XigmaNAS in a VM on ProxMox
I use XigmaNAS to
- expose mass storage via SMB/NFS
- offer syslog destination for log collection
Create a VM
Basics:
- CPU: 2 cores, type - host
- 12GB RAM, NO memory ballooning as PCI pass-through is used.
- Boot drive 16GB
- Machine: q35
Passthrough:
- SATA controller with some SATA SSDs attached.
- NIC
Install XigmaNAS
As usual:
- create local user
- enable ssh
- enable SMARTd
- ACPId - not in VM
- enable SMB, NFS as required
- NIC - first DHCP, then static to ensure router can always send syslog
Install Productivity Packages
Install the editor, htop:
sudo pkg install emacs-nox
sudo pkg install htop
sudo pkg install zsh
Change root shell
Edit /etc/passwd
.
Install and Configure Guest QEMU Agent
Install the guest agent:
sudo pkg install qemu-guest-agent
In GUI System / Advanced / loader.conf add:
Variable | Value | Description |
---|---|---|
virtio_console_load |
YES |
for qemu-ga to work |
qemu_guest_agent_enable |
YES |
|
qemu_guest_agent_flags |
-d -v -l /var/log/qemu-ga.log |
Restart xigmanas, verify that the agent works:
xigmanas: ~# service -v qemu-guest-agent status
qemu-guest-agent is located in /usr/local/etc/rc.d
qemu_guest_agent is running as pid 3104.
Email Setup
Configure XigmaNAS email to work with Gmail.
SysLog Collector
If you want to collect logs from your router and/or DHCP server, ensure the collector has a static IP address.
Relevant:
Out-of-the-box Functionality
XigmaNAS comes with syslogd, which can be configured in the XigmaNAS GUI to:
- accept messages from the remote servers: check Diagnostics / Log / Settings / Accept remote syslog messages.
- store logs persistently: in System / Advanced / rc.conf add:
Variable | Value | Description |
---|---|---|
clog_logdir | /mnt/_pool_/logs |
Log files location |
Then sudo /etc/rc.d/syslogd restart
.
Unfortunately syslogd is not flexible enough to store remote logs in separate files by source.
Use rsyslog for remote logging
- DISABLE accept messages from the remote servers
- DO USE persistent location
/mnt/_pool_/logs
for logs
Install rsyslog:
pkg install rsyslog
Verify the install:
rsyslogd -v
Update /usr/local/etc/rsyslog.conf
file:
global(net.ipprotocol="ipv4-only")
#
# Modules
#
#module(load="immark") # provides --MARK-- message capability
#module(load="imuxsock") # provides support for local system logging
#module(load="imklog") # kernel logging
$ModLoad imtcp
$ModLoad imudp
#
# Templates
#
# log every host in its own directory
$template RemoteHost,"/mnt/_pool_/logs/%HOSTNAME%//%PROGRAMNAME%.log"
# "/disk2/syslog/%$YEAR%%$MONTH%%$DAY%/%FROMHOST-IP%.log"
#
### Rulesets
#
# Local Logging
#
$RuleSet local
kern.* /mnt/_pool_/logs/messages
*.info;mail.none;authpriv.none;cron.none /mnt/_pool_/logs/messages
authpriv.* /mnt/_pool_/logs/secure
mail.* -/mnt/_pool_/logs/maillog
cron.* /mnt/_pool_/logs/cron
#*.emerg *
uucp,news.crit /mnt/_pool_/logs/spooler
local7.* /mnt/_pool_/logs/boot.log
# uncomment this to log all writes to /dev/console to /var/log/console.log
# touch /var/log/console.log and chmod it to mode 600 before it will work
#console.info /var/log/console.log
#
# uncomment this to enable logging of all log messages to /var/log/all.log
# touch /var/log/all.log and chmod it to mode 600 before it will work
#*.* /var/log/all.log
#
# uncomment this to enable logging to a remote loghost named loghost
#*.* @loghost
#
# use the local RuleSet as default if not specified otherwise
$DefaultRuleset local
#
# Remote Logging
#
$RuleSet remote
# reference to a RemoteHost template
*.* ?RemoteHost
# Send messages we receive to Gremlin
#*.* @@W.X.Y.Z:514
#
### Listeners
#
# bind ruleset to tcp listener and activate it
$InputTCPServerBindRuleset remote
$InputTCPServerRun 514
# bind ruleset to UDP listener and activate it
$InputUDPServerBindRuleset remote
$UDPServerRun 514
include(file="/usr/local/etc/rsyslog.d/*.conf" mode="optional")
Enable rsyslog start at system boot:
sysrc rsyslogd_enable=”YES”
sudo service rsyslogd start
Check:
sudo service rsyslogd status
To display listening sockets:
sockstat -l
Relevant:
- storing-and-forwarding-remote-messages
- linux-freebsd-windows-rsyslog-server-client
- log-aggregation-rsyslog
- configure-centralised-rsyslog-server
To test logging functionality, use logger:
logger -p local0.notice -t from_cmd_line "Test Message"
Update DHCP Server
Option 7, UDP log server, RFC 2132, carries the IP address of the syslog server that receives the client’s log messages.
Forward systemd journal to remote syslog server
Two options:
- configure journald to forward to syslog, the latter to forward to remote server. Should be fast.
- use rsyslog imjournal to ingest, then forward.
Use Logrotate
Install it with:
pkg install logrotate
In /usr/local/etc/logrotate.d/rsyslog
"/mnt/ssd/logs/*.log" {
daily
rotate 3
size 20K
compress
delaycompress
sharedscripts
postrotate
/usr/sbin/service syslogd restart > /dev/null 2>/dev/null || true
endscript
}
"/mnt/ssd/logs/pfsense.lan/*.log"
"/mnt/ssd/logs/U6-Lite/*.log"
"/mnt/ssd/logs/duo/*.log"
{
daily
rotate 3
size 20K
compress
delaycompress
sharedscripts
postrotate
kill -HUP $(cat /var/run/rsyslogd.pid) > /dev/null 2>/dev/null || true
endscript
}
To test:
logrotate -v -s /mnt/_pool_/logs/logrotate.status /usr/local/etc/logrotate.d/rsyslog
To test and to force rotation:
logrotate -v -f /usr/local/etc/logrotate.d/rsyslog
To create a daily cron job, create executable
/usr/local/sbin/rsyslogd-rotate.sh
:
#!/bin/sh
/usr/local/sbin/logrotate -s /mnt/_pool_/logs/logrotate.status /usr/local/etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0
Then in GUI System / Advanced / Cron add:
Command: /usr/local/sbin/rsyslogd-rotate.sh Who: root Description: Rotate persistent logs Schedule Time: Minutes - 15, Hours - 01