Tales of an IT Nobody

devbox:~$ iptables -A OUTPUT -j DROP

PHP 7 Roundup: Chainable ternary awesomeness. April 12, 2015

Feast your eyes on this: https://wiki.php.net/rfc/isset_ternary

This eliminates quite a bit of ‘noise’ and ‘fluff’ use in any display logic, it’s a new ternary operator that allows you to quickly set a default without doing the isset() dance.

This has a limited affect if you use a templating engine like Twig, but it’s still very nice if you have to do some quick and dirty default setting at the code level for display.


No Comments on PHP 7 Roundup: Chainable ternary awesomeness.
Categories: php programming

A better way to give Logstash permissions to your logs

So you’re ready to rock out Logstash to ship your logs – there’s one little headache: You still need to give it access to your files. Chances are, you want “all of the files!”

The internet will (at the moment) instruct you to use “setfacl”, or various chown/chmod techniques or even add logstash to various groups.


Why setfacl won’t work

Logrotate can be scripted, but sudo-io (sudo logging) can’t. There are other exceptions where logs not managed by logrotate don’t persist setfacl settings.

Why chmod/chown and adding “logstash” to groups its a bad idea

You’re making too many exceptions, and relinquishing flexibility to give access to the logs in a normal basis. (meaning, not using something like setfacl, but instead normal linux groups)

Then what works best?

It’s so clean and tidy: either through mount –bind or  bindfs.
Feast your eyes on this:


OR (in the case of ext4)

You’re given a tidy ‘ro’ binding of the /var/log dir ONLY readable by the logstash reader.

I hope this helps those who want to ship “all of the things!” – this is a good separation of concerns for managing logstash access.

‘bindfs’ is available in the default Debian repos as well!


No Comments on A better way to give Logstash permissions to your logs
Categories: Uncategorized