Practical experiences from every day IT

Month: June 2023

  • Set up an rsyslog server with multithreaded TLS encryption using stunnel

    If you run a rsyslog server using the rsyslog imtcp module with OpenSSL or GnuTLS enabled for encrypted communication support, chances are, as your infrastructure and/or log traffic grow, you will find out, that for TLS offloading, rsyslog is only able to use one thread of your multithreaded system. This is by design and until today, the imtcp module, which is also the only module supporting TLS, is not able to utilize multiple CPUs.

    The imptcp, also known as plaintext-tcp module however, does support multiple threads, but cannot do any encryption.

    In my case, I found that the only viable solution to multithreaded TLS offloading with rsyslog is to wrap stunnel in front of it, like this in /etc/stunnel/rsyslog-server.conf:

    (more…)
  • Data recovery from defective storage media using ddrescue and photorec

    Data recovery from defective storage media using ddrescue and photorec

    Recently, I found myself in the situation of having to undergo a large-scale recovery operation on a 15-year-old hard drive with a total runtime of nearly 70,000 hours. The drive had long suffered from numerous defective sectors and reading errors.

    The specific hard drive model in question was the SAMSUNG HD501LJ, a contemporary model widely used in systems of that time. It was later replaced by 750GB and 1TB models in the following years before the hard drive division of SAMSUNG was partially acquired by Seagate in 2011.

    The task at hand was not an easy one, as it involved:

    1. Safeguarding and reading as many data as possible.
    2. Making existing data available on the file systems.
    3. Locating and making available previously deleted data from the distant past.
    4. If feasible, writing the data onto a new storage medium of equal or greater size to restore the original system.
    (more…)
  • Compile HAProxy 2.8 with OpenSSL 3.0 and enable weak ciphers and protocols

    Compile HAProxy 2.8 with OpenSSL 3.0 and enable weak ciphers and protocols

    I was recently tasked with setting up a test environment to verify if it is possible to run the latest HAProxy with an up-to-date OpenSSL version and still support DES ciphers such as DES-CBC3-SHA.

    (more…)