zabbix monitoring log

When I read the official document of Zabbix, /var/log/syslog,error is described, so it seems not in monitoring log.

I can not find it even if I look at the directory of /var/log/. What is it?

Perl session

#! /usr/local/bin/perl

use strict;
use warnings;

# 環境依存
use lib "$ENV{DOCUMENT_ROOT}/lib/perl5";
use lib "$ENV{DOCUMENT_ROOT}/lib";
use lib "./lib";

use CGI qw|:standard|;
use CGI::Session;
use Password;

my $title = "セッションID管理テスト";
my $expire = "+1h";
my $encode = "UTF-8";

# データベースを使うところを省略
my %User ('hoge'=> {pass => q|$1$hEeN3T%+$CRKHRxko1cWGNjE69mTNw.|});

my $cgi = new CGI;
print $cgi->redirect( -uri=>'http://'.$ENV{SERVER_NAME}.$ENV{SCRIPT_NAME}, -status=>301) and exit if $cgi->param('CGISSID');

my $sid = $cgi->cookie('CGISESSID') || undef;

my $session = CGI::Session->load(undef, $sid, {Directory=>'./data'}) or die CGI:Session->errstr();
Error("Your session time out! Refresh the screen to start new session!") if $session->is_expired;
$session->expire($expire); #有効期限の設定
#$session->expire('+1m');

if($session-> is_empty){
	$session = $session->new(undef, $sid, {Directory=>'./data'}) or die $session->errstr;
} #取得したセッションidが有効ならそのまま、無効なら別のidを発番

my %param = $cgi->Vars();
my @message;

if ($session){
	if (my $action = $param{'action'}){
		push @message, forget() if $action eq 'forget me'; # セッションの削除依頼
		push @message, loguout() if $action eq 'logout';  # セッション内のログインステータスを初期化
	}

	$session->save_param($cgi); # 入力値をセッション内に保存
	$session->clear('pass'); #パスワードの平文保存を回避
	push @message, login($session->param('username'), $param{'pass'}) if $param{'action'} and $param{'action'} eq 'login';
	push @message, $session->param('username')? confirm(): ask();
} else {
	push @message, ask();
}

print $session->header ( -charset => $encode),
	start_html( -title => $title, -encoding => $encode, -lang=>'ja'),
	@message,
	a({href=>$ENV{"SCRIPT_NAME"}}, '戻る',),
	end_html(),
;

sub Error {
	my $msg = shift;

	print $session->header( -charset => encode),
	start_html( -title => "エラー / " . $title, -encoding => $encode, -lang => 'ja'),
	h1("エラー"),hr();
	p(strong($msg)),hr(),
	a({href=>$ENV{"SCRIPT_NAME"}}, '戻る',),
	end_html(),
};
exit;
}

sub forget {
	$session->clear(['username','firstname','lastname','like','action','login']);
	$session->close;
	$session->delete;
	return h2("we've forgotten you!");
}

setting virtual host

# sudo cat /etc/httpd/conf.d/hoge.conf
<VirtualHost *:80>
DocumentRoot /var/www/html/tv
DirectoryIndex index.html index.php
ServerName www.hoge
ServerAlias on-tv.fun
CustomLog logs/hoge-access.log common
ErrorLog  logs/hoge-error.log
AddDefaultCharset UTF-8
<Directory "/var/www/html/tv/">
AllowOverride All
</Directory>
</VirtualHost>

# /etc/init.d/httpd graceful

Not reflected unless restart.
Also modify google developer console.

cpanm Net::Amazon::S3@0.86

[vagrant@localhost ~]$ cpan App::cpanminus
[vagrant@localhost ~]$ sudo yum install -y openssl openssl-devel
パッケージ openssl-1.0.1e-57.el6.x86_64 はインストール済みか最新バージョンです
パッケージ openssl-devel-1.0.1e-57.el6.x86_64 はインストール済みか最新バージョンです

[vagrant@localhost ~]$ cpanm LWP::Protocol::https
-bash: cpanm: コマンドが見つかりません
[vagrant@localhost ~]$ /usr/local/bin/cpanm LWP::Protocol::https
-bash: /usr/local/bin/cpanm: そのようなファイルやディレクトリはありません

Log collection

First of all, middleware for log collection can be divided into Push type and Pull type according to the data acquisition method.

Systems that transfer logs to a destination for which middleware is configured are classified as Push. Famously speaking, Apache Flume, Fluent, Scribe, Logstash etc are classified as Push type.

On the other hand, it is Pull type that the client side explicitly specifies and acquires necessary data for middleware that centrally manages logs. Apache Kafka and so-called PubSub models such as Google Cloud Pub/Sub and Kinesis Stream, which are not middleware, are classified as Pull types.


Source => Push type middleware that receives records. Corresponds to input in Fluentd.
Channel => An area to save until transmission of a record is completed in Push type middleware. Equivalent to buffer in Fluentd.
Sink => Push destination of record in Push type middleware. Equivalent to output in Fluentd.
Upstream => The side that sends the record.
Downstream => The side that receives the record.

AWS direct connect

AWS direct connect is a cloud service solution that simplifies building a dedicated network connection from premises to AWS. You can use AWS Direct Connect to establish a private connection between AWS and your data center, office, or colocation environment. This often reduced the cost of the network, improved bandwidth throughput, and provided customers with a more consistent network experience than Internet-based connections.

AWS direct connect allows you to establish a dedicated network connection between your network and one of the AWS Direct Connect locations. You can divide this delicated connection into multiple virtual interfaces using the industry standard 802.1q VLAN. In this way, public resources can be accessed using the same connection, using public IP address space, and private resources (for example, within Amazon Virtual Private Cloud).The Amazon EC2 instance running on can be accessed using private IP space, so you can separate the network between public and private environment. Virtual interfaces can be configured at any time as your needs change.

VPC NAT gateway

You can use Network Address Translation(NAT) gateways to allow instances from your private subnet to connect to the Internet and other AWS services, but not from the Internet to initiate connections with these instances.

It is “public subnet” that is set so that 0.0.0.0/0 (communication to the default gateway) flows to the internet gateway in Route tables is “private subnet”.

Since 0.0.0.0/0 flows to igw-xxxxxx (Internet gateway), subnet for which this route table is set is a public subnet.

Typical port numbers and protocols

– TCP 20: FTP
– TCP 21: FTP
– TCP 22: SSH
– TCP 23: Telnet
– TCP 25: SMTP
– UDP 53: DNS
– UDP 67: DHCP(server)
– UDP 68: DHCP(client)
– TCP 80: HTTP
– TCP 110: POP3
– UDP 123: NTP
– TCP 443: HTTPS
– WELL KNOWN PORT NUMBER 0-1023

When connecting to MySQL from the command line, you can specify the port number to connect to.
Use the -P option to specify a port number.
When port number specification is omitted (connected to default port number 3306)
[vagrant@localhost ~]$ mysql -u root -p
Enter password:

When specifying port number explicitly

[vagrant@localhost ~]$ mysql -u root -p -P 3306
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.6.44 MySQL Community Server (GPL)

Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql> Ctrl-C — exit!
Aborted

AWS firewall manager

AWS Firewall Manager is a security management service that makes it easy to configure and manage AWS WAF rules centrally across multiple customers’ accounts and applications. With the Firewall Manager, you can easily roll out the AWS WAF rules for the Application Load Balancer and Amazon CloudFront distributions across many AWS Organizations accounts. In addition, every time a new application is created, Firewall Manager makes it easy for new applications and resources to meet compliance with common security rules from day one. Now that you have a consistent set of firewall rules across the Application Load Balancer and Amazon CloudFront infrastructure, hierarchically build firewall rules, create security policies, and get single service to apply them.


1. Name web ACL
2. Create condition
– IP match condition
– String match condition, bad bot user agent
– SQL injection match condition, sqli checks
3. Create rules
4. Review and create