In my earlier post about ELK over TLS, I left syslog as plaintext over UDP. I’ve since been looking into how to use TLS to encrypt the TCP transport for syslog, and mutual authentication using certificates as laid out in RFC 5425. I’m not really interested in using DTLS. I just happen to be using the same VM as the CA and the rsyslog server, but the CA server should be a totally separate machine, probably even air-gapped; the client is a different VM.

After the recent shenanigans regarding macos VFIO being broken in 5.6/5.7 kernels, the Debian qemu 5.0-6 package stopped booting macos whatsoever! Rolling back to 5.0-5 fixes things, as does compiling from source the release tagged v5.0.0 or even v4.2.1 So I raised a bug report to the Debian packagers, who identified the patches they got from upstream since 5.0-5 but with no real idea which one broke things. Next I raised a bug on the upstream qemu launchpad where they recommended a git bisect, which basically consists of working backwards from git/master to tag/v5.

Like a lot of people, I’m wanting to replace Splunk. To that end I’ve been looking into Elasticsearch. My prerequisites are: Replace Splunk Enterprise (or Splunk Free) with Elastic and its web UI Kibana; Replace Splunk Forwarder with Filebeat; Consume syslog over UDP using rsyslog; Use TLSv1.2 or better; Have an easy to deploy, low-resource client; Not use the resource-hungry Logstash. So I’ve downloaded the RPM’s for the stack I want to use (some extra beats to play with too) and we’ll also install a JDK and a couple of rsyslog modules for later, this was all for CentOS 8.

I decided to go all SSD in my T5610 as I could use the speed and wanted to get rid of the extra SATA cables, power splitters, 5.25" caddy, hard disk and an old SSD running on SATA2 etc; it also will pave the way for adding an NVMe when the prices fall a bit, and passing through an SSD to KVM for nested ESXi, although I found it doesn’t speed up a SUSE install at all over qcow2.

I’ve been having another go at learning to wire up ethernet cable, specifically CAT6 cable. I’d previously tried CAT5 years ago and gave up as I was useless at it. Well turns out one of my line testers was knackered, so maybe I wasn’t so bad at it after all?! Also I found this video which shows how to unwind the conductors using the spare bit of sheath that you’ve just removed - it really does the job and saves your poor fingers: