Showing posts from January, 2017

Latest Post

Fluentd error: Unable to push logs to [elasticsearch]

After application deployments, Kibana stopped showing logs exactly after 7 days. The error "Fluentd error: Unable to push logs to [elasticsearch]" was shown in the fluentd logs. The initial response was to increase the buffer limits for fluentd as follows:

chunk_limit_size 10Mqueue_limit_length 256
The behavior occurred again after two weeks, which led to the same error. On closer investigation, the error was preceded by the statement "Failed to write to the buffer." This led me to inspect the fluentd configuration again and found the following code in the buffer part which caused the fluentd buffers to be filled as per the official documentation on Fluentd :
overflow_action blockThe fix for this overflow_action is to change from block to drop_oldest_chunk, allowing the fluentd logs to flow seamlessly to the elastic search by dropping the oldest logs in the buffer.
  <buffer> @type file path /var/log/fluentd-buffers/kubernetes.system.buffer flush_mode inter…

Oracle Audit Vault on Hyper-V

Generally Hyper-V is not recommended for the installation of the Oracle Audit Vault. Due to the lack of options available, Hyper-V was required.

Installation wasn't initially happening as OAV was unable to detect the network adapter. The default Hyper-V network adapter is defined as Synthetic. As per one blog, we have to use legacy network adapter for OAV on Hyper-V. The installation proceeded after this step. However on completion of the installation, the OAV VM was unreachable.

Finally I removed the legacy network adapter and replaced with the synthetic network adapter.
I then used the script from Daniel's Tech Blog which assigns the virtual network and IP address from the SCVMM virtual network IP Address pool. I then manually assigned the same IP assigned from the SCVMM into OAV and it started to work.