Syed Jahanzaib Personal Blog to Share Knowledge !

January 6, 2017

Gathering Stats from remote Windows via Linux Shell

Filed under: Linux Related, Uncategorized — Tags: , , , , , , , — Syed Jahanzaib / Pinochio~:) @ 2:43 PM

Reference Post:

Following are few simple methods to query information for various instances like remote windows service status , performance monitor instance result with trimming , , execute commands on remote windows box , all being done from our beloved Linux boX ūüėČ

I must admit that even after spending years in this field, I still feel myself very doodle, blockhead &¬†light brain in almost every topic or subject I get confronted with ! STML plays an important role in my Deficiency ¬†‘_’ ¬† ¬†– ūüėČ

ots1087__97717-1410905363-1280-1280


Executing command on remote windows server, and get its result in output

$WINEXE --user=$DOMAIN/$ADMINID%$ADMINPASS //$SERVERIP "C:\TEMP\COMMAND.EXE -syntax-if-any"

Note: above command requires WINEXE tool (Linux tools to execute command on remote windows)

Querying Remote Windows Performance Monitor Instances

Example, we have Forefront TMG 2010 and we want to see its Cache Hit % from our linux box shell, so we can use following command (It was real hard to escape nested double quotes :O )

This is very very useful command and it took few hours for me to trim the required result for plotting graph.

winexe -U domain/admin%"password" //MYSERVER 'typeperf -sc 1 -si 1 "\\MYSERVER\Forefront TMG Web Proxy\Cache Hit Ratio (%)"'

and with bash script I used it like

root@linux:/temp# cat tmg-cachehit.sh

#!/bin/bash
# Script to query TMG cache HIT after trimming
#set -x
IP="10.0.0.1"
DOMAIN="MYDOMIN"
ID="ADMIN"
PASS="PASSWORD"
TMP_HOLDER="/tmp/$IP.cache.hit.txt"
winexe -U $DOMAIN/$ID%"$PASS" //$IP 'typeperf -sc 1 -si 1 "\\101.11.11.6\Forefront TMG Web Proxy\Cache Hit Ratio (%)"' > $TMP_HOLDER
RESULT=`cat $TMP_HOLDER | sed -n 3p | awk '{print $2}' | cut -d "," -f 2 | tr -d '"' | cut -f1 -d"."`
echo $RESULT
echo $RESULT

Result:

tmg-cache-hit


Check remote windows service status

Example if we want to query service status result of Lotus domino mail server ¬†from our linux box …

root@linux:/temp# net rpc service status "Lotus Domino Server (DLotusDominodata)" -I 10.0.0.1 --user=DOMAIN/ADMINID%PASSWORD

RESULT:

Lotus Domino Server (DLotusDominodata) service is running.
Configuration details:
Controls Accepted = 0x5
Service Type = 0x110
Start Type = 0x2
Error Control = 0x0
Tag ID = 0x0
Executable Path = "X:\Lotus\nservice.exe" "=X:\Lotus\notes.ini" "-jc" "-c"
Load Order Group =
Dependencies = /
Start Name = LocalSystem
Display Name = Lotus Domino Server (DLotusDominodata)

Allah Shuker


I used all above commands in various script for alerts and mrtg graphing. you can use it to fulfill any customized requirements.

Regard’s
Syed Jahanzaib

December 19, 2016

Incorrect key file for table ‚Äė./conntrack/xxxx@xxxxxx@xxxxxx.MYI‚Äô; try to repair it

Filed under: Radius Manager, Uncategorized — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:05 PM

corruption

Incorrect key file for table ‚Äė./conntrack/2016@002d12@002d16.MYI‚Äô; try to repair it

If you see the above error while accessing¬†Connection Tracking Reports in Radius Manager then …

Recommendations:

  • Make sure you aave plenty of Disk Space. Storage drive should be fast for high load servers preferably SSD or RAID based storage ,
  • Plenty of Memory is usually a good idea for DB systems ,
  • If its a heavy production server, try to move connection tracking to separate host as it takes lots of space and it adds good amount of payload to the CPU as well.
  • Perform tuning to enhance the mysql engine

To repair table …

Goto the conntrack folder [Ubuntu]
cd /var/lib/mysql/conntrack/
service mysql stop
# Change the file number as shown in the error 
myisamchk -r -v -f 2016@002d12@002d16.MYI

Once repair is done, start mysql / restart apache2 services , and test the desired tracking report again.

Regard’s
~Syed Jahanzaib~

Tik: 9 wan pcc with vpn server

Filed under: Uncategorized — Syed Jahanzaib / Pinochio~:) @ 10:12 AM

~ There are no absolute answers in this universe, only assumptions, guesses, Jeopardies
Syed Jahanzaib !


r1222464_16033207

9-wann-pcc-zaib

Just a reference post. Default PCC may not work if you are using VPN server (to provide net access to local users via dialer) , So you may need to tweak it very little in order to make it work.

Disclaimer: 
The script in this post is made for reference purposes only. This is no way a COPY PASTE material which you can use it as a whole. every config is different and is build according to the network. Just try to read it and get the logics , modify them as per local requirements and then implement it. You may need to play a bit or tweak it in order to make it Workable config.


Scenario:

Hardware Used : Mikrotik – Rb1100ahx2

  • 9 DSL (ptcl) routers are connected with the¬†RB1100ahx2
  • Ports name have been renamed to friendlier label for easy marking.
    Example Port 1-9 are renamed as WANx , and Port 10 is marked as Local
  • VPN Server is configured on same RB, and users dials in to this server in order to access internet.
  • No DHCP is being used on this setup as OP prefers to use static ips due to some specific circumstances.

the scriptO!

# Make sure to adjust it as per your setup

# Local Interface connected with the Users Switch
/ip address
add address=10.0.0.1/24 interface=Local network=10.0.0.0

# WAN interfaces IP addresses, which are connected with ptcl dsl routers
/ip address
add address=192.168.1.2/24 interface=WAN1 network=192.168.1.0
add address=192.168.2.2/24 interface=WAN2 network=192.168.2.0
add address=192.168.3.2/24 interface=WAN3 network=192.168.3.0
add address=192.168.4.2/24 interface=WAN4 network=192.168.4.0
add address=192.168.5.2/24 interface=WAN5 network=192.168.5.0
add address=192.168.6.2/24 interface=WAN6 network=192.168.6.0
add address=192.168.7.2/24 interface=WAN7 network=192.168.7.0
add address=192.168.8.2/24 interface=WAN8 network=192.168.8.0
add address=192.168.9.2/24 interface=WAN9 network=192.168.9.0

# Add IP pool for VPN dialer users, which will be allowed to use internet
/ip pool
add name=vpn-pool ranges=172.16.0.1-172.16.0.255

# Add VPN Profile for users , example 1mb per user profile
/ppp profile
add change-tcp-mss=yes dns-server=110.0.0.1,8.8.8.8 local-address=10.0.0.1 name=vpn-1mb only-one=yes rate-limit=1024k/1024k remote-address=vpn-pool use-encryption=yes

/interface pptp-server server set authentication=pap,chap,mschap1,mschap2 default-profile=vpn-1mb enabled=yes

# Enable DNS server
/ip dns
set allow-remote-requests=yes servers=8.8.8.8

/ip firewall address-list
add address=172.16.0.1-172.16.0.255 list=local_vpn_users_internet_allowed_list

# This is a local sharing server
add address=192.168.10.1 list=local_sharing_server

/ip firewall mangle

# Bypass Local Media Sharing server from PCC, so user can access it / Adjust it according to your need/ Jz
add action=accept chain=prerouting comment="Allow access to local sharing server / bypass them from the PCC" dst-address-list=local_sharing_server

# Accept traffic going to DSL Routers / Adjust it according to your need/ Jz
add action=accept chain=prerouting dst-address=192.168.1.0/24
add action=accept chain=prerouting dst-address=192.168.1.0/24
add action=accept chain=prerouting dst-address=192.168.2.0/24
add action=accept chain=prerouting dst-address=192.168.3.0/24
add action=accept chain=prerouting dst-address=192.168.4.0/24
add action=accept chain=prerouting dst-address=192.168.5.0/24
add action=accept chain=prerouting dst-address=192.168.6.0/24
add action=accept chain=prerouting dst-address=192.168.7.0/24
add action=accept chain=prerouting dst-address=192.168.8.0/24
add action=accept chain=prerouting dst-address=192.168.9.0/24

# Mark connections using PCC for 9 WAN / Adjust it according to your need / Jz
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN1_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/0 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN2_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/1 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN3_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/2 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN4_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/3 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN5_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/4 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN6_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/5 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN7_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/6 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN8_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/7 src-address-list=local_vpn_users_internet_allowed_list
add action=mark-connection chain=prerouting dst-address-type=!local new-connection-mark=WAN9_conn passthrough=yes per-connection-classifier=both-addresses-and-ports:9/8 src-address-list=local_vpn_users_internet_allowed_list

# Mark routing for above marked connections, so that it can be used in ROUTE section / Adjust it according to your need/ Jz
add action=mark-routing chain=prerouting connection-mark=WAN1_conn new-routing-mark=to_WAN1 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN2_conn new-routing-mark=to_WAN2 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN3_conn new-routing-mark=to_WAN3 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN4_conn new-routing-mark=to_WAN4 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN5_conn new-routing-mark=to_WAN5 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN6_conn new-routing-mark=to_WAN6 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN7_conn new-routing-mark=to_WAN7 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN8_conn new-routing-mark=to_WAN8 passthrough=yes
add action=mark-routing chain=prerouting connection-mark=WAN9_conn new-routing-mark=to_WAN9 passthrough=yes

# Add NAT/MASQUERADE rule allowing only allowed users, restricted to allowed users only
add action=masquerade chain=srcnat comment="Allow Local Sharing Servers / NATING" dst-address-list=local_sharing_server
add action=masquerade chain=srcnat comment="WAN-1 / Allow Internet Access - For VPN Users only" out-interface=WAN1 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-2 / Allow Internet Access - For VPN Users only" out-interface=WAN2 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-3 / Allow Internet Access - For VPN Users only" out-interface=WAN3 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-4 / Allow Internet Access - For VPN Users only" out-interface=WAN4 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-5 / Allow Internet Access - For VPN Users only" out-interface=WAN5 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-6 / Allow Internet Access - For VPN Users only" out-interface=WAN6 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-7 / Allow Internet Access - For VPN Users only" out-interface=WAN7 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-8 / Allow Internet Access - For VPN Users only" out-interface=WAN8 src-address-list=local_vpn_users_internet_allowed_list
add action=masquerade chain=srcnat comment="WAN-9 / Allow Internet Access - For VPN Users only" out-interface=WAN9 src-address-list=local_vpn_users_internet_allowed_list

# Adding routes for marked traffic
# Each DSL router ip is in series like 192.168.1.1 / 2.1 / 3.1 and so on

/ip route
add check-gateway=ping distance=1 gateway=192.168.1.1 routing-mark=to_WAN1
add check-gateway=ping distance=1 gateway=192.168.2.1 routing-mark=to_WAN2
add check-gateway=ping distance=1 gateway=192.168.3.1 routing-mark=to_WAN3
add check-gateway=ping distance=1 gateway=192.168.4.1 routing-mark=to_WAN4
add check-gateway=ping distance=1 gateway=192.168.5.1 routing-mark=to_WAN5
add check-gateway=ping distance=1 gateway=192.168.6.1 routing-mark=to_WAN6
add check-gateway=ping distance=1 gateway=192.168.7.1 routing-mark=to_WAN7
add check-gateway=ping distance=1 gateway=192.168.8.1 routing-mark=to_WAN8
add check-gateway=ping distance=1 gateway=192.168.9.1 routing-mark=to_WAN9

# Adding routes for default routes, so that if any WAN goes down, those packets should go via MAIN table : ) kind of fail over/ Jz
add check-gateway=ping comment="WAN-1 / DEFAULT ROUTE" distance=1 gateway=192.168.1.1
add check-gateway=ping comment="WAN-2 / DEFAULT ROUTE" distance=2 gateway=192.168.2.1
add check-gateway=ping comment="WAN-3 / DEFAULT ROUTE" distance=3 gateway=192.168.3.1
add check-gateway=ping comment="WAN-4 / DEFAULT ROUTE" distance=4 gateway=192.168.4.1
add check-gateway=ping comment="WAN-5 / DEFAULT ROUTE" distance=5 gateway=192.168.5.1
add check-gateway=ping comment="WAN-6 / DEFAULT ROUTE" distance=6 gateway=192.168.6.1
add check-gateway=ping comment="WAN-7 / DEFAULT ROUTE" distance=7 gateway=192.168.7.1
add check-gateway=ping comment="WAN-8 / DEFAULT ROUTE" distance=8 gateway=192.168.8.1
add check-gateway=ping comment="WAN-9 / DEFAULT ROUTE" distance=9 gateway=192.168.9.1

W/Salam

December 15, 2016

Craziness with the MRTG along with BASH

Filed under: Linux Related, Uncategorized — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 9:16 AM

 


City vs Data Center Temperature !

Following is a temperature graph to compare difference between City temperature vs Data Center temperature. I made it for some local presentation purposes. Since I had no external sensor available for outside temperature monitoring, therefore I used external bash script to gather data from the internet using ‘Pakistan Meteorological Department PMD‘ website ¬†and then after filtering , output only required data.¬†¬†For NOC I used internal UPS sensor snmp query.

http://www.pmd.gov.pk/FFD/cp/pcurrenttemp.asp

1-noc-vs-karachi-temperature

 

 

#cat /temp/weather.sh


#!/bin/sh
#set -x
# Script to download KARACHI city temperature from Pakistan MET Dept web site  and output only temperature related information
# It will also query the NCO room temperature using UPS sensor via snmp query
# I made this script to create City temperature vs NOC temperature comparison MRTG graph
# Created : 9th-DEC-2016
# Syed Jahanzaib
# aacable[at]hotmail[dot]com
# http://aacableDOTwordpressDOTcom

####### Various Variables #########

# City temperature temporary holders in /tmp folder
CITY_TEMPR_HOLDER="/tmp/khiweather.txt"
CITY_TEMPR_4_OFFLINE="/tmp/khiweather_offline.txt"
# Variables for UPS IP and SNMP community string. It ilwl be used to acquire data center temperature using UPS sensor
UPS_IP="10.0.0.10"
UPS_SNMP_STR="public"
# OID for temperature sensor using USP SNMP card/sendor
UPS_OID="1.3.6.1.4.1.13400.2.62.2.1.2.0"
URL="http://www.pmd.gov.pk/FFD/cp/pcurrenttemp.asp"

############################################################################
####### PART - 1 , DATA CENTER Temperature query via UPS SNMP enabled sensor
############################################################################

# Store DATA Center temperature queries result in buffer
NOC_TEMPR=`snmpwalk -v1 -c $UPS_SNMP_STR $UPS_IP -Onqv $UPS_OID`

# Divide stored buffer by 100 to get human readable format in Celsius
NOC_TEMPR_FINAL=`echo $(($NOC_TEMPR/100))`

# Validate if temperature is not valid, liek url not accessible, or other errors
# If error found, then PRINT ZERO 0 VALUE , else print the acquired result
NOC_TEMPR_FINAL_VALID=`echo ${#NOC_TEMPR_FINAL}`
if [ $NOC_TEMPR_FINAL_VALID -eq 2 ]; then
echo "$NOC_TEMPR_FINAL"
else
echo "0"
fi

###########################################################################
####### PART - 2 , QUERY KARACHI CITY TEMPERATURE FORM THE INTERNET
# USING PAKISTAN MET DEPt for KARACHI website, than TRIM THE RESULT #######
###########################################################################

CITY_TEMPR=`lynx -cache=1 -dump $URL > $CITY_TEMPR_HOLDER`
CITY_TEMPR_VALUE=`grep -A 1 "Karachi" $CITY_TEMPR_HOLDER |sed '2q;d' | awk '{print $1}'`
CITY_TEMPR_VALID=`echo ${#CITY_TEMPR_VALUE}`

# Validate if temperature is not valid, like URL not accessible, OR other errors
# If error found, then PRINT last valid VALUE
if [ $CITY_TEMPR_VALID -eq 2 ]; then
#CITY_TEMPR_VALUE_FINAL=`echo $(($CITY_TEMPR_VALUE - 1))`
echo "$CITY_TEMPR_VALUE"
echo "$CITY_TEMPR_VALUE" > $CITY_TEMPR_4_OFFLINE
else
cat $CITY_TEMPR_4_OFFLINE
fi

###################
####### END #######
###################


MRTG CFG file for weather

WorkDir:/var/www/mrtg
### MONITORING KARACHI Temprature vs our DATA Center ###
Target[KARACHI_CITY_vs_NOC_tempr]: `/temp/weather.sh`
Title[KARACHI_CITY_vs_NOC_tempr]: Temprature Monitoring / Data Center vs Karachi City using PAK MET Site by zaib
PageTop[KARACHI_CITY_vs_NOC_tempr]: <h1>Temprature Monitoring / Data Center vs Karachi City using PAK MET Site by zaib</h1>
Options[KARACHI_CITY_vs_NOC_tempr]: gauge, growright, nopercent
MaxBytes[KARACHI_CITY_vs_NOC_tempr]: 60
Colours[KARACHI_CITY_vs_NOC_tempr]: B#467EEE,R#FF0000,BLUE#2184FF,RED#ff4f27
YLegend[KARACHI_CITY_vs_NOC_tempr]: Temprature
ShortLegend[KARACHI_CITY_vs_NOC_tempr]: c
LegendI[KARACHI_CITY_vs_NOC_tempr]: NOC Temprature
LegendO[KARACHI_CITY_vs_NOC_tempr]: City Temprature
Legend1[KARACHI_CITY_vs_NOC_tempr]: NOC Temprature
Legend2[KARACHI_CITY_vs_NOC_tempr]: City Temprature
#Unscaled[KARACHI_CITY_vs_NOC_tempr]: dwmy

 

 


Data Center Room Temperature & Humidity !

2-noc-tempr-vs-humidity

Above graph was made using Emerson Liebert UPS sensor using following OID’s and MRTG CFG

Temperature: 1.3.6.1.4.1.13400.2.62.2.1.2.0
Humidity: 1.3.6.1.4.1.13400.2.62.2.1.3.0


WorkDir:/var/www/mrtg
### MONITORING NOC ROOM TEMP ###
Target[noc_room_temp]: 1.3.6.1.4.1.13400.2.62.2.1.2.0&1.3.6.1.4.1.13400.2.62.2.1.3.0:public@10.0.0.1 / 100
Options[noc_room_temp]: gauge, growright, nopercent
MaxBytes[noc_room_temp]: 100
Colours[noc_room_temp]: B#467EEE,R#FF0000,RED#ff4f27,DIRTY YELLOW#E6B420
#Unscaled[noc_room_temp]: dwmy
YLegend[noc_room_temp]: NOC Room Temprature/Humidity
Title[noc_room_temp]: NOC Room Tempr/Humidity
PageTop[noc_room_temp]: <h1>NOC Room Tempr/Humidity</h1>
ShortLegend[noc_room_temp]: c/%
LegendI[noc_room_temp]: Temprature
LegendO[noc_room_temp]: Humidity
Legend1[noc_room_temp]: C NOC_Room Temp
Legend2[noc_room_temp]: Humidity


I will add more graphs later …

Regard’s

zaib!

November 25, 2016

Mikrotik: Switching between interface

Filed under: Mikrotik Related, Uncategorized — Syed Jahanzaib / Pinochio~:) @ 2:18 PM

f

NOT FOR GENERAL PUBLIC

SHARING IT FOR PERSONAL REFERENCE


Following is an script that switches connectivity between two interfaces (usually wan).

Example: ISP x have provided internet connectivity via fiber link . as a backup / redundancy link ISP have provided second fiber line. Both link have same ip address with same gateway. There are other ways too , this is just one way of achieving task. it can be customized in many ways like forcing specific hosts to be monitored by ping and act accordingly , or by having bridge etc.

IP address example:

in /ip address >>>

sfp1 = 10.0.0.1 (with comments “PRIMARY-SFP1”)
[remains enabled until next status changed]

sfp2 = 10.0.0.1 (with comments “SECONDARY-SFP2”)
[remains enabled until next status changed]

The script will do following.

Check the SFP1 Status, if it does not found “linkok” reply, it will log event, send email/sms alert to admin, and switch to SFP2 port by enabling IP of SFP2 and enable¬†ip on SFP1.

On next run, if it found SFP1 link ok, then it will log event, send email/sms alert to admin, and switch back to SFP1 port by enabling IP of SFP1 and disable ip on SFP2.


# Mikrotik SPF Link monitoring SCRIPT with optional Email and SMS Alert,
# We are using local KANNEL as SMS gateway and GMAIL as email sender
# by Syed Jahanzaib
# https://aacable.wordpress.com
# Email : aacable at hotmail dot com
# Script Last Modified : 25-NOV-2016 / 1400 hours

# PRIMARY FIBER LINK
:local INT "sfp1"
# SECONDARY BACKUP FIBER LINK
:local INT2 "sfp2"
:local i 0;
:local F 0;
:local date;
:local time;
:global sub1 ([/system identity get name])
:global sub2 ([/system clock get time])
:global sub3 ([/system clock get date])
:set date [/system clock get date];
:set time [/system clock get time];
:local cell1 "03333021909"
:global FIBERnetstatus;
:global FIBERnetlastchange;
:global FIBERIP;

# Company Name, do not use spaces in it
:local COMPANY "ZZZ"

# Setting GMAIL config
:local sub1 ([/system identity get name])
:local sub2 ([/system clock get date])
:local sub3 ([/system clock get time])
:local TO1 "RECIPIENT-1@hotmail.com"
:local gmailid "YOUR-GMAIL-ID@gmail.com"

#If you dont have kannel sms gateway ignore this.
:local KURL "http://10.0.0.1:13013/cgi-bin/sendsms"
:local KID "kannel"
:local KPASS "KANNEL-PASS"

# SMS DOWN status Msg format for Kannel SMS gateway (donot use spaces in it)
:local MSGDOWNSMS "$COMPANY+FIBER+ALERT:%0A$INT+fiber+is+now+DOWN.%0ASwitching+to+$INT2+backup+fiber+link"
# SMS UP status Msg format for Kannel SMS gateway (donot use spaces in it)
:local MSGUPSMS "$COMPANY+FIBER+INFO:%0A$INT+fiber+is+now+UP.%0ASwitching+back+to+$INT"

# EMAIL Msg format for FIBER DOWN
:local MSGDOWNEMAIL "$COMPANY FIBER ALERT: $INT fiber is now DOWN at $sub1 $sub2 $sub3 . Switching to $INT2 backup link. Please Verify it."
# EMAIL Msg format for FIBER UP
:local MSGUPEMAIL "$COMPANY FIBER INFO: $INT fiber is now UP at $sub1 $sub2 $sub3 . Switching back to $INT primary link. Please Verify it."
# LOG error
:local DOWNLOG1 "$COMPANY FIBER ALERT: $INT fiber is now DOWN at $sub1 $sub2 $sub3 . Switching to $INT2 backup link. Please Verify it."
:local UPLOG1 "$COMPANY FIBER INFO: $INT fiber is now UP at $sub1 $sub2 $sub3 . Switching back to $INT primary link. Please Verify it"

######################################
########## Start the SCRIPT ###############
########## DONOT EDIT BELOW ############
######################################

local link;
/interface ethernet cable-test $INT once do={
:set link $"status";
};

:if ($link != "link-ok") do={
:log error "$INT SFP DOWN"

:if (($FIBERnetstatus="UP")) do={
:set FIBERnetstatus "DOWN";

# Also add status in global variables to be used as tracking
:set date [/system clock get date];
:set time [/system clock get time];
:set FIBERnetlastchange ($time . " " . $date);
##################################################
####### FOR DOWN STATUS, CHANGE THE RULES ########
##################################################

# If the link is down, then LOG info and warning in Mikrotik LOG window [Zaib]
:log error "$DOWNLOG1"

# DOWN ACTION , shifting to SFP2 , backup link
/ip address set disabled=yes [find comment="PRIMARY-SFP1"]
/ip address set disabled=no [find comment="BACKUP-SFP2"]

# Adding delay so gateway should be reachable properly
:delay 5s;

:global gmailsmtp
:set gmailsmtp [:resolve "smtp.gmail.com"];

# "Emailing the DOWN status. . . "
/tool e-mail send to=$TO1 subject="$MSGDOWNEMAIL" start-tls=yes body="$MSGDOWNEMAIL"

# Send SMS the DOWN status via KANNEL
/tool fetch url="$KURL\?username=$KID&password=$KPASS&to=$cell1&text=$MSGDOWNSMS"

##################################################
####### FOR UP STATUS, CHANGE THE RULES ########
##################################################

} else={:set FIBERnetstatus "DOWN";}
} else={
:if (($FIBERnetstatus="DOWN")) do={

:set FIBERnetstatus "UP";

# If link is UP, then LOG info and warning in Mikrotik LOG window [Zaib]
:log warning "$UPLOG1"

# UP ACTION , shifting back to SFP1
/ip address set disabled=no [find comment="PRIMARY-SFP1"]
/ip address set disabled=yes [find comment="BACKUP-SFP2"]

# Adding delay so gateway should be reachable properly
:delay 5s;
:global gmailsmtp
:set gmailsmtp [:resolve "smtp.gmail.com"];

# "Emailing the UP status. . . "
/tool e-mail send to=$TO1 subject="$MSGUPEMAIL" start-tls=yes body="$MSGUPEMAIL"

# Send SMS via KANNEL Gateway
/tool fetch url="$KURL\?username=$KID&password=$KPASS&to=$cell1&text=$MSGUPSMS"

:set date [/system clock get date];
:set time [/system clock get time];
:set FIBERnetlastchange ($time . " " . $date);

} else={:set FIBERnetstatus "UP";}
}

July 28, 2016

Lotus Notes / Copy – Duplicating prohibtited

Filed under: IBM Related, Uncategorized — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 5:02 PM

pmail.jpg


In our company, we have IBM Lotus Domino Mail Server which i managed myself. Getting Lotus Domino support is quite a tough job, especially if you dont have any support SLA with the IBM, which generally costs heavy amount in $. Therefore I have to manage things on my own mostly using google and with some common sense lol.

Today we received an email from a valid client, and when we tried to copy or reply him with history, we receive following error.

w2.PNG

It also happens if user have selected following in mail delivery options.

w1.PNG

Without going in much details (which is already available in greater details on the internet), here is how I managed to sort it.


Requirements: Domino Admin Client.

Open user mail file via Domino Admin Client.
Goto Create / Agent,

As showed in the image below …

formula.PNG

 

Make sure you select FORMULA as shown¬†above, and copy paste following code …

FIELD $KeepPrivate := @DeleteField;

Save it with any name like “remove keep private” and exit.


Lotus Notes Client:

Now open Lotus Notes Client , goto inbox and open the affected email,

Now goto Action / and you will see the newly created agent name. click on it.

As showed in the image below …

agent.png

it may take just a second or two most, and will remove the restriction ūüôā

Enjoy !

Syed Jahanzaib

 

December 30, 2015

2015 in review

Filed under: Uncategorized — Syed Jahanzaib / Pinochio~:) @ 8:43 AM

The WordPress.com stats helper monkeys prepared a 2015 annual report for this blog.

Here’s an excerpt:

The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 1,300,000 times in 2015. If it were an exhibit at the Louvre Museum, it would take about 56 days for that many people to see it.

Click here to see the complete report.

November 17, 2015

IBM Lotus Notes: Inbox Emails disappears when sort by DATE

Filed under: IBM Related, Uncategorized — Syed Jahanzaib / Pinochio~:) @ 9:14 AM

Today one of our company user faced strange issue in his lotus notes clients {8.5.3 FP6}.

When they just open the Inbox without any sorting, there is no problem and all mail shown. Once they try to sort the mails by ‘Date‘,¬† all emails in inbox view disappears.

After trying various things like refresh/replace design etc, we finally managed to sort the issue by running UPDALL on that specific db.

From the Domino Server Console  , Issue following command


load updall -R mail/USERDB.nsf

( -R : Rebuild All used views)

Fixed !

Jz!

 

November 12, 2015

Prioritize SpeedTest.Net Results via Mikrotik Queue

Filed under: Uncategorized — Tags: , — Syed Jahanzaib / Pinochio~:) @ 9:48 AM

speedtest


As implemented it yesterday , an old trick, NOTHING NEW really.

(Although I personally don’t see any reason why to prioritize such speed.test.net results, to fake whom, client or yourself ? lol)

Following is an simple demonstration on howto prioritize speedtest.net speed test.
Scenario: Client is allowed to get 512k , but when he will access speedtest.net to check the speed, he will able to see 2mb , (every user will be able to check it on 2mb limit , individually per ip basis) while his normal download/browsing will remain under 512k queue limit as showed in the picture above.

ROS CODE, Tested with 5.x and 6.x versions:


# Mark speedtest in Layer7 firewall
/ip firewall layer7-protocol
add name=speedtest regexp="^.+(speedtest).*\\\$"

# Marking SPEEDTEST.NET in mangle section using L7
/ip firewall mangle
add action=mark-connection chain=forward comment=SPEEDTEST layer7-protocol=speedtest new-connection-mark=speedtest_conn
add action=mark-connection chain=prerouting new-connection-mark=speedtest_conn protocol=tcp src-port=8080
add action=mark-packet chain=prerouting connection-mark=speedtest_conn new-packet-mark=speedtest_pkt passthrough=no
add action=mark-connection chain=postrouting dst-port=8080 new-connection-mark=speedtest_conn protocol=tcp
add action=mark-packet chain=postrouting connection-mark=speedtest_conn new-packet-mark=speedtest_pkt passthrough=no

# ADD PCQ so that i can be applied on per ip bases later in simple queue / zaib
/queue type
add kind=pcq name=download-2mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=dst-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=2048k \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000
add kind=pcq name=upload-2mb pcq-burst-rate=0 pcq-burst-threshold=0 pcq-burst-time=10s pcq-classifier=src-address pcq-dst-address-mask=32 pcq-dst-address6-mask=64 pcq-limit=50 pcq-rate=2048k \
    pcq-src-address-mask=32 pcq-src-address6-mask=64 pcq-total-limit=2000

# Add simple QUEUE to limit speedtest.net 2mb PER USER
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="Limit every Users at 2mb using PCQ. for speedtest only marked by mangle / zaib" direction=both disabled=no interface=all limit-at=0/0 max-limit=0/0 name=\
    "SpeedTest.Net 2Mb per use via g PCQ / zaib" packet-marks=speedtest_pkt parent=none priority=8 queue=upload-2mb/download-2mb target-addresses=192.168.5.0/24 total-queue=default-small

# Add simple QUEUE to limit user PC individually for rest of traffic, static or dynamic up to your network.
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s direction=both disabled=no interface=all limit-at=512k/512k max-limit=512k/512k name="Zaib Desktop 512k A llowed - 192.168.5.2" packet-marks="" \
    parent=none priority=8 queue=default-small/default-small target-addresses=192.168.5.2/32 total-queue=default-small
 

Move the speedtest.net queue on top! Ordering is very important in mikrotik, as rules are processed order wise , zero to bottom

Note: It can further be adjusted in PCQ, QUEUE TREE, etc etc as per network designed.


client


Regard’s
Jz

December 30, 2014

2014 in review

Filed under: Uncategorized — Syed Jahanzaib / Pinochio~:) @ 8:10 AM

The WordPress.com stats helper monkeys prepared a 2014 annual report for this blog.

Here’s an excerpt:

The Louvre Museum has 8.5 million visitors per year. This blog was viewed about 1,300,000 times in 2014. If it were an exhibit at the Louvre Museum, it would take about 56 days for that many people to see it.

Click here to see the complete report.

Older Posts »

Create a free website or blog at WordPress.com.