scadblog

From Apple’s TN2166, Secrets of the GPT:
“Be careful when doing a block-for-block copy of a GPT disk. The GUID in the partition table header that identifies the disk (and the GUIDs in each partition entry) are meant to be globally unique, and Apple’s system software relies on this feature. If you block copy a disk, you should consider whether it’s appropriate to set these GUIDs to new values.”

If you have these components, you have a booting Windows XP system.

1. An MBR.
2. Ntldr and ntdetect.com on the root of the drive.
3. boot.ini on the root of the drive with the contents referencing the Advanced Risk Computing (or ARC) Path to the WINDOWS directory.
4. ntoskrnl.exe and hal.dll in the SYSTEM32 directory.
5. A registry including a valid hardware profile and device drivers.
6. winlogon.exe and lsass.exe to get a login screen.

For some time now I’ve wanted to centralize my Linux Logs.  I’ve been stymied by the fact that a) there is something odd about Red Hat’s default Syslog package and b) I’m too stubborn to add a custom package (like syslog-ng) for the task.

Fortunately, the combination of a post to the Syslog user forums and patience and good fortune have led to a solution.

1. On the server, edit /etc/sysconfig/syslog and add -r to the SYSLOGD_OPTIONS to enable the server to accept remote logging on UDP 514.
2. Add *.* @server.address to the /etc/syslog.conf file on the client.  For Red Hat systems the server address should be indicated as 0.0.0.0 instead of 127.0.0.1 as you would for other Linux distributions.
3. Set up a process on the server that uses netcat to reroute incoming TCP traffic on some high, arbitrary port to UDP 514.  For example, nc -l -p 9999 | nc localhost -u syslog.
4. Set up a process on the client that uses netcat to reroute the outgoing UDP syslog traffic to some high, arbitrary port.  For example, nc -l -u -p syslog | nc localhost 9999.
5. Set up an SSH tunnel between the two machines that captures the traffic from port 9999 on the client and sends it to port 9999 on the server.
6. Watch your centralized Syslog entries fill up.