Thu Nov 8 14:54:54 CST 2012

GELF2 timestamp to something human readable

I do this a lot, putting it here so I never have to remember how I did it: cat somegelflog | perl -e 'while(<>){m/timestamp.:(\d+)\./;print scalar localtime($1)," ",$_};'

Posted by arreyder | Permalink

Thu Nov 8 14:50:15 CST 2012

Get the IPv4 addr on a specific interface under Linux

I do this differently every time so I figured I'd make a note for myself here this time: `ip addr show dev eth1 | awk '/inet / {print $2}' | cut -d"/" -f1`

Posted by arreyder | Permalink

Mon May 23 08:32:53 CDT 2011

Live remote display of packet capture with Wireshark.

I would never do this on a really busy server without a narrow capture filter, but it's a handy trick when the situation will allow it: 'wireshark -k -i <(ssh omessenger0 'sudo tshark -i eth1 -w - not port 22')'

Posted by arreyder | Permalink

Sat May 21 09:24:00 CDT 2011

Oh yeah... I'm a Racker now! :)

I was having a bad day at work and griped about it on irc. A few hours later I was approached by three different people about coming to work for them. Each of them people I respect very much in many ways. I ended up doing a whirlwind interview week out in Cali during which I started to get a very bad cold. First group was a start-up and I was very impressed. They made me feel very welcome the role had some key elements that were way too far out of my comfort zone. When you have limited funds, there's a lot riding on getting everything right the first time and I was afraid I'd let these guys down. I expressed this to the gentleman trying to hire me, and he patted my on the back and in the most assuring voice ever said, "I know you can handle it." I'm sure I could have and probably should have given it shot. It was very difficult saying no to those guys. Chances like that do not come often for old guys like me living in Iowa. I took the second gig at a recently purchased start-up, I was miserable from the cold by the time the third all day long interview with a red-eye flight rolled around. I canceled and took an earlier flight home. Never know what might have been in store for me there. -- So 4 months later. I work with the most awesome people ever, and I feel like I am contributing some value. At least of the guys bothers to tell me that now and then. I really appreciate it. It's a dream job, with only one catch. I work from home and miss out on 90% of the fun going on at the office. I also work way too much. Work has replaced all my gaming time and much of the time I should be spending at the vineyard. Work's fun though. *Really* fun, but I need to make some room for the rest of the stuff that used to be in my life. Wish me luck!

Posted by arreyder | Permalink

Sat May 21 08:57:39 CDT 2011

Fun with Tshark: Decoding and displaying select Mysql fields from a packet capture.

tshark -T fields -eframe.time_epoch -emysql.query -emysql.row.text -emysql.message Useful! I use the time stamps to merge in other info about the system and what else was going on at the time of each query. Examples of data that it might make sense to merge in, HTTPD logs, vmstat info from the local system, iostat, etc...

Posted by arreyder | Permalink

Thu May 7 09:40:13 CDT 2009

Searching with Solr

Quite a while back I started playing around with Apache Lucene's Solr document indexing/searching tool. Very nifty and simple to use. My first project was to index the Apache HTTPD documents. This was a big learning experience, until this point I had never done a bit with XML or XSLT. The first challenge was to write an XSLT that would take a HTTPD xml document and transform it into the format Solr required for indexing. This was the only challenge and looking back now I can see how much of a terrible mess I made of something that is really quite simple. The results of that initial encounter with Solr can be seen here . It is by no means perfect and in great need of updating, but is still quite useful. -- My next challenge with Solr was issued by noodl aka Vincent Bray. He had a client ( that was using a MySQL database for searching a catalog of books. For whatever reason, the results were not satisfactory. With a copy of the database I went to work and in very little time had a PoC in place showing how well it could work and how easy it was to pull off. Noodl ran with it and the resulting solution satifisfied his clients. -- My latest challenge is indexing all of the Apache Software Foundations public mailing lists. A perfect task for Solr. The issue here is volume. LOTS of email to be indexed and every possible violation of an mbox format you could ever hope for. My single threaded approach to document indexing had to be adapted if I wanted the indexing to complete in my lifetime. My efforts on this task are ongoing. Simple searches work great, but I'm taking this one to the next level using Solr's faceting. I'll publish a link to the results when I have something more interesting to look at. In the meantime if you have some documents that you'd like to make searchable, have a look at . Hit me up if you have any questions.

Posted by arreyder | Permalink

Tue Feb 17 19:11:00 CST 2009

Fun with Window Scaling

Frustration at work continues. My favorite psuedo admin is at it again. Today's cluelessness is around tcp tuning. More specifically tcp windows and all the little bits related. If your machine is on a phat 1g pipe with less than 1ms of delay and you have your max window size set to 65536 you might be a moron. If your netstat -s shows over 7 million socket overruns on your receive buffer after only 12 hours of uptime and you do not see the signifigance of that, then you just might be a moron. If your cpu is spending 99% of it's time idle and your Fiber Channel Attached disk is yawning at the whopping 400Mbs you are tossing at it yet you still want to blame the SAN, then yep, you are a moron. If your machine is spewing out "ZeroWindow" messages and the network guy tells you that "You" are the bottleneck and you ignore him, you are a moron. Lastly, if the local point and click MS Windows admin is able to overrun your big chunk of IBM Iron with his little HP dl385, you are one sad fracking piece of crap unix admin. Please consider a job change, you suck and we're tired of your laziness and self afflicted ignorance. Now if any of you readers are clueless about why tuning your tcp stack for optimal window size is important I'm offering a sliding window of my own in which to educate you. Shoot me an email, find me on irc, whatever. I promise not to call you a moron. (out loud):)

Posted by arreyder | Permalink

Mon Feb 9 07:30:32 CST 2009

Pruning time.

This weekend was the first round of pruning at the vineyard. We had a bit of trouble with disease last summer and this winter was one of the coldest on record. The Edelweiss did not fair well but the GR7 appear still strong. Depending on how things go this year we may end up doing a renewal on the Edelweiss. I'm going back tomorrow to finish up pruning and pick up all of the cuttings.

Posted by arreyder | Permalink

Wed Oct 1 08:53:14 CDT 2008

TG duty

Looks like it is official, I'm cooking the meat for Thanksgiving Day on my WSM. Chicken may be the bird this year, not ready to try a turkey. Stay tuned to see how this goes!

Posted by arreyder | Permalink

Wed Oct 1 08:50:29 CDT 2008

Cisco TCAM

Learned some interesting stuff over the last week while investigating processor load on the 6513 and TCAM capacity issues. First off, having a log line anywhere in an ACL will cause the access-list to be processed switched. On a busy interface this can really beat up the cpu. There are ways around this that have something to do with OAL, optimized access-list logging. Looking into that now. Second interesting find on the 6513 is that SLB also uses a fair chunck of TCAM to do it's job so it's not good to leave stale vservers in service if you are not using them. Some ACL optimization and pruning out of stale SLB stuff freed up quite abit of TCAM, allowing for the ACLs to be hardware switched recusing the processer load on the 6513 from 99% down to around 7%. All this from just pruning some lists, turning off logging and cleaning up slb.

Posted by arreyder | Permalink