2007 May 31 - Thu
Setting Up and Working With a Remote Subversion Repository
I maintain a number of different servers, and work on a number of different projects.
I'd like to put all of these things under some sort of version control. I chose Subversion
as it has a good command line environment, has much access flexibility, and will work with
Windows and Linux based files. I also wanted to secure the respository on a remote
computer. At some time in the future, I may allow limited public access to portions of the
repository. For now, I want to restrict access via ssh only. Also, at some later
time, I may experiment with WebDav and such (which, if I read this stuff correctly, provides
Subversion repository access through Windows Explorer).
Installing the software on Debian for a Subversion Repository is easy:
apt-get install subversion
To create a base repository directory for a number of servers would use a command like:
adduser svn
mkdir /home/svn
su - svn
mkdir -p /var/local/svn/servers
This adds a user named svn, and then uses that user account to create the Subversion
directory and respository. This is needed so that appropriate file permissions are
maintained for remote access users. I'll describe a technique of access where no additional
user accounts are needed for the server in which the repository resides.
To create a repository for the various directories and files for server server01 (still
using user svn):
svnadmin create /var/local/svn/servers/server01
Configuring everything for remote use is a more complicated scenario and uses a bunch of
concepts I wrote about in my ssh
article.
On the server to be put under version control, which, for this example, is server01,
create a private/public key with:
ssh-keygen -t rsa -b 2048
mv ~/.ssh/id_rsa.pub ~/.ssh/server01.pub
On the repository computer, with the account svn, ssh to a computer somewhere in order to
create the .ssh directory (if it hasn't already been created). Use SCP or a similar
capability to get server01's ~/.ssh/server01.pub file into the /home/svn/.ssh directory of
the repository computer. Append the file to authorized_keys:
cat server01.pub >> ~/.ssh/authorized_keys
Now edit the authorized_keys and insert the following in front of the line of the key
that was just inserted:
command="/usr/bin/svnserve -t --tunnel-user=user1 \
-r /var/local/svn/servers/server01/"\
,no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty
You'll need to take out the line-ending slashes and put everything on one line, ssh
doesn't appear to like line continuations in the authorized_keys file. You should have a
format like:
command="stuff",sshsettings ssh-rsa onelongkey admin@server01
The '-t' in the command tells svnserve that commands are coming in from an ssh tunnel.
The --tunnel-user parameter gives Subversion a username with which it may tag
repository changes. The name has nothing to do with any authentication or authorization.
As such, it should be changed to reflect an appropriately descriptive name for each public
key in the authorized_keys file. The '-r' command provides a 'root' location for the
Subversion client to use for new projects and directories. The remaining commands tell ssh
to enhance the security of the connection by disabling certain ssh forwarding capabilities.
Back on server01, start up a new Bash session with:
ssh-agent sh -c 'ssh-add < /dev/null && bash'
This loads your private key for automated use in subsequent Subversion interactions.
Now to maintain version history of seleected files in server01's /etc directory:
svn mkdir svn+ssh://svn@svn.example.com/server01/etc
cd /etc
svn co svn+ssh://svn@svn.example.com/server01/etc .
svn status
svn add hosts -m "added hosts to repository"
svn commit
The first line creates an empty directory in the repository. After changing into the
/etc directory, the svn diretory is then checked out. By doing a status, you'll see all the
files have a '?', as unknown. Files can then be added and committed as needed.
The inspiration for the 'mkdir' command came from the second example in the TLUG
Wiki HowTo. The Wiki does make a valid point about not maintaining permissions by
default, and does offer up a script that saves these as Subversion properties.
[/OpenSource/Debian]
permanent link
2007 May 30 - Wed
SmartQuant QuantDeveloper & DataCenter Release
SmartQuant has released a revision
to DataCenter and
QuantDeveloper. DataCenter and QuantDeveloper are at the following revision levels:
DataCenter
Version 2.3.1 (30-May-2007)
QuantDeveloper Enterprise Edition
Version 2.6.1 (30-May-2007)
QuantDeveloper Source Code
Version 2.5.1 (23-Mar-2007)
* Recent Versions available through
version control
[/Trading/SmartQuant/Releases]
permanent link
2007 May 29 - Tue
Cricket: Combining Three Graphs Into One
In 2007/05/29's Cricket-User mailing list, there was a useful configuration file snippet
for charting and summing selected sources:
target Net
mtargets ="/Ethernet_To_Building/NSW/52GDC76F02/vlan231;
/Ethernet_To_Building/ACT/12NOC76FF/vlan201;
/Ethernet_To_Building/QLD/14VRC76F06/vlan439;
/Ethernet_To_Building/VIC/O3MLC76F05/vlan436;
/Ethernet_To_Building/SA/55DRC76FG/vlan467;
/Ethernet_To_Building/WA/O6SSC76FE/vlan469;"
mtargets-ops = "sum()"
short-desc = "desc"
filename = " Net Aggregate"
combinationgraph = 1
unknown-is-zero = true
order = 899
Courtesy of Naveen Baldeo.
[/OpenSource/Debian/Monitoring/Cricket]
permanent link
2007 May 28 - Mon
Opportunities for High Frequency Traders
Here is an article entitled Opportunities for High Frequency Traders:
Intraday Patterns in Price Volatility
and Liquidity of SFE Contracts by Professor Alex Frino and Grant Wearin of the
University of Sydney, Australia in association with the Sydney Futures Exchange.
I've recently put together some scanning software to look for symbols with high daily
volatility. This easy to read paper, confirms what I've found out about daily patterns of
volatility. In addition, it adds to my knowledge regarding bid/ask spreads in
relationship to depth analysis. The paper also
discusses the Predictability of Price Movements of SFE Contracts in relationship to
the time of day where it might be easier to predict.
An Power Point Presentation by Robert Engle entitled Predicting
Returns and Volatilities with Ultra-High Frequency Data offers up some additional
confirming evidence of how the markets work when traders are 'in the know'. Here are a few
interesting highlights:
- The price impacts, the spreads, the speed of quote revisions, and the volatility all
respond to information variables
- Transition is faster when there is information arriving, where an econometric measure
of information includes high shares per trade, shor duration between trades, and sustained
wide spreads
- Both the realized and the expected duration impact the distribution of the price
changes for the data studied
- Transaction rates tend to be lower when the price are falling
- Transaction rates tend to be higher when volatility is higher
- Simulations suggest that the long run price impact of a trade can be very sensitive to
the volume but is less sensitive to the spread and the transaction rates
Mark Hooker at Advanced Research Center has an article called Microstructure-Based Predictors. The end of the article has a nice
wrap-up:
There is ... a ... benefit from
efficient
volatility forecasting. It turns out that a good volatility forecast can help us to forecast
periods of trending and mean-reversion (or non-trending) in currency returns. For the
technical component of our currency management strategy, such forecasts are very valuable
since they can provide an early warning of when trending periods are likely to end and
therefore allow time to close positions and book profits before the market turns around.
A Google search term for "high frequency volatility trading" works quite well.
[/Trading/AutomatedTrading]
permanent link
2007 May 27 - Sun
Trading Site of the Day -- Peter Hoadley's Option Pricing Models and the "Greeks"
Many discussions regarding volatility and options tend to lean towards non-tradable
academic talk. Peter Hoadley's page on Option Pricing Models and the
"Greeks" has more tradable bent to it. The article starts off by discussing the basic
options formula. Further into the article, he discusses how the formula can be used to
further trading strategies.
[/Trading/SiteOfTheDay/D200705]
permanent link
2007 May 26 - Sat
SSH Server to Server Connections
I wrote an earlier article on how to make it easy to connect to
Linux servers with ssh and to copy files.
I need to start doing more version control of my projects. In the past, I used CVS. I'm now converting over to Subversion. I wanted to be able to securely connect to my Subversion
servers for updates. Subversion ties nicely into SSH to provide this capability. In order to streamline this connectivity,
I need to stream line my ssh connectivity. This article records what I learned about SSH to facilitate this. It has a focus
on Linux and Cygwin based operations.
The first step is to run
ssh-keygen -t rsa
This creates a 2048 bit RSA key useful for signing and for encryption. The
public key is placed in ~/.ssh/id_rsa.pub with the private key in a file called ~/.ssh/id_rsa. The private key should be
protected with a suitably complicated pass phrase. A private key can be created without a passphrase, but security
experts frown upon this option, but it does have it's advantages.
It is helpful to rename the public key file to a name that reflects your username and/or current computer. This key can
then be copied to other machines and appended to a corresponding ~/.ssh/authorized_keys file. To append the key, you can use
cat id_rsa.pub >> ~/.ssh/authorized_keys
In the authorized_keys file on the destination host, you can prefix a key with a command in order to prevent actions or to
automate certain actions. Here are some example ssh key
commands.
You can then ssh to the destination host. Upon connection, you'll be asked for your passphrase in order to open the local
private key file.
Instead of having to provide the passphrase each time you open a new ssh connection, you can use the ssh-agent program.
Here is an example way to start it: 'ssh-agent bash'. The application becomes memory resident and starts a new shell with a
couple of needed ssh environment variables. The application 'ssh-add' is used to add your private key to ssh-agent. Use
'ssh-add -l' to check which keys have been added. When you exit the shell, ssh-agent exits also, and closes out the use of
the private keys. A quick one-liner to start the agent and add the key (add an alias for this to your ~/.bashrc file):
ssh-agent sh -c 'ssh-add < /dev/null && bash'
Some authors recommend changing the PermitRootLogin in /etc/ssh/sshd_config to 'no' in order to prevent root logins. To
prevent dictionary attacks, I like to set PasswordAuthentication to 'no'. For X11 sessions, X11Forwarding will need to be
set to 'yes'.
I found an article that was useful for explaining the difference between RSA and
DSA. ssh-keygen typically defaults to RSA, which is a good thing. Security Focus has additional background on SSH Host Key Protection. Secure Shell: Part 1 is more of what
I wrote about, but from a Solaris perspective.
[/OpenSource]
permanent link
2007 May 25 - Fri
Phishers can use social Web sites as bait to net victims: Informatics study Indiana University (05/24/07)
Personally, I've been able to identify phishing emails as they arrive, and promptly
delete them. Indeed, some are quite tempting and realistic, but if one looks at the links
closely, the imposters can be separated from the real thing.
If there is ever any confusion, I'll go the source directly, bypassing the link, and type
in the correct link directly.
An ACM Newsletter speaks of a study that
show that separating the wheat from the chaffe is becoming more difficult. Here is what
they say:
Popular social network sites such as Facebook and MySpace are being used by
cybercriminals to gather personal information to create targeted phishing attacks, according
to Indiana University School of Informatics researchers. In their study, "Social Phishing,"
the researchers established a baseline for the success rate of traditional and social
network-based phishing attacks. Phishers steal personal information by sending authentic
looking requests, either by email or instant messaging, asking someone to click on a link
and submit their information on what looks like a legitimate Web site. "Phishing has become
such a prevalent problem because of its huge profit margins, ease in launching an attack,
and the difficulty of identifying and prosecuting those who do it," says associate professor
of informatics and computer science Filippo Menczer. "Our study clearly shows that social
networks can provide phishers with a wealth of information about unsuspecting victims." The
study sent email messages to two groups of students asking them to enter their university ID
and password. One group received an email from what they thought was a friend, while the
other group received an email from a stranger. Only 16 percent of students who received an
email from a stranger entered their information, while 72 percent of those receiving emails
from "friends" gave away their information. Associate professor of informatics and member of
the research team Markus Jakobsson says they were astonished by the 72 percent response
rate. The researchers suggested some countermeasures to prevent phishing, including digital
signatures on emails to verify the source, browser toolbars that alert users to spoofing
attempts, spam filters that detect spoofed emails, and providing users with a secure path to
enter passwords, alerting users that they are trying to authenticate to an unknown site. The
study is scheduled to be published in the October 2007 issue of Communications of the ACM.
The full article can be found at the Indiana
University.
[/Personal/Technology]
permanent link
2007 May 24 - Thu
Color Name Enumeration for C++
I was looking to use named colors in Microsoft's Visual Studio C++, but couldn't find any
enumerations anywhere. I found a Wiki Entry which listed Web Colors, aka X1 Color
Names. In taking a look at the source code for the web page, I noticed that the tables
were produced in a nice, computer readable format.
I ended up cutting and pasting the code into an editor and cut out all the extraneous
stuff and was left with a regular list I could process with a short Perl script:
#!/usr/bin/perl
use strict;
my $line;
my ( $enum, $val );
print( "enum EColor {\n" );
while ($line = <STDIN>) {
$line = <STDIN>;
chomp( $line );
$line =~ /^<td>(.+)<\/td>$/;
$enum = $1;
$line = <STDIN>;
chomp( $line );
$line =~ /^<td>(\w{2}) (\w{2}) (\w{2})<\/td>$/;
$val = "RGB(0x" . $1 . ",0x" . $2 . ",0x" . $3 . ")";
$line = <STDIN>;
$line = <STDIN>;
print( " $enum = $val,\n" );
}
print( "}\n" );
This code produce the following C++ enumeration. If you run the above script, you'll
find that one of the colors was duplicated. Simply remove the redundant copy to fix the
compile error.
enum EColor {
IndianRed = RGB(0xCD,0x5C,0x5C),
LightCoral = RGB(0xF0,0x80,0x80),
Salmon = RGB(0xFA,0x80,0x72),
DarkSalmon = RGB(0xE9,0x96,0x7A),
LightSalmon = RGB(0xFF,0xA0,0x7A),
Crimson = RGB(0xDC,0x14,0x3C),
Red = RGB(0xFF,0x00,0x00),
FireBrick = RGB(0xB2,0x22,0x22),
DarkRed = RGB(0x8B,0x00,0x00),
Pink = RGB(0xFF,0xC0,0xCB),
LightPink = RGB(0xFF,0xB6,0xC1),
HotPink = RGB(0xFF,0x69,0xB4),
DeepPink = RGB(0xFF,0x14,0x93),
MediumVioletRed = RGB(0xC7,0x15,0x85),
PaleVioletRed = RGB(0xDB,0x70,0x93),
Coral = RGB(0xFF,0x7F,0x50),
Tomato = RGB(0xFF,0x63,0x47),
OrangeRed = RGB(0xFF,0x45,0x00),
DarkOrange = RGB(0xFF,0x8C,0x00),
Orange = RGB(0xFF,0xA5,0x00),
Gold = RGB(0xFF,0xD7,0x00),
Yellow = RGB(0xFF,0xFF,0x00),
LightYellow = RGB(0xFF,0xFF,0xE0),
LemonChiffon = RGB(0xFF,0xFA,0xCD),
LightGoldenrodYellow = RGB(0xFA,0xFA,0xD2),
PapayaWhip = RGB(0xFF,0xEF,0xD5),
Moccasin = RGB(0xFF,0xE4,0xB5),
PeachPuff = RGB(0xFF,0xDA,0xB9),
PaleGoldenrod = RGB(0xEE,0xE8,0xAA),
Khaki = RGB(0xF0,0xE6,0x8C),
DarkKhaki = RGB(0xBD,0xB7,0x6B),
Lavender = RGB(0xE6,0xE6,0xFA),
Thistle = RGB(0xD8,0xBF,0xD8),
Plum = RGB(0xDD,0xA0,0xDD),
Violet = RGB(0xEE,0x82,0xEE),
Orchid = RGB(0xDA,0x70,0xD6),
Fuchsia = RGB(0xFF,0x00,0xFF),
Magenta = RGB(0xFF,0x00,0xFF),
MediumOrchid = RGB(0xBA,0x55,0xD3),
MediumPurple = RGB(0x93,0x70,0xDB),
BlueViolet = RGB(0x8A,0x2B,0xE2),
DarkViolet = RGB(0x94,0x00,0xD3),
DarkOrchid = RGB(0x99,0x32,0xCC),
DarkMagenta = RGB(0x8B,0x00,0x8B),
Purple = RGB(0x80,0x00,0x80),
Indigo = RGB(0x4B,0x00,0x82),
SlateBlue = RGB(0x6A,0x5A,0xCD),
DarkSlateBlue = RGB(0x48,0x3D,0x8B),
GreenYellow = RGB(0xAD,0xFF,0x2F),
Chartreuse = RGB(0x7F,0xFF,0x00),
LawnGreen = RGB(0x7C,0xFC,0x00),
Lime = RGB(0x00,0xFF,0x00),
LimeGreen = RGB(0x32,0xCD,0x32),
PaleGreen = RGB(0x98,0xFB,0x98),
LightGreen = RGB(0x90,0xEE,0x90),
MediumSpringGreen = RGB(0x00,0xFA,0x9A),
SpringGreen = RGB(0x00,0xFF,0x7F),
MediumSeaGreen = RGB(0x3C,0xB3,0x71),
SeaGreen = RGB(0x2E,0x8B,0x57),
ForestGreen = RGB(0x22,0x8B,0x22),
Green = RGB(0x00,0x80,0x00),
DarkGreen = RGB(0x00,0x64,0x00),
YellowGreen = RGB(0x9A,0xCD,0x32),
OliveDrab = RGB(0x6B,0x8E,0x23),
Olive = RGB(0x80,0x80,0x00),
DarkOliveGreen = RGB(0x55,0x6B,0x2F),
MediumAquamarine = RGB(0x66,0xCD,0xAA),
DarkSeaGreen = RGB(0x8F,0xBC,0x8F),
LightSeaGreen = RGB(0x20,0xB2,0xAA),
DarkCyan = RGB(0x00,0x8B,0x8B),
Teal = RGB(0x00,0x80,0x80),
Aqua = RGB(0x00,0xFF,0xFF),
Cyan = RGB(0x00,0xFF,0xFF),
LightCyan = RGB(0xE0,0xFF,0xFF),
PaleTurquoise = RGB(0xAF,0xEE,0xEE),
Aquamarine = RGB(0x7F,0xFF,0xD4),
Turquoise = RGB(0x40,0xE0,0xD0),
MediumTurquoise = RGB(0x48,0xD1,0xCC),
DarkTurquoise = RGB(0x00,0xCE,0xD1),
CadetBlue = RGB(0x5F,0x9E,0xA0),
SteelBlue = RGB(0x46,0x82,0xB4),
LightSteelBlue = RGB(0xB0,0xC4,0xDE),
PowderBlue = RGB(0xB0,0xE0,0xE6),
LightBlue = RGB(0xAD,0xD8,0xE6),
SkyBlue = RGB(0x87,0xCE,0xEB),
LightSkyBlue = RGB(0x87,0xCE,0xFA),
DeepSkyBlue = RGB(0x00,0xBF,0xFF),
DodgerBlue = RGB(0x1E,0x90,0xFF),
CornflowerBlue = RGB(0x64,0x95,0xED),
MediumSlateBlue = RGB(0x7B,0x68,0xEE),
RoyalBlue = RGB(0x41,0x69,0xE1),
Blue = RGB(0x00,0x00,0xFF),
MediumBlue = RGB(0x00,0x00,0xCD),
DarkBlue = RGB(0x00,0x00,0x8B),
Navy = RGB(0x00,0x00,0x80),
MidnightBlue = RGB(0x19,0x19,0x70),
Cornsilk = RGB(0xFF,0xF8,0xDC),
BlanchedAlmond = RGB(0xFF,0xEB,0xCD),
Bisque = RGB(0xFF,0xE4,0xC4),
NavajoWhite = RGB(0xFF,0xDE,0xAD),
Wheat = RGB(0xF5,0xDE,0xB3),
BurlyWood = RGB(0xDE,0xB8,0x87),
Tan = RGB(0xD2,0xB4,0x8C),
RosyBrown = RGB(0xBC,0x8F,0x8F),
SandyBrown = RGB(0xF4,0xA4,0x60),
Goldenrod = RGB(0xDA,0xA5,0x20),
DarkGoldenrod = RGB(0xB8,0x86,0x0B),
Peru = RGB(0xCD,0x85,0x3F),
Chocolate = RGB(0xD2,0x69,0x1E),
SaddleBrown = RGB(0x8B,0x45,0x13),
Sienna = RGB(0xA0,0x52,0x2D),
Brown = RGB(0xA5,0x2A,0x2A),
Maroon = RGB(0x80,0x00,0x00),
White = RGB(0xFF,0xFF,0xFF),
Snow = RGB(0xFF,0xFA,0xFA),
Honeydew = RGB(0xF0,0xFF,0xF0),
MintCream = RGB(0xF5,0xFF,0xFA),
Azure = RGB(0xF0,0xFF,0xFF),
AliceBlue = RGB(0xF0,0xF8,0xFF),
GhostWhite = RGB(0xF8,0xF8,0xFF),
WhiteSmoke = RGB(0xF5,0xF5,0xF5),
Seashell = RGB(0xFF,0xF5,0xEE),
Beige = RGB(0xF5,0xF5,0xDC),
OldLace = RGB(0xFD,0xF5,0xE6),
FloralWhite = RGB(0xFF,0xFA,0xF0),
Ivory = RGB(0xFF,0xFF,0xF0),
AntiqueWhite = RGB(0xFA,0xEB,0xD7),
Linen = RGB(0xFA,0xF0,0xE6),
LavenderBlush = RGB(0xFF,0xF0,0xF5),
MistyRose = RGB(0xFF,0xE4,0xE1),
Gainsboro = RGB(0xDC,0xDC,0xDC),
LightGrey = RGB(0xD3,0xD3,0xD3),
Silver = RGB(0xC0,0xC0,0xC0),
DarkGray = RGB(0xA9,0xA9,0xA9),
Gray = RGB(0x80,0x80,0x80),
DimGray = RGB(0x69,0x69,0x69),
LightSlateGray = RGB(0x77,0x88,0x99),
SlateGray = RGB(0x70,0x80,0x90),
DarkSlateGray = RGB(0x2F,0x4F,0x4F),
Black = RGB(0x00,0x00,0x00)
};
Use it as you see fit.
As one more point of reference for color, here is a good reference page for Color Selection.
[/OpenSource/Programming]
permanent link
2007 May 20 - Sun
SSH Article Summary
Here are a few articles I've written regarding SSH:
[/OpenSource]
permanent link
2007 May 18 - Fri
Using a USRobotics Modem for Out of Band Management (OOB)
In configuring an older 33.6Kbps US Robotics modem for accepting auto-dial-up calls into
a router, here are a few items to know:
- Use 'at&f1&b1&w0&w1y0' to force the modem to speak at 9600 to the router
- use 'ati5' to confirm new communications rate setting
- I seem to recall that all dip switch settings are in the up position but for 2, 4, 8,
which are down
[/Cisco]
permanent link
2007 May 17 - Thu
HTML Page Template Framework
'Glue' web pages on the monitoring server are generated through the Mason Delivery Engine. In other words, Mason is a Perl based template system used for formatting
the primary web pages of this server. It requres the use of Apache and mod_perl. Here is what I do to install Mason
for my needs. As the monitoring server relies on tables from two databases, OneUnified and NetDisco, the
installation process revolves around getting things ready for these two types of databases.
Installation
Install the packages:
apt-get install libhtml-mason-perl
apt-get install speedy-cgi-perl
apt-get install libfcgi-perl
apt-get install libdbi-perl
apt-get install libdbd-pg-perl
apt-get install apache2-dev
apt-get install libapache2-mod-apreq2
apt-get install libapache-dbi-perl
apt-get install libmasonx-request-withapachesession-perl
apt-get install libapache2-request-perl
ln -s /etc/apache2/mods-available/apreq.load /etc/apache2/mods-enabled/apreq.load
Add the following line into '/etc/postgresql/8.1/main/pg_hba.conf':
local netdisco netdisco trust
local oneunified oneunified trust
Create and load database:
/etc/init.d/postgresql-8.1 restart
su - postgres
psql template1
create user netdisco;
create group netdisco user netdisco;
create database netdisco with owner netdisco;
create user oneunified;
create group oneunified user oneunified;
create database oneunified with owner oneunified;
\q
psql netdisco -U netdisco < netdisco.dump
exit
Add the following lines into /etc/apache2/sites-available/default:
PerlModule HTML::Mason::ApacheHandler
<Directory /var/www/liveprobe>
PerlSetVar MasonArgsMethod CGI
PerlSetVar MasonDataDir /var/local/mason
PerlSetVar MasonDeclineDirs 0
</Directory>
# Decline access to mason internals
<LocationMatch "/liveprobe/.*(\.mc|autohandler|dhandler)$">
SetHandler perl-script
PerlInitHandler Apache::Constants::NOT_FOUND
</LocationMatch>
<LocationMatch "/liveprobe/.*(\.html)$">
SetHandler perl-script
PerlHandler HTML::Mason::ApacheHandler
</LocationMatch>
Include /usr/local/netdisco/netdisco_apache.conf
Include /usr/local/netdisco/netdisco_apache_dir.conf
Restart Apache:
/etc/init.d/apache2 restart
[/OpenSource/Debian/Monitoring]
permanent link
Debian based Open Source Network Monitoring Server
In giving back to the wealth of tools the open source community has provided, I have created a number of pages describing how
I have assembled a set of open source based network monitoring tools.
The set of tools is in two sections. The first step has to do with the installation of the Debian distribution:
Once the base is in place. Make it easy on your self to log in to the server to carry out various command line tasks:
Here are some entries for maintaining and upgrades of the distribution:
The next section has to do with the add-on tools:
There are a few optional tools, not fully integrated into the overall plan yet:
The next portion of the plan includes developing a database for maintaining circuit, patch panel, and floor diagram layout information. This will integrate with an IP
Address management scheme I've come up with, and should work with Cricket and NetDisco to provide a fully integrated visual troubleshooting guide to an organization's
network.
[/OpenSource/Debian/Monitoring]
permanent link
2007 May 16 - Wed
One Unified Address Management Schema v1.1
I did some more brainstorming on how I wanted to visually represent a network along
with it's address structure. I've incorporated some additional tables into the design
to handle a hierarchical network map.
The core of the database schema is still represented by the host, interface, circuit, address,
location, organization, and ianaiftype tables.
The Image table contains references to all pictures of hosts and locations. All other associated tables
reference the images managed by this table.
The WeatherMap group of tables allows a Network Weathermap to be defined for a collection of circuits.
By requesting a certain weathermap, the WeathermapCircuit table provides a list of associated circuits.
The circuit links to interfaces and their respective hosts. By looking for hosts in the HostOnImage table
that reference the same hostid and imageid, a weather map can be automatically drawn with the appropriate
host picture from the HostImage table along with the collected interface statistics.
The HostType table represents names such as 'Router', 'Switch', 'Server', 'Access Point', etc.
Two tables have been added to the Location group of tables. LocationImage represents images of
locations: a building, a floor, a cabinet, a back panel, with each image suggesting a collection of
sub-locations. The LocationOnImage table provides the ability to click on an active area on LocationImage
and drill down to the more specific LocationImage.
[/OpenSource/Debian/AddressManagement]
permanent link
2007 May 15 - Tue
One Unified Address Management (OUAM)
For the longest time, I thought that the sum total of the ip address management solutions out there revolved
around NorthStar and IPplan, neither of which really were as robust as I'd like.
A recent 'net search comes up with some different candidates. A IP Addressing Space Management
Applications? has
some interesting pointers to IP Address Management solutions, both Open Source as well as Commercial. One Open
Source solution that appeared to be a stand out is Carnegie
Mellon's Network Registration/Network Monitoring solution. It is under active development. Internet2 has some links to solutions that handle various combinations of Agents, Registration,
and Active/Passive Detection.
Some of the above actually crosses over into the region of Network Authentication, of which Internet2's SALSAK is trying to rigorize through
a Poicy Framework. Their second
draft has better details, in my opinion.
So I can come back to this later, in following the various links from an earlier mentioned table, I came across PacketFence which is a Network Access Control
(NAC) solution wrapped up in a VMWare deployment package.
When coming up with an IP Address Management Solution, BT Diamond IP has a handy guide to Best Practices for
Next-Generation IP Address Management.
During my initial thoughts of what I'd like to see, I was focussing more on address management, floor diagrams,
and port management than on DNS and DHCP. I figured DNS would be easy by simply exporting bind files on an as
required basis. I havn't considered DHCP integration yet, but should be straight forward with dhcp configuration
file exports, or data base lookups.
I had put together a schema diagram of what I was thinking of for ip address and facilities management.
Here is a description of the various links:
- Host -> Location: every host is associated with a particular location, floor, rack, shelf, etc
- Interface -> Host: an interface, and its sub-interfaces are associated with a host
- Interface -> Address:
- an interface, or sub-interface will have an associated address
- an interface will need multiple sub interfaces to contain additional addresses
- these sub-interfaces may simply be 'secondary address blocks', or secondary addresses, or vlans
- Interface -> Circuit: an interface is associated with a particular circuit, patch panel, connector, etc
- Circuit -> Address:
- a circuit may reference an address or address range that can be used to find attached interfaces, hosts,
and circuits (and is recursive by looking at subnets and contained addresses)
- thus routed address blocks shouldn't be referenced this way, only a circuit with ip endpoints should have
an address reference
- Port -> Address: for ports routed to different locations, or are routed, this is where this is
documented,
such as on NAT.d addresses (eg port 80 (http) or port 25 (smtp))
- Address -> Organization: Every address range is associated with a controlling organization
Some of the tables have 'self' links. This provides an ability for defining a hierarchy of relationships:
- Address: address blocks can be subdivided down to a /32
- Interface: a phsysical interface may be divided into sub-interfaces
- Circuit: a circuit may be composed of sub-circuits, wire going from wall jack to IDF to MDF to IDF to
wall
jack
- Location: a building may have multiple floors, a server room may have multiple racks, a rack will
have
multiple 'U' locations
Here is a sql schema file to go along with the diagram. It
is based upon PostgreSQL as it has native data types for handling ip addresses and mac addresses.
[/OpenSource/Debian/AddressManagement]
permanent link
Import IANAifType
From the web page http://www.iana.org/assignments/ianaiftype-mib there is an
list of interface types. Early portions of this list are incorporated into /usr/share/cricket/util/genDevConfig.
The full list is parsed and imported into the database.
Conversion
Create a perl program ianaif.pl:
#! /usr/bin/perlwhile ( <STDIN> ) {
$_ =~ /^\s+([\-\w]+)\s*\((\d+)\),?(\s*|\s*--\s(.+?))\s*$/;
print "insert into ianaiftype (ianaiftypeid, name, description) values ($2, '$1', '$4');\n";
}
Create a file 'ianaif.txt' with the mildly edited content from web site.
Run the perl script to create an imort file:
perl ianaif.pl < ianaif.txt > ianaif.import
Import into the database:
su - postgres
psql oneunified
\i ianaif.import
\q
Here is the raw data:
other(1), -- none of the following
regular1822(2),
hdh1822(3),
ddnX25(4),
rfc877x25(5),
ethernetCsmacd(6), -- for all ethernet-like interfaces,
iso88023Csmacd(7), -- Deprecated, use ethernetCsmacd (6)
iso88024TokenBus(8),
iso88025TokenRing(9),
iso88026Man(10),
starLan(11), -- Deprecated, use ethernetCsmacd (6)
proteon10Mbit(12),
proteon80Mbit(13),
hyperchannel(14),
fddi(15),
lapb(16),
sdlc(17),
ds1(18), -- DS1-MIB
e1(19), -- Obsolete see DS1-MIB
basicISDN(20),
primaryISDN(21),
propPointToPointSerial(22), -- proprietary serial
ppp(23),
softwareLoopback(24),
eon(25), -- CLNP over IP
ethernet3Mbit(26),
nsip(27), -- XNS over IP
slip(28), -- generic SLIP
ultra(29), -- ULTRA technologies
ds3(30), -- DS3-MIB
sip(31), -- SMDS, coffee
frameRelay(32), -- DTE only.
rs232(33),
para(34), -- parallel-port
arcnet(35), -- arcnet
arcnetPlus(36), -- arcnet plus
atm(37), -- ATM cells
miox25(38),
sonet(39), -- SONET or SDH
x25ple(40),
iso88022llc(41),
localTalk(42),
smdsDxi(43),
frameRelayService(44), -- FRNETSERV-MIB
v35(45),
hssi(46),
hippi(47),
modem(48), -- Generic modem
aal5(49), -- AAL5 over ATM
sonetPath(50),
sonetVT(51),
smdsIcip(52), -- SMDS InterCarrier Interface
propVirtual(53), -- proprietary virtual/internal
propMultiplexor(54),-- proprietary multiplexing
ieee80212(55), -- 100BaseVG
fibreChannel(56), -- Fibre Channel
hippiInterface(57), -- HIPPI interfaces
frameRelayInterconnect(58), -- Obsolete, use frameRelay(32) or frameRelayService(44)
aflane8023(59), -- ATM Emulated LAN for 802.3
aflane8025(60), -- ATM Emulated LAN for 802.5
cctEmul(61), -- ATM Emulated circuit
fastEther(62), -- Obsoleted, use ethernetCsmacd (6)
isdn(63), -- ISDN and X.25
v11(64), -- CCITT V.11/X.21
v36(65), -- CCITT V.36
g703at64k(66), -- CCITT G703 at 64Kbps
g703at2mb(67), -- Obsolete see DS1-MIB
qllc(68), -- SNA QLLC
fastEtherFX(69), -- Obsoleted, use ethernetCsmacd (6)
channel(70), -- channel
ieee80211(71), -- radio spread spectrum
ibm370parChan(72), -- IBM System 360/370 OEMI Channel
escon(73), -- IBM Enterprise Systems Connection
dlsw(74), -- Data Link Switching
isdns(75), -- ISDN S/T interface
isdnu(76), -- ISDN U interface
lapd(77), -- Link Access Protocol D
ipSwitch(78), -- IP Switching Objects
rsrb(79), -- Remote Source Route Bridging
atmLogical(80), -- ATM Logical Port
ds0(81), -- Digital Signal Level 0
ds0Bundle(82), -- group of ds0s on the same ds1
bsc(83), -- Bisynchronous Protocol
async(84), -- Asynchronous Protocol
cnr(85), -- Combat Net Radio
iso88025Dtr(86), -- ISO 802.5r DTR
eplrs(87), -- Ext Pos Loc Report Sys
arap(88), -- Appletalk Remote Access Protocol
propCnls(89), -- Proprietary Connectionless Protocol
hostPad(90), -- CCITT-ITU X.29 PAD Protocol
termPad(91), -- CCITT-ITU X.3 PAD Facility
frameRelayMPI(92), -- Multiproto Interconnect over FR
x213(93), -- CCITT-ITU X213
adsl(94), -- Asymmetric Digital Subscriber Loop
radsl(95), -- Rate-Adapt. Digital Subscriber Loop
sdsl(96), -- Symmetric Digital Subscriber Loop
vdsl(97), -- Very H-Speed Digital Subscrib. Loop
iso88025CRFPInt(98), -- ISO 802.5 CRFP
myrinet(99), -- Myricom Myrinet
voiceEM(100), -- voice recEive and transMit
voiceFXO(101), -- voice Foreign Exchange Office
voiceFXS(102), -- voice Foreign Exchange Station
voiceEncap(103), -- voice encapsulation
voiceOverIp(104), -- voice over IP encapsulation
atmDxi(105), -- ATM DXI
atmFuni(106), -- ATM FUNI
atmIma (107), -- ATM IMA
pppMultilinkBundle(108), -- PPP Multilink Bundle
ipOverCdlc (109), -- IBM ipOverCdlc
ipOverClaw (110), -- IBM Common Link Access to Workstn
stackToStack (111), -- IBM stackToStack
virtualIpAddress (112), -- IBM VIPA
mpc (113), -- IBM multi-protocol channel support
ipOverAtm (114), -- IBM ipOverAtm
iso88025Fiber (115), -- ISO 802.5j Fiber Token Ring
tdlc (116), -- IBM twinaxial data link control
gigabitEthernet (117), -- Obsoleted, use ethernetCsmacd (6)
hdlc (118), -- HDLC
lapf (119), -- LAP F
v37 (120), -- V.37
x25mlp (121), -- Multi-Link Protocol
x25huntGroup (122), -- X25 Hunt Group
trasnpHdlc (123), -- Transp HDLC
interleave (124), -- Interleave channel
fast (125), -- Fast channel
ip (126), -- IP (for APPN HPR in IP networks)
docsCableMaclayer (127), -- CATV Mac Layer
docsCableDownstream (128), -- CATV Downstream interface
docsCableUpstream (129), -- CATV Upstream interface
a12MppSwitch (130), -- Avalon Parallel Processor
tunnel (131), -- Encapsulation interface
coffee (132), -- coffee pot
ces (133), -- Circuit Emulation Service
atmSubInterface (134), -- ATM Sub Interface
l2vlan (135), -- Layer 2 Virtual LAN using 802.1Q
l3ipvlan (136), -- Layer 3 Virtual LAN using IP
l3ipxvlan (137), -- Layer 3 Virtual LAN using IPX
digitalPowerline (138), -- IP over Power Lines
mediaMailOverIp (139), -- Multimedia Mail over IP
dtm (140), -- Dynamic syncronous Transfer Mode
dcn (141), -- Data Communications Network
ipForward (142), -- IP Forwarding Interface
msdsl (143), -- Multi-rate Symmetric DSL
ieee1394 (144), -- IEEE1394 High Performance Serial Bus
if-gsn (145), -- HIPPI-6400
dvbRccMacLayer (146), -- DVB-RCC MAC Layer
dvbRccDownstream (147), -- DVB-RCC Downstream Channel
dvbRccUpstream (148), -- DVB-RCC Upstream Channel
atmVirtual (149), -- ATM Virtual Interface
mplsTunnel (150), -- MPLS Tunnel Virtual Interface
srp (151), -- Spatial Reuse Protocol
voiceOverAtm (152), -- Voice Over ATM
voiceOverFrameRelay (153), -- Voice Over Frame Relay
idsl (154), -- Digital Subscriber Loop over ISDN
compositeLink (155), -- Avici Composite Link Interface
ss7SigLink (156), -- SS7 Signaling Link
propWirelessP2P (157), -- Prop. P2P wireless interface
frForward (158), -- Frame Forward Interface
rfc1483 (159), -- Multiprotocol over ATM AAL5
usb (160), -- USB Interface
ieee8023adLag (161), -- IEEE 802.3ad Link Aggregate
bgppolicyaccounting (162), -- BGP Policy Accounting
frf16MfrBundle (163), -- FRF .16 Multilink Frame Relay
h323Gatekeeper (164), -- H323 Gatekeeper
h323Proxy (165), -- H323 Voice and Video Proxy
mpls (166), -- MPLS
mfSigLink (167), -- Multi-frequency signaling link
hdsl2 (168), -- High Bit-Rate DSL - 2nd generation
shdsl (169), -- Multirate HDSL2
ds1FDL (170), -- Facility Data Link 4Kbps on a DS1
pos (171), -- Packet over SONET/SDH Interface
dvbAsiIn (172), -- DVB-ASI Input
dvbAsiOut (173), -- DVB-ASI Output
plc (174), -- Power Line Communtications
nfas (175), -- Non Facility Associated Signaling
tr008 (176), -- TR008
gr303RDT (177), -- Remote Digital Terminal
gr303IDT (178), -- Integrated Digital Terminal
isup (179), -- ISUP
propDocsWirelessMaclayer (180), -- Cisco proprietary Maclayer
propDocsWirelessDownstream (181), -- Cisco proprietary Downstream
propDocsWirelessUpstream (182), -- Cisco proprietary Upstream
hiperlan2 (183), -- HIPERLAN Type 2 Radio Interface
propBWAp2Mp (184), -- PropBroadbandWirelessAccesspt2multipt
sonetOverheadChannel (185), -- SONET Overhead Channel
digitalWrapperOverheadChannel (186), -- Digital Wrapper
aal2 (187), -- ATM adaptation layer 2
radioMAC (188), -- MAC layer over radio links
atmRadio (189), -- ATM over radio links
imt (190), -- Inter Machine Trunks
mvl (191), -- Multiple Virtual Lines DSL
reachDSL (192), -- Long Reach DSL
frDlciEndPt (193), -- Frame Relay DLCI End Point
atmVciEndPt (194), -- ATM VCI End Point
opticalChannel (195), -- Optical Channel
opticalTransport (196), -- Optical Transport
propAtm (197), -- Proprietary ATM
voiceOverCable (198), -- Voice Over Cable Interface
infiniband (199), -- Infiniband
teLink (200), -- TE Link
q2931 (201), -- Q.2931
virtualTg (202), -- Virtual Trunk Group
sipTg (203), -- SIP Trunk Group
sipSig (204), -- SIP Signaling
docsCableUpstreamChannel (205), -- CATV Upstream Channel
econet (206), -- Acorn Econet
pon155 (207), -- FSAN 155Mb Symetrical PON interface
pon622 (208), -- FSAN622Mb Symetrical PON interface
bridge (209), -- Transparent bridge interface
linegroup (210), -- Interface common to multiple lines
voiceEMFGD (211), -- voice E&M Feature Group D
voiceFGDEANA (212), -- voice FGD Exchange Access North American
voiceDID (213), -- voice Direct Inward Dialing
mpegTransport (214), -- MPEG transport interface
sixToFour (215), -- 6to4 interface (DEPRECATED)
gtp (216), -- GTP (GPRS Tunneling Protocol)
pdnEtherLoop1 (217), -- Paradyne EtherLoop 1
pdnEtherLoop2 (218), -- Paradyne EtherLoop 2
opticalChannelGroup (219), -- Optical Channel Group
homepna (220), -- HomePNA ITU-T G.989
gfp (221), -- Generic Framing Procedure (GFP)
ciscoISLvlan (222), -- Layer 2 Virtual LAN using Cisco ISL
actelisMetaLOOP (223), -- Acteleis proprietary MetaLOOP High Speed Link
fcipLink (224), -- FCIP Link
rpr (225), -- Resilient Packet Ring Interface Type
qam (226), -- RF Qam Interface
lmp (227), -- Link Management Protocol
cblVectaStar (228), -- Cambridge Broadband Limited VectaStar
docsCableMCmtsDownstream (229), -- CATV Modular CMTS Downstream Interface
adsl2 (230), -- Asymmetric Digital Subscriber Loop Version 2
macSecControlledIF (231), -- MACSecControlled
macSecUncontrolledIF (232), -- MACSecUncontrolled
aviciOpticalEther (233), -- Avici Optical Ethernet Aggregate
atmbond (234), -- atmbond
voiceFGDOS (235), -- voice FGD Operator Services
mocaVersion1 (236), -- MultiMedia over Coax Alliance (MoCA) Interface
ieee80216WMAN (237), -- IEEE 802.16 WMAN interface
adsl2plus (238), -- Asymmetric Digital Subscriber Loop Version 2,
dvbRcsMacLayer (239), -- DVB-RCS MAC Layer
dvbTdm (240), -- DVB Satellite TDM
dvbRcsTdma (241), -- DVB-RCS TDMA
x86Laps (242) -- LAPS based on ITU-T X.86/Y.1323
[/OpenSource/Debian/AddressManagement]
permanent link
2007 May 14 - Mon
Nagios Installation and Sample Configuration
Introduction
As part of the network monitoring server, Nagios is used for monitoring servers and their services.
Installation
Download and expand the source:
cd /usr/src
wget http://superb-east.dl.sourceforge.net/sourceforge/nagios/nagios-2.4.tar.gz
tar -zxvf nagios-2.4.tar.gz
Add users and groups:
adduser nagios
mkdir /usr/local/nagios
chown nagios.nagios /usr/local/nagios
groupadd nagioscmd
usermod -G nagioscmd www-data
usermod -G nagioscmd nagios
Obtain libs, compile, and install:
apt-get install libgd-dev
apt-get install mcrypt
apt-get install libmcrypt-dev
cd nagios-2.4
./configure \
--prefix=/usr/local/nagios \
--with-cgiurl=/cgi-bin/nagios \
--with-htmurl=/nagios \
--with-nagios-user=nagios \
--with-nagios-group=nagios \
--with-command-group=nagioscmd \
--localstatedir=/var/local/nagios
make all
make install
make install-init
make install-commandmode
make install-config
Add the following lines to /etc/apache2/sites-available/default.
They need to go before the default cgi-bin configuration files.
<Location "/nagios/">
SetHandler default-handler
</Location>
ScriptAlias /cgi-bin/nagios/ /usr/local/nagios/sbin/
<Directory "/usr/local/nagios/sbin">
# AllowOverride AuthConfig
AllowOverride None
Options ExecCGI -MultiViews
Order allow,deny
Allow from all
AddHandler cgi-script .cgi
</Directory>
Alias /nagios/ "/usr/local/nagios/share/"
<Directory "/usr/local/nagios/share">
DefaultType text/html
Options None
# AllowOverride AuthConfig
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Restart Apache:
/etc/init.d/apache2 restart
Modify configuration files:
cd /usr/local/nagios
mkdir samples
cp * samples/
mv cgi.cfg-sample cgi.cfg
mv checkcommands.cfg-sample checkcommands.cfg
mv misccommands.cfg-sample misccommands.cfg
mv nagios.cfg-sample nagios.cfg
mv resource.cfg-sample resource.cfg
rm bigger.cfg-sample
rm minimal.cfg-sample
Install plug-ins:
cd /usr/src
>wget http://superb-east.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.3.tar.gz
tar -zxvf nagios-plugins-1.4.3.tar.gz
cd nagios-plugins-1.4.3
./configure \
--prefix=/usr/local/nagios \
--with-nagios-user=nagios \
--with-nagios-group=nagios \
--with-cgiurl=/cgi-bin/nagios
make
make install
Make Nagios run automatically:
update-rc.d nagios defaults 25
To test configurations before committing them to execution:
cd /usr/local/nagios
bin/nagios -v etc/nagios.cfg
Customizations
In /usr/local/nagios/etc/checkcommands.cfg, insert the following lines (this will be used by an Windows event
logging program):
# 'check_dummy' command definition
define command{
command_name check_dummy
command_line $USER1$/check_dummy $ARG1$ $ARG2$
}
Create a directory for site specific configurations:
mkdir /usr/local/nagios/etc/examplecom
Make the following changes to /usr/local/nagios/etc/nagios.cfg:
#cfg_file=/usr/local/nagios/etc/minimal.cfg
cfg_dir=/usr/local/nagios/etc/examplecom
check_external_commands=1
use_syslog=0
log_notifications=0
date_format=iso8601
admin_email=root
Apply the following changes to /usr/local/nagios/etc/cgi.cfg:
46c46
< show_context_help=0
---
> show_context_help=1
65c65
< #nagios_check_command=/usr/local/nagios/libexec/check_nagios /var/local/nagios/status.dat 5
'/usr/local/nagios/bin/nagios'
---
> nagios_check_command=/usr/local/nagios/libexec/check_nagios /var/local/nagios/status.dat 5
'/usr/local/nagios/bin/nagios'
116c116
< #authorized_for_system_information=nagiosadmin,theboss,jdoe
---
> authorized_for_system_information=nagiosadmin,admin
128c128
< #authorized_for_configuration_information=nagiosadmin,jdoe
---
> authorized_for_configuration_information=nagiosadmin,admin
141c141
< #authorized_for_system_commands=nagiosadmin
---
> authorized_for_system_commands=nagiosadmin,admin
154,155c154,155
< #authorized_for_all_services=nagiosadmin,guest
< #authorized_for_all_hosts=nagiosadmin,guest
---
> authorized_for_all_services=nagiosadmin,admin
> authorized_for_all_hosts=nagiosadmin,admin
168,169c168,169
< #authorized_for_all_service_commands=nagiosadmin
< #authorized_for_all_host_commands=nagiosadmin
---
> authorized_for_all_service_commands=nagiosadmin,admin
> authorized_for_all_host_commands=nagiosadmin,admin
Create a file /usr/local/nagios/etc/services.cfg with the following content:
################################################################################
# Configuration File: Services
#
# Last Modified: 2006/06/08
# By: Ray Burkholder
#
################################################################################
################################################################################
# Service Templates
################################################################################
# Generic service definition template
define service{
name generic-service ; Generic Service Template
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
register 0 ; DONT REGISTER THIS DEFINITION
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 3
retry_check_interval 1
contact_groups general-admins
notification_interval 120
notification_period 24x7
notification_options w,u,c,r
}
Create a file /usr/local/nagios/etc/hosts.cfg with the following content:
###############################################################################
# Configuration File: Hosts
# Last Modified: 2006/06/08
#
# By: Ray Burkholder
#
################################################################################
# HOST Template
################################################################################
# Generic host definition template
define host{
name generic-host-skeleton ; The name of this host template
notifications_enabled 1 ; Host notifications are enabled
event_handler_enabled 0 ; Host event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 1 ; Retain non-status information across program restarts
active_checks_enabled 1
passive_checks_enabled 0
max_check_attempts 5
contact_groups general-admins
register 0 ; DONT REGISTER THIS DEFINITION
}
# 'generic-host' server host definition
define host{
name generic-host
use generic-host-skeleton
check_command check-host-alive
notification_interval 120
notification_period 24x7
notification_options d,u,r
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST
}
# 'generic-host-nocheck' server host definition
define host{
name generic-host-nocheck
use generic-host-skeleton
notification_interval 120
notification_period 24x7
notification_options d,u,r
register 0 ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOst
}
Add the following lines to /usr/local/nagios/etc/nagios.cfg:
cfg_file=/usr/local/nagios/etc/services.cfg
cfg_file=/usr/local/nagios/etc/hosts.cfg
cfg_dir=/usr/local/nagios/etc/examplecom
examplecom files
Create file /usr/local/nagios/etc/examplecom/timeperiod.cfg:
################################################################################
# Configuration File: Time Period
#
# Last Modified: 2005/07/19
#
# By: Ray Burkholder
#
################################################################################
###############################################################################
# TIMEPERIOD DEFINITIONS
################################################################################
# '24x7' timeperiod definition
define timeperiod{
timeperiod_name 24x7
alias 24 Hours A Day, 7 Days A Week
sunday 00:00-24:00
monday 00:00-24:00
tuesday 00:00-24:00
wednesday 00:00-24:00
thursday 00:00-24:00
friday 00:00-24:00
saturday 00:00-24:00
}
# 'workhours' timeperiod definition
define timeperiod{
timeperiod_name workhours
alias "Normal" Working Hours
monday 09:00-17:00
tuesday 09:00-17:00
wednesday 09:00-17:00
thursday 09:00-17:00
friday 09:00-17:00
}
# 'nonworkhours' timeperiod definition
define timeperiod{
timeperiod_name nonworkhours
alias Non-Work Hours
sunday 00:00-24:00
monday 00:00-09:00,17:00-24:00
tuesday 00:00-09:00,17:00-24:00
wednesday 00:00-09:00,17:00-24:00
thursday 00:00-09:00,17:00-24:00
friday 00:00-09:00,17:00-24:00
saturday 00:00-24:00
}
# 'none' timeperiod definition
define timeperiod{
timeperiod_name none
alias No Time Is A Good Time
}
Create a file called /usr/local/nagios/etc/examplecom/contacts.cfg with the following contact. Add additional
contacts and rearrange groups as needed.
################################################################################
# Configuration File: Contacts and Contact Groups
#
# Last Modified: 2006/06/08
#
# By: Ray Burkholder
#
################################################################################
# relevant documentation
# http://nagios.sourceforge.net/docs/1_0/xodtemplate.html#contact<
################################################################################
# CONTACT DEFINITIONS
################################################################################
# 'nagios' contact definition
define contact{
contact_name nagios
alias Nagios Admin
service_notification_period 24x7
host_notification_period 24x7
service_notification_options w,u,c,r
host_notification_options d,u,r
service_notification_commands notify-by-email,notify-by-epager
host_notification_commands host-notify-by-email,host-notify-by-epager
email nagios-admin@localhost.localdomain
pager pagenagios-admin@localhost.localdomain
}
# Network Generic Alerts
define contact {
contact_name networkalerts
alias Network Alerts
service_notification_period 24x7
host_notification_period 24x7
service_notification_options c,w
host_notification_options d,r
service_notification_commands notify-by-email
host_notification_commands host-notify-by-email
email networkalerts@example.com
}
################################################################################
# CONTACT GROUP DEFINITIONS
################################################################################
# 'general-admins' contact group definition
define contactgroup{
contactgroup_name general-admins
alias General Administrators
members networkalerts
}
# 'windows-server-admins' contact group definition
define contactgroup{
contactgroup_name windows-server-admins
alias Windows Server Administrators
members networkalerts
}
# 'windows-desktop-admins' contact group definition
define contactgroup{
contactgroup_name windows-desktop-admins
alias Windows Desktop Support
members networkalerts
}
# 'linux-server-admins' contact group definition
define contactgroup{
contactgroup_name linux-server-admins
alias Linux Administrators
members networkalerts
}
# 'switch-admins' contact group definition
define contactgroup{
contactgroup_name switch-admins
alias Etherswitch Administrators
members networkalerts
}
# 'router-admins' contact group definition
define contactgroup{
contactgroup_name router-admins
alias Router Technicians
members networkalerts
}
# 'firewall-admins' contact group definition
define contactgroup{
contactgroup_name firewall-admins
alias Firewall Technicians
members networkalerts
}
# 'printer-admins' contact group definition
define contactgroup{
contactgroup_name printer-admins
alias Printer Administrators
members networkalerts
}
# 'sensor-admins' contact group definition
define contactgroup{
contactgroup_name sensor-admins
alias Sensor Administrators
members networkalerts
}
Create a file called /usr/local/nagios/etc/examplecom/groups.cfg with the following template:
################################################################################
# Configuration File: Groups
#
# Last Modified: 2006/06/08
# By: Ray Burkholder
#
################################################################################
# Group DEFINITIONS
################################################################################
#define hostgroup {
# hostgroup_name groupname
# alias Member Devices
# members x,y
# }
[/OpenSource/Debian/Monitoring]
permanent link
2007 May 10 - Thu
TFTP Installation with ATFTPD
I use the atftpd tftp server daemon. For the most part, it is an easy package retrieval. However there are some
custom security and directory settings.
Installation
Install the package:
apt-get install atftpd
Edit /etc/inetd.conf and comment out the line with tftpd.
Restart inetd:
/etc/init.d/inetd.dpkg-new restart
Create a new directory, user, group, and privleges:
mkdir /var/atftpd
cd /var
groupadd atftpd
useradd -d /var/atftpd -g atftpd atftpd
chmod 766 atftpd
chown atftpd.atftpd atftpd
Edit /etc/default/atftpd. Add '--user atftpd.atftpd' and change '/tftpboot' to '/var/atftpd'.
Start the service: /etc/init.d/atftpd start
[/OpenSource/Debian/Monitoring]
permanent link
2007 May 09 - Wed
Installing Asterisk
It has been a year or two since I last worked with the Opensource PBX solution
called Asterisk. Instead, I've been doing
stuff with
Cisco Callmanger and Voice Gateways for the last while. My support pages are still
receiving regular hits with regards to Asterisk Support, so I think I should do more with
it. I've got a bunch of scripts laying about that I'd like to resurrect.
So, to start off, I have a new Debian server, I need to install the latest and greatest
from version control. Here is what I did.
These get me up to current for latest kernel. Compiling Asterisk requires the kernel
headers, so they are included here. I want the call detail records to go to a PostgreSQL
database, so I include the libraries as well. As the latest source is in Subversion, I need
that package to obtain the installation files.
apt-get install linux-image-2.6.18-4-686
apt-get install linux-headers-2.6.18-4-686
apt-get install libncurses5-dev
apt-get install postgresql-dev
apt-get install subversion
Now I can obtain the source files:
cd /usr/src
mkdir digium
cd digium
svn checkout http://svn.digium.com/svn/asterisk/trunk asterisk
svn checkout http://svn.digium.com/svn/zaptel/trunk zaptel
svn checkout http://svn.digium.com/svn/libpri/trunk libpri
Compile the driver files. A double make install will be required. If you are not using
Digium
hardware, use the ztdummy module, otherwise use the zaptel module. Once compiled and
installed, the zaptel configuration file is found in /etc/zaptel.conf and will need to be
updated before using the zaptel module.
cd zaptel
make clean
make install
make install
mddprobe ztdummy
modprobe zaptel
For running with PRI digitial telephone circuits, another library needs to be built:
cd ../libpri
make clean
make install
This last one holds the bulk of the Asterisk build.
cd ../asterisk
./configure \
--sysconfdir=/etc \
--localstatedir=/var
make samples
That gets us to a basic installation. My next write up will show some of the
configuration file stuff I do.
[/OpenSource/Debian/Asterisk]
permanent link
Various Perl Based Proxy Tools
In perusing Debian's Package List,
I came across a number of Perl based Proxy tools.
The first one, an item that sounds interesting, but havn't thought of a way to put it into
action yet, is an HTTP Recorder. HTTP::Recorder
is a browser-independent recorder that
records interactions with web sites and produces scripts for
automated playback. Recorder produces WWW::Mechanize
scripts by default (see WWW::Mechanize
by Andy Lester),
The next item is an HTTP Tunnel. httptunnel creates a bidirectional virtual data connection
tunnelled in HTTP requests. The HTTP requests can be sent via an HTTP proxy if so desired.
This can be useful for users behind restrictive firewalls. If WWW access is allowed through a
HTTP proxy, it's possible to use httptunnel and, say, telnet or PPP to connect to a computer
outside the firewall.
The third item is HTTP::Proxy. It is a Perl based HTTP Proxy. It sounds like it can do some
SSL type interception as well. It has an ability for add-on modules allowing various parts
of a page to be re-processed prior to delivery back to a user.
[/OpenSource/Debian]
permanent link
Redirecting a Web Page
I've encountered a number of ways to redirect a web page. If all you have access to is a web page, then
a meta tag is the way to go:
<html>
<head>
<meta http-equiv="refresh" content="3;url=/liveprobe/index.html">
</head>
<body>
You will be redirected to <a href=/liveprobe/index.html>/liveprobe/index.html</a> in 3 seconds.
</body>
</html>
More meta-tags can be found at http://vancouver-webpages.com/META/.
If pages are being dynamically created, then executing the following code before anything else on the page is generated should do the trick (I haven't
tried it out myself yet):
print "Status: 302 Moved Temporarily\r\n",
"Location: $url\r\n",
"Content-Type: text/html\r\n\r\n",
"$url\r\n";
[/Personal/SoftwareDevelopment/HTML]
permanent link
Upgrading Nfsen and Nfdump
As an update to my two articles for installing nfdump and installing nfsen, here are a few corrections and a process for upgrading.
As of this writing, the latest snapshots are for March 12. Here is the upgrade process:
cd /usr/src
wget http://superb-east.dl.sourceforge.net/sourceforge/nfsen/nfsen-snapshot-20070312.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/nfdump/nfdump-snapshot-20070312.tar.gz
/usr/local/nfsen/bin/nfsen.rc stop
tar -zxvf nfdump-snapshot-20070312.tar.gz
tar -zxvf nfsen-snapshot-20070312.tar.gz
cd nfdump-snapshot-20070312
./configure
make
make install
cd ../nfsen-snapshot-20070312
./install.pl /etc/nfsen/nfsen.conf
/usr/local/nfsen/bin/nfsen.rc start
The 'start' command could be placed in /etc/rc.local so it starts upon boot. The start command
also starts the flow collectors (nfdump), so there is no need to start them; the nfsen.rc command takes care
of everything.
[/OpenSource/Debian/Monitoring]
permanent link
2007 May 08 - Tue
Determiniing Space Used in SubDirectories
When space is getting tight, one has to find out where the space is being used.
Sometimes it suffices to find where the most accumulation is and cleaning that up. To find
that accumulation, use the du command:
du -h -x --max-depth=1
The -h turns the result into human readable form, the -x excludes files on a different
file system (for when you have a mount somewhere in the structure), and the --max-depth
performs a summarizes the results of the recursive search through the structure.
[/OpenSource]
permanent link
Removing lots of files
If I don't have a clean up program running, sometimes autocollected files tend to
accumulated. For example, netflow processing on 5 minute intervals can accumulate a large
number of files. An 'rm' with a partical wild card seems to complain.
I've resorted to a chaining some command line utilities to come up with a quick script to
remove files:
ls -1 | grep ft-v05.2007-0[123] | sed 's/^/rm /' > t.sh
This generates a one column directory listing and puts it through grep. Grep looks for a
few specific months of files and passes the list onto sed. Sed preappends the removal
command onto each file name. The whole shooting match is thrown into a shell script.
Either set execute privileges on the script:
chmod 500 t.sh
Or run with with the shell command:
bash t.sh
[/OpenSource]
permanent link
2007 May 07 - Mon
Importing a Blosxom Blog into Movable Type
I have my Blosxom based blog organized by category directories rather than by date. I've written a Perl script to
take this collection of articles and transform them into a MovableType import file. My content files have a .txt
extension. You'll need to change the match string if your extension is different from mine.
To run, there is a variable called dir which you seed with a starting directory. The program then scans that
directory and further sub-directories looking for files with the designated suffix. It then uses the first line of
a found file for the title. The third and subsequent lines are used for the content.
I've found that after importing, I'm not able to see the body in Movable Type's content editor. How weird...
Well, it does show up when you customize the display of the page. It shows up in the extended entry text.
2007/06/12: David Graff suggested an additional print statement before the body block. I havn't tried it,
but I hope it works to remedy the missing body bit.
Here is the script:
#!/usr/bin/perl
use strict;
#use File::stat;
use Fcntl ':mode';
my $author = 'ray';
my $ext = '.txt';
my @dirs;
my $dir = '/var/www/html/blog';
push( @dirs, $dir );
while ( $dir = pop( @dirs) ) {
chdir( $dir );
opendir( DIR, $dir );
# print( "$dir\n" );
foreach my $file ( readdir( DIR) ) {
if ( $file =~ /.txt$/ ) {
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
localtime((stat($file))[9]);
$mon+=1;
$year+=1900;
$mon = substr( '0' . $mon, -2 ,2 );
$mday = substr( '0' . $mday, -2, 2 );
$hour = substr( '0' . $hour, -2, 2 );
$min = substr( '0' . $min, -2, 2 );
$sec = substr( '0' . $sec, -2, 2 );
my $date = "$mon/$mday/$year $hour:$min:$sec";
# print( " $file: $date\n");
open( FILE, '<' . $file );
my $title = <FILE>;
chomp( $title );
my $body;
my $extbody;
my $line;
my $summary = 1;
while ( $line = <FILE> ) {
if ( $summary ) {
$body .= $line;
if ( length( $line ) < 2 ) {
$summary = 0;
}
}
$extbody .= $line;
}
close( FILE );
$dir =~ /\/([^\/]+$)/;
my $category = $1;
print( "AUTHOR: $author\n" );
print( "TITLE: $title\n" );
print( "DATE: $date\n" );
print( "PRIMARY CATEGORY: $category\n" );
print( "STATUS: publish\n" );
# print( "ALLOW COMMENTS: 1\n" );
# print( "ALLOW PINGS: 1\n" );
print("-----\n"); # 2007/06/12 insertion by David Graff
print( "BODY:\n" . $body . "\n-----\n" );
print( "EXTENDED BODY:\n" . $extbody . "\n-----\n" );
print( "--------\n" );
}
my $mode = (stat($file))[2];
if ( S_ISDIR( $mode ) ) {
if ( '.' ne $file && '..' ne $file ) {
push( @dirs, $dir . '/' . $file );
}
}
}
closedir( DIR );
}
[/OpenSource/Debian/MovableType]
permanent link
Security Enhancements for Remote Access at Microsoft
Here is a link to a paper that has a bunch of useful stuff in it regarding Microsoft VPN's, IAS (Internet
Authentication Server), security scripting, and Windows 2003 based Remote Access Infrastructure:
Security Enhancements for
Remote Access at Microsoft: Technical White Paper
[/Cisco]
permanent link
User Certficate Auto Enrollment
With my 802.1x test setup, machine certificates were being sent to domain machines with no problem, but user
certificates were not showing up.
In the group policy object, right on the container housing the users that needed certificates, I set the
auto-enrollment
settings. For some reason things weren't being inherited from the domain default policy. The group policy container is
User Configuration -> Windows Settings -> Security Settings -> Public
Key Policies -> Autoenrollment SEttings. The 'Enroll Certificates Automatically' needs to be checked along with it's two
subsidiary check boxes.
The following command serves as a manual refresh of the policy:
gpupdate /target:user
Enrollment will take several minutes. Running the certmgr.msc mmc snap-in will allow one to check that the certificate
has arrived in
the Personal -> Certificates store.
The Application Event Log will contain success/failure status for the auto-enrollment.
I also found out from an troubleshooting auto-enrollment article, that domain users without email addresses will not
auto-enroll. They don't need an actual email box, just an entry in the email attribute in Active Directory.
As further reference, Microsoft has an article on How Autoenrollment Works. There are other related and helpful articles in the same library section.
[/Cisco]
permanent link
2007 May 06 - Sun
Movable Type Links
Here are some links to various pages in Movable Type that look useful:
[/OpenSource/Debian/MovableType]
permanent link
I Hate PHP on a database call.
I think this is the second time I've been caught on this. And I should have recalled the
second time around to check this.
I'm working through the process of installing and playing with Movable Type. It went quite
well. Configuration and maintenance and adding content worked well. Well, up until I
decided to enable Dynamic Content generation. Then I found out Movable Type has two faces,
a Perl one and a PHP one.
To handle dynamic content, they do an Apache redirect/rewrite through a default php
script, one that does a database call. And in order to do the databae call, it opens a
connection to the database.
I'm testing with PostgreSQL. My Debian install didn't have, by default, the php4-pgsql
package. If it isn't installed, PHP simply aborts somewhere in the code, quietly. How
silly. No errors, no messages, no nothing.
So after untold 'echo()' statements later, I tracked it down to a call in the ezsql
implementation. Finally the light bulb went on over my head. The fix:
apt-get install php4-pgsql
I'm wondering if there is a way to test for this package, so I don't forget this again.
I probably didn't clue into this before because the main Movable Type scripts are in Perl
and use the database connections there. I made the, obviously incorrect assumption, that
the PHP scripts were involved and already knew about the database driver. Well, I was
incorrect on that one.
[/OpenSource/Debian/MovableType]
permanent link
apt-get: Managing Packages
In a few of my earlier articles regarding upgrading and updating a Debian system, I
missed a
few key facts.
In one article, a mentioned performing a distribution upgrade. Another one mentioned
doing a kernel upgrade and missing an lvm2 module.
The key is that if modules are being held-back, that is a sign that a distribution
upgrade will be needed:
apt-get -u dist-upgrade
The -u parameter provides more detail as to what will be happening during the upgrade.
More details for working with packages can be found at APT
HowTo
[/OpenSource/Debian]
permanent link
SmartQuant QuantDeveloper & DataCenter Release
SmartQuant has released a revision
to DataCenter and
QuantDeveloper. DataCenter and QuantDeveloper are at the following revision levels:
DataCenter
Version 2.2.3 (12-Apr-2007)
QuantDeveloper Enterprise Edition
Version 2.5.4 (04-May-2007)
QuantDeveloper Source Code
Version 2.5.1 (23-Mar-2007)
* Recent Versions available through
version control
[/Trading/SmartQuant/Releases]
permanent link
2007 May 05 - Sat
Post Processing NMAP2Nagios Output
nmap2nagios is a module available from Nagios ExchangeK
(I seem to recall). From an nmap based network scan, it generates information useful for import into Nagios. I
needed to muck with the output somewhat in order to remove redundant references and other stuff. I'm sure there is a
better way to do this, but this what I ended up with. If nothing else, it was a good introduction to the command
line edit utility 'sed'.
On the network I was processing, device names had 'ilo' in them. I needed to remove them from the listing. I
edited nmap2nagios.pl and did the following:
#!/usr/bin/perl -w
#line 126
my $n = $host_ref->{'host_name'};
print '** name ' . $n;
print ' done' . "\n";
next if ($n =~ /^ilo/);
I took a bunch of stuff out of nmap2nagios.conf.
I created a file called 'scanlo.sed' with the following content to remove references to printer and altiris stuff:
/portid="443/ {s/name="http"/name="https"/}
/portid="280/ {s/name="http"/name="hpweb1"/}
/portid="631/ {s/name="http"/name="hpweb2"/}
/portid="902/ {s/name="ftp"/name="altirisftp1"/}
/portid="912/ {s/name="ftp"/name="altirisftp2"/}
I then ran the following sequence of commands. nmap does the network scan with the given segment.
Some inline editing is performed with sed. nmap2nagios creates another file, which is then copied to
the nagios etc directory.
nmap -A -sV -p1-1024 -O -oA scanlo -v 10.1.1.0/24
sed -f scanlo.sed scanlo.xml > scanlo1.xml
/usr/src/nmap2nagios-0.1.2/nmap2nagios.pl -i -v -r scanlo1.xml -o sh1.cfg
sed 's/^>//' sh1.cfg > sh2.cfg
cp sh2.cfg /usr/local/nagios/etc/
For checking ssh services, the following needs to be inserted into checkcommands.cfg:
# 'check_ssh' command definition
define command{
command_name check_ssh
command_line $USER1$/check_ssh $HOSTADDRESS$
}
[/OpenSource/Debian/Monitoring]
permanent link
2007 May 04 - Fri
Configuring eSensors with Nagios
The EM01B WebSensor from Esensor (http://www.eesensors.com/websensor.html) provides Temperature,
Humidity, and Illumination values to Nagios.
Download the source code for the Nagios plugin from http://www.nagiosexchange.org/Environmental.60.0.html?&tx_netnagext_pi1[p_view]=13
and place it into the /usr/src directory.
Unzip it to a directory called esensors. Change into /usr/src/esensors/c and run:
gcc check_em01.c -o check_em01
cp check_em01 /usr/local/nagios/libexec/
Ignore the warnings.
Add the following llnes to /usr/local/nagios/etc/checkcommands.cfg:
# 'check_temp' command definition
define command{
command_name check_temp
command_line $USER1$/check_em01 $HOSTADDRESS$ T $ARG1$ $ARG2$ $ARG3$ $ARG4$
}
# 'check_humidity' command definition
define command{
command_name check_humidity
command_line $USER1$/check_em01 $HOSTADDRESS$ H $ARG1$ $ARG2$ $ARG3$ $ARG4$
}
# 'check_light command definition
define command{
command_name check_light
command_line $USER1$/check_em01 $HOSTADDRESS$ I $ARG1$ $ARG2$ $ARG3$ $ARG4$
}
Create a file named /usr/local/nagios/etc/srvc_esensor.cfg with the following content:
###############################################################################
#
# Configuration file for eSensor Devices
#
# Last Modified: 2006-06-08
#
################################################################################
################################################################################
# SERVICE DEFINITIONS
################################################################################
# Generic service definition template
define service{
name generic-esensor ; Referenced in other service definitions
active_checks_enabled 1 ; Active service checks are enabled
passive_checks_enabled 1 ; Passive service checks are enabled/accepted
parallelize_check 1 ; Active service checks should be parallelized
obsess_over_service 1 ; We should obsess over this service (if necessary)
check_freshness 0 ; Default is to NOT check service 'freshness'
notifications_enabled 1 ; Service notifications are enabled
event_handler_enabled 1 ; Service event handler is enabled
flap_detection_enabled 1 ; Flap detection is enabled
process_perf_data 1 ; Process performance data
retain_status_information 1 ; Retain status information across program restarts
retain_nonstatus_information 0 ; Retain non-status information across program restarts
register 0 ; DONT REGISTER THIS DEFINITION
is_volatile 0
check_period 24x7
max_check_attempts 3
normal_check_interval 5
retry_check_interval 1
contact_groups sensor-admins
notification_interval 30
notification_period 24x7
notification_options d,u,r
}
# check temp service definition template
define service{
use generic-esensor
name etemp-service ; Referenced in other service definitions
register 0 ; DONT REGISTER THIS DEFINITION
service_description Temperature
check_command check_temp!2!110!1!120
}
# check humidity service definition template
define service{
use generic-esensor
name ehum-service ; Referenced in other service definitions
register 0 ; DONT REGISTER THIS DEFINITION
service_description Humidity
check_command check_humidity!2!90!1!99
}
# check light service definition template
define service{
use generic-esensor
name eillum-service ; Referenced in other service definitions
register 0 ; DONT REGISTER THIS DEFINITION
service_description Illumination
check_command check_light!2!600!1!700
}
Add the following line to /usr/local/nagios/etc/nagios.cfg:
cfg_file=/usr/local/nagios/etc/srvc_esensor.cfg
Create a file called /usr/local/nagios/etc/examplecom/em01.cfg with the following content:
define host{
use generic-host
host_name em01
alias Heat, Humidity and Illumination tests
address 10.1.6.30
}
define hostgroup{
hostgroup_name Esensors
alias Esensors HVAC sensor
members em01
}
define servicegroup{
servicegroup_name esensors
alias Enviromental Monitoring
members em01,Temperature
members em01,Humidity
members em01,Illumination
}
define service {
use etemperature-service
host em01
check_command check_temp!60!80!50!85
}
define service {
use ehumidity-service
host em01
}
define service {
use eillumination-service
host em01
}
As a side note, I think I'm going to process esensor output with something else. Here is a brief
regular expression in a perl file called 'em.pl' to handle the output:
use strict;
my $a = <STDIN>;
$a =~ m/TF:[ ]*(\d+\.\d+).*HU:[ ]*(\d+\.\d+).+IL[ ]*(\d+\.\d+)/;
print "$1, $2, $3\n";
The following command line generates three values (using the tool 'curl' to obtain the current values):
echo `curl -s http://bmem01/index.html?em123456` | perl em.pl
[/OpenSource/Debian/Monitoring]
permanent link
2007 May 03 - Thu
Installing SNMP Modules
SNMP configuration on Debian is quite easy:
apt-get install snmp
apt-get install snmpd
Here is an example snmp query on a device named device01, community string public, and values of interest in the
ciscoRttMonMIB MIB. The '-m' says to load all mibs from the '-M' mib directory.
snmpwalk -v2c -c public -m ALL -M /usr/share/snmp/mibs device01 ciscoRttMonMIB
[/OpenSource/Debian/Monitoring]
permanent link
2007 May 02 - Wed
Drraw Installation
Cricket and NetFlow create RRD files. Each has some basic utilities for drawing data found within the files.
Drraw provides advanced capabilities for creating graphs, templates, and dashboards.
Installation
Download the utility and expand the source:
wget http://web.taranis.org/drraw/dist/drraw-2.1.3.tgz
tar -zxvf drraw-2.1.3.tgz
Create an icon directory, copy the script and icon files:
cd drraw-2.1.3
mkdir /var/www/icons
cp icons/* /var/www/icons
cp drraw* /usr/lib/cgi-bin/
chmod 755 /usr/lib/cgi-bin/drraw.cgi
Create some directories:
mkdir /var/cache/apache2/drraw
mkdir /var/cache/apache2/drraw/saved
mkdir /var/cache/apache2/drraw/tmp
chown -R www-data.www-data /var/cache/apache2/drraw
mkdir /var/log/drraw
touch /var/log/drraw/error.log
chown -R www-data.www-data /var/log/drraw
Update /usr/lib/cgi-bin/drraw.conf with the following:
%datadirs = (
# '/here/are/some/files' => '[Label1] ',
'/var/lib/cricket' => '[Cricket] ',
);
$saved_dir = '/var/cache/apache2/drraw/saved';
$tmp_dir = '/var/cache/apache2/drraw/tmp';
$ERRLOG = '/var/log/drraw/errors.log';
Change the first line of /usr/lib/cgi-bin/drraw.cgi to:
#! /usr/bin/perl -T
The program can be started with:
http://localhost/cgi-bin/drraw.cgi
[/OpenSource/Debian/Monitoring]
permanent link
2007 May 01 - Tue
HTML Page Template Framework
'Glue' web pages on the monitoring server are generated through the Mason Delivery Engine. In other words, Mason is a Perl based template system used for formatting
the primary web pages of this server. It requres the use of Apache and mod_perl. Here is what I do to install Mason
for my needs. As the monitoring server relies on NetDisco tables, a portion of the installation process revolves
around initializing the NetDisco PostgreSQL database.
Installation
Install the packages:
apt-get install libhtml-mason-perl
apt-get install libdbi-perl
apt-get install libdbd-pg-perl
apt-get install apache2-dev
apt-get install libapache2-mod-apreq2
apt-get install libapache-dbi-perl
apt-get install libmasonx-request-withapachesession-perl
apt-get install libapache2-request-perl
ln -s /etc/apache2/mods-available/apreq.load
/etc/apache2/mods-enabled/apreq.load
Add the following line into '/etc/postgresql/7.4/main/pg_hba.conf':
local netdisco netdisco trust
Create and load database:
/etc/init.d/postgresql-7.4 restart
su - postgres
psql template1
create user netdisco;
create group netdisco user netdisco;
create database netdisco with owner netdisco;
\q
psql netdisco -U netdisco < netdisco.dump
exit
Add the following lines into /etc/apache2/sites-available/default:
PerlModule HTML::Mason::ApacheHandler
<LocationMatch "(.html|.txt|.pl)$">
SetHandler perl-script
PerlHandler HTML::Mason::ApacheHandler
</LocationMatch>
<LocationMatch "(.m(html|txt|pl)|dhandler|autohandler)$">
SetHandler perl-script
PerlInitHandler Apache::Constants::NOT_FOUND
</LocationMatch>
<Directory />
Options FollowSymLinks
AllowOverride None
AllowOverride AuthConfig
|
