Syed Jahanzaib Personal Blog to Share Knowledge !

January 19, 2017

Windows User Login Logs

Filed under: Microsoft Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 7:12 PM

Disclaimer:
This is a reference post for myself, to recall it later when i need it.
There are tons of tools/apps that can automate such tasks,Example you can do it via GPO (if you are in domain environment), or use dedicated tools, or just simply sort views in event viewer.

But being lazy/blockhead or fond of fetching result using out of the box approach, I try to select method that works for me and which seems easy to me plus with some learning. You may follow the internet to get more elegant / less complicated solution. Read it just to add ideas on how dumb-heads like me doing there work in other dimension approach , lean so that you may enhance it or at least not follow it for many reasons ;). This was a drafted version, later I modified this task for more presentable formatting. Windows batch file is far behind in advance coding as compare to bash, but we understand the limitation dueo to Microsoft platform.

I used WINTAIL to view real time logging of the specific system. we can modify the scripting to any level we want it to be. example we can log this info at our linux based mysql server, email the event, etc etc 😀

Sky is the only limit !

Zaib!


Scenario#1:

We have a domain environment in our office. At one windows 7 workstation, we have some important application installed which is access by specific users Remote (RDP and Dameware remote app) session & dueto some specific issues, the management wanted to store its full logs for following events only …

  1. When user login to the workstation
  2. When user logoff from the workstation
  3. When user connect to any previous session, either local or by remote
  4. When user re-login to the system (unlock)

Following information should be recorded in simple log file at remote server

  1. Event Type: LOGIN OR LOGOFF
  2. RDP Client IP: If the user is logged in via RDP, his ip should be logged
  3. DAMEWARE IP: If the user is logged in using DAMEWARE remote app, his IP should be logged
  4. Remote Client PC DNS Name: Remote client windows DNS name should be logged
  5. Username: Domain User ID which is being used to logging to the workstation
  6. Computername: name of workstation on which user is logging to
  7. Date / Time

 


Solution using Windows Batch File [Drafted but tested Version on Windows 7 / 64bit]

Requirements:

  • grep
    [Linux tool for windows version]
  • sed
    [Linux tool for windows version]
  • login-log.cmd
    our batch file
  • task scheduler task to trigger it on different events we required

Download grep/sed and place all contents in its bin folder to C:\windows\system32 so that it can be accessed from any path.

login-log.cmd

@echo off
rem ### Batch file to be configured in Task Manager to log events 
rem ### to remote server log file
rem ### Syed Jahanzaib
cls
rem Create Backup folder if not exists already
set TEMPLOC="C:\BACKUP"
if not exist "%TEMPLOC%" mkdir %TEMPLOC%
set LOGLOCAL="%TEMPLOC%\LOCAL.LOG"
rem ### Log Server Folder where logs will be saved
set LOGSERVER="\\LOGSERVER\userlog\%USERNAME%.log"
set IPFILE="%TEMPLOC%\IP.TXT"
set COMPFILE="%TEMPLOC%\COMPNAME.TXT"
set IPADD=
set DAMWIP=
set COMPNAME=
rem ### Delete old holders adn tasks if any
del %IPFILE% 2> nul
del %COMPFILE% 2> nul
taskkill /F /IM nslookup.exe 2> nul

rem ### 
::# Get IP Address of local PC
for /f "skip=1 tokens=2 delims=[]" %%* in (
'ping.exe -n 1 %Computername%') Do (set "LOCALIP=%%*" & goto:exitFor1)
:exitFor1

rem ### Get IP address for any RDP session, IF ANY, 
netstat -na | find "3389" | find "ESTABLISHED" | awk "{print $3}" | sed s/:.*// > %IPFILE%
set /p IPADD=<%IPFILE%
IF "%IPADD%"=="" (
set IPADD=x
)

rem ### If no RDP session found, then skip nslookup to avoid any delay
set "filter=c:\backup/ip.txt"
for %%A in (%filter%) do if %%~zA==0 goto :skipname
nslookup %IPADD% | sed -n "4p" | awk "{print $2}" > %COMPFILE%
set /p COMPNAME=<%COMPFILE%

rem ### Check for any DAMEWARE remote app session and log its ip/name
:skipname
netstat -na | find "6129" | find "ESTABLISHED" | sed -n "2p" | awk "{print $3}" | sed s/:.*// > c:\damwip.txt
set /p DAMWIP=<c:\damwip.txt
rem echo %DAMWIP%
set "filter=c:\damwip.txt"
rem for %%A in (%filter%) do if %%~zA==0 echo no damw
REM goto :skipdamw
rem ### if no damware ip session found, make it null x
IF "%DAMWIP%"=="127.0.0.1" (
set DAMWIP=x
)

rem ### If there is no remote session for both RDP and DW , then set variable accordingly
:skipdamw
if "%DAMWIP%"=="x" goto :1
nslookup %DAMWIP% | sed -n "4p" | awk "{print $2}" > c:\backup\damwip.txt
set /p COMPNAME=<c:\backup\damwip.txt
goto :skip
:1
if "%IPADD%"=="x" goto :cond
goto :skip
:cond
set IPADD=LOCAL-LOGIN
set DAMWIP=LOCAL-LOGIN
:skip

if "%COMPNAME%"=="" set COMPNAME=LOCAL-LOGIN
REM --- SERVER LOG FILE
echo --------------------------------- >> %LOGSERVER%
ECHO LOGIN >> %LOGSERVER%
echo RDP Client IP: %IPADD% - / DW IP: %DAMWIP% / Remote Client PC: %COMPNAME%
echo Login User: %USERNAME% / To: %COMPUTERNAME% / Local IP: %LOCALIP% / %DATE% %TIME%
echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGSERVER%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGSERVER%
echo --------------------------------- >> %LOGSERVER%

REM --- LOCAL LOG FILE
echo --------------------------------- >> %LOGLOCAL%
ECHO LOGIN >> %LOGLOCAL%
echo RDP Client IP: %IPADD% - DW IP: %DAMWIP% / Remote Client PC: %COMPNAME% >> %LOGLOCAL%
echo Username - %USERNAME% / Computer - %COMPUTERNAME% / %DATE% %TIME% >> %LOGLOCAL%

echo --------------------------------- >> %LOGLOCAL%


Windows Task Scheduler Configuration >

task1

task-1

task2

 


Result:

Now you can open the log file at log server, or local pc as well.

 


LOGIN
RDP Client IP: x - DW IP: 10.0.0.58 / Remote Client PC: zaib.pc
Username - user.id / Computer - APPSRV / Thu 01/19/2017 14:31:36.68
---------------------------------
---------------------------------
LOGOFF -- APPSRV APPSRV Thu 01/19/2017 14:31:41.09
---------------------------------
---------------------------------
LOGIN
RDP Client IP: LOCAL-LOGIN - DW IP: LOCAL-LOGIN / Remote Client PC: LOCAL-LOGIN
Username - user.id / Computer - APPSRV / Thu 01/19/2017 14:33:11.35
---------------------------------
LOGIN -- user.id APPSRV Thu 01/19/2017 14:33:16.02
---------------------------------
LOGOFF -- user.id APPSRV Thu 01/19/2017 14:33:23.14
---------------------------------
LOGIN -- user.id APPSRV Thu 01/19/2017 15:35:03.51
---------------------------------
LOGIN
RDP Client IP: 10.1.2.250 - DW IP: x / Remote Client PC: seconduser.domain
Username - APPSRV / Computer - APPSRV / Thu 01/19/2017 15:35:04.54
---------------------------------


Scenario#2:

Log information of every user login/logout in %username%.txt in remote server folder .

Using Domain GPO , set it to execute login-log.cmd file at Startup


@echo off
echo LOGIN -- %USERNAME% %COMPUTERNAME% %CLIENTNAME% %DATE% %TIME% >> \\LOGSERVER\userlog\%USERNAME%.log

at remote log server, you can set permission so that user can only write in it, but not explore it.

permission


blah blah blah

Syed.Jahanzaib

January 6, 2017

Gathering Stats from remote Windows via Linux Shell

Filed under: Linux Related, Uncategorized — Tags: , , , , , , , — Syed Jahanzaib / Pinochio~:) @ 2:43 PM

Reference Post:

Following are few simple methods to query information for various instances like remote windows service status , performance monitor instance result with trimming , , execute commands on remote windows box , all being done from our beloved Linux boX 😉

I must admit that even after spending years in this field, I still feel myself very doodle, blockhead & light brain in almost every topic or subject I get confronted with ! STML plays an important role in my Deficiency  ‘_’    – 😉

ots1087__97717-1410905363-1280-1280


Executing command on remote windows server, and get its result in output

$WINEXE --user=$DOMAIN/$ADMINID%$ADMINPASS //$SERVERIP "C:\TEMP\COMMAND.EXE -syntax-if-any"

Note: above command requires WINEXE tool (Linux tools to execute command on remote windows)

Querying Remote Windows Performance Monitor Instances

Example, we have Forefront TMG 2010 and we want to see its Cache Hit % from our linux box shell, so we can use following command (It was real hard to escape nested double quotes :O )

This is very very useful command and it took few hours for me to trim the required result for plotting graph.

winexe -U domain/admin%"password" //MYSERVER 'typeperf -sc 1 -si 1 "\\MYSERVER\Forefront TMG Web Proxy\Cache Hit Ratio (%)"'

and with bash script I used it like

root@linux:/temp# cat tmg-cachehit.sh

#!/bin/bash
# Script to query TMG cache HIT after trimming
#set -x
IP="10.0.0.1"
DOMAIN="MYDOMIN"
ID="ADMIN"
PASS="PASSWORD"
TMP_HOLDER="/tmp/$IP.cache.hit.txt"
winexe -U $DOMAIN/$ID%"$PASS" //$IP 'typeperf -sc 1 -si 1 "\\101.11.11.6\Forefront TMG Web Proxy\Cache Hit Ratio (%)"' > $TMP_HOLDER
RESULT=`cat $TMP_HOLDER | sed -n 3p | awk '{print $2}' | cut -d "," -f 2 | tr -d '"' | cut -f1 -d"."`
echo $RESULT
echo $RESULT

Result:

tmg-cache-hit


Check remote windows service status

Example if we want to query service status result of Lotus domino mail server  from our linux box …

root@linux:/temp# net rpc service status "Lotus Domino Server (DLotusDominodata)" -I 10.0.0.1 --user=DOMAIN/ADMINID%PASSWORD

RESULT:

Lotus Domino Server (DLotusDominodata) service is running.
Configuration details:
Controls Accepted = 0x5
Service Type = 0x110
Start Type = 0x2
Error Control = 0x0
Tag ID = 0x0
Executable Path = "X:\Lotus\nservice.exe" "=X:\Lotus\notes.ini" "-jc" "-c"
Load Order Group =
Dependencies = /
Start Name = LocalSystem
Display Name = Lotus Domino Server (DLotusDominodata)

Allah Shuker


I used all above commands in various script for alerts and mrtg graphing. you can use it to fulfill any customized requirements.

Regard’s
Syed Jahanzaib

January 3, 2017

Ubiquiti Unifi Notes & Odd methods of acquiring Info

Filed under: Ubiquiti — Syed Jahanzaib / Pinochio~:) @ 9:49 AM

ubiquity


1- Odd method to acquire total number of active WiFi Clients

Bash script to acquire some info via UniFi controller like active number of WiFi clients connected with different UniFi AP LR in the company.


#!/bin/bash
# Script to query active clients by curl from unifi controller
# Syed jahanzaib / aacable . wordpress . com / aacable at hotmail dot com
# 2nd-January-2017
#set -x
# UniFi Controller IP and Port
IP="10.0.0.1"
PORT="8443"
COOKIE="/tmp/cookies.txt"
TMP_HOLDER="/tmp/$IP.active.wifi.clients.txt"
# pattern to match to count active clients using string matching
PATTERN="hostname"

# First Login to controller via CURL
curl -s "https://$IP:$PORT/api/login" --data-binary '{"username":"admin","password":"CONTROLLERPASSWORD","strict":true}' --compressed --insecure -c $COOKIE > /dev/null

# Download Statistics from controller using CURL
curl -s --insecure -b $COOKIE -c $COOKIE "https://$IP:$PORT/api/s/default/stat/sta" > $TMP_HOLDER

# Count active users by pattern match,  what an odd method, may not work correctly, but so far working for me
ACTIVE=`cat $TMP_HOLDER | grep -o $PATTERN | wc -l`
echo $ACTIVE
echo $ACTIVE


Result in command …

unifi-active

 

CFG file for MRTG …

# Unifi Controller - WiFi Active WiFi Clients - syed.jahanzaib
Target[unifi_wifi_active_users]: `/temp/unifi-client.sh`
Title[unifi_wifi_active_users]: Active Wifi Clients via Unifi Controller
PageTop[unifi_wifi_active_users]: <H1>Active Wifi Clients via Unifi Controller</H1>
MaxBytes[unifi_wifi_active_users]: 50000
Colours[unifi_wifi_active_users]: B#8888ff,B#0813B7,B#5398ff,B#0813B7
Options[unifi_wifi_active_users]: growright,nopercent,gauge,integer,nobanner,printrouter,pngdate,noo
LegendI[unifi_wifi_active_users]: Active Wifi Users
LegendO[unifi_wifi_active_users]:
YLegend[unifi_wifi_active_users]: Active Wifi Users
Legend1[unifi_wifi_active_users]: Active Wifi Users
Legend2[unifi_wifi_active_users]:
ShortLegend[unifi_wifi_active_users]:
#Unscaled[unifi_wifi_active_users]: dwmy

MRTG Graph for Active WiFi Clients via UniFi Controller …

1-wifi

  •  – – – – – – – – –
  •  – – – – – – – – –
  •  – – – – – – – – –
  •  – – – – – – – – –

Following are some snapshots from the UniFi Controller for some comparison that script is working accurate so far …
(However it is still under observation to monitor its accuracy result / zaib)

1

2


2- Odd method to acquire total number of Active Access Points Vs Down [Registered in UniFi Controller]

Bash script to acquire total number of registered access points (unifi AP-LR) and there status as well to compare Active vs down.


#!/bin/bash
# Script to query active clients by curl from unifi controller
#set -x
IP="10.0.0.1"
PORT="8443"
COOKIE="/tmp/cookies.txt"
TMP_HOLDER="/tmp/$IP.total.ap.txt"
PATTERN="adopted"
curl -s "https://$IP:$PORT/api/login" --data-binary '{"username":"admin","password":"CONTROLLERPASSWORD","strict":true}' --compressed --insecure -c $COOKIE > /dev/null
curl -s --insecure -b $COOKIE -c $COOKIE "https://$IP:$PORT/api/s/default/stat/device" > $TMP_HOLDER
ACTIVE=`cat $TMP_HOLDER | grep -o $PATTERN | wc -l`
DOWN=`grep -oP '\"state\" : \K[^ ]*' $TMP_HOLDER | grep 0 | wc -l`
echo $DOWN
echo $ACTIVE

Result in command …

[Total access points  vs DOWN]

ap-up-vs-down

CFG file for MRTG …


# Unifi Controller - UniFi AP-LR - Active Access Points vs DOWN
Target[unifi_ap_total_vs_down]: `/temp/unifi-devices.sh`
Title[unifi_ap_total_vs_down]: UniFi AP-LR - Active Access Points vs DOWN
PageTop[unifi_ap_total_vs_down]: <H1>UniFi AP-LR - Active Access Points vs DOWN</H1>
MaxBytes[unifi_ap_total_vs_down]: 5000
Colours[unifi_ap_total_vs_down]: B#0000FF,R#FF0000,B#0000FF,R#FF0000
Options[unifi_ap_total_vs_down]: growright,nopercent,gauge,integer,nobanner,printrouter,pngdate
LegendI[unifi_ap_total_vs_down]: Active AP -->
LegendO[unifi_ap_total_vs_down]: Down AP -->
YLegend[unifi_ap_total_vs_down]: Active vs Down
Legend1[unifi_ap_total_vs_down]: Active Access Points
Legend2[unifi_ap_total_vs_down]: Down Access Points
ShortLegend[unifi_ap_total_vs_down]:
#Unscaled[unifi_ap_total_vs_down]: dwmy

MRTG Graph for Active WiFi AP DEVICES via UniFi Controller …

3-active-vs-down-ap


3# Upgrade UniFi AP LR Access Point via SSH/CLI

We have few unifi AP-LR  Wireless Access Points in our company which are connected with the Unifi Controller ver 5.2.9.0 on windows 2008 r2 / x64 server. For some unknown reasons I was unable to upgrade the access point’s firmware from the controller. Therefore I upgraded all AP’s via SSH method which is posted below …

First download the appropriate firmware and upload it to some web server. (at the time of upgrading the latest firmware version was  3.7.21.5389 , you make sure to download latest one available)
Select your model / download from following link …

https://www.ubnt.com/download/unifi/

[Luckily I had local web server available so I simply put this file into my /var/www folder (for ubuntu)]

 

Now login in the access point via SSH , and issue this command

upgrade http://101.0.0.1/BZ.ar7240.v3.7.21.5389.161017.0923.bin

Make sure to change the path or ip according to your network. Once its upgraded it rebooted and new Firmware was 3.7.21.5389


I will post more info later … 3.7.21.5389

Regard’s
Syed Jahanzaib

December 23, 2016

Howto get combined average Load of multi core CPU by BASH

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 11:46 AM

cpu-load

Following is a small script to get combined multi-core CPU load (average) from remote server. I made it to create MRTG graph for CPU load of all cores combined average value for our local ESXI servers.


#!/bin/bash
# Script to query ESXI server
#set -x
HOST="$1"
SNMP_STRING="public"
TMP_HOLDER="/tmp/cpuinfo.$HOST"
OID="hrProcessorLoad."
MIB="/cfg/mibs/HOST-RESOURCES-MIB"
snmpwalk -v2c -c $SNMP_STRING -m "$MIB" $HOST |grep $OID | awk '{print $4}' > $TMP_HOLDER
CPU_CORE=`cat $TMP_HOLDER | wc -l`
CPU_LOAD_SUM=`cat $TMP_HOLDER | awk '{ sum += $1 } END { print sum }'`
CPU_LOAD_FINAL=`echo "scale=2; $CPU_LOAD_SUM/$CPU_CORE" | bc -l`
echo $CPU_LOAD_FINAL
echo $CPU_LOAD_FINAL


Result:

(following result is average value of my esxi server which have 2 physical processor with 6 cores each, so virtually there are 24 cores for ESXI guests). SNMP must be enabled on remote esxi server , I wrote on how it can be enabled one esxi, see my old postings on it.

root@linux:/temp# ./cpu_load.sh 10.0.0.1

Output:

6.70
6.70


CFG example:

ESXI Server -10.0.0.1- CPU Utilization ###
Target[esxi_cpu_1010.0.0.1]: `/temp/cpu_load.sh 10.0.0.1`
Options[esxi_cpu_1010.0.0.1]: growright, gauge, integer, noo
MaxBytes[esxi_cpu_1010.0.0.1]: 100
LegendI[esxi_cpu_1010.0.0.1]: Total CPU Cores Used %
LegendO[esxi_cpu_1010.0.0.1]:
Legend1[esxi_cpu_1010.0.0.1]: Total CPU Cores Used %
Legend2[esxi_cpu_1010.0.0.1]:
Title[esxi_cpu_1010.0.0.1]: ESXI Server -10.0.0.1- CPU Load %
PageTop[esxi_cpu_1010.0.0.1]: <h1>ESXI Server -10.0.0.1- CPU Load %</h1>
Unscaled[esxi_cpu_1010.0.0.1]: ymwd
ShortLegend[esxi_cpu_1010.0.0.1]: %
YLegend[esxi_cpu_1010.0.0.1]: % CPU Used
Colours[esxi_cpu_1010.0.0.1]: RED#ff4f27,DIRTY YELLOW#E6B420,RED#ff4f27,DIRTY YELLOW#E6B420

Syed.Jahanzaib!

Single Script to Create All Storage CFG file in MRTG

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 9:07 AM

auto

Reference Post:

It’s a headache if you want to create configuration file in bulk for all the storage available in remote servers, that includes disks/memory. To make life a little easier, I made following script which simply query the storage indexes and create CFG file in /cfg folder.

#!/bin/bash
# Script to query remote server
#set -x
# Colors Config . . . [[ JZ . . . ]]
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
MIB_NAME="HOST-RESOURCES-MIB"

#If MIB is not present, EXIT with error
MIB_CHECK=`locate $MIB_NAME > /tmp/miblocate.txt`
MIB_CHECK_RESULT=`cat /tmp/miblocate.txt`
if [ -z "$MIB_CHECK_RESULT" ]; then
echo -e "$COL_RED MRTG ERROR MNF1: HOST-RESOURCES-MIB not found, cannot continue without it. Download them first ... $COL_RESET"
exit 1
fi

HOST="$1"
# Temporary Folder where all CFG will be placed . . . [[ JZ . . . ]]
CFGDIR="cfg"
# Checking if $CFGDIR folder is previously present or not . . .
{
if [ ! -d "/$CFGDIR" ]; then
echo
echo -e "$COL_RED /$CFGDIR folder not found, Creating it so all cfg will be placed here . . . $COL_RESET"
mkdir /temp
else
echo
echo -e "$COL_GREEN /$CFGDIR folder is already present , so no need to create it, Proceeding further . . . $COL_RESET"
echo
fi
}

CFG_FILE_NAME="/$CFGDIR/storage.$1.cfg"
SNMP_STRING="PUBLIC"
snmpwalk -Os -c $SNMP_STRING -v 2c -m "/cfg/mibs/HOST-RESOURCES-MIB" $HOST hrStorageDescr |
sed -nre 's,hrStorageDescr.([0-9]*) = STRING: (.*),\1 \2,p' |
grep -Ev ' /(proc|sys)($|/)' |
while read NM DESC; do

STORAGE_SIZE=`snmpwalk -Onqv -Os -c $SNMP_STRING -v 2c -m "/cfg/mibs/HOST-RESOURCES-MIB" $HOST hrStorageSize.${NM}`
ALLOCATION_UNIT=`snmpwalk -Onqv -Os -c $SNMP_STRING -v 2c -m "/cfg/mibs/HOST-RESOURCES-MIB" $HOST hrStorageAllocationUnits.${NM} | awk '{print $1}'`

# FORMULAS
MAXSIZE_BITS=`echo $(($STORAGE_SIZE*$ALLOCATION_UNIT*8))`
MAXSIZE_MB=`echo $(($STORAGE_SIZE*$ALLOCATION_UNIT/1024/1024))`
MAXSIZE_GB=`echo $(($STORAGE_SIZE*$ALLOCATION_UNIT/1024/1024/1024))`
MAXSIZE_TB=`echo $(($STORAGE_SIZE*$ALLOCATION_UNIT/1024/1024/1024/1024))`

#TITLE LINES
MAXSIZE_MB_T=`echo "scale=2; $STORAGE_SIZE*$ALLOCATION_UNIT / 1024 / 1024" | bc -l`
MAXSIZE_GB_T=`echo "scale=2; $STORAGE_SIZE*$ALLOCATION_UNIT/1024/1024/1024" | bc -l`
MAXSIZE_TB_T=`echo "scale=2; $MAXSIZE_GB/1000" | bc -l`

if [ $MAXSIZE_BITS -eq 0 ]; then
MAXSIZE_BITS="1"
fi
# Under 1GB TITLE
if [ $MAXSIZE_MB -lt 1024 ]; then
#echo "$hrStorageSize.${NM} = MAX Size in MB = $MAXSIZE_MB_T"
MAXSIZE_TITLE="MAX Size in MB = $MAXSIZE_MB_T"
fi
# ABOVE 1GB TITLE
if [ $MAXSIZE_MB -gt 1024 ]; then
#echo "$hrStorageSize.${NM} = MAX Size in GB = $MAXSIZE_GB_T"
MAXSIZE_TITLE="MAX Size in GB = $MAXSIZE_GB_T"
fi
# ABOVE 1 TB TITLE
if [ $MAXSIZE_MB -gt 1048576 ]; then
#echo "$hrStorageSize.${NM} = MAX Size in TB = $MAXSIZE_TB_T"
MAXSIZE_TITLE="MAX Size in TB = $MAXSIZE_TB_T"
fi

IDENT="stor_$(echo "${DESC}" | tr '[A-Z]/ ' '[a-z]_' | sed 's/\:/-/g')"
echo "Target[${IDENT}]: hrStorageUsed.${NM}&hrStorageSize.${NM}:$SNMP_STRING@$HOST * hrStorageAllocationUnits.${NM}&hrStorageAllocationUnits.${NM}:$SNMP_STRING@$HOST"
echo "Title[${IDENT}]: $HOST - Storage: ${DESC} : / $MAXSIZE_TITLE"
echo "PageTop[${IDENT}]: <h1>$HOST - Storage: ${DESC} Report / $MAXSIZE_TITLE</h1>"
echo "Kilo[${IDENT}]: 1024"
echo "MaxBytes[${IDENT}]: $MAXSIZE_BITS"
echo "ShortLegend[${IDENT}]: iB"
echo "YLegend[${IDENT}]: Bytes"
echo "Legend1[${IDENT}]: Used"
echo "Legend2[${IDENT}]: Total"
echo "LegendI[${IDENT}]: Used:"
echo "LegendO[${IDENT}]: Total:"
echo "Options[${IDENT}]: gauge,growright,nobanner,nopercent"
done > $CFG_FILE_NAME

if [ -f $CFG_FILE_NAME ];
then
echo -e "$COL_GREEN MRTG CFG file name $CFG_FILE_NAME for $HOST is created ... $COL_RESET"
else
echo -e "$COL_RED ERROR: Unable to create CFG FILEs, check script errors ... $COL_RESET"
fi

echo -e "$COL_GREEN
SCRIPT ENDS HERE ... $COL_RESET"


Run Method:

./querystorage.sh 10.0.0.1

1


CFG Files Example:


Target[stor_c-_label-os__serial_number_b6ff670d]: hrStorageUsed.1&hrStorageSize.1:PUBLIC@10.0.0.1 * hrStorageAllocationUnits.1&hrStorageAllocationUnits.1:PUBLIC@10.0.0.1
Title[stor_c-_label-os__serial_number_b6ff670d]: 10.0.0.1 - Storage: C: Label:OS Serial Number b6ff670d : / MAX Size in GB = 278.14
PageTop[stor_c-_label-os__serial_number_b6ff670d]: <h1>10.0.0.1 - Storage: C: Label:OS Serial Number b6ff670d Report / MAX Size in GB = 278.14</h1>
Kilo[stor_c-_label-os__serial_number_b6ff670d]: 1024
MaxBytes[stor_c-_label-os__serial_number_b6ff670d]: 2389226520576
ShortLegend[stor_c-_label-os__serial_number_b6ff670d]: iB
YLegend[stor_c-_label-os__serial_number_b6ff670d]: Bytes
Legend1[stor_c-_label-os__serial_number_b6ff670d]: Used
Legend2[stor_c-_label-os__serial_number_b6ff670d]: Total
LegendI[stor_c-_label-os__serial_number_b6ff670d]: Used:
LegendO[stor_c-_label-os__serial_number_b6ff670d]: Total:
Options[stor_c-_label-os__serial_number_b6ff670d]: gauge,growright,nobanner,nopercent

Target[stor_d-_label-Data__serial_number_f40779eb]: hrStorageUsed.2&hrStorageSize.2:PUBLIC@10.0.0.1 * hrStorageAllocationUnits.2&hrStorageAllocationUnits.2:PUBLIC@10.0.0.1
Title[stor_d-_label-Data__serial_number_f40779eb]: 10.0.0.1 - Storage: D: Label:Data Serial Number f40779eb : / MAX Size in TB = 1.11
PageTop[stor_d-_label-Data__serial_number_f40779eb]: <h1>10.0.0.1 - Storage: D: Label:Data Serial Number f40779eb Report / MAX Size in TB = 1.11</h1>
Kilo[stor_d-_label-Data__serial_number_f40779eb]: 1024
MaxBytes[stor_d-_label-Data__serial_number_f40779eb]: 9566888624128
ShortLegend[stor_d-_label-Data__serial_number_f40779eb]: iB
YLegend[stor_d-_label-Data__serial_number_f40779eb]: Bytes
Legend1[stor_d-_label-Data__serial_number_f40779eb]: Used
Legend2[stor_d-_label-Data__serial_number_f40779eb]: Total
LegendI[stor_d-_label-Data__serial_number_f40779eb]: Used:
LegendO[stor_d-_label-Data__serial_number_f40779eb]: Total:
Options[stor_d-_label-Data__serial_number_f40779eb]: gauge,growright,nobanner,nopercent

Target[stor_physical_memory]: hrStorageUsed.5&hrStorageSize.5:PUBLIC@10.0.0.1 * hrStorageAllocationUnits.5&hrStorageAllocationUnits.5:PUBLIC@10.0.0.1
Title[stor_physical_memory]: 10.0.0.1 - Storage: Physical Memory : / MAX Size in GB = 31.81
PageTop[stor_physical_memory]: <h1>10.0.0.1 - Storage: Physical Memory Report / MAX Size in GB = 31.81</h1>
Kilo[stor_physical_memory]: 1024
MaxBytes[stor_physical_memory]: 273308712960
ShortLegend[stor_physical_memory]: iB
YLegend[stor_physical_memory]: Bytes
Legend1[stor_physical_memory]: Used
Legend2[stor_physical_memory]: Total
LegendI[stor_physical_memory]: Used:
LegendO[stor_physical_memory]: Total:
Options[stor_physical_memory]: gauge,growright,nobanner,nopercent


Graph Examples:

2

Jz!

December 19, 2016

Incorrect key file for table ‘./conntrack/xxxx@xxxxxx@xxxxxx.MYI’; try to repair it

Filed under: Radius Manager, Uncategorized — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:05 PM

corruption

Incorrect key file for table ‘./conntrack/2016@002d12@002d16.MYI’; try to repair it

If you see the above error while accessing Connection Tracking Reports in Radius Manager then …

Recommendations:

  • Make sure you aave plenty of Disk Space. Storage drive should be fast for high load servers preferably SSD or RAID based storage ,
  • Plenty of Memory is usually a good idea for DB systems ,
  • If its a heavy production server, try to move connection tracking to separate host as it takes lots of space and it adds good amount of payload to the CPU as well.
  • Perform tuning to enhance the mysql engine

To repair table …

Goto the conntrack folder [Ubuntu]
cd /var/lib/mysql/conntrack/
service mysql stop
# Change the file number as shown in the error 
myisamchk -r -v -f 2016@002d12@002d16.MYI

Once repair is done, start mysql / restart apache2 services , and test the desired tracking report again.

Regard’s
~Syed Jahanzaib~

Tik: 9 wan pcc with vpn server

Filed under: Uncategorized — Syed Jahanzaib / Pinochio~:) @ 10:12 AM

~ There are no absolute answers in this universe, only assumptions, guesses, Jeopardies
Syed Jahanzaib !


r1222464_16033207

9-wann-pcc-zaib

Just a reference post. Default PCC may not work if you are using VPN server (to provide net access to local users via dialer) , So you may need to tweak it very little in order to make it work.

Disclaimer: 
The script in this post is made for reference purposes only. This is no way a COPY PASTE material which you can use it as a whole. every config is different and is build according to the network. Just try to read it and get the logics , modify them as per local requirements and then implement it. You may need to play a bit or tweak it in order to make it Workable config.


Scenario:

Hardware Used : Mikrotik – Rb1100ahx2

  • 9 DSL (ptcl) routers are connected with the RB1100ahx2
  • Ports name have been renamed to friendlier label for easy marking.
    Example Port 1-9 are renamed as WANx , and Port 10 is marked as Local
  • VPN Server is configured on same RB, and users dials in to this server in order to access internet.
  • No DHCP is being used on this setup as OP prefers to use static ips due to some specific circumstances.

the scriptO!

# Make sure to adjust it as per your setup

# Local Interface connected with the Users Switch
/ip address
add address=10.0.0.1/24 interface=Local network=10.0.0.0

# WAN interfaces IP addresses, which are connected with ptcl dsl routers
/ip address
add address=192.168.1.2/24 interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 interface=WAN2 network=192.168.2.0
add address=192.168.3.2/24 interface=WAN3 network=192.168.3.0
add address=192.168.4.2/24 interface=WAN4 network=192.168.4.0
add address=192.168.5.2/24 interface=WAN5 network=192.168.5.0
add address=192.168.6.2/24 interface=WAN6 network=192.168.6.0
add address=192.168.7.2/24 interface=WAN7 network=192.168.7.0
add address=192.168.8.2/24 interface=WAN8 network=192.168.8.0
add address=192.168.9.2/24 interface=WAN9 network=192.168.9.0

# Add IP pool for VPN dialer users, which will be allowed to use internet
/ip pool
add name=vpn-pool ranges=172.16.0.1-172.16.0.255

# Add VPN Profile for users , example 1mb per user profile
/ppp profile
add change-tcp-mss=yes dns-server=110.0.0.1,8.8.8.8 local-address=10.0.0.1 name=vpn-1mb only-one=yes rate-limit=1024k/1024k remote-address=vpn-pool use-encryption=yes

/interface pptp-server server set authentication=pap,chap,mschap1,mschap2 default-profile=vpn-1mb enabled=yes

# Enable DNS server
/ip dns
set allow-remote-requests=yes servers=8.8.8.8

/ip firewall address-list
add address=172.16.0.1-172.16.0.255 list=local_vpn_users_internet_allowed_list

# This is a local sharing server
add address=192.168.10.1 list=local_sharing_server

/ip firewall mangle

# Bypass Local Media Sharing server from PCC, so user can access it / Adjust it according to your need/ Jz
add action=accept chain=prerouting comment="Allow access to local sharing server / bypass them from the PCC" dst-address-list=local_sharing_server

# Accept traffic going to DSL Routers / Adjust it according to your need/ Jz
add action=accept chain=prerouting dst-address=192.168.1.0/24
add action=accept chain=prerouting dst-address=192.168.1.0/24
add action=accept chain=prerouting dst-address=192.168.2.0/24
add action=accept chain=prerouting dst-address=192.168.3.0/24
add action=accept chain=prerouting dst-address=192.168.4.0/24
add action=accept chain=prerouting dst-address=192.168.5.0/24
add action=accept chain=prerouting dst-address=192.168.6.0/24
add action=accept chain=prerouting dst-address=192.168.7.0/24
add action=accept chain=prerouting dst-address=192.168.8.0/24
add action=accept chain=prerouting dst-address=192.168.9.0/24

# Mark connections using PCC for 9 WAN / Adjust it according to your need / Jz
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/0 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/1 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/2 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/3 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN5_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/4 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN6_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/5 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN7_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/6 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN8_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/7 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN9_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/8 src-address-list=local_vpn_users_internet_allowed_list

# Mark routing for above marked connections, so that it can be used in ROUTE section / Adjust it according to your need/ Jz
add action=mark-routing chain=prerouting connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN4_conn new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN5_conn new-routing-mark=to_WAN5 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN6_conn new-routing-mark=to_WAN6 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN7_conn new-routing-mark=to_WAN7 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN8_conn new-routing-mark=to_WAN8 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN9_conn new-routing-mark=to_WAN9 passthrough=yes

# Add NAT/MASQUERADE rule allowing only allowed users, restricted to allowed users only
add action=masquerade chain=srcnat comment="Allow Local Sharing Servers / NATING" dst-address-list=local_sharing_server
add action=masquerade chain=srcnat comment="WAN-1 / Allow Internet Access - For VPN Users only" out-interface=WAN1 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-2 / Allow Internet Access - For VPN Users only" out-interface=WAN2 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-3 / Allow Internet Access - For VPN Users only" out-interface=WAN3 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-4 / Allow Internet Access - For VPN Users only" out-interface=WAN4 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-5 / Allow Internet Access - For VPN Users only" out-interface=WAN5 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-6 / Allow Internet Access - For VPN Users only" out-interface=WAN6 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-7 / Allow Internet Access - For VPN Users only" out-interface=WAN7 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-8 / Allow Internet Access - For VPN Users only" out-interface=WAN8 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-9 / Allow Internet Access - For VPN Users only" out-interface=WAN9 src-address-list=local_vpn_users_internet_allowed_list

# Adding routes for marked traffic
# Each DSL router ip is in series like 192.168.1.1 / 2.1 / 3.1 and so on

/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=192.168.4.1 routing-mark=to_WAN4
add check-gateway=ping distance=1 gateway=192.168.5.1 routing-mark=to_WAN5
add check-gateway=ping distance=1 gateway=192.168.6.1 routing-mark=to_WAN6
add check-gateway=ping distance=1 gateway=192.168.7.1 routing-mark=to_WAN7
add check-gateway=ping distance=1 gateway=192.168.8.1 routing-mark=to_WAN8
add check-gateway=ping distance=1 gateway=192.168.9.1 routing-mark=to_WAN9

# Adding routes for default routes, so that if any WAN goes down, those packets should go via MAIN table : ) kind of fail over/ Jz
add check-gateway=ping comment="WAN-1 / DEFAULT ROUTE" distance=1 gateway=192.168.1.1
add check-gateway=ping comment="WAN-2 / DEFAULT ROUTE" distance=2 gateway=192.168.2.1
add check-gateway=ping comment="WAN-3 / DEFAULT ROUTE" distance=3 gateway=192.168.3.1
add check-gateway=ping comment="WAN-4 / DEFAULT ROUTE" distance=4 gateway=192.168.4.1
add check-gateway=ping comment="WAN-5 / DEFAULT ROUTE" distance=5 gateway=192.168.5.1
add check-gateway=ping comment="WAN-6 / DEFAULT ROUTE" distance=6 gateway=192.168.6.1
add check-gateway=ping comment="WAN-7 / DEFAULT ROUTE" distance=7 gateway=192.168.7.1
add check-gateway=ping comment="WAN-8 / DEFAULT ROUTE" distance=8 gateway=192.168.8.1
add check-gateway=ping comment="WAN-9 / DEFAULT ROUTE" distance=9 gateway=192.168.9.1

W/Salam

December 15, 2016

Craziness with the MRTG along with BASH

Filed under: Linux Related, Uncategorized — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 9:16 AM

 


City vs Data Center Temperature !

Following is a temperature graph to compare difference between City temperature vs Data Center temperature. I made it for some local presentation purposes. Since I had no external sensor available for outside temperature monitoring, therefore I used external bash script to gather data from the internet using ‘Pakistan Meteorological Department PMD‘ website  and then after filtering , output only required data.  For NOC I used internal UPS sensor snmp query.

http://www.pmd.gov.pk/FFD/cp/pcurrenttemp.asp

1-noc-vs-karachi-temperature

 

 

#cat /temp/weather.sh


#!/bin/sh
#set -x
# Script to download KARACHI city temperature from Pakistan MET Dept web site &nbsp;and output only temperature related information
# It will also query the NCO room temperature using UPS sensor via snmp query
# I made this script to create City temperature vs NOC temperature comparison MRTG graph
# Created : 9th-DEC-2016
# Syed Jahanzaib
# aacable[at]hotmail[dot]com
# http://aacableDOTwordpressDOTcom

####### Various Variables #########

# City temperature temporary holders in /tmp folder
CITY_TEMPR_HOLDER="/tmp/khiweather.txt"
CITY_TEMPR_4_OFFLINE="/tmp/khiweather_offline.txt"
# Variables for UPS IP and SNMP community string. It ilwl be used to acquire data center temperature using UPS sensor
UPS_IP="10.0.0.10"
UPS_SNMP_STR="public"
# OID for temperature sensor using USP SNMP card/sendor
UPS_OID="1.3.6.1.4.1.13400.2.62.2.1.2.0"
URL="http://www.pmd.gov.pk/FFD/cp/pcurrenttemp.asp"

############################################################################
####### PART - 1 , DATA CENTER Temperature query via UPS SNMP enabled sensor
############################################################################

# Store DATA Center temperature queries result in buffer
NOC_TEMPR=`snmpwalk -v1 -c $UPS_SNMP_STR $UPS_IP -Onqv $UPS_OID`

# Divide stored buffer by 100 to get human readable format in Celsius
NOC_TEMPR_FINAL=`echo $(($NOC_TEMPR/100))`

# Validate if temperature is not valid, liek url not accessible, or other errors
# If error found, then PRINT ZERO 0 VALUE , else print the acquired result
NOC_TEMPR_FINAL_VALID=`echo ${#NOC_TEMPR_FINAL}`
if [ $NOC_TEMPR_FINAL_VALID -eq 2 ]; then
echo "$NOC_TEMPR_FINAL"
else
echo "0"
fi

###########################################################################
####### PART - 2 , QUERY KARACHI CITY TEMPERATURE FORM THE INTERNET
# USING PAKISTAN MET DEPt for KARACHI website, than TRIM THE RESULT #######
###########################################################################

CITY_TEMPR=`lynx -cache=1 -dump $URL &gt; $CITY_TEMPR_HOLDER`
CITY_TEMPR_VALUE=`grep -A 1 "Karachi" $CITY_TEMPR_HOLDER |sed '2q;d' | awk '{print $1}'`
CITY_TEMPR_VALID=`echo ${#CITY_TEMPR_VALUE}`

# Validate if temperature is not valid, like URL not accessible, OR other errors
# If error found, then PRINT last valid VALUE
if [ $CITY_TEMPR_VALID -eq 2 ]; then
#CITY_TEMPR_VALUE_FINAL=`echo $(($CITY_TEMPR_VALUE - 1))`
echo "$CITY_TEMPR_VALUE"
echo "$CITY_TEMPR_VALUE" &gt; $CITY_TEMPR_4_OFFLINE
else
cat $CITY_TEMPR_4_OFFLINE
fi

###################
####### END #######
###################


MRTG CFG file for weather

WorkDir:/var/www/mrtg
### MONITORING KARACHI Temprature vs our DATA Center ###
Target[KARACHI_CITY_vs_NOC_tempr]: `/temp/weather.sh`
Title[KARACHI_CITY_vs_NOC_tempr]: Temprature Monitoring / Data Center vs Karachi City using PAK MET Site by zaib
PageTop[KARACHI_CITY_vs_NOC_tempr]: &lt;h1&gt;Temprature Monitoring / Data Center vs Karachi City using PAK MET Site by zaib&lt;/h1&gt;
Options[KARACHI_CITY_vs_NOC_tempr]: gauge, growright, nopercent
MaxBytes[KARACHI_CITY_vs_NOC_tempr]: 60
Colours[KARACHI_CITY_vs_NOC_tempr]: B#467EEE,R#FF0000,BLUE#2184FF,RED#ff4f27
YLegend[KARACHI_CITY_vs_NOC_tempr]: Temprature
ShortLegend[KARACHI_CITY_vs_NOC_tempr]: c
LegendI[KARACHI_CITY_vs_NOC_tempr]: NOC Temprature
LegendO[KARACHI_CITY_vs_NOC_tempr]: City Temprature
Legend1[KARACHI_CITY_vs_NOC_tempr]: NOC Temprature
Legend2[KARACHI_CITY_vs_NOC_tempr]: City Temprature
#Unscaled[KARACHI_CITY_vs_NOC_tempr]: dwmy

 

 


Data Center Room Temperature & Humidity !

2-noc-tempr-vs-humidity

Above graph was made using Emerson Liebert UPS sensor using following OID’s and MRTG CFG

Temperature: 1.3.6.1.4.1.13400.2.62.2.1.2.0
Humidity: 1.3.6.1.4.1.13400.2.62.2.1.3.0


WorkDir:/var/www/mrtg
### MONITORING NOC ROOM TEMP ###
Target[noc_room_temp]: 1.3.6.1.4.1.13400.2.62.2.1.2.0&amp;1.3.6.1.4.1.13400.2.62.2.1.3.0:public@10.0.0.1 / 100
Options[noc_room_temp]: gauge, growright, nopercent
MaxBytes[noc_room_temp]: 100
Colours[noc_room_temp]: B#467EEE,R#FF0000,RED#ff4f27,DIRTY YELLOW#E6B420
#Unscaled[noc_room_temp]: dwmy
YLegend[noc_room_temp]: NOC Room Temprature/Humidity
Title[noc_room_temp]: NOC Room Tempr/Humidity
PageTop[noc_room_temp]: &lt;h1&gt;NOC Room Tempr/Humidity&lt;/h1&gt;
ShortLegend[noc_room_temp]: c/%
LegendI[noc_room_temp]: Temprature
LegendO[noc_room_temp]: Humidity
Legend1[noc_room_temp]: C NOC_Room Temp
Legend2[noc_room_temp]: Humidity


I will add more graphs later …

Regard’s

zaib!

December 8, 2016

Plotting Negative Value in rrdtool graph

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 3:30 PM

Recently I was configuring an mrtg/rrd graph Where I had to display negative value as well along with others, but as per my findings mrtg/rrd graph doesn’t allow plotting Negative value. Let’s say we want to plot the temperature where we get both plus and negative values at different time of the day/night.

To do so, we have to tune the required rrd file to allow such storing.

Example: we have test.rrd file.
First get info by rrdtool

rrdtool info test.rrd |grep ds

you may see following

rrdtool info test.rrd |grep ds
ds[ds0].index = 0
ds[ds0].type = "GAUGE"
ds[ds0].minimal_heartbeat = 600
ds[ds0].min = 0.0000000000e+00
ds[ds0].max = 1.0000000000e+02
ds[ds0].last_ds = "0"
ds[ds0].value = 0.0000000000e+00
ds[ds0].unknown_sec = 0
ds[ds1].index = 1
ds[ds1].type = "GAUGE"
ds[ds1].minimal_heartbeat = 600
ds[ds1].min = 0.0000000000e+00
ds[ds1].max = 1.0000000000e+02
ds[ds1].last_ds = "0"
ds[ds1].value = 0.0000000000e+00
ds[ds1].unknown_sec = 0

now modify it by

rrdtool tune test.rrd --minimum ds0:-100

Now query rrdtool info again

rrdtool info test.rrd |grep ds
ds[ds0].index = 0
ds[ds0].type = "GAUGE"
ds[ds0].minimal_heartbeat = 600
ds[ds0].min = -1.0000000000e+02
ds[ds0].max = 1.0000000000e+02
ds[ds0].last_ds = "0"
ds[ds0].value = 0.0000000000e+00
ds[ds0].unknown_sec = 0
ds[ds1].index = 1
ds[ds1].type = "GAUGE"
ds[ds1].minimal_heartbeat = 600
ds[ds1].min = 0.0000000000e+00
ds[ds1].max = 1.0000000000e+02
ds[ds1].last_ds = "0"
ds[ds1].value = 0.0000000000e+00
ds[ds1].unknown_sec = 0

You will see the difference in ds[ds0].min value. Now we are good to go with negative plotting.

An example on how to plot negative values.

negative tempr.PNG


Regard’s
Syed Jahanzaib

December 7, 2016

Fighting with Ransomware !

Filed under: Microsoft Related, Symentec Related — Tags: , , , , , , — Syed Jahanzaib / Pinochio~:) @ 11:22 AM

ransomware

What is Ransomware 

Quite a HOT topic Now a days. Every email server administrator must be well familiarized with this malware and they try even harder to protect their users from this malware attack called locky (and many other similar variants) which encrypts users word/excel/etc documents and asks for money to restore them).

Our company users got hitted by this most smart malware repeatedly / several times resulting in great loss. Luckily most users data got recovered from Tape backup. This malware which usually comes by email , posted itself to be some valid / legitimate payment query & no matter how many times we provide users with education/warning about this matter, user stills open it considering it as valid email resulting in lost (encrypt/inaccessible) of all word/excel files.

We are using IBM Lotus Domino Email System along with Symantec Mail Security for Domino. With lots of R&D I am still unable to block this ransomware which comes in .JS files hidden inside .ZIP container. If I block .JS file inside the ZIP container, it will block legitimate PDF files as well. How frustrating ! The symantec should post some simple update to fix this issue. This issue is well discussed over here.

https://www.symantec.com/connect/ideas/exceptions-file-name-rule-smsmse


Workaround ! [Use Domain Group Policy to alter File Association Open with for .JS extension]

DISCLAIMER: THIS IS NOT A SOLUTION ! BUT JUST A `WORKAROUND` YOU CAN REFER TO.

THE PROPER SOLUTION WOULD BE TO USE SOME INTELLIGENT / UPDATED ANTISPAM/FILTRATION SYSTEM FOR YOUR EMAIL SYSTEM.

Since we cannot change our Symantec enterprise protection suite as it is covered under 3 years renewal (till 2018) . therefore aftering conducting lot of R&D I finally made a workaround for our DOMAIN USERS which is working Good so far.

I changed the .JS file extension OPEN WITH policy pointed to NOTEPAD.
[via Group_Policy ]

This way even if the user try to opens the .JS file, it will be open by notepad.
(instead of Windows Scripting Host)

I made changes to our domain controller in Windows 2008 R2

  • Login to Domain Controller PC
  • Open Group Policy (or by issuing following command)
    %SystemRoot%\system32\mmc.exe %SystemRoot%\system32\gpmc.msc
  • Edit the Default Domain Policy (or any custom you may have)
  • Goto User Configuration > Preferences > Control Panel Settings > Folder Options
  • Now Right click on Folder Options > New > Open With
  • Now use the below defined method as a reference to Update/Create the file extension

As shown in below image …

group policy.png

  • Action: Update
  • Files Extension: js
  • Assoticated Progra: %windir%\system32\notepad.exe
  • Set As Default : Select Tick on it

 

At client either issue gpupdate /force or restart the client pc or wait for the policy update.

Now try to open any .JS file and it will be opened in NOTEPAD (instead by windows scripting host program) and thus it will do no harm to user computer 😀 😀 😀

Please test this method and let us know your feedback on it 🙂

Note: you can use the same method to block / alter the file extension using Local Group POlicy


Alhamdolillah !

Regard’s
Syed Jahanzaib

 

Older Posts »

Blog at WordPress.com.