[00:17] <Patrickdk> sarnold, this is a ubuntu channel, head is not to be used in here :)
[00:17] <Patrickdk> arcsky heh?
[00:17] <Patrickdk> it's like one line
[00:18] <arcsky> Patrickdk: how?
[00:18] <Patrickdk> @syslogserver
[00:18] <Patrickdk> or for tcp @@syslogserver
[00:18] <arcsky> does not work
[00:18] <Patrickdk> where is your config?
[00:20] <Patrickdk> your doing something wrong
[00:20] <Patrickdk> I have done this to thousands of servers using rsyslog without issue
[00:20] <Patrickdk> using udp, tcp, and relp
[00:22] <arcsky> Patrickdk: http://pastebin.com/FYgWhWC7
[00:23] <Patrickdk> I'm suprised rsyslog runs at all with all that stuff
[00:23] <Patrickdk> comment out likes 61, 32, 64, and either 66 or 67
[00:23] <Patrickdk> what DOES your receiving side support?
[00:25] <sarnold> Patrickdk: what's wrong with HEAD? :)
[00:25] <Patrickdk> nothing, if done properly
[00:26] <arcsky> Patrickdk: its udp on the server side (syslog-ng) which works super
[00:27] <Patrickdk> and it is *listening* on 516?
[00:27] <Patrickdk> cause the *normal* port is 514
[00:27] <Patrickdk> so comment out all that stuff, 61, 63, 64, and 67
[00:32] <arcsky> Patrickdk: listning on 516 yes. udp. normal 514 yes. ok let try
[00:34] <arcsky> Patrickdk: no succes
[00:34] <Patrickdk> run, tcpdump port 516
[00:34] <Patrickdk> and see if you see any packets when syslog messages are generated
[00:36] <arcsky> nothing
[00:36] <Patrickdk> odd
[00:37] <Patrickdk> try putting *.* @192.168.168.199:516 before the $IncludeConfig line
[00:37] <Patrickdk> restart rsyslog, and see if tcpdump sees anything then
[00:37] <Patrickdk> maybe one of the included configs has a stop command
[00:38] <arcsky> Patrickdk: can it be something that i had syslog-ng running too?
[00:38] <Patrickdk> heh?
[00:38] <Patrickdk> ubuntu normally doesn't allow syslog-ng and rsyslog to be installed at the same time
[00:39] <Patrickdk> unless you work hard to break it
[00:45] <arcsky> case closed. thanks
[00:45] <sarnold> what ws it?
[00:46] <Patrickdk> we will never know
[00:46] <arcsky> :D
[00:47] <arcsky> i did install a fresh Ubuntu server and added *.* @192.168.168.199:516 and restarted it .. worked..
[00:47] <arcsky> thanks Patrickdk and good night
[00:48] <arcsky> must been conflict with syslog-ng
[00:48] <Patrickdk> well, normally, when you install syslog-ng, ubuntu uninstalls rsyslog
[00:48] <Patrickdk> :)
[00:49] <keithzg> Hmm, interesting, the current Windows 10 Technical Preview is unable to access SMB shares from our fileserver or any other boxes around the office network (all running 14.04, samba 4.1.6), immediately complains that "you might not have permission to access this network resource". Windows 8.1 and older clients connect just fine still.
[01:06] <WACOMalt> Hey folks. How can I allow ssh on more than the default port 22?
[01:06] <WACOMalt> standard ssh ports are blocked at my work, cant connect to my server
[01:07] <sarnold> WACOMalt: see ListenAddress in sshd_config(5)
[01:08] <WACOMalt> ah there we go
[01:08] <WACOMalt> should I just add a new line under "Port 22" with like.. "Port 25678" or whatever?
[01:08] <WACOMalt> currently my ListenAddress line is commented out, is that normal?
[01:08] <Patrickdk> yes
[01:08] <WACOMalt> ok
[01:09] <Patrickdk> not sure if multible are supported or not
[01:09] <WACOMalt> oh
[01:09] <Patrickdk> an iptables redirect rule could be used too
[01:09] <WACOMalt> would that more likely allow more than one port?
[01:09] <sarnold> oh heh there is a "port" config :) I found the listenaddress and didn't look further
[01:09] <sarnold> looks like multiple port commands can be given
[01:10] <Patrickdk> then yep :)
[01:10] <WACOMalt> awesome
[01:10] <WACOMalt> thanks for the info :)
[01:10] <Patrickdk> iptables redirect works for anything though :)
[01:10] <Patrickdk> it's a backup option
[01:10] <WACOMalt> ok, if this doesnt go I'll read up on that
[01:10] <WACOMalt> never done iptables stuff
[01:10] <sarnold> yeah, but the nice bit about config is that netstat -anp will give the right answer :)
[01:10] <WACOMalt> ah, right
[01:11] <sarnold> if you do it via iptables it won't be as obvious..
[01:11] <WACOMalt> I dont mind it being obvious
[01:12] <WACOMalt> or do you mean obvious to my employer?
[01:12] <sarnold> obvious to whoever admins the machine :)
[01:12] <WACOMalt> that'd be me :)
[01:12] <sarnold> it'll be identically obvious to employers either way
[01:13] <WACOMalt> trying to remember the command to restart sshd on ubuntu. tried /etc/init.d/ssh restart and service sshd restart
[01:14] <WACOMalt> but the fact that it's not giving me status or kicking me out of my current ssh session tells me thats not working...
[01:15] <sarnold> sudo service ssh restart should do it
[01:15] <sarnold> it shouldn't disconnect existing connections either
[01:16] <WACOMalt> oh cool
[01:16] <WACOMalt> there we go, got it working
[01:16] <WACOMalt> thanks sarnold  and Patrickdk
[01:34] <SuperLag> I did "apt-get install lamp-server^". It installed mysql 5.5.41. If I download the .deb files for 5.7.6, is there an easy way to upgrade, or will stuff break?
[01:34] <WACOMalt> so this is offtopic I'm sure. Tell me to shut up if you want. :)  But is there any way when I am sitting at work, to test and see what ports arent blocked so I can set my ssh server to one of them?
[01:37] <sarnold> WACOMalt: not easily; nmap -p1-65535 ip.add.res.s would scan all ports on your host; if you see some "filtered" then those are being dropped by a firewall, but firewalls can be configured to reject packets too, in which case it might not be obvious which ones get through and which ones are just not open on your computer
[01:39] <sarnold> WACOMalt: note that a portscan like that is liable to set off some blinking luights at your employer... if they closely monitor things, this one is liable to show up.
[01:40] <WACOMalt> Well, I'm a lower level tech specialist guy. They dont mind me getting around so much
[01:40] <WACOMalt> as long as they dont have to make a door for me :)
[01:41] <sarnold> probably port 80 just works :) do you need a web server:)
[01:43] <WACOMalt> I do :(
[01:43] <WACOMalt> thats the main feature of this server
[05:50] <dtscode> can someone help me with these errors? https://bpaste.net/show/514c1b3e8eb5
[06:02] <dtscode> anyone?
[07:35] <lordievader> Good morning.
[08:20] <marus> hello, is there a good way to restore file/folder from encrypt filesystem?
[08:22] <jpds> Unlock the filesystem?
[08:22] <lordievader> marus: If you have forgotten the password then you've lost the files. That is the whole point of encryption.
[09:38] <arcsky> rsyslog.conf, *.* sends all from /var/log right? even dirs?
[09:47] <jpds> arcsky: No.
[09:47] <jpds> arcsky: It sends what's sent to syslog.
[09:47] <jpds> arcsky: Do you use Puppet by any chance?
[09:48] <jpds> arcsky: Apache for example doesn't log to syslog.
[09:52] <arcsky> jpds: nope i dont use puppet. how do i send evryhing in /var/log to a external syslog?
[09:53] <jpds> arcsky: You can't.
[09:53] <jpds> arcsky: That's what I was telling you yesterday.
[09:54] <jpds> arcsky: Best you could do for that is rsync everything somewhere else.
[09:55] <arcsky> ok
[09:56] <arcsky> to bad , rsyslog
[09:56] <jpds> rsyslog works fine.
[09:56] <jpds> It's just that not everything is made to log to syslog.
[09:56] <jpds> I wouldn't want my Apache stuff in syslog.
[09:57] <jpds> I'd rather every site logged to its own log.
[10:00] <arcsky> jpds: if i do login with ssh with wrong passwd. it get logged to auth.log is that a part of syslog right?
[10:00] <jpds> arcsky: Yes.
[10:02] <arcsky> jpds: ok i understand
[10:02] <arcsky> so if i want for example httpd logs i have to use rsync?
[10:03] <jpds> arcsky: Yep, just for /var/log/apache2/ though.
[10:04] <arcsky> oke rsync sends to syslog or only via ssh/samba/nfs ?
[10:04] <jpds> arcsky: rsync can go via ssh.
[10:04] <jpds> Much easier.
[10:05] <arcsky> ok
[12:11] <Lachezar> Hey all: Ubuntu Server Ubuntu 14.04.2 LTS: At apt-get upgrade: dmsg: Request for unknown module key 'Magrathea: Glacier signing key: ...' err -11
[12:12] <Lachezar> The dmesg line is repeated 11 times
[12:12] <Lachezar> What's wrong?
[12:20] <Lachezar> Hm. Is it possible, that a previous apt-get update+upgrade has replaced the modules for the current kernel (version), so now the modules are signed with one key, but the kernel that was loaded has a different key? Because I can see "Loaded X.509 cert 'Magrathea: Glacier signing key: ...'", but the key does not match…
[12:22] <Walex> Lachezar: web search for "Magrathea: Glacier signing key"
[12:24] <jpds> Lachezar: I think that there's a different key for every kernel.
[12:25] <Lachezar> Walex: already did that. Nothing helpful.
[12:26] <Lachezar> jpds: I remember, that I had an update that upgraded the kernel packages WITHOUT installing new packages, but rather upgrading the current ones. This seemed odd, as almost every time I get a kernel upgrade the new kernel comes as new packages. I was not sure if it was something to be warned about.
[12:28] <Lachezar> jpds: Might that be the reason for having the same kernel (version): history.log:Upgrade: linux-image-extra-3.13.0-46-generic:i386 (3.13.0-46.76, 3.13.0-46.77) ...
[12:37] <pmatulis> Lachezar: boot into the old kernel and see
[13:13] <Lachezar> pmatulis: I am booted into th eold kernel.
[13:14] <Lachezar> pmatulis: The kernel update did not request a reboot, so I'm still sporting the kernel before the upgrade, possibly with modules after the upgrade. Looks like a botched partial upgrade. I've scheduled a reboot at night. Will see tomorrow.
[15:27] <smoser> randomly speaking out loud, wondering if someone has a solution for this.  i want to log consoles of libvirt domains with conserver-server
[15:28] <smoser> but if the domain isnt running, then 'virsh console <name>' will fail, and eventually conserver-server will give up
[15:29] <smoser> it seems like you could poke at conserver-server on libvirt events to tell it to re-read or re-try its consoles... i'ms ure thats all possible. but just wasn't obvious
[15:29] <smoser> and i was somwhat surprised to not know of a solutoin
[15:37] <smoser> s/not know/not find/
[15:40] <rbasak> smoser: maybe wrap it?
[15:40] <rbasak> smoser: in something that retries indefinitely. An expect script maybe.
[15:41] <rbasak> (as it wants to provide a TTY really)
[15:41] <smoser> right. yeah, thats what i thought. and libvirt provides a way to get events for start stop of the thing.
[15:41] <smoser> so its possible
[15:41] <smoser> i just kind of fifugred someone would have odn ethis beofre.
[15:41] <smoser> typos aside ;)
[15:42] <helpseeker> Hello
[15:43] <helpseeker> I need some help for using ubuntu server for an idea I had
[15:43] <helpseeker> Is someone in here which can advise me
[15:43] <smoser> well, you can ask. someone might respond. maybe not.
[15:43] <helpseeker> okay thx
[15:44] <helpseeker> I have a team in a game with five guys
[15:44] <helpseeker> And I have a root server with ubuntu 14.04
[15:44] <helpseeker> We want that server to recieve some streams
[15:44] <helpseeker> one stream is a livestream from a game
[15:45] <helpseeker> five webcams with streams from five different computers
[15:45] <helpseeker> the server has to add these six streams into one and forward that to twitch
[15:45] <helpseeker> is this possible?
[15:46] <helpseeker> not "add". the better word is "merge"
[15:47] <helpseeker> on the right: game-strem; on the left five webcams in a vertical row
[15:48] <helpseeker> I do not find any solution for that by googling that or get any answers by some forums
[15:48] <jrwren> helpseeker: yes, it is possible. it has nothing to do with ubuntu-server. You would need to write software to do this.
[15:49] <helpseeker> Ok, I thought someone built that before and I did not find it
[15:50] <helpseeker> What kind of tutorial would you prefer in this case to get a solution?
[15:51] <helpseeker> Or what type of software do you mean? A addon maybe for a darwin-thing?
[15:59] <Blinkiz>  Hello. Am running ubuntu 14.04 and have a openvpn server running in a unprivileged container. My problem is that the container can not access /dev/net/tun. How can I solve this?
[16:00] <Blinkiz> oh, talking about LXC here
[16:10] <ivoks> Blinkiz: two ways
[16:10] <ivoks> Blinkiz: run container as root
[16:10] <ivoks> Blinkiz: or allow container to access that device
[16:22] <Blinkiz> ivoks, hi. thanks for the suggestions above
[16:22] <Blinkiz> ivoks, I like the idea about giving the container access to that device. How can I do this?
[16:29] <Blinkiz> I have in my config file "lxc.cgroup.devices.allow = c 10:200 rwm". Is this what you mean allowing access?
[16:31] <ivoks> Blinkiz: yeah, something like that
[16:31] <ivoks> Blinkiz: i don't know it by heart
[16:31] <ivoks> i suggest googling lxc device passtrough
[16:31] <RudeViper> I just did a complete clean install of 13.04 (14.04 keeps failing for some reason - none given) - when I try to do a "sudo apt-get update" I keep getting lines and lines of "Failed to fetch http://*****" can someone tell me how to fix this?
[16:31] <Blinkiz> ivoks, the line is correct. Nice search string, will try that.
[16:36] <patdk-wk> RudeViper, 13.04 isn't supported anymore, it's too old
[16:36] <patdk-wk> you could update everything to use the archive repo though
[16:39] <RudeViper> patdk-wk - how do I do that?
[16:39] <patdk-wk> dunno, google?
[16:41] <RudeViper> oh this is great cause 14.041 won't work either
[16:41] <RudeViper> 14.04
[16:43] <patdk-wk> https://help.ubuntu.com/community/EOLUpgrades
[16:44] <patdk-wk> http://askubuntu.com/questions/91815/how-to-install-software-or-upgrade-from-an-old-unsupported-release
[16:48] <RudeViper> doing that now - maybe by upgrading that will solve the issues I was having with a clean install of 14.04
[16:59] <RudeViper> patdk-wk - thanks - that seems to be working
[17:08] <linocisco> hi all
[17:08] <linocisco> Good night or good morning
[17:17] <linocisco> hi all, lets say I have a domain name and single ubuntu mail server configured using domain name. If internet down to my server, and I dont wanna lose all emails, how could I do?
[17:18] <linocisco> if my internet is down for 1 day or 1hr due to some reason, how can I protect now to lose incoming emails especially during these period?
[17:18] <linocisco> if my internet is down for 1 day or 1hr due to some reason, how can I protect not to lose incoming emails especially during these period?
[17:21] <RudeViper> ok patdk-wk - have run those scripts - would you be able to tell me if there is a command to find out what version I am running now? Just to see if all went alright.
[17:22] <patdk-wk> cat /etc/release? or /etc/issue
[17:22] <patdk-wk> forget exactly
[17:23] <RudeViper> patdk-wk ok thanks - will run those as soon as updates are finished
[17:23] <patdk-wk> ya /etc/issue will show you
[17:24] <RudeViper> ok it is showing 13.10 - so have to do it again to get 14.04 - thanks - you have been a really big help
[17:25] <RudeViper> after I do this - I need to put a gui on it - for some stuff I need to do later- however - I don't want it starting with the server - tried before and it always starts on reboot - how can I prevent that from the get go?
[17:26] <patdk-wk> heh?
[17:26] <patdk-wk> was there a question in that?
[17:26] <RudeViper> yes - how can I prevent say xfce4 from starting with the server after I install it - I only want the gui to run when I call it manually
[17:27] <patdk-wk> disable the lightdm service?
[17:27] <patdk-wk> that I don't really know
[17:27] <RudeViper> ok - I'll keep looking while it upgrades again
[19:07] <Pwnna> does anyone here know why the memory cgroup are not started during server boot even tho cgroup_enable=memory is specified in the kernel boot options?
[19:07] <Pwnna> i'm very confused.
[19:08] <tgm4883> Alright everyone, been banging my head against this for too long. Probably missing something simple. I have a script that backs up mysql dbs and is supposed to scp files to another server. The SCP portion fails though, as it tells me the file isn't found
[19:09] <tgm4883> Here is the relevant portion of the backup script
[19:09] <tgm4883> http://pastebin.ubuntu.com/10581658/
[19:09] <Pwnna> https://pastebin.mozilla.org/8825330
[19:09] <tgm4883> The offending line being line 9
[19:10] <tgm4883> The error message I get is        scp: /srv/backups/MySQL/testdatabase.2015-03-11-12:09:51.gz: No such file or directory
[19:11] <tgm4883> This seems to indicate that $FILE  (or ${FILE}) isn't being seen, despite it echoing correctly in the previous line
[19:12] <tgm4883> It echo's something similar to /backup/mysql/testdb.2015-03-11-12:09:52.gz
[19:21] <tgm4883> actually just fixed it. Super weird, but scp didn't like colons being in the filename from the timestamp
[20:24] <keithzg> Anyone have any ideas on how to debug and/or work around Windows 10's inability to access samba shares? (at least those shared from 14.04)? I'm sadly seeing nothing in the main /var/log/samba/log.smbd when I make connection attempts.
[20:28] <keithzg> Windows 10 connect to the old version of Samba (3.4.4) running on the Drobo we have kicking around just fine, but every 14.04 machine I have (all running Samba 4.1.6-Ubuntu) results in an immediate failure to connect, just "you might not have permission to access this network resource", which, considering I've made sure to enable guest logins on all machines is definitely a mistaken impression on Windows' side...
[20:29] <keithzg> Of course it then admonishes me to "Contact the adminstrator of this server to find out if you have access permissions." Well thanks Windows, but I've talked to the admin, and he doesn't know why this isn't working because he's also me :P
[20:32] <keithzg> This is if I try to access the computer via SMB, ex. "\\eliot" as the path, If I try to access a share directly, ex. "\\eliot\public", then I get "Error code: 0x80004005, Unspecified error". Helpful!
[20:33] <beisner> keithzg, Win10 disables guest access by default.  http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/error-the-account-is-not-authorized-to-login-from/ffa63cc0-92d0-4639-9e3f-4d50100c1841
[20:35] <keithzg> beisner: Aha! Thanks, my google-fu was apparently failing me, I hadn't found that (weird that my text isn't actually the same, but it does seem to be the same error)
[20:36]  * beisner will have to do his annual fire-up-the-latest-windows-version vm some time soon.  prob win10 tech preview.
[20:37] <keithzg> Win10 tech was a bit problematic for a while, but the latest VirtualBox and its corresponding guest additions do finally support it well.
[20:37] <beisner> keithzg, i haven't messed with it personally, but i recall that being one of the 'secure(er) by default' changes.
[20:42] <keithzg> beisner: I'm a bit baffled by it, though, since it's not like Windows lets me attempt a user/password login, it just somewhat cryptically fails when it would have been able to log in, there's no option to even attempt a secure login. So they're forcing a relatively large change upon any servers/NAS's to support this behaviour. I'm not 100% sure they're wrong, by any stretch, but it does seem rather aggressive and a bit patronizing.
[20:45] <beisner> keithzg, fwiw, back when i used win+samba, i always made sure that my windows username/password sets also existed as linux usernames/passwords, and that those users were permitted in samba shares.   which, appears to be exactly what Win10 is urging.   i would bet there's a reg hack though to re-enable anonymous/guest.
[20:46] <keithzg> beisner: Oh, there's definitely a reg hack. I just got tons of flack from folks at my company when I tried to enforce precisely that, because folks around here really hate authenticating ever.
[20:46] <keithzg> beisner: Err, to be clear, I mean that I ran into flack when I tried to set things up how you did.
[20:46] <patdk-wk> give them the option to use 2factor auth
[20:46] <beisner> keithzg, the trick is this:   as long as your windows username and password Exactly match your linux/samba username and password, they will never be prompted to authenticate.
[20:47] <beisner> but they will authenticate nonetheless.
[20:47] <patdk-wk> are you using a AD server?
[20:47] <patdk-wk> if so, just bind to that, and let it import all those users
[20:47] <patdk-wk> no need to keep passwords in sync
[20:48] <beisner> ^ yes that's even better.   my example is a home network, a couple of kids devices connecting to shares.
[20:48] <keithzg> patdk-wk: Naw. Each Windows machine has a local login. Almost everyone runs around as Administrator (which also precludes having usernames/passwords on the Linux server to match each user). I've gotten very little traction trying to convince folks how bad of an idea this is.
[20:49] <patdk-wk> ya, that is extreemly painful
[20:49] <keithzg> Yup :(
[20:51] <keithzg> Registry hack it is, I guess. Le sigh.
[20:52] <patdk-wk> just push it out with a gpo :)
[20:52] <patdk-wk> after you setup AD :)
[20:58] <keithzg> haha