Syed Jahanzaib – Personal Blog to Share Knowledge !

March 30, 2012

Access Mikrotik Remotely via DynamicDNS

Filed under: Mikrotik Related — Tags: , , , , , , , — Syed Jahanzaib / Pinochio~:) @ 4:14 PM 

~ Article By Syed Jahanzaib ~
Last Updated : 28th January, 2014

If you have Mikrotik Server with DSL connection with dynamic ip , which changes on every reboot / reset, and you want to access mikrotik from the Internet then you can use changeip.com (DynamicDNS) service, using this service, you don’t have to query the DSL IP every time, all you have to remember the domain name that you register on the site, and rest of things will be handled by the DDNS script configured on the Mikrotik.

Following is the the scenario:

…    INTERNET            >>    DSL MODEM          >>> MIKROTIK
User with WINBox            (with dynamic ip)

DSL MODE IP              =   192.168.30.1
MIKROTIK WAN IP =  192.168.30.5

Ok Lets Start.

CONFIGURE DSL MODEM TO ENABLE PORT FORWARDING

First open you DSL Modem page to enable PORT Forwarding (from DSL Modem to Mikrotik box)
Now add Port Forwarding rule

WINBOX uses TCP Port 8291
As showed in the image below . . .

Now Click on SAVE / APPLY

.

CREATE NEW ACCOUNT ON CHANGEIP.COM

Now Open http://www.changeip.com in your browser and register new account.
As showed in the image below . . .

1


2

Now it will send you an confirmation email, Open your mail box, and click on the link it have send you to activate your account.

ADD DOMAIN NAME TO YOUR ACCOUNT

Login to see your account , by default no domain name is added, Just click on DNS MANAGER to add your required name


As showed in the image below . . .

3

Now you have to add your own desired name and its domain.  You can select various domains from the drop down list.
As showed in the image below . . .

4

After adding your domain name, You can see your domain name in the main page,

As showed in the image below . . .

5

Now its time to configure the DynamicDNS script on the Mikrotik.

CONFIGURE DDNS SCRIPT AND SCHEDULER ON MIKROTIK

Login to Mikrotik via WINBOX,
Goto Scripts / and new script.

Paste following into the script

SCRIPTNAME : ddns-script-behind-dsl-modem

Script Code tested with MIKROTIK version 6.xx

# Set your specific ChangeIP.com preferences here.
:global ddnsuser "CHANGEIP USERNAME"
:global ddnspass "PASSWORD"
:global ddnshost "YOUR-FREE-DDNS SITE NAME"
# Change ddnsport to 8245 to bypass proxy.
:local ddnsport 80
 
# Do not edit anything below this line. You have been warned.
# Abusive updates to the system will cause firewall blocks.
 
# Please be considerate and
# do not let this script run more than once per 3-5 minutes.
 
:log info "DDNS: Starting."
 
# Initialize checkpoint
:global ddnscheckpoint
:if ([:typeof $ddnscheckpoint] = "time") do={
 :log info ("DDNS: Last check was " . ([/system clock get time] - $ddnscheckpoint))
} else={
 :log info "DDNS: Cannot determine checkpoint, set now."
 :global ddnscheckpoint ( [/system clock get time] - 1d )
}
 
# Get the current IP
:if ([/system clock get time] - $ddnscheckpoint > [:totime 180s] || [/system clock get time] - $ddnscheckpoint < [:totime 0s]) do={
 :log info "DDNS: Performing remote IP detection."
 /tool fetch address="ip.changeip.com" host="ip.changeip.com" src-path=("/?" . [/int eth get 0 mac-address ]) dst-path="ip.changeip.com.txt" mode=http port=$ddnsport
 :global ddnscheckpoint [/system clock get time]
} else={
 :log info "DDNS: Please be considerate and wait a few seconds longer."
 :break
}
 
# Parse the IP address received from fetch script.
 :global ddnslastip
 :local html [/file get "ip.changeip.com.txt" contents]
 :local ddnsip [:pick $html ([:find $html "<!--IPADDR="] + 11) [:find $html "-->"] ]
 
# Is it a valid IP and is it different than the last one?
 :if ([:typeof [:toip $ddnsip]] = "ip" AND $ddnsip != $ddnslastip ) do={
 :log info "DDNS: Sending UPDATE with $ddnsip"
 :log info [/tool dns-update name=$ddnshost address=$ddnsip key-name=$ddnsuser key=$ddnspass ]
 :global ddnslastip $ddnsip
 } else={
 :log info "DDNS: No update required."
 }
}

 

Script for Mikrotik ver 6.x  [CODE FOR PPP DIALER WHERE INTERNET IS DIRECTLY CONNECTED ON MIKROTIK

:local ddnsuser "USERNAME"
:local ddnspass "PASSWORD"
:local ddnshost "CHANGEIP_YOUR_WEB_NAME"
:local ddnsinterface "WAN_INTERFACE"
:global ddnslastip
:global ddnsip [ /ip address get [find interface=$ddnsinterface disabled=no] address ]
:if ([ :typeof $ddnslastip ] = nil ) do={ :global ddnslastip 0.0.0.0/0 }

:if ([ :typeof $ddnsip ] = nil ) do={
:log info ("DDNS: No ip address present on " . $ddnsinterface . ", please check.") } else={
:if ($ddnsip != $ddnslastip) do={
:log info "DDNS: Sending UPDATE!"
:log info [ /tool dns-update name=$ddnshost address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] key-name=$ddnsuser key=$ddnspass ]
:global ddnslastip $ddnsip } else={
:log info "DDNS: No change" }
}

As showed in the image below . . .

To verify that the script is pasted and working properly,
Goto SYSTEMS   >  SCRIPTS , and double click on the DDNS to view its contents, Just verify it everything is in place.
As showed in the image below . . .

Okay, as the script is in place, its time to Execute the script so it can update the current WAN IP to your DynamicDNS account.

As showed in the image below . . .

As you can see that the script have updated the record to dynamicDNS account, its time to verify it.

ADDING SCHEDULER (So it can update record after every 5 minutes)

Also add this in scheduler so it can run after every 5 minutes, you can adjust it as per your requirement.

/system scheduler
add disabled=no interval=5m name="Run DDNS every 5 minutes" on-event=update-ddns policy=\
ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=mar/30/2012 start-time=14:24:00

VERIFY UPDATED IP RECORD ON CHANGEIP.COM

Go back to changeip.com and see your domain name record by clicking on

View Recent DDNS Updates

As showed in the image below . . .

6

Now it will show you the updated Record.

As showed in the image below . . .

7

Everything is now ready and in place.

TEST TIME !!!


CONNECT TO YOUR MIKROTIK FROM INTERNET

Its time to hit the road. From any other Remote PC with separate internet connection, try to ping your domain name and try to connect it via winbox or try open it in your browser,

NTOE: In the image below, I used another domain name, as at the moment I only had old image , so ignore the name, just understand the logic

As showed in the images below . . .

.

.

TIP: Script for DSL Modem in BRIDGE Mode …

If you have DSL Modem configured in BRIDGE mode, and you are dialing via Mikrotik PPPoE Client Dialer, then use the following Script.

NOTE:

Make sure you change the user id + password + host name to match the same you have entered at the time of registration.
Most importantly donot forget to change the interface name (for example pppoe-out1 or likewise

Following Script have been taken from
http://wiki.mikrotik.com/wiki/Dynamic_DNS_Update_Script_for_ChangeIP.com

ddns-script-modem-in-pppoe-mode- code.

:global ddnsuser "user-aacable"
:global ddnspass "passwd"
:global ddnshost "full hostname"
:global ddnsinterface "pppoe-out1"
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# END OF USER DEFINED CONFIGURATION
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

:global ddnssystem ("mt-" . [/system package get [/system package find name=system] version] )
:global ddnsip [ /ip address get [/ip address find interface=$ddnsinterface] address ]
:global ddnslastip
:if ([:len [/interface find name=$ddnsinterface]] = 0 ) do={ :log info "DDNS: No interface named $ddnsinterface, please check configuration." }
:if ([ :typeof $ddnslastip ] = "nothing" ) do={ :global ddnslastip 0.0.0.0/0 }
:if ([ :typeof $ddnsip ] = "nothing" ) do={
:log info ("DDNS: No ip address present on " . $ddnsinterface . ", please check.")
} else={
:if ($ddnsip != $ddnslastip) do={
:log info "DDNS: Sending UPDATE!"
:log info [ :put [/tool dns-update name=$ddnshost address=[:pick $ddnsip 0 [:find $ddnsip "/"] ] key-name=$ddnsuser key=$ddnspass ] ]
:global ddnslastip $ddnsip
} else={
:log info "DDNS: No changes necessary."
}
}
# END OF THE SCRIPT

.

Regard’s
Syed Jahanzaib

March 27, 2012

Forefront TMG 2010 ISP Redundancy : Configuring verification of link status

Filed under: Forefront TMG 2010 Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 3:37 PM

Modifying dead link detection periods

Howto reduce Dead/Available Link Detection Time out Frequency: Use the following vbs file,

Copy Paste the following code in notepad, and save it as TMG.VBS and edit it as per your requirement. then double click it to run on TMG.

set root=CreateObject("FPC.Root")
set arr=root.GetContainingArray()
set ExtNet=arr.NetworkConfiguration.Networks("External")
set ISPRCfg=ExtNet.ISPRedundancyConfig
ISPRCfg.MinimalResumeTime = 10
ISPRCfg.TestIntervalLinkAvailable = 10
ISPRCfg.TestIntervalLinkUnavailable = 10
ISPRCfg.FailuresToUnavailable = 1
ISPRCfg.SuccessesToAvailable = 1
ISPRCfg.Save

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Configuring verification of link status

In the default setting, TMG checks the status of the ISP link by trying to establish a TCP connection on port 53 (DNS zone transfer) to a list* of root DNS server on a round robin basis. If a connection can be established, TMG will consider the link active.

Although, the IP addresses and the TCP port used for the verification cannot be configured directly from the management console, If you need to modify these settings, e.g. because you setup your TMG server without direct access to the internet, you can do this by using the TMG COM, through simple Visual Basic script like this one: Following script is to change the root dns entries in TMG , which are used while tracking link detection.

set root=CreateObject("FPC.Root")
set arr=root.GetContainingArray()
set ExtNet=arr.NetworkConfiguration.Networks("External")
set ISPRCfg=ExtNet.ISPRedundancyConfig
ISPRCfg.ConnectivityVerificationRemoteIpAddresses.RemoveAll()
ISPRCfg.ConnectivityVerificationRemoteIpAddresses.Add "8.8.8.8"
ISPRCfg.ConnectivityVerificationRemotePort = 53
ISPRCfg.Save</span>

 

Author

Philipp Sand
Microsoft CSS Forefront Security Edge Team
Reference:
http://blogs.technet.com/b/isablog/archive/2009/11/26/tmg-isp-redundancy-unleashed.aspx

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Regard’s

Syed Jahanzaib

Symantec Endpoin Protection. Win32 Definitions not updating [SOLVED]

Filed under: Symentec Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 3:07 PM

Symantec Endpoint Protection Manager 11.0

Symantec Endpoint Protection Manager 11.0

We have Symantec Endpoint Protection Manager Ver 11.0 Server [S.E.P.M]to protect our clients and servers from Virus / Spywares / and Network Threats. It is really cool product and it have helped us to breath smoother in many aspects and it is very good in centralized management/deployment.

It was working fine since long, but I noticed that SEPM stopped updating Antivirus And Antispyware Protection virus definitions and they were almost 1 week + old, rest of definitions including Proactive Threat Protection and Network Threat Protection were up to date. So there was something wrong with the virus definition update engine. I tried to manually launch Live Update on SEPM various times, but no use, Every time update all other definitions excluding Antivirus updates.
As showed in the image below . . .

.

It looked like that only Virus Definition engine was Jammed and for some reasons it was not downloading/accepting new definition.

I followed the below procedure to solve this issue.

Browse to ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/jdb/

Save the latest definition file (in .jdb extension) on your Desktop.
e.g:

03/26/12 03:55PM [GMT]                179,486,566 vd38f402.jdb
(171 MB)

Copy this definition file in the Default location of   SEPM  , (Where your SEPM is installed on the server.
e.g:

C:\Program Files\Symantec Endpoint Protection Manager\data\inbox\content\incoming\

As showed in the image below . . .

After few minutes , it will automatically push the definition to SEPM console and it will be distributed to clients in few minutes, All of my clients (100+) took about 20 minutes to update. Afterwards it worked fine.

As showed in the image below . . .

.

.

.

 

Cheers and Best Regard’s

Syed Jahanzaib

March 22, 2012

Squid: Your cache is running out of filedescriptors Solution !

Filed under: Linux Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 9:50 AM

If you have large number of proxy users & you start to feel browsing is getting slower, and upon insecting squid cache log /var/log/squid/cache.log you see below error …

WARNING! Your cache is running out of filedescriptors

It means Squid proxy server is running out of file descriptors and cannot handle the extra requests sent by your client computers. therefore you need to increase descriptors value.

Use the following command to see the current descriptors value

squidclient -p 8080  mgr:info | grep 'file descri'



Result As showed in the image below . . .

As you can see current file descriptors are 1024. To increase this value, edit your squid.conf file by

nano /etc/squid/squid.conf

Now add this line

max_filedesc 4096

OR [depends on squid version you may need this]

max_filedescriptor

Save and exit editor.

Now restart your squid service to apply the changes you made by

service squid restart

Use following command to see the descriptors value

squidclient -p 8080  mgr:info | grep ‘file descri’

and this time you will notice that file descriptors have increased.
Result As showed in the image below . . .

Some Additional Tip!

nano /etc/sysctl.conf

Add following line in starting

fs.file-max = 65535

Save & Exit.

Now run following command to update

systcl -p

Regard’s
Syed Jahanzaib

March 21, 2012

TMG 2010 ISP Redundancy Fail Over Guide

Filed under: Forefront TMG 2010 Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 11:05 AM

Scenario: I have 2 WAN Internet Connections, and I want that if primary link fails (or looses its connectivity with the ISP/internet) TMG should automatically switch over to secondary link, and when primary link gets back online, TMG should switch back to Primary Link.

But first let’s discuss some theoretical introduction of TMG new feature called ISP Redundancy

Forefront TMG 2010 is the latest proxy/firewall server from Microsoft. It have many new exciting features which makes it very good , reliable and rich feature application.

One of the greatest (and most demanding) new features of Microsoft Forefront TMG is ISP Redundancy. With the help of this feature it is now possible to load balance the network traffic between two different ISPs . One other configuration mode is the ability to configure Microsoft Forefront TMG for ISP Failover (Which is discussed later in this article). In this case, Forefront TMG will use one ISP link as the primary connection, and if this link gets broken, TMG will automatically failover to the second configured ISP.

ISP redundancy feature utilizes multiple ISP links and provide high-availability with load balancing and failover or just failover capability to the corporate Internet. The common functionality of ISP redundancy are:

  •     Designate primary and secondary link for internet connections
  •     Balance traffic load based on percentage of total traffic per link
  •     Automatic fail over to secondary link if primary link fails

Ok Let’s Start 🙂

Requirements:

1) Two Separate WAN connections connected with TMG , both should be fully configured with there respective IP , gateway and DNS.

2) Static Route defined via ip route command for ISP’s DNS Server (Or any other WAN IP, to let TMG decide if the specific link unable to reach isp dns or any other wan ip defined)

In this example , we have 3 Interfaces card in TMG as following

LAN = Connected with Users Switch
WAN1 = PTCL DSL Link (Primary)
WAN2 = FIBER Optics Backup Link (Secondary)

(As shown in the image below . . .)

Open TMG console,
Goto Networking  >> ISP Redundancy
and click on Configure ISP Redundancy

(As shown in the image below . . .)

In the below example, I am using FAILOVER only mode, (But you can select Load balancing with failover capability, you can also change the mode later)

Now type the ISP1 name and select the Network adapter (After selecting the network adapter , Subnet field will auto fill up )

In next screen, it will show you the ISP1 ip scheming info like gateway , subnet , dns etc

Now type the ISP2 name and select the Network adapter (After selecting the network adapter , Subnet field will auto fill up )

In next screen, it will show you the ISP1 ip scheming info like gateway , subnet , dns etc

Now it will ask you which ISP link will act as PRIMARY ISP Connection, select your desired link

All done, It will show the final config on your screen, just select FINISH.

Now the Important Part. We Must add static route to tell TMG via route that if specific WAN link looses its connectivity , it should switch over to secondary link.

First you have to see what network interface have which code, this code will be used in route command to tell which interface rule would be applied.

open command prompt on TMG, and type
ROUTE PRINT

Now Open Network Connections , and take properties of your First ISP Interface Adapter. and you will see the interface name, like below

Now check in the route PRINT command and find the number of your first isp interface card number which name is “Microsoft Virtual Machine Bus Network Adapter #2” which in this example is 12 (it is showed in starting)

Repeat the above step and find the number of secondary ISP link, which in this example is 29

Now issue following command To add a persistent static route

route -p ADD 221.132.112.8 MASK 255.255.255.255 192.168.30.1 METRIC 1 IF 12
route -p ADD 221.132.112.9 MASK 255.255.255.255 192.168.20.1 METRIC 2 IF 29

the above command will tell TMG to go through Specific link for DNS Server status, so if primary link looses it connectivity with the internet(connectivity with the 221.132.112.8 via ISP1, ) it will switch over to ISP2 , it will periodically check primary link connectivity, as soon it restores, it will switch back to primary link.

ROUTE Command Syntax

route [-p] ADD [destination] MASK [netmask] [gateway] METRIC [metric] IF [interface]

  • P—-Makes the route persistent
  • METRIC---specifies the priority for this route. the route with the lowest metric has the highest priority.
  • IF---Specifies the interface number

TIP:

Howto Bind User/dst website to Go through Specific Link Only in TMG

If you want to bind specific user or group to go through specific link only,use the following logic

# First create user/ip/ip range entry in FIREWALL POLICY > TOOL BOX / NETWORK OBJECTS  >> computer / computer sets or address range

# Then goto  NETWORKING / NETWORK RULES and create new NETWORK RULE with following data

Network Name Rule : WAN2 Users
FROM: Your Specific Computer IP / User / IP Range
TO : External
Network Relationship : Network Address Translator (NAT)
NAT Address Selection : Use the Specified IP and then select your desired WAN link ip
Click FINISH and APPLY.

Note: As shown in the images below

Now hit APPLY button to make changes.

To test, Goto your client, and open http://www.whatismyip.com
It will show you new ip of secondary link. 😀

BEFORE NETWORK RULE:  User request is routing through Default First WAN link (PTCL).

AFTER NETWORK RULE:  User request is now routing through second WAN link (FIBER).

Some Considerations and Info

To determine the availability of a particular ISP connection, TMG performs dead link detection by randomly polling one of the thirteen Internet root DNS servers on TCP port 53 (when TMG is deployed as a back firewall, make certain that TCP port 53 is open to the Internet). If the selected root DNS server responds, TMG considers the connection available. If it does not respond, TMG will poll additional root DNS servers at one minute intervals. If no replies are received after three consecutive attempts, TMG considers the connection unavailable and raises an alert. Once TMG identifies a connection as unavailable, it will wait for five minutes before attempting to poll again. Once it receives a response, TMG will continue polling at one minute intervals. When three consecutive responses have been received, TMG will consider the connection available.

In the default setting, TMG checks the status of the ISP link by trying to establish a TCP connection on port 53 (DNS zone transfer) to a list* of root DNS server on a round robin basis. If a connection can be established, TMG will consider the link active.

* Default destination addresses in TMG RC:
192.58.128.30,193.0.14.129,198.32.64.12,202.12.27.33,198.41.0.4,192.228.79.201,192.33.4.12,128.8.10.90,192.203.230.10,192.5.5.241,192.112.36.4,128.63.2.53,192.36.148.17

TMG will wait at least 3 minutes until a link is considered down

  •  A link will be considered down for at least 7 minutes (min failed time with 300 seconds + 2x OK interval with 60 seconds each)
  • A link has to be stable for at least 3 minutes once TMG will bring the link up again.

You can modify those default values by using VBS Script (mentioned in the below links)

Script to reduce link detection time:

https://aacable.wordpress.com/2012/03/27/forefront-tmg-2010-isp-redundancy-configuring-verification-of-link-status/

set root=CreateObject("FPC.Root")
set arr=root.GetContainingArray()
set ExtNet=arr.NetworkConfiguration.Networks("External")
set ISPRCfg=ExtNet.ISPRedundancyConfig
ISPRCfg.MinimalResumeTime = 30
ISPRCfg.TestIntervalLinkAvailable = 30
ISPRCfg.TestIntervalLinkUnavailable = 30
ISPRCfg.FailuresToUnavailable = 1
ISPRCfg.SuccessesToAvailable = 1
ISPRCfg.Save

 

I took help from following websites for this article , I copied some text from following websites for general information. You can find Some Good Reference for more detailed and step by step guides.

http://www.isaserver.org/tutorials/Exploring-ISP-Redundancy-Forefront-Threat-Management-Gateway-TMG-2010.html
http://www.isaserver.org/tutorials/microsoft-forefront-tmg-isp-redundancy-mode.html
http://microsoftguru.com.au/2011/04/26/ff-tmg-2010-configure-isp-redundancy-step-by-step/

Regard’s

Syed Jahanzaib

March 13, 2012

IBM Lotus Domino Monitoring via MRTG

Filed under: IBM Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:10 PM

Recently I was having trouble with Lotus Domino 8.5 Server regarding Mail Waiting / Stats etc. So in order to properly monitor Lotus Domino Server various instances status, I added few stats in MRTG to Admin Persons to troubleshoot problem before they get savior plus having a history always help you in making any decision. zaib

Here is how to enable SNMP Agent on Domino. But first make sure you have installed SNMP service in Domino Server Windows and enable it properly by setting its community name and security setting to allow specific or All host to inquire snmp. 

Configure the Domino LNSNMP agent to run as a service:

Run the following commands in the Domino program directory.

First stop the service if it is already running – in a CMD (admin rights) prompt run commands :

net stop lnsnmp
net stop snmp

If the service is not already running you may see the error:

    System error 1060 has occurred.
    The specified service does not exist as an installed service.

Now add LNSMP as a service

d:\Lotus\domino\LNSNMP -Sc
( change path where Domino is installed, this command is case sensitive )

If it starts you will see :

    Service creation complete

Now start SNMP Service

net start snmp
net start lnsnmp

If it starts you will see :

    The Lotus Domino SNMP Agent service was started successfully.

Now Run these commands on Domino server console by navigating to SERVER / SERVER CONSOLE

load quryset

Done.

From your MRTG Server (either Windows or Preferably Linux) You can inquire SNMP for Domino instances.
To query MIB/OID‘s, use the following.

http://www.mibdepot.com/cgi-bin/getmib3.cgi?i=1&n=NOTES-MIB&r=cai&f=notes.mib&v=v1&t=tree

For example:

root@zaiblinux:/mrtg# snmpwalk -v 1 -c   community_name   ip_address 1.3.6.1.4.1.334.72.1.1.4.6.0

This will inquire domino MIB for Number of  Waiting Mails and and you will get result like:

SNMPv2-SMI::enterprises.334.72.1.1.4.6.0 = INTEGER: 3

Once the SNMP query is working fine, then you can use the following CFG for various graphing of Lotus.

Following

Title[mailsrv.mempercent]: mailsrv DOMINO MAIL Srver Used Memory in (%)
PageTop[mailsrv.mempercent]: <H1>mailsrv - IBM DOMINO MAIL Server USED Memory in %</H1>
Target[mailsrv.mempercent]: ( hrStorageUsed.5&amp;hrStorageUsed.5:PUBLIC@10.0.0.1) * 100 / ( hrStorageSize.5&amp;hrStorageSize.5:PUBLIC@10.0.0.1)
options[mailsrv.mempercent]: growright, gauge, nopercent, integer
Unscaled[mailsrv.mempercent]: ymwd
MaxBytes[mailsrv.mempercent]: 100
YLegend[mailsrv.mempercent]: Memory %
ShortLegend[mailsrv.mempercent]: Percent
LegendI[mailsrv.mempercent]: Used
LegendO[mailsrv.mempercent]:
Legend1[mailsrv.mempercent]: mailsrv Server Percentage Memory
Legend2[mailsrv.mempercent]:

# mailsrv - Mail Server Availability Index
Title[mailsrv.avindex]: mailsrv - Mail Server Availability Index
PageTop[mailsrv.avindex]:<H1>mailsrv - Mail Server Availability Index</H1>
Target[mailsrv.avindex]: 1.3.6.1.4.1.334.72.1.1.6.3.19.0&amp;1.3.6.1.4.1.334.72.1.1.6.3.19.0:PUBLIC@10.0.0.1
options[mailsrv.avindex]: growright, gauge, nopercent, integer
Unscaled[mailsrv.avindex]: ymwd
MaxBytes[mailsrv.avindex]: 100
YLegend[mailsrv.avindex]: Srv Availability Index
ShortLegend[mailsrv.avindex]: %
LegendI[mailsrv.avindex]: %
LegendO[mailsrv.avindex]:
Legend1[mailsrv.avindex]: mailsrv - Mail Server Availability Index
Legend2[mailsrv.avindex]:

# mailsrv Mail Monitoring (Mail Waiting Usage)
Title[mailsrv.mailwait]: mailsrv DOMINO MAIL Srver - Number of Mails Waiting for Delivery
PageTop[mailsrv.mailwait]:<H1>mailsrv - IBM DOMINO MAIL Server - Mails Waiting for Delivery</H1>
Target[mailsrv.mailwait]: 1.3.6.1.4.1.334.72.1.1.4.6.0&amp;1.3.6.1.4.1.334.72.1.1.4.6.0:PUBLIC@10.0.0.1
options[mailsrv.mailwait]: growright, gauge, nopercent, integer
Unscaled[mailsrv.mailwait]: ymw
MaxBytes[mailsrv.mailwait]: 10000
YLegend[mailsrv.mailwait]: Mail Waiting 4 Delivery
ShortLegend[mailsrv.mailwait]: No.
LegendI[mailsrv.mailwait]: No.
LegendO[mailsrv.mailwait]:
Legend1[mailsrv.mailwait]: mailsrv - Number of Mails Waiting for Delivery
Legend2[mailsrv.mailwait]:

# mailsrv Mail Monitoring (Mails Holding in Queue)
Title[mailsrv.mailhold]: mailsrv DOMINO MAIL Srver - Number of Mails Holding in Queue
PageTop[mailsrv.mailhold]:
<H1>mailsrv - IBM DOMINO MAIL Server - Mails Holding in Queue</H1>

Target[mailsrv.mailhold]: 1.3.6.1.4.1.334.72.1.1.4.21.0&amp;1.3.6.1.4.1.334.72.1.1.4.21.0:PUBLIC@10.0.0.1
options[mailsrv.mailhold]: growright, gauge, nopercent, integer
#Unscaled[mailsrv.mailhold]: ymw
MaxBytes[mailsrv.mailhold]: 10000
YLegend[mailsrv.mailhold]: Mail Holding in Queue
ShortLegend[mailsrv.mailhold]: No.
LegendI[mailsrv.mailhold]: No.
LegendO[mailsrv.mailhold]:
Legend1[mailsrv.mailhold]: mailsrv - Number of Mails Holding in Queue
Legend2[mailsrv.mailhold]:

# mailsrv -
Title[mailsrv.mailusersopensess]: mailsrv - Mail - Number of users with sessions open on the server
PageTop[mailsrv.mailusersopensess]:<H1>mailsrv - Number of users with sessions open on the server</H1>
Target[mailsrv.mailusersopensess]: 1.3.6.1.4.1.334.72.1.1.6.3.6.0&amp;1.3.6.1.4.1.334.72.1.1.6.3.6.0:PUBLIC@10.0.0.1
options[mailsrv.mailusersopensess]: growright, gauge, nopercent, integer
#Unscaled[mailsrv.mailusersopensess]: ymw
MaxBytes[mailsrv.mailusersopensess]: 1000
YLegend[mailsrv.mailusersopensess]: Users Open Sessions
ShortLegend[mailsrv.mailusersopensess]: No.
LegendI[mailsrv.mailusersopensess]: No.
LegendO[mailsrv.mailusersopensess]:
Legend1[mailsrv.mailusersopensess]: mailsrv - Number of users with sessions open on the server
Legend2[mailsrv.mailusersopensess]:

# MAILSRV -
Title[MAILSRV.tnspermnt]: MAILSRV - Mail - Number of transactions per mnt
PageTop[MAILSRV.tnspermnt]: <H1>MAILSRV - Mail - Number of transactions per mnt</H1>
Target[MAILSRV.tnspermnt]: 1.3.6.1.4.1.334.72.1.1.6.3.2.0&amp;1.3.6.1.4.1.334.72.1.1.6.3.2.0:PUBLIC@10.0.0.1
options[MAILSRV.tnspermnt]: growright, gauge, nopercent, integer
Unscaled[MAILSRV.tnspermnt]: ymw
MaxBytes[MAILSRV.tnspermnt]: 1000
YLegend[MAILSRV.tnspermnt]: Users Open Sessions
ShortLegend[MAILSRV.tnspermnt]: No.
LegendI[MAILSRV.tnspermnt]: No.
LegendO[MAILSRV.tnspermnt]:
Legend1[MAILSRV.tnspermnt]: MAILSRV - Number of transactions per mnt
Legend2[MAILSRV.tnspermnt]:

# MAILSRV - total mail routed
Title[MAILSRV.tot.mail.routed]: MAILSRV - Mail - Total Mail Routed in last 5 mnts
PageTop[MAILSRV.tot.mail.routed]: <H1>MAILSRV - Mail - Total Mail Routed in last 5 mnts</H1>
Target[MAILSRV.tot.mail.routed]: ` /temp/MAILSRV.total.mail.routed.sh`
options[MAILSRV.tot.mail.routed]: growright, gauge, nopercent, integer
Colours[MAILSRV.tot.mail.routed]: B#467EEE,R#FF0000,RED#ff4f27,DIRTY YELLOW#E6B420
#Unscaled[MAILSRV.tot.mail.routed]: ymwd
MaxBytes[MAILSRV.tot.mail.routed]: 1000
YLegend[MAILSRV.tot.mail.routed]: Total Mail Routed in 5 mnts
ShortLegend[MAILSRV.tot.mail.routed]: No.
LegendI[MAILSRV.tot.mail.routed]: No.
LegendO[MAILSRV.tot.mail.routed]:
Legend1[MAILSRV.tot.mail.routed]: MAILSRV - Total Mail Routed in last 5 mnts
Legend2[MAILSRV.tot.mail.routed]:

For Total Mail Routed in 5 mnts avg requires following bash script, i made it to get some customized result.


#!/bin/bash
# Script to query SNMP result from Lotus domino server for different stats
# like total mail routed in last XXX seconds, and then reset the counters after X minutes
# Syed Jahanzaib / aacable @ hotmail . com
# 6-JAN-2017
#set -x
IP="192.168.0.1"
OID="1.3.6.1.4.1.334.72.1.1.4.4"
SNMP_CMD_OUTPUT_HOLDER="/tmp/mailrouted.info"

TIMEOUT_TOC_HOLDER="/tmp/mtrad_timeout_holder_old.txt"
TIMEOUT_TCC_HOLDER="/tmp/mtrad_timeout_holder_new.txt"
NO_TIMEOUT_MSG="0
0"

# Seconds Value after which the script will reset the timeout counts
# MNts = 2
SECONDS_THRESHOLD="360"
# 6 Mnts to get 5 mnt avg on MRTG box
MINUTE_THRESHOLD=`echo $(($SECONDS_THRESHOLD/60))`

# Date time values/holders varialbes to comapre script execution in end
CUR_DATE=`(date +%T) | tr -d :`
OLD_DATE_HOLDER="/tmp/oldtime.txt"
if [ ! -f $OLD_DATE_HOLDER ];then
echo $CUR_DATE > $OLD_DATE_HOLDER
fi

OLD_DATE_PRINT_VALUE=`cat $OLD_DATE_HOLDER |sed 's/^0*//'`

# Acquire SNMP OID from HOST using SNMP and output to holder
snmpwalk -v1 -c agp -Onqv $IP $OID > $SNMP_CMD_OUTPUT_HOLDER

# Filter data to get only timeout value from the holder
TIMEOUT=`cat $SNMP_CMD_OUTPUT_HOLDER`

# If holder1 file is not found, create one
if [ ! -f $TIMEOUT_TOC_HOLDER ]; then
touch $TIMEOUT_TOC_HOLDER
fi
# If holder2 file is not found, create one
if [ ! -f $TIMEOUT_TCC_HOLDER ]; then
touch $TIMEOUT_TCC_HOLDER
fi

# If timeout holder is new or have no data, then add the current timeout value
if [ ! -s $TIMEOUT_TOC_HOLDER ] ;then
echo $TIMEOUT > $TIMEOUT_TOC_HOLDER
fi

# Add current Timeout value fetched from the MT to Variable as current value
echo $TIMEOUT > $TIMEOUT_TCC_HOLDER

# Print
TIMEOUT_TOC_VALUE=`cat $TIMEOUT_TOC_HOLDER`
TIMEOUT_TCC_VALUE=`cat $TIMEOUT_TCC_HOLDER`

if [ $TIMEOUT_TCC_VALUE -gt $TIMEOUT_TOC_VALUE ]; then
FINAL_TIMEOUT_VALUE=`echo $(( $TIMEOUT_TCC_VALUE - $TIMEOUT_TOC_VALUE ))`
echo $FINAL_TIMEOUT_VALUE
echo $FINAL_TIMEOUT_VALUE
else
echo "$NO_TIMEOUT_MSG"
fi

# Check if script is excecuted after $THRESHOLD Value, to reset the counts
CUR_DATE=`(date +%T) | tr -d :
#|sed 's/^0*//'`

TIME_MATH=`echo $(($OLD_DATE_PRINT_VALUE-$CUR_DATE)) |tr -d -`
echo $TIME_MATH Seconds difference found.
if [ $TIME_MATH -gt $SECONDS_THRESHOLD ]; then
MINUTE_THRESHOLD=`echo $(($SECONDS_THRESHOLD/60))`
echo "difference is abbove $MINUTE_THRESHOLD Minutes OR $SECONDS_THRESHOLD seconds value, resetting now "
echo $CUR_DATE > $OLD_DATE_HOLDER
# Also reset the total current count so that new value can be obtained per x minutes
echo $TIMEOUT_TCC_VALUE > $TIMEOUT_TOC_HOLDER
fi

# THE END

And its MRTG Graphs result is as follows:

12361-tot-routed-mails-in-5-mnts2-session

 

That’s how you can create MRTG for any instance for DOMINO 😀

Error “Lotus Domino SNMP Agent is not available”

– If you receive “Error “Lotus Domino SNMP Agent is not available” in domino console, make sure that SNMP and LNSNMP service is running.

– Also check if the Domino is running as Service or Application. Domino should run as SERVICE for quryset task to interact with LNSNMP agent.

Automate “QURYSET” upon Domino Reboot …

After domino reboot, SNMP counters do not work, you have to manually execute “Load quryset” via Domino console. To automate it, edit notes.ini (on server) and add the word “quryset” in ServerTasks line.

Cheer’s

Syed Jahanzaib

%d bloggers like this: