    $em = $this->getDoctrine()->getManager();
    $em->persist($userConfig);
    $em->persist($user);
    $em->flush();
}

The UserConfigPartialType form is just a normal form with a couple form fields. Of course ideally you’d have a relationship between these entities, but this is nice if for some reason you can’t (like Doctrine’s bidirectionality being a pain in the butt.)

Logging NAT/Firewall/state entries in Pfsense

Sometimes you really need to know what computers on your network were doing yesterday at noon, because you get a nastygram from the MPAA about bittorrent demanding that you do something — but bittorrent is notoriously hard to block.

You can try installing BandwidthD on your Pfsense router, to see who’s using a bunch of bandwidth at that time, and you can look back through DHCP or WiFi logs to see who was connected at the time, but the complaint letter tells you the exact time and port number used. Wouldn’t it be cool if you could log that?

Here’s what I came up with. Download the Cron package for Pfsense, and add a new Cron job:

Minute: 1
Hour/etc: *
Who: root
Command: pfctl -ss | egrep '(>.*>|<.*<)' | logger

The firewall states (who is connected to what) will now dump to your system log every hour — kinda noisy, but also kinda effective for tracking long downloads on random ports.

How the Internet Works

How The Internet Really Works: A Hands-On Crash Course from Ethernet to HTTP using Wireshark

Screenshot from 2014-04-04 22:24:37Whether you’re a hacker, IT pro, coder, or just curious, it helps to know exactly how the Internet works: you may understand the idea of connections, but do you understand all the protocols and steps that it takes to create and troubleshoot a connection?

Ever wondered what exactly happens between typing “google.com” into the address bar and seeing the webpage appear on your screen? Do you know what would happen if two computers had slightly different subnet masks, or how ARP spoofing works, or what exactly the Kaminsky DNS attack was, or what happens when you plug a switch back into itself?

This was presented at CactusCon 2014, and the slides / wireshark captures are available here: how-internet-works.zip (the slides are sparse; turn on notes to see what I said for each slide.) If you don’t have PowerPoint, you can download LibreOffice (free) or see the SlideShare.

Also note that this is a semester worth of Networking 101 presented in about an hour; this is enough to get you started Googling for topics of interest and hopefully a gut feeling for all the different things happening during a typical connection, but some bits are omitted– please do more research in order to get a complete understanding. Open Wireshark yourself and send out your own traffic; read books or tutorials, consider certification classes like Network+, Security+, or Cisco.

Finally, I’m happy to answer questions in the comments or on twitter @willbradley .

Full Notes

Just in case you can’t see the notes attached to the slides, here’s my full notes below: Continue reading

On the practical side of starting a hackerspace

Many people have been asking me about starting hackerspaces/makerspaces lately. I’m going to use this post to aggregate their questions and my answers.

What do you think about doing a Kickstarter for seed money?

It’s possible, but “the HeatSync Way” is to find your people first. To do this kind of endeavor it seems like you need 5-15 “good people” who are prepared to stick around for at least a year of creating this business — as a hobby, with perhaps 2-5 hours per week commitment. Continue reading