Syed Jahanzaib Personal Blog to Share Knowledge !

August 24, 2016

Radius Manager Connection Tracking System for Mikrotik

Filed under: Mikrotik Related, Radius Manager — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 10:35 AM

trackme

PTA LETTER for log recording


As requested by few OP, following is a short technical reference guide on how you can enable TCP/UDP connections in Mikrotik to be stored in Radius manager connection tracking database so that you can view user base connection tracking report. Recently PTA also issues letter to all operators to comply with the order as showed in above scanned image …

In my personal view, it’s not much useful and at low end hardware it creates bottleneck, but if you have good resources with some fast storage (like SSD or RAID-10) it is better to set it up.

CTS is best described in the manual by dmasoftlab manual as mentioned below

Radius Manager has a special feature: the Connection Tracking System. It is available only in Radius Manager CTS version or higher. With the help of it the system can track and log all the TCP and UDP connections for all registered (online) users.

By default when You install the CTS enabled version of Radius Manager, it will use the default CTS database (CONNTRACK). It is strongly recommended to use a separate database host for the CONNTRACK database, due to the enormous amount of data stored daily. It can be even a 100-500 MegaBytes (and in my personal experience it can grow as much as 3-5 GB on busy network, ZAIB) per day. Fast disks (like SSD in RAID 10 mode,  zaib) are also recommended to be able to seek and store the data in real time. Radius Manager periodically stores the traffic data to CONNTRACK database (typically in
every 5–60 seconds).


Mikrotik (6.x) Configuration to enable Firewall Logging to remote server (RM)

If you have already configured the radius manager, then the conntrack database also get configured via the installation script. Next step is to enable the firewall logging in the mikrotik router so that mikrotik can send the categorized TCP/UDP data to radius manager conntrack database.

In mikrotik, open terminal and issue following commands …

In below example, we have following IP scheme.

PPPoE users ip pool = 172.16.0.1-172.16.0.255
Radius Manager IP  = 101.11.11.254

/ip firewall filter add chain=forward src-address=172.16.0.1-172.16.0.255 protocol=tcp connection-state=new action=log
# You can ignore UDP packets to avoid excessive logging
/ip firewall filter add chain=forward src-address=172.16.0.1-172.16.0.255 protocol=udp connection-state=new action=log
#Change the Radius server IP
/system logging action add name=rmctszaib remote=101.11.11.254 target=remote remote-port=4950
/system logging add topics=firewall action=rmctszaib

If you don’t see any errors , you are good to Go.


RADIUS MANAGER SECTION:

1. Radius Manager should be licensed with CTS level. Basic license wont gonna work ..

2. Make sure that  RMCONNTRACK service is UP and running.To make sure it’s running , get its process by

ps aux |grep rmconntrack

and you should get result something like following

root@radius:/# ps aux |grep rmconntrack
root xxxx 0.0 0.0 xxxxxx xxx ? Ssl 13:22 0:00 /usr/local/bin/rmconntrack

if you see its running, proceed further , otherwise you may start it manually by

rmconntrack –x

Now login to RM ACP  >  Reports  >  Connection Report

Here you can get report for all or individual user.

As showed in the image below …

c1

 

c2

 


Regard’s
Syed Jahanzaib

 

 

1

August 8, 2016

UPS Monitor BASH Script with SMS / Email Alerts

Filed under: Linux Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:26 PM

Following script is just For my personal reference Purpose only!!!

 

script ups output

Emerson UPS Info via DUDE

kesc

 


Scenario:

In our datacenter , we have Emerson 10kva UPS x 2 in failover + load balancing mode. Yesterday we got some electric failure resulting in UPS shutdown after its batteries banks got drained. This UPS doesn’t have advance alerting system other than simple traditional alerts of light failure and restore via email. Therefore I made some customized scripts which are now monitoring the UPS status with more deeper digging.

Example: If the Electricity failure occurs (or low voltage under xxx value) then it should send email + sms alert to the admin. So basically we will match at least two conditions.

In this script we have use following software hardware

  • Ubuntu 12.4 Server Edition with this bash script
  • Network Support UPS with SNMP card
  • Kannel SMS gateway in same ubuntu box for sending SMS using locally attached GSMmodem
  • Sendemail application for sending emails alerts (Its not SENDMAIL server, its small app name sendemail which we can use to send email via Gmail as well, it comes handy 🙂 )

Before proceeding, make sure that

  • You can ping the UP ip properly,
  • You can query the UPS via SNMP query like snmpwalk -v1 -c PUBLIC UPSIP
  • You can query UPS input OID and get result like 220 (or if you get result like 2200 use the formula in the script in later section)


#!/bin/bash
# Function: DATA CENTER UPS KE INPUT ONLY - SCRIPT [KE is the company name wihch provides electricity in Karcahi city - Karachi Electric
# Scheduled Script to check data center KE INPUt + UPS Bacnkup remain time via SNMP after every 1 mnt or as per scheudled cron job.
# If it found no input , it wll send sms or email Alerts, but donot repeat it untill next status change.
# Script Designed by Syed Jahanzaib
# aacable at hotmail dot com
# http://aacable . wordpress . com
# Cration Date: 2015
# Last revision DAte: 7-June-2018]
#set -x
# Colors Config . . . [[ JZ . . . ]]

ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_GREEN=$ESC_SEQ"32;01m"
DATE=`date`

# COMPANY NAME
COMPANY="ZAIB-LTD"
FOOTER="Powered by Syed Jahanzaib."

# Hostname
HOSTNAME=`hostname`

# KANNEL SMS Gateway Info
KURL="127.0.0.1:13013"
KANNELID="kannel"
KANNELPASS="KANNEL-PASSWORD"
CELL1="03333021909"
SENTSMSRESULT="/temp/kemonsentsmsresult.txt"
LOCATION="FSD"

# GMAIL DETAILS
GMAILID="GMAIL-ID@gmail.com"
GMAILPASS="GMAIL-PASS"
ADMINMAIL1="YOUREMAIL@hotmail.com"

# to install sendemail, use apt-get install sendemail
SENDMAILAPP="sendemail"
STATUS_HOLDER="/temp/upskemon.txt"
SNMPRESULT="/temp/kesnmpoutput.txt"
touch $SNMPRESULT

# UPS RELATED INFO
UPSIP="$1"
SNMPSTR="PUBLIC"

# For APC SMART 1500 UPS Model, You must change them as per your version
UPSINPUTOID="1.3.6.1.4.1.318.1.1.1.3.2.1.0"
UPSTIMEOID="1.3.6.1.4.1.318.1.1.1.2.2.1.0"
UPSTIMELIMIT="30"
KELIMIT="150"

# Check if UPS is accessibel or not, if not then EXIT immediately with error / zaib
if [[ $(ping -q -c 3 $UPSIP) == @(*100% packet loss*) ]]; then
echo "ALERT ..... UPS IP $UPSIP is DOWN ..."
exit 1
fi

snmpwalk -v1 -c $SNMPSTR $1 $UPSINPUTOID > $SNMPRESULT
if [ ! -s $SNMPRESULT ]; then
echo "ALERT ALERT: UPS IP $UPSIP - SNMP NOT Repsonding"
exit 1
fi

# If temporary status holder is not present , then create it,
# forumla is being applied to prevent repeated attempt of file creation / zaib
if [ ! -f $STATUS_HOLDER ]; then
echo -e "Creating Status Holder for first time usage"
touch $STATUS_HOLDER
fi

# Check for KE INPUT via SNMP query, make sure to chhange it accordingly
# currently i am using emerson UPS with snmp web card, as example
TIMEQ=`snmpwalk -v1 -Oqv -c $SNMPSTR $UPSIP $UPSTIMEOID`
KEINPUT=`snmpwalk -v1 -Oqv -c $SNMPSTR $UPSIP $UPSINPUTOID`
#KE=$(($KEINPUT / 100))
KE="$KEINPUT"

NORMSG="All Seems OK !
$FOOTER"
UPMSG="/temp/upmsg.sms"
DOWNMSG="/temp/downmsg.sms"

# MESSAGES
# SMS and email msg fromat for up n down
MSG_UP_SUB="$COMPANY - $LOCATION - UPS INPUT restored @ $DATE"
MSG_DOWN_SUB="$COMPANY - $LOCATION - UPS INPUT failed @ $DATE"
LOWMSG="$COMPANY - $LOCATION - UPS Info: UPS Voltage Input failed @ $DATE
Current Volate Input = $KE volts

$FOOTER"
OKMSG="$COMPANY - $LOCATION - UPS Info: Voltage Input restored @ $DATE
Current Voltage Input = $KE volts

$FOOTER"

# Print Values
echo -e "$COMPANY - $LOCATION - SCRIPT TO MONITOR ELECTRIC INPUT VOLTAGE in UPS ONLY *******
UPS IP / PING response = $UPSIP / Ping Responding OK
UPS SNMP Response = OK / SNMP query Accessible
Minimum Time Threshold = $UPSTIMELIMIT mnts
Minimum KE Input Threshold = $KELIMIT volts
Current Backup Time = $TIMEQ mnts
Current K.E Input = $KE volts

"

# Matching Formula starts here .. zaib
# IF KE INPUT result is greater the our defined limit, then give alert
if [ "$KE" -lt "$KELIMIT" ]; then
echo -e "$LOWMSG "
if [ $(grep -c "TEMP" "$STATUS_HOLDER") -eq 1 ]; then
echo -e "SMS/Email for DOWN have already been sent "
fi
fi

# IF KE INPUT result is less then our defined limit, then send sms and email, IF NOT ALREAY SENT
if [ "$KE" -lt "$KELIMIT" ]; then
if [ $(grep -c "TEMP" "$STATUS_HOLDER") -eq 0 ]; then
echo -e "ALERT: $LOWMS $(date) / SENDING SMS/Email .... "
echo "$LOWMSG" > $DOWNMSG
echo "TEMP" > $STATUS_HOLDER

# Sending DOWN SMS via KANNEL
echo $DATE > $SENTSMSRESULT
cat $DOWNMSG | curl "http://$KURL/cgi-bin/sendsms?username=$KANNELID&password=$KANNELPASS&to=$CELL1" -G --data-urlencode text@- >> $SENTSMSRESULT

# Sending Email via sendEmail tool app using GMAIL
$SENDMAILAPP -u "$MSG_DOWN_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$DOWNMSG -o message-content-type=text
fi
else
echo -e "$NORMSG ... "
if [ $(grep -c "TEMP" "$STATUS_HOLDER") -eq 1 ]; then
echo -e "$COMPANY ALERT : $OKMSG $(date) / SENDING OK SMS/Email .... "
echo "$OKMSG" > $UPMSG
sed -i "/TEMP/d" "$STATUS_HOLDER"

# Sending UP SMS via KANNEL
echo $DATE > $SENTSMSRESULT
cat $UPMSG | curl "http://$KURL/cgi-bin/sendsms?username=$KANNELID&password=$KANNELPASS&to=$CELL1" -G --data-urlencode text@- >> $SENTSMSRESULT

# Sending Email via sendEmail tool app using GMAIL
$SENDMAILAPP -u "$MSG_UP_SUB" -o tls=yes -s smtp.gmail.com:587 -t $ADMINMAIL1 -xu $GMAILID -xp $GMAILPASS -f $GMAILID -o message-file=$UPMSG -o message-content-type=text
fi
fi

# Script Ends Here
# Syed Jahanzaib / aacable @ hotmail . com
# http:// aacable . wordpress . com


TEST RUN !

Now execute the script like

/temp/kemon.sh 192.168.0.1

x.JPG

 


Regard’s

Syed Jahanzaib

 

%d bloggers like this: