I’ve moved this site from self-hosted to my new landchad VPS server. Performance seems really good and it was really easy to backup and move (I’ll need to write up my steps so I don’t forget).
Today is Sunday. I am building Asterisk 18.9 from source patched with cisco call manager features. See this website for more details: https://usecallmanager.nz/patching-asterisk.html
I’m doing this on a proxmox Linux ubuntu container. This is so I can get my Cisco 9971 phones to work with Cisco call manager features like voicemail button support and BLF (busy lamp field). Why am I doing this? Well, my Cisco phones have been laying dormant for many months while my gaze has been elsewhere. On a lark I plugged them back in and low-and-behold I had 5 voicemail messages. All were from my healthcare service provider trying to sell me stuff. I deleted all the voicemails but it got me thinking that the voicemail button doesn’t work and that’s a shame — I can fix that. Anyways, this is my attempt to fix by building Asterisk from source in a Linux container that has been patched from usecallmanager.
I’m using Discord to keep up with some technical discussion groups (e.g. TrueNAS and OBS) and I’ve even created a personal Discord server for my family. I’m also running Graylog for log aggregation of my home technology stack (switches, IP phones, Asterisk, Plex, Pihole, Router) and I was wondering if I could create automated alerts from Graylog to my Discord server? It is very timely as Graylog posted a blog entry just this past Friday on how to do this very thing. Now, before we go any further we need to be clear on what is required from a software perspective. You will need a working Graylog server version 4.0 or greater (I’m running version 4.0.5 on FreeBSD) and you will need to install and license the enterprise plug-in so that you can use the correlation engine. Don’t worry, the enterprise Graylog plugin is free for personal use under 5 GB of logs a day (I’m at like 400 Mb’s a day). You will also need a Discord server which are free to setup for personal use. Instructions for setting up Graylog can be found here and here.
Step 1: Inform Your Children
Children are super curious; they like to know when new network monitoring infrastructure is configured for your home network. I’ve found that a bit of subterfuge throws them off the scent.
Step 2: In Discord, Setup a New Text Channel for Your Alerts (Optional)
This step is optional but useful if you want to separate alert content from your normal content in Discord. In your Text Channels menu for your Discord server (you must be the server owner or granted admin privs), you can click the plus icon to create a new text channel. I named mine graylog and defined a topic text. Click save. Please notice the Integrations menu item in the above graph. We will click on that next.
Step 3: In Discord, Add a Webhook Integration
Within your text channel configuration you will see an Integrations menu item. Click Integrations and then click on Webhooks and New webhook.
In the New Webhook dialog, you can name your webhook. I chose a descriptive name for this but yours can be more generic. Note the Channel the webhook will be in and you can copy the webhook URL (a url encoded string to your server). I got the Graylog icon from their Twitter feed @graylog2 account.
Step 4: In Graylog, Add an Event Definition
In the Graylog Alerts menu, click Event Definitions and then the Create Event Definition button. I named my Event “SSHd Logon Open Too Long” to match to Graylog blog video which is linked at the start of this blog post. Click Next. I set the Condition Type to be “Event Correlation” and then set the Correlation rules to follow a sequence of events that are satisfied within 16 min. You can make it more or less but essentially I’m looking for SSH logins for more than 16 min.
I set Event #1 in the correlation to be the “SSHd Session Open” Event from my alerts. I added Event #2 and set it to “SSHd Session Closed” which SHOULD NOT OCCUR in the next 15 min. This means event #1 will fire and within 15 min a subsequent event #2 will not fire. The definition of those events will be covered later and is outside the scope of this article. click next.
Step 5: Create Custom Event Field for User Name
Click Add Custom Field in the Fields item of the wizard. Set the name to user_name and click to make this a field key. Set the template to
And make sure you do not click the value is required. Click Next.
Step 6: Setup the Notification to Discord
In the Notifications wizard item, click on the Add Notification button.
Within Add Notification, you will set a descriptive title and description (I’ve again used the example they discussed in the Graylog blog video). You MUST select Notification type of Slack and you can change the highlight color. In the webhook URL field you will paste the URL copied from Step 3 above. Please append to the end of the Webhook URL “/slack” which will tell Discord this message has been formated for Slack and to handle that format type. You can specify the channel again and the custom message template. You can use your custom user_name filed in the message template. Click on the Execute Test Notification button to verify your test message is logged to Discord. Click Save and wait for your event notifications!
FreeBSD package management recently updated their Graylog package from 3.3.0 to 4.0.5 with enterprise plugins! This article is as-of April 2021 and you should upgrade your FreeBSD os or Jail version to 12.2 and upgrade your packages (see below).
[rich@graylog ~]$ uname -a FreeBSD graylog 12.2-RELEASE-p6 FreeBSD 12.2-RELEASE-p6 f2858df162b(HEAD) TRUENAS amd64 [rich@graylog ~]$ sudo pkg update Password: Updating FreeBSD repository catalogue... [graylog] Fetching packagesite.txz: 100% 6 MiB 3.3MB/s 00:02 Processing entries: 100% FreeBSD repository update completed. 30499 packages processed. All repositories are up to date. [rich@graylog ~]$ pkg search graylog graylog-4.0.5_2 Tool for centralized log collection [rich@graylog ~] sudo pkg install graylog
Now Graylog software is written in Java and distributed as JAR (Java ARchive) files so you really don’t need to wait for FreeBSD packaging to upgrade your server. In fact, just a few weeks before I wrote this I had upgraded the server manually by downloading the latest Graylog Jars from graylog.org website and putting them in the appropriate server directory. This works but was very manual and could be prone to error. The FreeBSD package automates everything and makes it simple I will not discuss my manual upgrade process and suggest to you to just use the official package noted above (v4.0.5). I even applied the FreeBSD package over my manual upgrade and it handled everything gracefully (by backing up the jars I placed as .prev versions).
There are numerous enhancements to Graylog and the software pkg upgrade process was relatively straight forward. PLEASE NOTE that I had to upgrade Elasticsearch to either version 6 or 7 (I was on version 5). This is noted in the FreeBSD graylog-4.0.5_2 pkg release notes that you must upgrade Elasticsearch (it doesn’t tell you how).
If you attempt to start the graylog service on your FreeBSD instance without first upgrading Elasticsearch and you are running version 5 or below then the web interface will fail to start and the graylog server will repeatedly log an error connecting to Elasticsearch.
If you have data in your Elasticsearch version 5 instance and you use FreeBSD package manager to install elasticsearch6 then it will upgrade the binaries and remove the elesticsearch5 package. It left the data intact in my experiance and I had to do a bit of editing of the elasticsearch config yaml file to start the new elasticsearch6 instance. The edits were very minor. I essentially had my old version 5 yaml config file up and diffed it against the new version 6 example and updated accordingly. I didn’t take notes of my edits but again they were version small.
You may also need to update your graylog config xml file although your mileage might vary. The connection details to elasticsearch changes slightly from my version 5 to version 6 so I had to edit in graylog config.
I restarted the graylog service again and tailed the /var/log/graylog/server.log to verify that it successfully restarted. I was able to login again to the web interface and verified none of my data was lost and that my graylog server was healthy. I took an immediate archive of the data to compressed gzip tar file just in case. The reader will note I took a backup after the upgrade not before… I should have taken a backup before if I was being truly risk averse as a rollback option. tsk, tsk on me…
New Graylog Features of Note
Dark Interface Mode
Slack & Discord Notification Support (I’ve discussed Discord Notifications in another post)
So I finally set myself up on Twitch tonight and streamed for an hour of Mega Man 2; I had zero viewers… Listen, I wasn’t expecting a following and primarily I did it to push myself. I’m using a 100% open-source platform for twitch streaming using OBS (open broadcast system studio) running on Pop OS Linux. I’m using an open source live split software called flitter. It’s within an xTerm (don’t use alpha channel enabled terms in OBS) and it uses a simple text file for configuration. I’m using Higan for my NES/Famicom emulator with a rom of Mega Man 2 that runs at 60 frames per second. And I have a camera on me while I’m playing to capture the reactions. All on one computer (not a particularly powerful one btw) running Linux and streaming the output to Twitch. I now have one follower, my son.
My son imparted some of his hard earned wisdom on Streaming to me. He said make sure your audio quality is good. Get a good mic, test the levels and make sure I’m speaking over the game (but you can still hear the game audio). He said this is really important. The video can be sorta crappy but the audio quality better be good. He recommended a few good quality mic’s and he uses an external audio mixer to set the mic levels. He also recommended I record, not stream for the first few sessions and then watch it back to make sure it sounds and looks good.
Why am I doing this? A few reasons. One, I like Mega Man 2 and the challenge of playing it well and getting a decent speedrun appeals to me. I’ve watched some of top speedruns and they so some crazy stuff. Two, I want to prove that you don’t need Windows 10 to do streaming/speedrunning — Linux and open source software is perfectly viable for Twitch streaming. Three, I wanted to prove to Cam that he can do all his creation/streaming/broadcasting if he switched to Linux. What do you think? Any games you’d like me to play? Leave a comment to let me know. My Twitch handle is rpavlovsky but I might change it, I don’t know…
So much has happened in the last few weeks. Texas was hit with the worst snowstorm I think in recorded history. The snow in Houston didn’t look that bad via photographs but trust me. It was icy, heavy sleet and snow — not that fluffy stuff you ski on. Of course it cause havoc on our electrical grid and our water pipes. Thankfully all in my neighborhood are well and the weather is now in the 70’s! I’ll post a few more pictures when I have some time.
I lost power along with most Texans for large parts of early last week. Power has been stable since last Thursday. The last snow and ice melted last Saturday (so it was on the ground for a good 5 days). The worst days for me were Tuesday and Wednesday when we have the rolling power outages.
Lastly, I needed to update my SSL cert for this website which I’ve now done. Silly me for taking so long to do that; I had a bit on my plate.
A new year of horse riding lessons for Ella. I decided to bring along the Canon DSLR’s with a standard lens and the telephoto and challenge myself to shoot in Manual (M) mode. The cameras were my EOD 50D and EOS 30D cameras that I purchased from Goodwill (secondhand). It was dark in the barn which is no problem for the human eye but quite a challenge for the budding photographer.
As I type this, 2020 is approximately 11 hours from finishing (at least in my part of the world). My upstairs air conditioner decided to fail in the last few days of the year and guess what? It’s not under warranty. Effe you 2020! Ugh.
Here is hoping for a brighter 2021; I mean it’s always darkest before the dawn, right!?!
<from NASA>Skywatchers are in for an end-of-year treat. What has become known popularly as the “Christmas Star” is an especially vibrant planetary conjunction easily visible in the evening sky over the next two weeks as the bright planets Jupiter and Saturn come together, culminating on the night of Dec. 21.</NASA>
This photo was taken with my Canon 50D using a 300mm lens. I’m not super knowledgeable on all things Camera. The full RAW image is huge, this is a small export of it taken from my front porch in Cypress, Texas.
I setup a photo studio in my office. I have a green screen, Cameron’s recording lights and the Cannon 50d on a tripod tethered to my computer. It’s a complex setup. I’m using FOSS called entangle (to capture) and the Gimp with Darkroom plug-in to open the Canon RAW image files. I’m learning about f-stop and ISO speed. It’s all complex and I’m out of my depth a bit but it’s fun. It’s been a while since I’ve messed around with Adobe Photoshop. I’m trying to relearn a skill on Gimp and it’s a bit different. I’ll get the hang of it sooner or later.