One Unified Global Perspective
Communications with a Global Perspective
Home
Intro
Contact Us
Voice over IP
PBX Solutions
Services
Support
Glossary
Open Source
Blog
Forum

WebMail





2007 May 31 - Thu

Setting Up and Working With a Remote Subversion Repository

I maintain a number of different servers, and work on a number of different projects. I'd like to put all of these things under some sort of version control. I chose Subversion as it has a good command line environment, has much access flexibility, and will work with Windows and Linux based files. I also wanted to secure the respository on a remote computer. At some time in the future, I may allow limited public access to portions of the repository. For now, I want to restrict access via ssh only. Also, at some later time, I may experiment with WebDav and such (which, if I read this stuff correctly, provides Subversion repository access through Windows Explorer).

Installing the software on Debian for a Subversion Repository is easy:

apt-get install subversion

To create a base repository directory for a number of servers would use a command like:

adduser svn
mkdir /home/svn
su - svn
mkdir -p /var/local/svn/servers

This adds a user named svn, and then uses that user account to create the Subversion directory and respository. This is needed so that appropriate file permissions are maintained for remote access users. I'll describe a technique of access where no additional user accounts are needed for the server in which the repository resides.

To create a repository for the various directories and files for server server01 (still using user svn):

svnadmin create /var/local/svn/servers/server01

Configuring everything for remote use is a more complicated scenario and uses a bunch of concepts I wrote about in my ssh article.

On the server to be put under version control, which, for this example, is server01, create a private/public key with:

ssh-keygen -t rsa -b 2048
mv ~/.ssh/id_rsa.pub ~/.ssh/server01.pub

On the repository computer, with the account svn, ssh to a computer somewhere in order to create the .ssh directory (if it hasn't already been created). Use SCP or a similar capability to get server01's ~/.ssh/server01.pub file into the /home/svn/.ssh directory of the repository computer. Append the file to authorized_keys:

cat server01.pub >> ~/.ssh/authorized_keys

Now edit the authorized_keys and insert the following in front of the line of the key that was just inserted:

command="/usr/bin/svnserve -t --tunnel-user=user1 \
-r /var/local/svn/servers/server01/"\
,no-port-forwarding,no-agent-forwarding,no-X11-forwarding,no-pty

You'll need to take out the line-ending slashes and put everything on one line, ssh doesn't appear to like line continuations in the authorized_keys file. You should have a format like:

command="stuff",sshsettings ssh-rsa onelongkey admin@server01

The '-t' in the command tells svnserve that commands are coming in from an ssh tunnel. The --tunnel-user parameter gives Subversion a username with which it may tag repository changes. The name has nothing to do with any authentication or authorization. As such, it should be changed to reflect an appropriately descriptive name for each public key in the authorized_keys file. The '-r' command provides a 'root' location for the Subversion client to use for new projects and directories. The remaining commands tell ssh to enhance the security of the connection by disabling certain ssh forwarding capabilities.

Back on server01, start up a new Bash session with:

ssh-agent sh -c 'ssh-add < /dev/null && bash'

This loads your private key for automated use in subsequent Subversion interactions.

Now to maintain version history of seleected files in server01's /etc directory:

svn mkdir svn+ssh://svn@svn.example.com/server01/etc
cd /etc
svn co svn+ssh://svn@svn.example.com/server01/etc .
svn status
svn add hosts -m "added hosts to repository"
svn commit

The first line creates an empty directory in the repository. After changing into the /etc directory, the svn diretory is then checked out. By doing a status, you'll see all the files have a '?', as unknown. Files can then be added and committed as needed.

The inspiration for the 'mkdir' command came from the second example in the TLUG Wiki HowTo. The Wiki does make a valid point about not maintaining permissions by default, and does offer up a script that saves these as Subversion properties.

As a side note, for the string 'svn+ssh://svn@svn.example.com/...', when running TortoiseSVN, the svn.example.com can be the name of a saved profile from the Windows based SSH program called Putty.

[/OpenSource/Debian] permanent link


2007 May 30 - Wed

SmartQuant QuantDeveloper & DataCenter Release

SmartQuant has released a revision to DataCenter and QuantDeveloper. DataCenter and QuantDeveloper are at the following revision levels:

DataCenter
Version 2.3.1 (30-May-2007) 

QuantDeveloper Enterprise Edition
Version 2.6.1 (30-May-2007) 

QuantDeveloper Source Code
Version 2.5.1 (23-Mar-2007) 
* Recent Versions available through 
  version control 

[/Trading/SmartQuant/Releases] permanent link


2007 May 29 - Tue

Cricket: Combining Three Graphs Into One

In 2007/05/29's Cricket-User mailing list, there was a useful configuration file snippet for charting and summing selected sources:

target Net
	mtargets ="/Ethernet_To_Building/NSW/52GDC76F02/vlan231;
	/Ethernet_To_Building/ACT/12NOC76FF/vlan201;
		/Ethernet_To_Building/QLD/14VRC76F06/vlan439;
		/Ethernet_To_Building/VIC/O3MLC76F05/vlan436;
		/Ethernet_To_Building/SA/55DRC76FG/vlan467;
		/Ethernet_To_Building/WA/O6SSC76FE/vlan469;"
	mtargets-ops = "sum()"
	short-desc = "desc"
	filename = " Net Aggregate"
	combinationgraph = 1
	unknown-is-zero = true
	order = 899

Courtesy of Naveen Baldeo.

[/OpenSource/Debian/Monitoring/Cricket] permanent link


2007 May 28 - Mon

Opportunities for High Frequency Traders

Here is an article entitled Opportunities for High Frequency Traders: Intraday Patterns in Price Volatility and Liquidity of SFE Contracts by Professor Alex Frino and Grant Wearin of the University of Sydney, Australia in association with the Sydney Futures Exchange.

I've recently put together some scanning software to look for symbols with high daily volatility. This easy to read paper, confirms what I've found out about daily patterns of volatility. In addition, it adds to my knowledge regarding bid/ask spreads in relationship to depth analysis. The paper also discusses the Predictability of Price Movements of SFE Contracts in relationship to the time of day where it might be easier to predict.

An Power Point Presentation by Robert Engle entitled Predicting Returns and Volatilities with Ultra-High Frequency Data offers up some additional confirming evidence of how the markets work when traders are 'in the know'. Here are a few interesting highlights:

  • The price impacts, the spreads, the speed of quote revisions, and the volatility all respond to information variables
  • Transition is faster when there is information arriving, where an econometric measure of information includes high shares per trade, shor duration between trades, and sustained wide spreads
  • Both the realized and the expected duration impact the distribution of the price changes for the data studied
  • Transaction rates tend to be lower when the price are falling
  • Transaction rates tend to be higher when volatility is higher
  • Simulations suggest that the long run price impact of a trade can be very sensitive to the volume but is less sensitive to the spread and the transaction rates

Mark Hooker at Advanced Research Center has an article called Microstructure-Based Predictors. The end of the article has a nice wrap-up:

There is ... a ... benefit from efficient volatility forecasting. It turns out that a good volatility forecast can help us to forecast periods of trending and mean-reversion (or non-trending) in currency returns. For the technical component of our currency management strategy, such forecasts are very valuable since they can provide an early warning of when trending periods are likely to end and therefore allow time to close positions and book profits before the market turns around.

A Google search term for "high frequency volatility trading" works quite well.

[/Trading/AutomatedTrading] permanent link


2007 May 27 - Sun

Trading Site of the Day -- Peter Hoadley's Option Pricing Models and the "Greeks"

Many discussions regarding volatility and options tend to lean towards non-tradable academic talk. Peter Hoadley's page on Option Pricing Models and the "Greeks" has more tradable bent to it. The article starts off by discussing the basic options formula. Further into the article, he discusses how the formula can be used to further trading strategies.

[/Trading/SiteOfTheDay/D200705] permanent link


2007 May 26 - Sat

SSH Server to Server Connections

I wrote an earlier article on how to make it easy to connect to Linux servers with ssh and to copy files.

I need to start doing more version control of my projects. In the past, I used CVS. I'm now converting over to Subversion. I wanted to be able to securely connect to my Subversion servers for updates. Subversion ties nicely into SSH to provide this capability. In order to streamline this connectivity, I need to stream line my ssh connectivity. This article records what I learned about SSH to facilitate this. It has a focus on Linux and Cygwin based operations.

The first step is to run

ssh-keygen -t rsa

This creates a 2048 bit RSA key useful for signing and for encryption. The public key is placed in ~/.ssh/id_rsa.pub with the private key in a file called ~/.ssh/id_rsa. The private key should be protected with a suitably complicated pass phrase. A private key can be created without a passphrase, but security experts frown upon this option, but it does have it's advantages.

It is helpful to rename the public key file to a name that reflects your username and/or current computer. This key can then be copied to other machines and appended to a corresponding ~/.ssh/authorized_keys file. To append the key, you can use

cat id_rsa.pub >> ~/.ssh/authorized_keys

In the authorized_keys file on the destination host, you can prefix a key with a command in order to prevent actions or to automate certain actions. Here are some example ssh key commands.

You can then ssh to the destination host. Upon connection, you'll be asked for your passphrase in order to open the local private key file.

Instead of having to provide the passphrase each time you open a new ssh connection, you can use the ssh-agent program. Here is an example way to start it: 'ssh-agent bash'. The application becomes memory resident and starts a new shell with a couple of needed ssh environment variables. The application 'ssh-add' is used to add your private key to ssh-agent. Use 'ssh-add -l' to check which keys have been added. When you exit the shell, ssh-agent exits also, and closes out the use of the private keys. A quick one-liner to start the agent and add the key (add an alias for this to your ~/.bashrc file):

ssh-agent sh -c 'ssh-add < /dev/null && bash' 

Some authors recommend changing the PermitRootLogin in /etc/ssh/sshd_config to 'no' in order to prevent root logins. To prevent dictionary attacks, I like to set PasswordAuthentication to 'no'. For X11 sessions, X11Forwarding will need to be set to 'yes'.

I found an article that was useful for explaining the difference between RSA and DSA. ssh-keygen typically defaults to RSA, which is a good thing. Security Focus has additional background on SSH Host Key Protection. Secure Shell: Part 1 is more of what I wrote about, but from a Solaris perspective.

[/OpenSource] permanent link


2007 May 25 - Fri

Phishers can use social Web sites as bait to net victims: Informatics study Indiana University (05/24/07)

Personally, I've been able to identify phishing emails as they arrive, and promptly delete them. Indeed, some are quite tempting and realistic, but if one looks at the links closely, the imposters can be separated from the real thing.

If there is ever any confusion, I'll go the source directly, bypassing the link, and type in the correct link directly.

An ACM Newsletter speaks of a study that show that separating the wheat from the chaffe is becoming more difficult. Here is what they say:

Popular social network sites such as Facebook and MySpace are being used by cybercriminals to gather personal information to create targeted phishing attacks, according to Indiana University School of Informatics researchers. In their study, "Social Phishing," the researchers established a baseline for the success rate of traditional and social network-based phishing attacks. Phishers steal personal information by sending authentic looking requests, either by email or instant messaging, asking someone to click on a link and submit their information on what looks like a legitimate Web site. "Phishing has become such a prevalent problem because of its huge profit margins, ease in launching an attack, and the difficulty of identifying and prosecuting those who do it," says associate professor of informatics and computer science Filippo Menczer. "Our study clearly shows that social networks can provide phishers with a wealth of information about unsuspecting victims." The study sent email messages to two groups of students asking them to enter their university ID and password. One group received an email from what they thought was a friend, while the other group received an email from a stranger. Only 16 percent of students who received an email from a stranger entered their information, while 72 percent of those receiving emails from "friends" gave away their information. Associate professor of informatics and member of the research team Markus Jakobsson says they were astonished by the 72 percent response rate. The researchers suggested some countermeasures to prevent phishing, including digital signatures on emails to verify the source, browser toolbars that alert users to spoofing attempts, spam filters that detect spoofed emails, and providing users with a secure path to enter passwords, alerting users that they are trying to authenticate to an unknown site. The study is scheduled to be published in the October 2007 issue of Communications of the ACM.

The full article can be found at the Indiana University.

[/Personal/Technology] permanent link


Color Name Enumeration for C++

I was looking to use named colors in Microsoft's Visual Studio C++, but couldn't find any enumerations anywhere. I found a Wiki Entry which listed Web Colors, aka X1 Color Names. In taking a look at the source code for the web page, I noticed that the tables were produced in a nice, computer readable format.

I ended up cutting and pasting the code into an editor and cut out all the extraneous stuff and was left with a regular list I could process with a short Perl script:

#!/usr/bin/perl

use strict;

my $line;
my ( $enum, $val );
print( "enum EColor {\n" );
while ($line = <STDIN>) {
  $line = <STDIN>;
  chomp( $line );
  $line =~ /^<td>(.+)<\/td>$/;
  $enum = $1;
  $line = <STDIN>;
  chomp( $line );
  $line =~ /^<td>(\w{2}) (\w{2}) (\w{2})<\/td>$/;
  $val = "RGB(0x" . $1 . ",0x" . $2 . ",0x" . $3 . ")";
  $line = <STDIN>;
  $line = <STDIN>;
  print( "  $enum = $val,\n" );
}
print( "}\n" );

This code produce the following C++ enumeration. If you run the above script, you'll find that one of the colors was duplicated. Simply remove the redundant copy to fix the compile error.

enum EColor {
  IndianRed = RGB(0xCD,0x5C,0x5C),
  LightCoral = RGB(0xF0,0x80,0x80),
  Salmon = RGB(0xFA,0x80,0x72),
  DarkSalmon = RGB(0xE9,0x96,0x7A),
  LightSalmon = RGB(0xFF,0xA0,0x7A),
  Crimson = RGB(0xDC,0x14,0x3C),
  Red = RGB(0xFF,0x00,0x00),
  FireBrick = RGB(0xB2,0x22,0x22),
  DarkRed = RGB(0x8B,0x00,0x00),
  Pink = RGB(0xFF,0xC0,0xCB),
  LightPink = RGB(0xFF,0xB6,0xC1),
  HotPink = RGB(0xFF,0x69,0xB4),
  DeepPink = RGB(0xFF,0x14,0x93),
  MediumVioletRed = RGB(0xC7,0x15,0x85),
  PaleVioletRed = RGB(0xDB,0x70,0x93),
  Coral = RGB(0xFF,0x7F,0x50),
  Tomato = RGB(0xFF,0x63,0x47),
  OrangeRed = RGB(0xFF,0x45,0x00),
  DarkOrange = RGB(0xFF,0x8C,0x00),
  Orange = RGB(0xFF,0xA5,0x00),
  Gold = RGB(0xFF,0xD7,0x00),
  Yellow = RGB(0xFF,0xFF,0x00),
  LightYellow = RGB(0xFF,0xFF,0xE0),
  LemonChiffon = RGB(0xFF,0xFA,0xCD),
  LightGoldenrodYellow = RGB(0xFA,0xFA,0xD2),
  PapayaWhip = RGB(0xFF,0xEF,0xD5),
  Moccasin = RGB(0xFF,0xE4,0xB5),
  PeachPuff = RGB(0xFF,0xDA,0xB9),
  PaleGoldenrod = RGB(0xEE,0xE8,0xAA),
  Khaki = RGB(0xF0,0xE6,0x8C),
  DarkKhaki = RGB(0xBD,0xB7,0x6B),
  Lavender = RGB(0xE6,0xE6,0xFA),
  Thistle = RGB(0xD8,0xBF,0xD8),
  Plum = RGB(0xDD,0xA0,0xDD),
  Violet = RGB(0xEE,0x82,0xEE),
  Orchid = RGB(0xDA,0x70,0xD6),
  Fuchsia = RGB(0xFF,0x00,0xFF),
  Magenta = RGB(0xFF,0x00,0xFF),
  MediumOrchid = RGB(0xBA,0x55,0xD3),
  MediumPurple = RGB(0x93,0x70,0xDB),
  BlueViolet = RGB(0x8A,0x2B,0xE2),
  DarkViolet = RGB(0x94,0x00,0xD3),
  DarkOrchid = RGB(0x99,0x32,0xCC),
  DarkMagenta = RGB(0x8B,0x00,0x8B),
  Purple = RGB(0x80,0x00,0x80),
  Indigo = RGB(0x4B,0x00,0x82),
  SlateBlue = RGB(0x6A,0x5A,0xCD),
  DarkSlateBlue = RGB(0x48,0x3D,0x8B),
  GreenYellow = RGB(0xAD,0xFF,0x2F),
  Chartreuse = RGB(0x7F,0xFF,0x00),
  LawnGreen = RGB(0x7C,0xFC,0x00),
  Lime = RGB(0x00,0xFF,0x00),
  LimeGreen = RGB(0x32,0xCD,0x32),
  PaleGreen = RGB(0x98,0xFB,0x98),
  LightGreen = RGB(0x90,0xEE,0x90),
  MediumSpringGreen = RGB(0x00,0xFA,0x9A),
  SpringGreen = RGB(0x00,0xFF,0x7F),
  MediumSeaGreen = RGB(0x3C,0xB3,0x71),
  SeaGreen = RGB(0x2E,0x8B,0x57),
  ForestGreen = RGB(0x22,0x8B,0x22),
  Green = RGB(0x00,0x80,0x00),
  DarkGreen = RGB(0x00,0x64,0x00),
  YellowGreen = RGB(0x9A,0xCD,0x32),
  OliveDrab = RGB(0x6B,0x8E,0x23),
  Olive = RGB(0x80,0x80,0x00),
  DarkOliveGreen = RGB(0x55,0x6B,0x2F),
  MediumAquamarine = RGB(0x66,0xCD,0xAA),
  DarkSeaGreen = RGB(0x8F,0xBC,0x8F),
  LightSeaGreen = RGB(0x20,0xB2,0xAA),
  DarkCyan = RGB(0x00,0x8B,0x8B),
  Teal = RGB(0x00,0x80,0x80),
  Aqua = RGB(0x00,0xFF,0xFF),
  Cyan = RGB(0x00,0xFF,0xFF),
  LightCyan = RGB(0xE0,0xFF,0xFF),
  PaleTurquoise = RGB(0xAF,0xEE,0xEE),
  Aquamarine = RGB(0x7F,0xFF,0xD4),
  Turquoise = RGB(0x40,0xE0,0xD0),
  MediumTurquoise = RGB(0x48,0xD1,0xCC),
  DarkTurquoise = RGB(0x00,0xCE,0xD1),
  CadetBlue = RGB(0x5F,0x9E,0xA0),
  SteelBlue = RGB(0x46,0x82,0xB4),
  LightSteelBlue = RGB(0xB0,0xC4,0xDE),
  PowderBlue = RGB(0xB0,0xE0,0xE6),
  LightBlue = RGB(0xAD,0xD8,0xE6),
  SkyBlue = RGB(0x87,0xCE,0xEB),
  LightSkyBlue = RGB(0x87,0xCE,0xFA),
  DeepSkyBlue = RGB(0x00,0xBF,0xFF),
  DodgerBlue = RGB(0x1E,0x90,0xFF),
  CornflowerBlue = RGB(0x64,0x95,0xED),
  MediumSlateBlue = RGB(0x7B,0x68,0xEE),
  RoyalBlue = RGB(0x41,0x69,0xE1),
  Blue = RGB(0x00,0x00,0xFF),
  MediumBlue = RGB(0x00,0x00,0xCD),
  DarkBlue = RGB(0x00,0x00,0x8B),
  Navy = RGB(0x00,0x00,0x80),
  MidnightBlue = RGB(0x19,0x19,0x70),
  Cornsilk = RGB(0xFF,0xF8,0xDC),
  BlanchedAlmond = RGB(0xFF,0xEB,0xCD),
  Bisque = RGB(0xFF,0xE4,0xC4),
  NavajoWhite = RGB(0xFF,0xDE,0xAD),
  Wheat = RGB(0xF5,0xDE,0xB3),
  BurlyWood = RGB(0xDE,0xB8,0x87),
  Tan = RGB(0xD2,0xB4,0x8C),
  RosyBrown = RGB(0xBC,0x8F,0x8F),
  SandyBrown = RGB(0xF4,0xA4,0x60),
  Goldenrod = RGB(0xDA,0xA5,0x20),
  DarkGoldenrod = RGB(0xB8,0x86,0x0B),
  Peru = RGB(0xCD,0x85,0x3F),
  Chocolate = RGB(0xD2,0x69,0x1E),
  SaddleBrown = RGB(0x8B,0x45,0x13),
  Sienna = RGB(0xA0,0x52,0x2D),
  Brown = RGB(0xA5,0x2A,0x2A),
  Maroon = RGB(0x80,0x00,0x00),
  White = RGB(0xFF,0xFF,0xFF),
  Snow = RGB(0xFF,0xFA,0xFA),
  Honeydew = RGB(0xF0,0xFF,0xF0),
  MintCream = RGB(0xF5,0xFF,0xFA),
  Azure = RGB(0xF0,0xFF,0xFF),
  AliceBlue = RGB(0xF0,0xF8,0xFF),
  GhostWhite = RGB(0xF8,0xF8,0xFF),
  WhiteSmoke = RGB(0xF5,0xF5,0xF5),
  Seashell = RGB(0xFF,0xF5,0xEE),
  Beige = RGB(0xF5,0xF5,0xDC),
  OldLace = RGB(0xFD,0xF5,0xE6),
  FloralWhite = RGB(0xFF,0xFA,0xF0),
  Ivory = RGB(0xFF,0xFF,0xF0),
  AntiqueWhite = RGB(0xFA,0xEB,0xD7),
  Linen = RGB(0xFA,0xF0,0xE6),
  LavenderBlush = RGB(0xFF,0xF0,0xF5),
  MistyRose = RGB(0xFF,0xE4,0xE1),
  Gainsboro = RGB(0xDC,0xDC,0xDC),
  LightGrey = RGB(0xD3,0xD3,0xD3),
  Silver = RGB(0xC0,0xC0,0xC0),
  DarkGray = RGB(0xA9,0xA9,0xA9),
  Gray = RGB(0x80,0x80,0x80),
  DimGray = RGB(0x69,0x69,0x69),
  LightSlateGray = RGB(0x77,0x88,0x99),
  SlateGray = RGB(0x70,0x80,0x90),
  DarkSlateGray = RGB(0x2F,0x4F,0x4F),
  Black = RGB(0x00,0x00,0x00)
};

Use it as you see fit.

As one more point of reference for color, here is a good reference page for Color Selection.

[/OpenSource/Programming] permanent link


2007 May 20 - Sun

SSH Article Summary

Here are a few articles I've written regarding SSH:

[/OpenSource] permanent link


2007 May 18 - Fri

Using a USRobotics Modem for Out of Band Management (OOB)

In configuring an older 33.6Kbps US Robotics modem for accepting auto-dial-up calls into a router, here are a few items to know:

  • Use 'at&f1&b1&w0&w1y0' to force the modem to speak at 9600 to the router
  • use 'ati5' to confirm new communications rate setting
  • I seem to recall that all dip switch settings are in the up position but for 2, 4, 8, which are down

[/Cisco] permanent link


2007 May 17 - Thu

HTML Page Template Framework

'Glue' web pages on the monitoring server are generated through the Mason Delivery Engine. In other words, Mason is a Perl based template system used for formatting the primary web pages of this server. It requres the use of Apache and mod_perl. Here is what I do to install Mason for my needs. As the monitoring server relies on tables from two databases, OneUnified and NetDisco, the installation process revolves around getting things ready for these two types of databases.

Installation

Install the packages:

apt-get install libhtml-mason-perl
apt-get install speedy-cgi-perl
apt-get install libfcgi-perl
apt-get install libdbi-perl
apt-get install libdbd-pg-perl
apt-get install apache2-dev
apt-get install libapache2-mod-apreq2
apt-get install libapache-dbi-perl
apt-get install libmasonx-request-withapachesession-perl
apt-get install libapache2-request-perl
ln -s /etc/apache2/mods-available/apreq.load /etc/apache2/mods-enabled/apreq.load

Add the following line into '/etc/postgresql/8.1/main/pg_hba.conf':

local   netdisco    netdisco    trust
local 	oneunified  oneunified	trust

Create and load database:

/etc/init.d/postgresql-8.1 restart
su - postgres
psql template1
create user netdisco;
create group netdisco user netdisco;
create database netdisco with owner netdisco;
create user oneunified;
create group oneunified user oneunified;
create database oneunified with owner oneunified;
\q
psql netdisco -U netdisco < netdisco.dump

exit

Add the following lines into /etc/apache2/sites-available/default:


	PerlModule HTML::Mason::ApacheHandler

	<Directory /var/www/liveprobe>
        	PerlSetVar MasonArgsMethod CGI
		PerlSetVar MasonDataDir /var/local/mason
		PerlSetVar MasonDeclineDirs 0
	</Directory>

        # Decline access to mason internals
	<LocationMatch "/liveprobe/.*(\.mc|autohandler|dhandler)$">
		SetHandler perl-script
		PerlInitHandler Apache::Constants::NOT_FOUND
	</LocationMatch>

	<LocationMatch "/liveprobe/.*(\.html)$">
		SetHandler perl-script
		PerlHandler HTML::Mason::ApacheHandler
	</LocationMatch>

	Include /usr/local/netdisco/netdisco_apache.conf
	Include /usr/local/netdisco/netdisco_apache_dir.conf

Restart Apache:

/etc/init.d/apache2 restart

[/OpenSource/Debian/Monitoring] permanent link


Debian based Open Source Network Monitoring Server

In giving back to the wealth of tools the open source community has provided, I have created a number of pages describing how I have assembled a set of open source based network monitoring tools.

The set of tools is in two sections. The first step has to do with the installation of the Debian distribution:

Once the base is in place. Make it easy on your self to log in to the server to carry out various command line tasks:

Here are some entries for maintaining and upgrades of the distribution:

The next section has to do with the add-on tools:

There are a few optional tools, not fully integrated into the overall plan yet:

The next portion of the plan includes developing a database for maintaining circuit, patch panel, and floor diagram layout information. This will integrate with an IP Address management scheme I've come up with, and should work with Cricket and NetDisco to provide a fully integrated visual troubleshooting guide to an organization's network.

[/OpenSource/Debian/Monitoring] permanent link


2007 May 16 - Wed

One Unified Address Management Schema v1.1

I did some more brainstorming on how I wanted to visually represent a network along with it's address structure. I've incorporated some additional tables into the design to handle a hierarchical network map.

The core of the database schema is still represented by the host, interface, circuit, address, location, organization, and ianaiftype tables.

The Image table contains references to all pictures of hosts and locations. All other associated tables reference the images managed by this table.

The WeatherMap group of tables allows a Network Weathermap to be defined for a collection of circuits. By requesting a certain weathermap, the WeathermapCircuit table provides a list of associated circuits. The circuit links to interfaces and their respective hosts. By looking for hosts in the HostOnImage table that reference the same hostid and imageid, a weather map can be automatically drawn with the appropriate host picture from the HostImage table along with the collected interface statistics.

The HostType table represents names such as 'Router', 'Switch', 'Server', 'Access Point', etc.

Two tables have been added to the Location group of tables. LocationImage represents images of locations: a building, a floor, a cabinet, a back panel, with each image suggesting a collection of sub-locations. The LocationOnImage table provides the ability to click on an active area on LocationImage and drill down to the more specific LocationImage.

[/OpenSource/Debian/AddressManagement] permanent link


2007 May 15 - Tue

One Unified Address Management (OUAM)

For the longest time, I thought that the sum total of the ip address management solutions out there revolved around NorthStar and IPplan, neither of which really were as robust as I'd like.

A recent 'net search comes up with some different candidates. A IP Addressing Space Management Applications? has some interesting pointers to IP Address Management solutions, both Open Source as well as Commercial. One Open Source solution that appeared to be a stand out is Carnegie Mellon's Network Registration/Network Monitoring solution. It is under active development. Internet2 has some links to solutions that handle various combinations of Agents, Registration, and Active/Passive Detection.

Some of the above actually crosses over into the region of Network Authentication, of which Internet2's SALSAK is trying to rigorize through a Poicy Framework. Their second draft has better details, in my opinion.

So I can come back to this later, in following the various links from an earlier mentioned table, I came across PacketFence which is a Network Access Control (NAC) solution wrapped up in a VMWare deployment package.

When coming up with an IP Address Management Solution, BT Diamond IP has a handy guide to Best Practices for Next-Generation IP Address Management.

During my initial thoughts of what I'd like to see, I was focussing more on address management, floor diagrams, and port management than on DNS and DHCP. I figured DNS would be easy by simply exporting bind files on an as required basis. I havn't considered DHCP integration yet, but should be straight forward with dhcp configuration file exports, or data base lookups.

I had put together a schema diagram of what I was thinking of for ip address and facilities management.

Here is a description of the various links:

  • Host -> Location: every host is associated with a particular location, floor, rack, shelf, etc
  • Interface -> Host: an interface, and its sub-interfaces are associated with a host
  • Interface -> Address:
    • an interface, or sub-interface will have an associated address
    • an interface will need multiple sub interfaces to contain additional addresses
    • these sub-interfaces may simply be 'secondary address blocks', or secondary addresses, or vlans
  • Interface -> Circuit: an interface is associated with a particular circuit, patch panel, connector, etc
  • Circuit -> Address:
    • a circuit may reference an address or address range that can be used to find attached interfaces, hosts, and circuits (and is recursive by looking at subnets and contained addresses)
    • thus routed address blocks shouldn't be referenced this way, only a circuit with ip endpoints should have an address reference
  • Port -> Address: for ports routed to different locations, or are routed, this is where this is documented, such as on NAT.d addresses (eg port 80 (http) or port 25 (smtp))
  • Address -> Organization: Every address range is associated with a controlling organization

Some of the tables have 'self' links. This provides an ability for defining a hierarchy of relationships:

  • Address: address blocks can be subdivided down to a /32
  • Interface: a phsysical interface may be divided into sub-interfaces
  • Circuit: a circuit may be composed of sub-circuits, wire going from wall jack to IDF to MDF to IDF to wall jack
  • Location: a building may have multiple floors, a server room may have multiple racks, a rack will have multiple 'U' locations

Here is a sql schema file to go along with the diagram. It is based upon PostgreSQL as it has native data types for handling ip addresses and mac addresses.

[/OpenSource/Debian/AddressManagement] permanent link


Import IANAifType

From the web page http://www.iana.org/assignments/ianaiftype-mib there is an list of interface types. Early portions of this list are incorporated into /usr/share/cricket/util/genDevConfig. The full list is parsed and imported into the database.

Conversion

Create a perl program ianaif.pl:

#! /usr/bin/perlwhile ( <STDIN> ) {
  $_ =~ /^\s+([\-\w]+)\s*\((\d+)\),?(\s*|\s*--\s(.+?))\s*$/;
  print "insert into ianaiftype (ianaiftypeid, name, description) values ($2, '$1', '$4');\n";
}

Create a file 'ianaif.txt' with the mildly edited content from web site. Run the perl script to create an imort file:

perl ianaif.pl < ianaif.txt > ianaif.import

Import into the database:

su - postgres
psql oneunified
\i ianaif.import
\q

Here is the raw data:

                   other(1),          -- none of the following
                   regular1822(2),
                   hdh1822(3),
                   ddnX25(4),
                   rfc877x25(5),
                   ethernetCsmacd(6), -- for all ethernet-like interfaces,
                   iso88023Csmacd(7), -- Deprecated, use ethernetCsmacd (6)
                   iso88024TokenBus(8),
                   iso88025TokenRing(9),
                   iso88026Man(10),
                   starLan(11), -- Deprecated,  use ethernetCsmacd (6)
                   proteon10Mbit(12),
                   proteon80Mbit(13),
                   hyperchannel(14),
                   fddi(15),
                   lapb(16),
                   sdlc(17),
                   ds1(18),            -- DS1-MIB
                   e1(19),             -- Obsolete see DS1-MIB
                   basicISDN(20),
                   primaryISDN(21),
                   propPointToPointSerial(22), -- proprietary serial
                   ppp(23),
                   softwareLoopback(24),
                   eon(25),            -- CLNP over IP 
                   ethernet3Mbit(26),
                   nsip(27),           -- XNS over IP
                   slip(28),           -- generic SLIP
                   ultra(29),          -- ULTRA technologies
                   ds3(30),            -- DS3-MIB
                   sip(31),            -- SMDS, coffee
                   frameRelay(32),     -- DTE only. 
                   rs232(33),
                   para(34),           -- parallel-port
                   arcnet(35),         -- arcnet
                   arcnetPlus(36),     -- arcnet plus
                   atm(37),            -- ATM cells
                   miox25(38),
                   sonet(39),          -- SONET or SDH 
                   x25ple(40),
                   iso88022llc(41),
                   localTalk(42),
                   smdsDxi(43),
                   frameRelayService(44),  -- FRNETSERV-MIB
                   v35(45),
                   hssi(46),
                   hippi(47),
                   modem(48),          -- Generic modem
                   aal5(49),           -- AAL5 over ATM
                   sonetPath(50),
                   sonetVT(51),
                   smdsIcip(52),       -- SMDS InterCarrier Interface
                   propVirtual(53),    -- proprietary virtual/internal
                   propMultiplexor(54),-- proprietary multiplexing
                   ieee80212(55),      -- 100BaseVG
                   fibreChannel(56),   -- Fibre Channel
                   hippiInterface(57), -- HIPPI interfaces     
                   frameRelayInterconnect(58), -- Obsolete, use frameRelay(32) or frameRelayService(44)
                   aflane8023(59),     -- ATM Emulated LAN for 802.3
                   aflane8025(60),     -- ATM Emulated LAN for 802.5
                   cctEmul(61),        -- ATM Emulated circuit          
                   fastEther(62),      -- Obsoleted, use ethernetCsmacd (6)
                   isdn(63),           -- ISDN and X.25           
                   v11(64),            -- CCITT V.11/X.21             
                   v36(65),            -- CCITT V.36                  
                   g703at64k(66),      -- CCITT G703 at 64Kbps
                   g703at2mb(67),      -- Obsolete see DS1-MIB
                   qllc(68),           -- SNA QLLC                    
                   fastEtherFX(69),    -- Obsoleted, use  ethernetCsmacd (6)
                   channel(70),        -- channel                     
                   ieee80211(71),      -- radio spread spectrum       
                   ibm370parChan(72),  -- IBM System 360/370 OEMI Channel
                   escon(73),          -- IBM Enterprise Systems Connection
                   dlsw(74),           -- Data Link Switching
                   isdns(75),          -- ISDN S/T interface
                   isdnu(76),          -- ISDN U interface
                   lapd(77),           -- Link Access Protocol D
                   ipSwitch(78),       -- IP Switching Objects
                   rsrb(79),           -- Remote Source Route Bridging
                   atmLogical(80),     -- ATM Logical Port
                   ds0(81),            -- Digital Signal Level 0
                   ds0Bundle(82),      -- group of ds0s on the same ds1
                   bsc(83),            -- Bisynchronous Protocol
                   async(84),          -- Asynchronous Protocol
                   cnr(85),            -- Combat Net Radio
                   iso88025Dtr(86),    -- ISO 802.5r DTR
                   eplrs(87),          -- Ext Pos Loc Report Sys
                   arap(88),           -- Appletalk Remote Access Protocol
                   propCnls(89),       -- Proprietary Connectionless Protocol
                   hostPad(90),        -- CCITT-ITU X.29 PAD Protocol
                   termPad(91),        -- CCITT-ITU X.3 PAD Facility
                   frameRelayMPI(92),  -- Multiproto Interconnect over FR
                   x213(93),           -- CCITT-ITU X213
                   adsl(94),           -- Asymmetric Digital Subscriber Loop
                   radsl(95),          -- Rate-Adapt. Digital Subscriber Loop
                   sdsl(96),           -- Symmetric Digital Subscriber Loop
                   vdsl(97),           -- Very H-Speed Digital Subscrib. Loop
                   iso88025CRFPInt(98), -- ISO 802.5 CRFP
                   myrinet(99),        -- Myricom Myrinet
                   voiceEM(100),       -- voice recEive and transMit
                   voiceFXO(101),      -- voice Foreign Exchange Office
                   voiceFXS(102),      -- voice Foreign Exchange Station
                   voiceEncap(103),    -- voice encapsulation
                   voiceOverIp(104),   -- voice over IP encapsulation
                   atmDxi(105),        -- ATM DXI
                   atmFuni(106),       -- ATM FUNI
                   atmIma (107),       -- ATM IMA     
                   pppMultilinkBundle(108), -- PPP Multilink Bundle
                   ipOverCdlc (109),   -- IBM ipOverCdlc
                   ipOverClaw (110),   -- IBM Common Link Access to Workstn
                   stackToStack (111), -- IBM stackToStack
                   virtualIpAddress (112), -- IBM VIPA
                   mpc (113),          -- IBM multi-protocol channel support
                   ipOverAtm (114),    -- IBM ipOverAtm
                   iso88025Fiber (115), -- ISO 802.5j Fiber Token Ring
                   tdlc (116),        -- IBM twinaxial data link control
                   gigabitEthernet (117), -- Obsoleted, use ethernetCsmacd (6)
                   hdlc (118),         -- HDLC
                   lapf (119),        -- LAP F
                   v37 (120),        -- V.37
                   x25mlp (121),       -- Multi-Link Protocol
                   x25huntGroup (122), -- X25 Hunt Group
                   trasnpHdlc (123),   -- Transp HDLC
                   interleave (124),   -- Interleave channel
                   fast (125),         -- Fast channel
                   ip (126),        -- IP (for APPN HPR in IP networks)
                   docsCableMaclayer (127),  -- CATV Mac Layer
                   docsCableDownstream (128), -- CATV Downstream interface
                   docsCableUpstream (129),  -- CATV Upstream interface
                   a12MppSwitch (130), -- Avalon Parallel Processor
                   tunnel (131),       -- Encapsulation interface
                   coffee (132),       -- coffee pot
                   ces (133),          -- Circuit Emulation Service
                   atmSubInterface (134), -- ATM Sub Interface
                   l2vlan (135),       -- Layer 2 Virtual LAN using 802.1Q
                   l3ipvlan (136),     -- Layer 3 Virtual LAN using IP
                   l3ipxvlan (137),    -- Layer 3 Virtual LAN using IPX
                   digitalPowerline (138), -- IP over Power Lines 
                   mediaMailOverIp (139), -- Multimedia Mail over IP
                   dtm (140),        -- Dynamic syncronous Transfer Mode
                   dcn (141),    -- Data Communications Network
                   ipForward (142),    -- IP Forwarding Interface
                   msdsl (143),       -- Multi-rate Symmetric DSL
                   ieee1394 (144), -- IEEE1394 High Performance Serial Bus
                   if-gsn (145),       --   HIPPI-6400 
                   dvbRccMacLayer (146), -- DVB-RCC MAC Layer
                   dvbRccDownstream (147),  -- DVB-RCC Downstream Channel
                   dvbRccUpstream (148),  -- DVB-RCC Upstream Channel
                   atmVirtual (149),   -- ATM Virtual Interface
                   mplsTunnel (150),   -- MPLS Tunnel Virtual Interface
                   srp (151), -- Spatial Reuse Protocol 
                   voiceOverAtm (152),  -- Voice Over ATM
                   voiceOverFrameRelay (153),   -- Voice Over Frame Relay 
                   idsl (154),  -- Digital Subscriber Loop over ISDN
                   compositeLink (155),  -- Avici Composite Link Interface
                   ss7SigLink (156),     -- SS7 Signaling Link 
                   propWirelessP2P (157),  --  Prop. P2P wireless interface
                   frForward (158),    -- Frame Forward Interface
                   rfc1483 (159), -- Multiprotocol over ATM AAL5
                   usb (160),  -- USB Interface
                   ieee8023adLag (161),  -- IEEE 802.3ad Link Aggregate
                   bgppolicyaccounting (162), -- BGP Policy Accounting
                   frf16MfrBundle (163), -- FRF .16 Multilink Frame Relay 
                   h323Gatekeeper (164), -- H323 Gatekeeper
                   h323Proxy (165), -- H323 Voice and Video Proxy
                   mpls (166), -- MPLS                   
                   mfSigLink (167), -- Multi-frequency signaling link
                   hdsl2 (168), -- High Bit-Rate DSL - 2nd generation
                   shdsl (169), -- Multirate HDSL2
                   ds1FDL (170), -- Facility Data Link 4Kbps on a DS1
                   pos (171), -- Packet over SONET/SDH Interface
                   dvbAsiIn (172), -- DVB-ASI Input
                   dvbAsiOut (173), -- DVB-ASI Output 
                   plc (174), -- Power Line Communtications
                   nfas (175), -- Non Facility Associated Signaling
                   tr008 (176), -- TR008
                   gr303RDT (177), -- Remote Digital Terminal
                   gr303IDT (178), -- Integrated Digital Terminal
                   isup (179), -- ISUP
                   propDocsWirelessMaclayer (180), -- Cisco proprietary Maclayer
                   propDocsWirelessDownstream (181), -- Cisco proprietary Downstream
                   propDocsWirelessUpstream (182), -- Cisco proprietary Upstream
                   hiperlan2 (183), -- HIPERLAN Type 2 Radio Interface
                   propBWAp2Mp (184), -- PropBroadbandWirelessAccesspt2multipt
                   sonetOverheadChannel (185), -- SONET Overhead Channel
                   digitalWrapperOverheadChannel (186), -- Digital Wrapper
                   aal2 (187), -- ATM adaptation layer 2
                   radioMAC (188), -- MAC layer over radio links
                   atmRadio (189), -- ATM over radio links   
                   imt (190), -- Inter Machine Trunks
                   mvl (191), -- Multiple Virtual Lines DSL
                   reachDSL (192), -- Long Reach DSL
                   frDlciEndPt (193), -- Frame Relay DLCI End Point
                   atmVciEndPt (194), -- ATM VCI End Point
                   opticalChannel (195), -- Optical Channel
                   opticalTransport (196), -- Optical Transport
                   propAtm (197), --  Proprietary ATM       
                   voiceOverCable (198), -- Voice Over Cable Interface
                   infiniband (199), -- Infiniband
                   teLink (200), -- TE Link
                   q2931 (201), -- Q.2931
                   virtualTg (202), -- Virtual Trunk Group
                   sipTg (203), -- SIP Trunk Group
                   sipSig (204), -- SIP Signaling   
                   docsCableUpstreamChannel (205), -- CATV Upstream Channel
                   econet (206), -- Acorn Econet
                   pon155 (207), -- FSAN 155Mb Symetrical PON interface
                   pon622 (208), -- FSAN622Mb Symetrical PON interface
                   bridge (209), -- Transparent bridge interface
                   linegroup (210), -- Interface common to multiple lines     
                   voiceEMFGD (211), -- voice E&M Feature Group D
                   voiceFGDEANA (212), -- voice FGD Exchange Access North American
                   voiceDID (213), -- voice Direct Inward Dialing
                   mpegTransport (214), -- MPEG transport interface
                   sixToFour (215), -- 6to4 interface (DEPRECATED)
                   gtp (216), -- GTP (GPRS Tunneling Protocol)
                   pdnEtherLoop1 (217), -- Paradyne EtherLoop 1
                   pdnEtherLoop2 (218), -- Paradyne EtherLoop 2
                   opticalChannelGroup (219), -- Optical Channel Group 
                   homepna (220), -- HomePNA ITU-T G.989       
                   gfp (221), -- Generic Framing Procedure (GFP) 
                   ciscoISLvlan (222), -- Layer 2 Virtual LAN using Cisco ISL
                   actelisMetaLOOP (223), -- Acteleis proprietary MetaLOOP High Speed Link 
                   fcipLink (224), -- FCIP Link  
                   rpr (225), -- Resilient Packet Ring Interface Type
                   qam (226), -- RF Qam Interface
                   lmp (227), -- Link Management Protocol
                   cblVectaStar (228), -- Cambridge Broadband Limited VectaStar
                   docsCableMCmtsDownstream (229), -- CATV Modular CMTS Downstream Interface
                   adsl2 (230), -- Asymmetric Digital Subscriber Loop Version 2
                   macSecControlledIF (231), -- MACSecControlled 
                   macSecUncontrolledIF (232), -- MACSecUncontrolled
                   aviciOpticalEther (233), -- Avici Optical Ethernet Aggregate
                   atmbond (234), -- atmbond 
                   voiceFGDOS (235), -- voice FGD Operator Services
                   mocaVersion1 (236), -- MultiMedia over Coax Alliance (MoCA) Interface
                   ieee80216WMAN (237), -- IEEE 802.16 WMAN interface
                   adsl2plus (238), -- Asymmetric Digital Subscriber Loop Version 2, 
                   dvbRcsMacLayer (239), -- DVB-RCS MAC Layer
                   dvbTdm (240), -- DVB Satellite TDM
                   dvbRcsTdma (241), -- DVB-RCS TDMA
                   x86Laps (242) -- LAPS based on ITU-T X.86/Y.1323   

[/OpenSource/Debian/AddressManagement] permanent link


2007 May 14 - Mon

Nagios Installation and Sample Configuration

Introduction

As part of the network monitoring server, Nagios is used for monitoring servers and their services. Installation

Download and expand the source:

cd /usr/src
wget http://superb-east.dl.sourceforge.net/sourceforge/nagios/nagios-2.4.tar.gz
tar  -zxvf nagios-2.4.tar.gz

Add users and groups:

adduser nagios
mkdir /usr/local/nagios
chown nagios.nagios /usr/local/nagios
groupadd nagioscmd
usermod -G nagioscmd www-data
usermod -G nagioscmd nagios

Obtain libs, compile, and install:

apt-get install libgd-dev
apt-get install mcrypt
apt-get install libmcrypt-dev
cd nagios-2.4
./configure \
  --prefix=/usr/local/nagios \
  --with-cgiurl=/cgi-bin/nagios \
  --with-htmurl=/nagios \
  --with-nagios-user=nagios \
  --with-nagios-group=nagios \
  --with-command-group=nagioscmd \
  --localstatedir=/var/local/nagios
make all
make install
make install-init
make install-commandmode
make install-config

Add the following lines to /etc/apache2/sites-available/default. They need to go before the default cgi-bin configuration files.

<Location "/nagios/">
  SetHandler default-handler
</Location>
ScriptAlias /cgi-bin/nagios/ /usr/local/nagios/sbin/
<Directory "/usr/local/nagios/sbin">
#    AllowOverride AuthConfig
    AllowOverride None
    Options ExecCGI -MultiViews
    Order allow,deny
    Allow from all
    AddHandler cgi-script .cgi
</Directory>

Alias /nagios/ "/usr/local/nagios/share/"
<Directory "/usr/local/nagios/share">
    DefaultType text/html
    Options None
#    AllowOverride AuthConfig
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

Restart Apache:

/etc/init.d/apache2 restart

Modify configuration files:

cd /usr/local/nagios
mkdir samples
cp * samples/
mv cgi.cfg-sample cgi.cfg
mv checkcommands.cfg-sample checkcommands.cfg
mv misccommands.cfg-sample misccommands.cfg
mv nagios.cfg-sample nagios.cfg
mv resource.cfg-sample resource.cfg
rm bigger.cfg-sample
rm minimal.cfg-sample

Install plug-ins:

cd /usr/src
>wget  http://superb-east.dl.sourceforge.net/sourceforge/nagiosplug/nagios-plugins-1.4.3.tar.gz
tar -zxvf nagios-plugins-1.4.3.tar.gz
cd nagios-plugins-1.4.3
./configure \
  --prefix=/usr/local/nagios \
  --with-nagios-user=nagios \
  --with-nagios-group=nagios \
  --with-cgiurl=/cgi-bin/nagios
make
make install

Make Nagios run automatically:

update-rc.d nagios defaults 25

To test configurations before committing them to execution:

cd /usr/local/nagios
bin/nagios -v etc/nagios.cfg
Customizations

In /usr/local/nagios/etc/checkcommands.cfg, insert the following lines (this will be used by an Windows event logging program):

# 'check_dummy' command definition
define command{
        command_name    check_dummy
        command_line    $USER1$/check_dummy $ARG1$ $ARG2$
        }

Create a directory for site specific configurations:

mkdir /usr/local/nagios/etc/examplecom 

Make the following changes to /usr/local/nagios/etc/nagios.cfg:

#cfg_file=/usr/local/nagios/etc/minimal.cfg
cfg_dir=/usr/local/nagios/etc/examplecom
check_external_commands=1
use_syslog=0
log_notifications=0
date_format=iso8601
admin_email=root

Apply the following changes to /usr/local/nagios/etc/cgi.cfg:

46c46
< show_context_help=0
---
> show_context_help=1
65c65
< #nagios_check_command=/usr/local/nagios/libexec/check_nagios /var/local/nagios/status.dat 5 
'/usr/local/nagios/bin/nagios'
---
> nagios_check_command=/usr/local/nagios/libexec/check_nagios /var/local/nagios/status.dat 5 
'/usr/local/nagios/bin/nagios'
116c116
< #authorized_for_system_information=nagiosadmin,theboss,jdoe
---
> authorized_for_system_information=nagiosadmin,admin
128c128
< #authorized_for_configuration_information=nagiosadmin,jdoe
---
> authorized_for_configuration_information=nagiosadmin,admin
141c141
< #authorized_for_system_commands=nagiosadmin
---
> authorized_for_system_commands=nagiosadmin,admin
154,155c154,155
< #authorized_for_all_services=nagiosadmin,guest
< #authorized_for_all_hosts=nagiosadmin,guest
---
> authorized_for_all_services=nagiosadmin,admin
> authorized_for_all_hosts=nagiosadmin,admin
168,169c168,169
< #authorized_for_all_service_commands=nagiosadmin
< #authorized_for_all_host_commands=nagiosadmin
---
> authorized_for_all_service_commands=nagiosadmin,admin
> authorized_for_all_host_commands=nagiosadmin,admin

Create a file /usr/local/nagios/etc/services.cfg with the following content:

################################################################################
# Configuration File:  Services
#
# Last Modified: 2006/06/08
# By:  Ray Burkholder
#
################################################################################

################################################################################
# Service Templates
################################################################################

# Generic service definition template
define service{
        name                            generic-service ; Generic Service Template
        active_checks_enabled           1       ; Active service checks are enabled
        passive_checks_enabled          1       ; Passive service checks are enabled/accepted
        parallelize_check               1       ; Active service checks should be parallelized
        obsess_over_service             1       ; We should obsess over this service (if necessary)
        check_freshness                 0       ; Default is to NOT check service 'freshness'
        notifications_enabled           1       ; Service notifications are enabled
        event_handler_enabled           1       ; Service event handler is enabled
        flap_detection_enabled          1       ; Flap detection is enabled
        process_perf_data               1       ; Process performance data
        retain_status_information       1       ; Retain status information across program restarts
        retain_nonstatus_information    1       ; Retain non-status information across program restarts

        register                        0       ; DONT REGISTER THIS DEFINITION
        is_volatile                     0
        check_period                    24x7
        max_check_attempts              3
        normal_check_interval           3
        retry_check_interval            1
        contact_groups                  general-admins
        notification_interval           120
        notification_period             24x7
        notification_options            w,u,c,r

        }

Create a file /usr/local/nagios/etc/hosts.cfg with the following content:

###############################################################################
# Configuration File:  Hosts
# Last Modified: 2006/06/08
#
# By:  Ray Burkholder
#
################################################################################
# HOST Template
################################################################################

# Generic host definition template
define host{
        name                            generic-host-skeleton    ; The name of this host template
        notifications_enabled           1       ; Host notifications are enabled
        event_handler_enabled           0       ; Host event handler is enabled
        flap_detection_enabled          1       ; Flap detection is enabled
        process_perf_data               1       ; Process performance data
        retain_status_information       1       ; Retain status information across program restarts
        retain_nonstatus_information    1       ; Retain non-status information across program restarts
        active_checks_enabled           1
        passive_checks_enabled          0
        max_check_attempts              5
        contact_groups                  general-admins
        register                        0       ; DONT REGISTER THIS DEFINITION
        }
# 'generic-host' server host definition
define host{
        name                    generic-host
        use                     generic-host-skeleton
        check_command           check-host-alive
        notification_interval   120
        notification_period     24x7
        notification_options    d,u,r
        register                0       ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOST
        }
# 'generic-host-nocheck' server host definition
define host{
        name                    generic-host-nocheck
        use                     generic-host-skeleton
        notification_interval   120
        notification_period     24x7
        notification_options    d,u,r
        register                0       ; DONT REGISTER THIS DEFINITION - ITS NOT A REAL HOst
        }

Add the following lines to /usr/local/nagios/etc/nagios.cfg:

cfg_file=/usr/local/nagios/etc/services.cfg
cfg_file=/usr/local/nagios/etc/hosts.cfg
cfg_dir=/usr/local/nagios/etc/examplecom
examplecom files

Create file /usr/local/nagios/etc/examplecom/timeperiod.cfg:

################################################################################
# Configuration File:  Time Period
#
# Last Modified: 2005/07/19
#
# By:  Ray Burkholder
#
################################################################################


###############################################################################
# TIMEPERIOD DEFINITIONS
################################################################################
# '24x7' timeperiod definition
define timeperiod{
        timeperiod_name 24x7
        alias           24 Hours A Day, 7 Days A Week
        sunday          00:00-24:00
        monday          00:00-24:00
        tuesday         00:00-24:00
        wednesday       00:00-24:00
        thursday        00:00-24:00
        friday          00:00-24:00
        saturday        00:00-24:00
        }
# 'workhours' timeperiod definition
define timeperiod{
        timeperiod_name workhours
        alias           "Normal" Working Hours
        monday          09:00-17:00
        tuesday         09:00-17:00
        wednesday       09:00-17:00
        thursday        09:00-17:00
        friday          09:00-17:00
        }
# 'nonworkhours' timeperiod definition
define timeperiod{
        timeperiod_name nonworkhours
        alias           Non-Work Hours
        sunday          00:00-24:00
        monday          00:00-09:00,17:00-24:00
        tuesday         00:00-09:00,17:00-24:00
        wednesday       00:00-09:00,17:00-24:00
        thursday        00:00-09:00,17:00-24:00
        friday          00:00-09:00,17:00-24:00
        saturday        00:00-24:00
        }
# 'none' timeperiod definition
define timeperiod{
        timeperiod_name none
        alias           No Time Is A Good Time
        }

Create a file called /usr/local/nagios/etc/examplecom/contacts.cfg with the following contact. Add additional contacts and rearrange groups as needed.

################################################################################
# Configuration File:  Contacts and Contact Groups
#
# Last Modified: 2006/06/08
#
# By:  Ray Burkholder
#
################################################################################
# relevant documentation
# http://nagios.sourceforge.net/docs/1_0/xodtemplate.html#contact<
################################################################################
# CONTACT DEFINITIONS
################################################################################
# 'nagios' contact definition
define contact{
        contact_name                    nagios
        alias                           Nagios Admin
        service_notification_period     24x7
        host_notification_period        24x7
        service_notification_options    w,u,c,r
        host_notification_options       d,u,r
        service_notification_commands   notify-by-email,notify-by-epager
        host_notification_commands      host-notify-by-email,host-notify-by-epager
        email                           nagios-admin@localhost.localdomain
        pager                           pagenagios-admin@localhost.localdomain
        }
# Network Generic Alerts
define contact {
  contact_name                          networkalerts
  alias                                 Network Alerts
  service_notification_period           24x7
  host_notification_period              24x7
  service_notification_options          c,w
  host_notification_options             d,r
  service_notification_commands         notify-by-email
  host_notification_commands            host-notify-by-email
  email                                 networkalerts@example.com
  }
################################################################################
# CONTACT GROUP DEFINITIONS
################################################################################
# 'general-admins' contact group definition
define contactgroup{
        contactgroup_name       general-admins
        alias                   General Administrators
        members                 networkalerts
        }
# 'windows-server-admins' contact group definition
define contactgroup{
        contactgroup_name       windows-server-admins
        alias                   Windows Server Administrators
        members                 networkalerts
        }
# 'windows-desktop-admins' contact group definition
define contactgroup{
        contactgroup_name       windows-desktop-admins
        alias                   Windows Desktop Support
        members                 networkalerts
        }
# 'linux-server-admins' contact group definition
define contactgroup{
        contactgroup_name       linux-server-admins
        alias                   Linux Administrators
        members                 networkalerts
        }
# 'switch-admins' contact group definition
define contactgroup{
        contactgroup_name       switch-admins
        alias                   Etherswitch Administrators
        members                 networkalerts
        }
# 'router-admins' contact group definition
define contactgroup{
        contactgroup_name       router-admins
        alias                   Router Technicians
        members                 networkalerts
        }
# 'firewall-admins' contact group definition
define contactgroup{
        contactgroup_name       firewall-admins
        alias                   Firewall Technicians
        members                 networkalerts
        }
# 'printer-admins' contact group definition
define contactgroup{
        contactgroup_name       printer-admins
        alias                   Printer Administrators
        members                 networkalerts
        }
# 'sensor-admins' contact group definition
define contactgroup{
        contactgroup_name       sensor-admins
        alias                   Sensor Administrators
        members                 networkalerts
        }

Create a file called /usr/local/nagios/etc/examplecom/groups.cfg with the following template:

################################################################################
# Configuration File:  Groups
#
# Last Modified: 2006/06/08
# By:  Ray Burkholder
#
################################################################################
# Group DEFINITIONS
################################################################################
#define hostgroup {
#  hostgroup_name               groupname
#  alias                        Member Devices
#  members                      x,y
#  }

[/OpenSource/Debian/Monitoring] permanent link


2007 May 10 - Thu

TFTP Installation with ATFTPD

I use the atftpd tftp server daemon. For the most part, it is an easy package retrieval. However there are some custom security and directory settings. Installation

Install the package:

apt-get install atftpd

Edit /etc/inetd.conf and comment out the line with tftpd.

Restart inetd:

/etc/init.d/inetd.dpkg-new restart

Create a new directory, user, group, and privleges:

mkdir /var/atftpd
cd /var
groupadd atftpd
useradd -d /var/atftpd -g atftpd atftpd
chmod 766 atftpd
chown atftpd.atftpd atftpd

Edit /etc/default/atftpd. Add '--user atftpd.atftpd' and change '/tftpboot' to '/var/atftpd'.

Start the service:

/etc/init.d/atftpd start

[/OpenSource/Debian/Monitoring] permanent link


Installing Asterisk

It has been a year or two since I last worked with the Opensource PBX solution called Asterisk. Instead, I've been doing stuff with Cisco Callmanger and Voice Gateways for the last while. My support pages are still receiving regular hits with regards to Asterisk Support, so I think I should do more with it. I've got a bunch of scripts laying about that I'd like to resurrect.

So, to start off, I have a new Debian server, I need to install the latest and greatest from version control. Here is what I did.

These get me up to current for latest kernel. Compiling Asterisk requires the kernel headers, so they are included here. I want the call detail records to go to a PostgreSQL database, so I include the libraries as well. As the latest source is in Subversion, I need that package to obtain the installation files.

apt-get install linux-image-2.6.18-4-686
apt-get install linux-headers-2.6.18-4-686
apt-get install libncurses5-dev
apt-get install postgresql-dev
apt-get install subversion

Now I can obtain the source files:

cd /usr/src 
mkdir digium 
cd digium 
svn checkout http://svn.digium.com/svn/asterisk/trunk asterisk
svn checkout http://svn.digium.com/svn/zaptel/trunk zaptel
svn checkout http://svn.digium.com/svn/libpri/trunk libpri

Compile the driver files. A double make install will be required. If you are not using Digium hardware, use the ztdummy module, otherwise use the zaptel module. Once compiled and installed, the zaptel configuration file is found in /etc/zaptel.conf and will need to be updated before using the zaptel module.

cd zaptel
make clean
make install
make install
mddprobe ztdummy
modprobe zaptel

For running with PRI digitial telephone circuits, another library needs to be built:

cd ../libpri
make clean
make install

This last one holds the bulk of the Asterisk build.

cd ../asterisk
./configure \
  --sysconfdir=/etc \
  --localstatedir=/var
make samples

That gets us to a basic installation. My next write up will show some of the configuration file stuff I do.

[/OpenSource/Debian/Asterisk] permanent link


2007 May 09 - Wed

Various Perl Based Proxy Tools

In perusing Debian's Package List, I came across a number of Perl based Proxy tools.

The first one, an item that sounds interesting, but havn't thought of a way to put it into action yet, is an HTTP Recorder. HTTP::Recorder is a browser-independent recorder that records interactions with web sites and produces scripts for automated playback. Recorder produces WWW::Mechanize scripts by default (see WWW::Mechanize by Andy Lester),

The next item is an HTTP Tunnel. httptunnel creates a bidirectional virtual data connection tunnelled in HTTP requests. The HTTP requests can be sent via an HTTP proxy if so desired. This can be useful for users behind restrictive firewalls. If WWW access is allowed through a HTTP proxy, it's possible to use httptunnel and, say, telnet or PPP to connect to a computer outside the firewall.

The third item is HTTP::Proxy. It is a Perl based HTTP Proxy. It sounds like it can do some SSL type interception as well. It has an ability for add-on modules allowing various parts of a page to be re-processed prior to delivery back to a user.

[/OpenSource/Debian] permanent link


Redirecting a Web Page

I've encountered a number of ways to redirect a web page. If all you have access to is a web page, then a meta tag is the way to go:

<html>
<head>
<meta http-equiv="refresh" content="3;url=/liveprobe/index.html">
</head>
<body>
You will be redirected to <a href=/liveprobe/index.html>/liveprobe/index.html</a> in 3 seconds.
</body>
</html>

More meta-tags can be found at http://vancouver-webpages.com/META/.

If pages are being dynamically created, then executing the following code before anything else on the page is generated should do the trick (I haven't tried it out myself yet):

        print "Status: 302 Moved Temporarily\r\n",
              "Location: $url\r\n",
              "Content-Type: text/html\r\n\r\n",
              "$url\r\n";

[/Personal/SoftwareDevelopment/HTML] permanent link


Upgrading Nfsen and Nfdump

As an update to my two articles for installing nfdump and installing nfsen, here are a few corrections and a process for upgrading.

As of this writing, the latest snapshots are for March 12. Here is the upgrade process:

cd /usr/src
wget http://superb-east.dl.sourceforge.net/sourceforge/nfsen/nfsen-snapshot-20070312.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/nfdump/nfdump-snapshot-20070312.tar.gz
/usr/local/nfsen/bin/nfsen.rc stop
tar -zxvf nfdump-snapshot-20070312.tar.gz
tar -zxvf nfsen-snapshot-20070312.tar.gz
cd nfdump-snapshot-20070312
./configure
make
make install
cd ../nfsen-snapshot-20070312
./install.pl /etc/nfsen/nfsen.conf
/usr/local/nfsen/bin/nfsen.rc start

The 'start' command could be placed in /etc/rc.local so it starts upon boot. The start command also starts the flow collectors (nfdump), so there is no need to start them; the nfsen.rc command takes care of everything.

[/OpenSource/Debian/Monitoring] permanent link


2007 May 08 - Tue

Determiniing Space Used in SubDirectories

When space is getting tight, one has to find out where the space is being used. Sometimes it suffices to find where the most accumulation is and cleaning that up. To find that accumulation, use the du command:

 du -h -x  --max-depth=1

The -h turns the result into human readable form, the -x excludes files on a different file system (for when you have a mount somewhere in the structure), and the --max-depth performs a summarizes the results of the recursive search through the structure.

[/OpenSource] permanent link


Removing lots of files

If I don't have a clean up program running, sometimes autocollected files tend to accumulated. For example, netflow processing on 5 minute intervals can accumulate a large number of files. An 'rm' with a partical wild card seems to complain.

I've resorted to a chaining some command line utilities to come up with a quick script to remove files:

ls -1 | grep ft-v05.2007-0[123] | sed 's/^/rm /' > t.sh

This generates a one column directory listing and puts it through grep. Grep looks for a few specific months of files and passes the list onto sed. Sed preappends the removal command onto each file name. The whole shooting match is thrown into a shell script.

Either set execute privileges on the script:

chmod 500 t.sh

Or run with with the shell command:

bash t.sh

[/OpenSource] permanent link


2007 May 07 - Mon

Importing a Blosxom Blog into Movable Type

I have my Blosxom based blog organized by category directories rather than by date. I've written a Perl script to take this collection of articles and transform them into a MovableType import file. My content files have a .txt extension. You'll need to change the match string if your extension is different from mine.

To run, there is a variable called dir which you seed with a starting directory. The program then scans that directory and further sub-directories looking for files with the designated suffix. It then uses the first line of a found file for the title. The third and subsequent lines are used for the content.

I've found that after importing, I'm not able to see the body in Movable Type's content editor. How weird... Well, it does show up when you customize the display of the page. It shows up in the extended entry text.

2007/06/12: David Graff suggested an additional print statement before the body block. I havn't tried it, but I hope it works to remedy the missing body bit.

Here is the script:

#!/usr/bin/perl

use strict;
#use File::stat;
use Fcntl ':mode';

my $author = 'ray';
my $ext = '.txt';

my @dirs;
my $dir = '/var/www/html/blog';
push( @dirs, $dir );

while ( $dir = pop( @dirs) ) {
  chdir( $dir );
  opendir( DIR, $dir );
#  print( "$dir\n" );
  foreach my $file ( readdir( DIR) ) {
    if ( $file =~ /.txt$/ ) {
      my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) =
                                                localtime((stat($file))[9]);
     $mon+=1;
     $year+=1900;
     $mon = substr( '0' . $mon, -2 ,2 );
     $mday = substr( '0' . $mday, -2, 2 );
     $hour = substr( '0' . $hour, -2, 2 );
     $min  = substr( '0' . $min, -2, 2 );
     $sec  = substr( '0' . $sec, -2, 2 );
     my $date = "$mon/$mday/$year $hour:$min:$sec";
#     print( "  $file: $date\n");

     open( FILE, '<' . $file );
     my $title = <FILE>;
     chomp( $title );

     my $body;
     my $extbody;
     my $line;
     my $summary = 1;
     while ( $line = <FILE> ) {
       if ( $summary ) {
         $body .= $line;
         if ( length( $line ) < 2 ) {
           $summary = 0;
           }
         }
       $extbody .= $line;
       }

     close( FILE );

     $dir =~ /\/([^\/]+$)/;
     my $category = $1;

     print( "AUTHOR: $author\n" );
     print( "TITLE:  $title\n" );
     print( "DATE: $date\n" );
     print( "PRIMARY CATEGORY: $category\n" );
     print( "STATUS: publish\n" );
#     print( "ALLOW COMMENTS: 1\n" );
#     print( "ALLOW PINGS: 1\n" );
     print("-----\n"); # 2007/06/12 insertion by David Graff
     print( "BODY:\n" . $body . "\n-----\n" );
     print( "EXTENDED BODY:\n" . $extbody . "\n-----\n" );
     print( "--------\n" );
     }

    my $mode = (stat($file))[2];
    if ( S_ISDIR( $mode ) ) {
      if ( '.' ne $file && '..' ne $file ) {
        push( @dirs, $dir . '/' . $file );
        }
      }
    }
  closedir( DIR );
  }

[/OpenSource/Debian/MovableType] permanent link


Security Enhancements for Remote Access at Microsoft

Here is a link to a paper that has a bunch of useful stuff in it regarding Microsoft VPN's, IAS (Internet Authentication Server), security scripting, and Windows 2003 based Remote Access Infrastructure:

Security Enhancements for Remote Access at Microsoft: Technical White Paper

[/Cisco] permanent link


User Certficate Auto Enrollment

With my 802.1x test setup, machine certificates were being sent to domain machines with no problem, but user certificates were not showing up.

In the group policy object, right on the container housing the users that needed certificates, I set the auto-enrollment settings. For some reason things weren't being inherited from the domain default policy. The group policy container is User Configuration -> Windows Settings -> Security Settings -> Public Key Policies -> Autoenrollment SEttings. The 'Enroll Certificates Automatically' needs to be checked along with it's two subsidiary check boxes.

The following command serves as a manual refresh of the policy:

gpupdate /target:user

Enrollment will take several minutes. Running the certmgr.msc mmc snap-in will allow one to check that the certificate has arrived in the Personal -> Certificates store.

The Application Event Log will contain success/failure status for the auto-enrollment.

I also found out from an troubleshooting auto-enrollment article, that domain users without email addresses will not auto-enroll. They don't need an actual email box, just an entry in the email attribute in Active Directory.

As further reference, Microsoft has an article on How Autoenrollment Works. There are other related and helpful articles in the same library section.

[/Cisco] permanent link


Movable Type Links

Here are some links to various pages in Movable Type that look useful:

[/OpenSource/Debian/MovableType] permanent link


2007 May 06 - Sun

I Hate PHP on a database call.

I think this is the second time I've been caught on this. And I should have recalled the second time around to check this.

I'm working through the process of installing and playing with Movable Type. It went quite well. Configuration and maintenance and adding content worked well. Well, up until I decided to enable Dynamic Content generation. Then I found out Movable Type has two faces, a Perl one and a PHP one.

To handle dynamic content, they do an Apache redirect/rewrite through a default php script, one that does a database call. And in order to do the databae call, it opens a connection to the database.

I'm testing with PostgreSQL. My Debian install didn't have, by default, the php4-pgsql package. If it isn't installed, PHP simply aborts somewhere in the code, quietly. How silly. No errors, no messages, no nothing.

So after untold 'echo()' statements later, I tracked it down to a call in the ezsql implementation. Finally the light bulb went on over my head. The fix:

apt-get install php4-pgsql

I'm wondering if there is a way to test for this package, so I don't forget this again.

I probably didn't clue into this before because the main Movable Type scripts are in Perl and use the database connections there. I made the, obviously incorrect assumption, that the PHP scripts were involved and already knew about the database driver. Well, I was incorrect on that one.

[/OpenSource/Debian/MovableType] permanent link


apt-get: Managing Packages

In a few of my earlier articles regarding upgrading and updating a Debian system, I missed a few key facts.

In one article, a mentioned performing a distribution upgrade. Another one mentioned doing a kernel upgrade and missing an lvm2 module.

The key is that if modules are being held-back, that is a sign that a distribution upgrade will be needed:

apt-get -u dist-upgrade

The -u parameter provides more detail as to what will be happening during the upgrade.

More details for working with packages can be found at APT HowTo

[/OpenSource/Debian] permanent link


SmartQuant QuantDeveloper & DataCenter Release

SmartQuant has released a revision to DataCenter and QuantDeveloper. DataCenter and QuantDeveloper are at the following revision levels:

DataCenter
Version 2.2.3 (12-Apr-2007) 

QuantDeveloper Enterprise Edition
Version 2.5.4 (04-May-2007)

QuantDeveloper Source Code
Version 2.5.1 (23-Mar-2007) 
* Recent Versions available through 
  version control 

[/Trading/SmartQuant/Releases] permanent link


2007 May 05 - Sat

Post Processing NMAP2Nagios Output

nmap2nagios is a module available from Nagios ExchangeK (I seem to recall). From an nmap based network scan, it generates information useful for import into Nagios. I needed to muck with the output somewhat in order to remove redundant references and other stuff. I'm sure there is a better way to do this, but this what I ended up with. If nothing else, it was a good introduction to the command line edit utility 'sed'.

On the network I was processing, device names had 'ilo' in them. I needed to remove them from the listing. I edited nmap2nagios.pl and did the following:

#!/usr/bin/perl -w

#line 126
my $n = $host_ref->{'host_name'};
print '** name ' . $n;
print ' done' . "\n";
next if ($n =~ /^ilo/);

I took a bunch of stuff out of nmap2nagios.conf.

I created a file called 'scanlo.sed' with the following content to remove references to printer and altiris stuff:

/portid="443/ {s/name="http"/name="https"/}
/portid="280/ {s/name="http"/name="hpweb1"/}
/portid="631/ {s/name="http"/name="hpweb2"/}
/portid="902/ {s/name="ftp"/name="altirisftp1"/}
/portid="912/ {s/name="ftp"/name="altirisftp2"/}

I then ran the following sequence of commands. nmap does the network scan with the given segment. Some inline editing is performed with sed. nmap2nagios creates another file, which is then copied to the nagios etc directory.

nmap -A -sV -p1-1024 -O -oA scanlo -v 10.1.1.0/24 sed -f scanlo.sed scanlo.xml > scanlo1.xml /usr/src/nmap2nagios-0.1.2/nmap2nagios.pl -i -v -r scanlo1.xml -o sh1.cfg sed 's/^>//' sh1.cfg > sh2.cfg cp sh2.cfg /usr/local/nagios/etc/

For checking ssh services, the following needs to be inserted into checkcommands.cfg:

# 'check_ssh' command definition
define command{
        command_name    check_ssh
        command_line    $USER1$/check_ssh  $HOSTADDRESS$
        }

[/OpenSource/Debian/Monitoring] permanent link


2007 May 04 - Fri

Configuring eSensors with Nagios

The EM01B WebSensor from Esensor (http://www.eesensors.com/websensor.html) provides Temperature, Humidity, and Illumination values to Nagios.

Download the source code for the Nagios plugin from http://www.nagiosexchange.org/Environmental.60.0.html?&tx_netnagext_pi1[p_view]=13 and place it into the /usr/src directory. Unzip it to a directory called esensors. Change into /usr/src/esensors/c and run:

gcc check_em01.c -o check_em01
cp check_em01 /usr/local/nagios/libexec/

Ignore the warnings.

Add the following llnes to /usr/local/nagios/etc/checkcommands.cfg:

# 'check_temp' command definition
define command{
            command_name check_temp
            command_line $USER1$/check_em01 $HOSTADDRESS$ T $ARG1$ $ARG2$ $ARG3$ $ARG4$
            }
# 'check_humidity' command definition
define command{
            command_name check_humidity
            command_line $USER1$/check_em01 $HOSTADDRESS$ H $ARG1$ $ARG2$ $ARG3$ $ARG4$
            }
# 'check_light command definition
define command{
            command_name check_light
            command_line $USER1$/check_em01 $HOSTADDRESS$ I $ARG1$ $ARG2$ $ARG3$ $ARG4$
            }

Create a file named /usr/local/nagios/etc/srvc_esensor.cfg with the following content:

###############################################################################
#
# Configuration file for eSensor Devices
#
# Last Modified: 2006-06-08
#
################################################################################

################################################################################
# SERVICE DEFINITIONS
################################################################################
# Generic service definition template
define service{
        name                            generic-esensor ;  Referenced in other service definitions
        active_checks_enabled           1       ; Active service checks are enabled
        passive_checks_enabled          1       ; Passive service checks are enabled/accepted
        parallelize_check               1       ; Active service checks should be parallelized
        obsess_over_service             1       ; We should obsess over this service (if necessary)
        check_freshness                 0       ; Default is to NOT check service 'freshness'
        notifications_enabled           1       ; Service notifications are enabled
        event_handler_enabled           1       ; Service event handler is enabled
        flap_detection_enabled          1       ; Flap detection is enabled
        process_perf_data               1       ; Process performance data
        retain_status_information       1       ; Retain status information across program restarts
        retain_nonstatus_information    0       ; Retain non-status information across program restarts
        register                        0       ; DONT REGISTER THIS DEFINITION
        is_volatile 0
        check_period 24x7
        max_check_attempts 3
        normal_check_interval 5
        retry_check_interval 1
        contact_groups sensor-admins
        notification_interval 30
        notification_period 24x7
        notification_options d,u,r
        }
# check temp service definition template
define service{
        use                             generic-esensor
        name                            etemp-service   ; Referenced in other service definitions
        register                        0       ; DONT REGISTER THIS DEFINITION
        service_description Temperature
        check_command check_temp!2!110!1!120
        }
# check humidity service definition template
define service{
        use                             generic-esensor
        name                            ehum-service    ; Referenced in other service definitions
        register                        0       ; DONT REGISTER THIS DEFINITION
        service_description Humidity
        check_command check_humidity!2!90!1!99
        }
# check light service definition template
define service{
        use                             generic-esensor
        name                            eillum-service  ; Referenced in other service definitions
        register                        0       ; DONT REGISTER THIS DEFINITION
        service_description Illumination
        check_command check_light!2!600!1!700
        }

Add the following line to /usr/local/nagios/etc/nagios.cfg:

cfg_file=/usr/local/nagios/etc/srvc_esensor.cfg

Create a file called /usr/local/nagios/etc/examplecom/em01.cfg with the following content:

define host{
        use                             generic-host
        host_name                       em01
        alias                           Heat, Humidity and Illumination tests
        address                         10.1.6.30
        }

define hostgroup{
        hostgroup_name  	Esensors
        alias          		Esensors HVAC sensor
        members         	em01
        }

define servicegroup{
        servicegroup_name       esensors
        alias                   Enviromental Monitoring
        members                 em01,Temperature
        members                 em01,Humidity
        members                 em01,Illumination
        }

define service {
        use                     etemperature-service
        host                    em01
        check_command           check_temp!60!80!50!85
        }

define service {
        use                     ehumidity-service
        host                    em01
        }

define service {
        use                     eillumination-service
        host                    em01
        }

As a side note, I think I'm going to process esensor output with something else. Here is a brief regular expression in a perl file called 'em.pl' to handle the output:

use strict;

my $a = <STDIN>;
$a =~ m/TF:[ ]*(\d+\.\d+).*HU:[ ]*(\d+\.\d+).+IL[ ]*(\d+\.\d+)/;
print "$1, $2, $3\n";

The following command line generates three values (using the tool 'curl' to obtain the current values):

echo `curl -s http://bmem01/index.html?em123456` | perl em.pl

[/OpenSource/Debian/Monitoring] permanent link


2007 May 03 - Thu

Installing SNMP Modules

SNMP configuration on Debian is quite easy:

apt-get install snmp
apt-get install snmpd

Here is an example snmp query on a device named device01, community string public, and values of interest in the ciscoRttMonMIB MIB. The '-m' says to load all mibs from the '-M' mib directory.

snmpwalk -v2c -c public -m ALL -M /usr/share/snmp/mibs device01 ciscoRttMonMIB

[/OpenSource/Debian/Monitoring] permanent link


2007 May 02 - Wed

Drraw Installation

Cricket and NetFlow create RRD files. Each has some basic utilities for drawing data found within the files. Drraw provides advanced capabilities for creating graphs, templates, and dashboards. Installation

Download the utility and expand the source:

wget http://web.taranis.org/drraw/dist/drraw-2.1.3.tgz
tar -zxvf drraw-2.1.3.tgz

Create an icon directory, copy the script and icon files:

cd drraw-2.1.3
mkdir /var/www/icons
cp icons/* /var/www/icons
cp drraw* /usr/lib/cgi-bin/
chmod 755 /usr/lib/cgi-bin/drraw.cgi

Create some directories:

mkdir /var/cache/apache2/drraw
mkdir /var/cache/apache2/drraw/saved
mkdir /var/cache/apache2/drraw/tmp
chown -R www-data.www-data /var/cache/apache2/drraw
mkdir /var/log/drraw
touch /var/log/drraw/error.log
chown -R www-data.www-data /var/log/drraw

Update /usr/lib/cgi-bin/drraw.conf with the following:

%datadirs = (
#               '/here/are/some/files'  => '[Label1] ',
             '/var/lib/cricket' => '[Cricket] ',
            );
$saved_dir = '/var/cache/apache2/drraw/saved';
$tmp_dir = '/var/cache/apache2/drraw/tmp';
$ERRLOG = '/var/log/drraw/errors.log';

Change the first line of /usr/lib/cgi-bin/drraw.cgi to:

#! /usr/bin/perl -T

The program can be started with:

http://localhost/cgi-bin/drraw.cgi

[/OpenSource/Debian/Monitoring] permanent link


2007 May 01 - Tue

HTML Page Template Framework

'Glue' web pages on the monitoring server are generated through the Mason Delivery Engine. In other words, Mason is a Perl based template system used for formatting the primary web pages of this server. It requres the use of Apache and mod_perl. Here is what I do to install Mason for my needs. As the monitoring server relies on NetDisco tables, a portion of the installation process revolves around initializing the NetDisco PostgreSQL database.

Installation

Install the packages:

apt-get install libhtml-mason-perl
apt-get install libdbi-perl
apt-get install libdbd-pg-perl
apt-get install apache2-dev
apt-get install libapache2-mod-apreq2
apt-get install libapache-dbi-perl
apt-get install libmasonx-request-withapachesession-perl
apt-get install libapache2-request-perl
ln -s /etc/apache2/mods-available/apreq.load 
/etc/apache2/mods-enabled/apreq.load

Add the following line into '/etc/postgresql/7.4/main/pg_hba.conf':

local   netdisco    netdisco     trust

Create and load database:

/etc/init.d/postgresql-7.4 restart
su - postgres
psql template1
create user netdisco;
create group netdisco user netdisco;
create database netdisco with owner netdisco;
\q
psql netdisco -U netdisco < netdisco.dump

exit

Add the following lines into /etc/apache2/sites-available/default:

    PerlModule HTML::Mason::ApacheHandler
    <LocationMatch "(.html|.txt|.pl)$">
        SetHandler perl-script
        PerlHandler HTML::Mason::ApacheHandler
    </LocationMatch>
    <LocationMatch "(.m(html|txt|pl)|dhandler|autohandler)$">
        SetHandler perl-script
        PerlInitHandler Apache::Constants::NOT_FOUND
    </LocationMatch>

        <Directory />
                Options FollowSymLinks
                AllowOverride None
                AllowOverride AuthConfig
                AuthType Basic
                AuthName "Password Required"
                AuthUserFile /etc/apache2/sites-available/password.file
                Require user admin
        </Directory>

Create a password file with a username admin:

htpasswd -c /etc/apache2/sites-available/password.file admin

Restart Apache:

/etc/init.d/apache2 restart

[/OpenSource/Debian/Monitoring] permanent link



New blog site at: Raymond Burkholder - What I Do

Blog Content ©2013
Ray Burkholder
All Rights Reserved
ray@oneunified.net
(519) 838-6013
(441) 705-7292
Available for Contract Work
Resume

RSS: Click to see the XML version of this web page.

twitter
View Ray 
Burkholder's profile on LinkedIn
technorati
Add to Technorati Favorites



May
Su Mo Tu We Th Fr Sa
   
   


Main Links:
Monitoring Server
SSH Tools
QuantDeveloper Code

Special Links:
Frink

Blog Links:
Quote Database
Nanex Research
Sergey Solyanik
Marc Andreessen
Micro Persuasion
... Reasonable ...
Chris Donnan
BeyondVC
lifehacker
Trader Mike
Ticker Sense
HeadRush
TraderFeed
Stock Bandit
The Daily WTF
Guy Kawaski
J. Brant Arseneau
Steve Pavlina
Matt Cutts
Kevin Scaldeferri
Joel On Software
Quant Recruiter
Blosxom User Group
Wesner Moise
Julian Dunn
Steve Yegge
Max Dama

2007
Months
May




Mason HQ

Disclaimer: This site may include market analysis. All ideas, opinions, and/or forecasts, expressed or implied herein, are for informational purposes only and should not be construed as a recommendation to invest, trade, and/or speculate in the markets. Any investments, trades, and/or speculations made in light of the ideas, opinions, and/or forecasts, expressed or implied herein, are committed at your own risk, financial or otherwise.