https://www.youtube.com/watch?v=tGhGmWrYpVM
https://www.youtube.com/watch?v=DapOC2QG6nM
Thứ Tư, 11 tháng 2, 2015
Chủ Nhật, 8 tháng 2, 2015
Check IDS
#!/usr/bin/python
import os, smtplib
from threading import Thread
def sendmail(subject):
"Sends an email to the specified recipent "
username = 'checkipwingame@gmail.com'
password = 'xxxxx'
server = smtplib.SMTP('smtp.gmail.com:25')
server.starttls()
server.login(username, password)
fromAddr ='checkipwingame@gmail.com'
toAddr = 'cuvanhai@gmail.com'
header = 'To: ' + toAddr + '\n' + 'From: ' + fromAddr + '\n' + 'Subject: ' + subject + '\n'
msg = header + '\nCheck it now!\n'
server.sendmail(fromAddr, toAddr, msg)
server.close()
def checkIpDown(ip):
ISP = ip
ret = os.system('ping -c 4 ' + ip + ' &> /dev/null')
fr = open(ip,"r")
str = fr.read(1)
fr.close()
if ISP == "118.70.183.107":
ISP = "118.70.183.107"
if ret != 0 and str == "1":
message = ISP+' has been DOWN'
sendmail(message)
fo1 = open(ip,"w")
fo1.write("0")
fo1.close()
print message
elif (ret == 0 and str == "0") :
message = ISP+' has been UP'
sendmail(message)
fo2 = open(ip,"w")
fo2.write("1")
fo2.close()
print message
elif (ret != 0 and str == "0") :
print ISP, "network not connect" # Co the xoa dong nay
ip2Check = ['118.70.183.107']
for ip in ip2Check:
t = Thread(target=checkIpDown, args=(ip,))
t.start()
import os, smtplib
from threading import Thread
def sendmail(subject):
"Sends an email to the specified recipent "
username = 'checkipwingame@gmail.com'
password = 'xxxxx'
server = smtplib.SMTP('smtp.gmail.com:25')
server.starttls()
server.login(username, password)
fromAddr ='checkipwingame@gmail.com'
toAddr = 'cuvanhai@gmail.com'
header = 'To: ' + toAddr + '\n' + 'From: ' + fromAddr + '\n' + 'Subject: ' + subject + '\n'
msg = header + '\nCheck it now!\n'
server.sendmail(fromAddr, toAddr, msg)
server.close()
def checkIpDown(ip):
ISP = ip
ret = os.system('ping -c 4 ' + ip + ' &> /dev/null')
fr = open(ip,"r")
str = fr.read(1)
fr.close()
if ISP == "118.70.183.107":
ISP = "118.70.183.107"
if ret != 0 and str == "1":
message = ISP+' has been DOWN'
sendmail(message)
fo1 = open(ip,"w")
fo1.write("0")
fo1.close()
print message
elif (ret == 0 and str == "0") :
message = ISP+' has been UP'
sendmail(message)
fo2 = open(ip,"w")
fo2.write("1")
fo2.close()
print message
elif (ret != 0 and str == "0") :
print ISP, "network not connect" # Co the xoa dong nay
ip2Check = ['118.70.183.107']
for ip in ip2Check:
t = Thread(target=checkIpDown, args=(ip,))
t.start()
Chủ Nhật, 25 tháng 1, 2015
Install icinga2 + icinga-web on Centos
ICINGA
1.
Giới thiệu Icinga:
-
Icinga là một hệ
thống theo dõi các máy chủ và dịch vụ
được chỉ định và thông báo
cho khi cho người quản trị khi có sự cố xảy ra và khi sự
cố được khắc phục
-
Icinga có thể chạy trên nhiều hệ điều
hành nhân linux : Redhat, Centos, Fedora, Ubuntu, and openSuSE cũng như một
nền tảng Unix khác như Solaris, HP
-
Một số trong nhiều tính năng của Icinga bao
gồm:
+ Giám sát các dịch vụ mạng (SMTP, POP3, HTTP, SSH, PING, vv)
+ Giám sát tài nguyên máy chủ (load CPU, DISK,RAM, vv)
+ Thiết kế plugin đơn giản cho phép người dùng dễ dàng tự phát triển
+ Thông báo khi dịch vụ có vấn đề xảy ra và được giải quyết (qua email, nhắn tin..)
+ Giám sát các dịch vụ mạng (SMTP, POP3, HTTP, SSH, PING, vv)
+ Giám sát tài nguyên máy chủ (load CPU, DISK,RAM, vv)
+ Thiết kế plugin đơn giản cho phép người dùng dễ dàng tự phát triển
+ Thông báo khi dịch vụ có vấn đề xảy ra và được giải quyết (qua email, nhắn tin..)
+ Giao diện
web than thiện, dễ sử dụng.
2. CÀI ĐẶT ICINGA2 Monitor server
2.1 Yêu cầu trước khi cài đặt Icinga
#
rpm --import http://packages.icinga.org/icinga.key
#
yum makecache
2.2 Cài đặt Icinga2
#
yum install icinga2
2.3 Cài đặt MySQL database
#
yum install mysql-server mysql
#
chkconfig mysqld on
#
service mysqld start
2.4 Cài đặt IDO modul cho MySQL
#
yum install icinga2-ido-mysql
2.5 Cấu hình MySQL cho icinga2
- Import schema icinga2
# mysql -u root –p
mysql> CREATE DATABASE icinga;
GRANT SELECT, INSERT, UPDATE, DELETE,
DROP, CREATE VIEW, INDEX, EXECUTE ON icinga.* TO 'icinga'@'localhost'
IDENTIFIED BY 'icinga';
#
mysql -u root -p icinga < /usr/share/icinga2-ido-mysql/schema/mysql.sql
2.6 Enabling the IDO MySQL module
#
icinga2 feature enable ido-mysql
Module
'ido-mysql' was enabled.
Make
sure to restart Icinga 2 for these changes to take effect.
#
service icinga2 restart
2.7 Cài đặt icinga-web:
#
yum install icinga-web icinga-web-mysql
#
service httpd restart
#
service icinga2 restart
-
Set
permission /var/log/icinga-web for apache
-
Disable
Selinux : edit “/etc/sysconfig/selinux”
SELINUX=disabled
# init 6
2.8 Setting Up External Command Pipe
#
icinga2 feature enable command
#
service icinga2 restart
edit
/etc/icinga-web/conf.d/access.xml
<resource
name="icinga_pipe">/var/run/icinga2/cmd/icinga2.cmd</resource>
# icinga-web-clearcache
Cài đặt giao diện icinga-web
2.9 Webserver – php
#
yum install httpd
#
chkconfig httpd on
#
service httpd start
#
yum install php php-cli php-pear php-xmlrpc php-xsl php-pdo php-soap php-gd
php-ldap php-mysql
2.10 Firewall Rules
#
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
#
service iptables save
2.11 Cấu hình MySQL cho icinga-web
-
Import schema icinga2
#
mysql -u root –p
mysql> CREATE DATABASE icinga_web;
GRANT SELECT, INSERT, UPDATE, DELETE,
DROP, CREATE VIEW, INDEX, EXECUTE ON icinga_web.* TO 'icinga_web'@'localhost'
IDENTIFIED BY 'icinga_web';
#
mysql -u root
-p icinga_web < /usr/share/doc/icinga-web-1.11.2/schema/mysql.sql #import database icinga_web
2.12 Login kiểm tra icigna-web:
user:
root
pass:
password
2.13 Enabled Features during Installation
The default installation will enable three features required for a basic Icinga 2 installation:checkerfor executing checksnotificationfor sending notificationsmainlogfor writing theicinga2.logfile
icinga2
feature list CLI
command to see which features are enabled and disabled.# icinga2 feature listDisabled features: api command compatlog debuglog graphite icingastatus ido-mysql ido-pgsql livestatus notification perfdata statusdata syslogEnabled features: checker mainlog notification2.14 Installation Paths
Đường
dẫn mặc định khi cài đặt icinga2 của các file và thư mục:
|
Path
|
Description
|
|
/etc/icinga2
|
Contains Icinga 2 configuration files.
|
|
/etc/init.d/icinga2
|
The Icinga 2 init script.
|
|
/usr/sbin/icinga2*
|
The Icinga 2 binary.
|
|
/usr/share/doc/icinga2
|
Documentation files that come with Icinga 2.
|
|
/usr/share/icinga2/include
|
The Icinga Template Library and plugin command
configuration.
|
|
/var/run/icinga2
|
PID file.
|
|
/var/run/icinga2/cmd
|
Command pipe and Livestatus socket.
|
|
/var/cache/icinga2
|
status.dat/objects.cache, icinga2.debug files
|
|
/var/spool/icinga2
|
Used for performance data spool files.
|
|
/var/lib/icinga2
|
Icinga 2 state file, cluster log, local CA and
configuration files.
|
|
/var/log/icinga2
|
Log file location and compat/ directory for the
CompatLogger feature.
|
3. Cài đặt agent và plugins trên client
# yum install nagios-plugins-all
# ls /usr/lib64/nagios/plugins/
# yum install xinetd
nagios-nrpe –y
-
edit /etc/xinetd.d/nrpe:
disable = no
only_from = x.x.x.x # IP address Icinga Server
# service xinetd
restart
-
edit
/etc/nagios/nrpe.cfg
4. Cài đặt P4PNagios plugins cho icinga-web
yum install pnp4nagios
icinga-web-module-pnp –y
# ls
/var/spool/icinga2/perfdata/
# icinga2
feature enable perfdata
# service icinga2 restart
# ls /var/spool/icinga2/perfdata/
# service httpd restart
# vi /etc/pnp4nagios/npcd.cfg
# ls /var/spool/icinga2/perfdata/
# service httpd restart
# vi /etc/pnp4nagios/npcd.cfg
user = icinga
group = icinga
…..
perfdata_spool_dir = /var/spool/icinga2/perfdata/
# service
npcd start
# chkconfig
npcd on
# service
httpd restart
# vi
/etc/nagios/passwd
icingaadmin:$apr1$ipM6pQLU$mXHz4PJc9.pbhWK.Hntts1
(pass: admin)
htpasswd /etc/nagios/passwd icingaadmin
# chown -R icinga.icinga
/var/lib/pnp4nagios/
# service httpd restart
# service icinga2 restart
Youtube:
https://www.youtube.com/watch?v=DapOC2QG6nM
https://www.youtube.com/watch?v=tGhGmWrYpVM
Thứ Ba, 21 tháng 10, 2014
Two Ways of Setting Up Trunks on Juniper Switches
In a previous blog, I’ve shown you how to create VLANs on a Juniper
switch, particularly running JunOS. Furthermore, I’ve shown you how to
edit the vlan membership using two methods. In this blog, I will now show you the two methods for setting up a trunk.
But let’s quickly review what a trunk is, since this is actually important towards understanding the configuration logic.
Depending on how deep you want to dive into it, there is actually quite a bit of theory behind trunk links, from the switch logic itself, all the way to protocols, standard, encapsulation, etc. Though for the sole purpose of this blog, let’s just agree on the following definition:
Outgoing frames going out a trunk port will be tagged with
the VLAN tag, unless the frame belongs to the native-vlan. This is the
default behaviour which, could be changed in configuration.
Incoming frames are inspected and the switch forwards them based on the vlan-tag found within the frame (when one exists).
Without going into more advanced scenarios, we need trunks to accommodate, primarily, two scenarios:
Let’s take a look at two show commands:
Thank you,
source : http://blogbt.net/index.php/2014/09/setting-up-trunks-juniper-switches/
But let’s quickly review what a trunk is, since this is actually important towards understanding the configuration logic.
Depending on how deep you want to dive into it, there is actually quite a bit of theory behind trunk links, from the switch logic itself, all the way to protocols, standard, encapsulation, etc. Though for the sole purpose of this blog, let’s just agree on the following definition:
A trunk port is a logical link which can transport frames for more than one VLAN.
Incoming frames are inspected and the switch forwards them based on the vlan-tag found within the frame (when one exists).
How does the switch know that a frame has a tag? When a frame is received, the switch will read the Ethernet frame, particularly, the EtherType field. In regards to trunking, the following values are possible: 0×9100 – QinQ encapsulation; 0×8100 – VLAN Tagging.
- Router on a stick
- Interconnection between switches
{master:0}[edit]
root# run show vlans extensive
VLAN: VLAN-10, Created at: Fri Sep 13 06:41:32 2013
802.1Q Tag: 10, Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 1 (Active = 1), Untagged 2 (Active = 0)
ge-0/0/23.0*, tagged, trunk
ge-0/0/10.0, untagged, access
ge-0/0/11.0, untagged, access
root# run show vlans extensive
VLAN: VLAN-10, Created at: Fri Sep 13 06:41:32 2013
802.1Q Tag: 10, Internal index: 2, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 1 (Active = 1), Untagged 2 (Active = 0)
ge-0/0/23.0*, tagged, trunk
ge-0/0/10.0, untagged, access
ge-0/0/11.0, untagged, access
VLAN: VLAN-20, Created at: Fri Sep 13 08:32:16 2013
802.1Q Tag: 20, Internal index: 5, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 1 (Active = 1), Untagged 2 (Active = 0)
ge-0/0/23.0*, tagged, trunk
ge-0/0/20.0, untagged, access
ge-0/0/21.0, untagged, access
802.1Q Tag: 20, Internal index: 5, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 1 (Active = 1), Untagged 2 (Active = 0)
ge-0/0/23.0*, tagged, trunk
ge-0/0/20.0, untagged, access
ge-0/0/21.0, untagged, access
VLAN: default, Created at: Fri Sep 13 06:41:32 2013
802.1Q Tag: 1, Internal index: 3, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 1 (Active = 1), Untagged 1 (Active = 1)
ge-0/0/23.0*, tagged, trunk
ge-0/0/23.0*, untagged, trunk
802.1Q Tag: 1, Internal index: 3, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 1 (Active = 1), Untagged 1 (Active = 1)
ge-0/0/23.0*, tagged, trunk
ge-0/0/23.0*, untagged, trunk
__________________________________________________________
{master:0}[edit]
root# run show ethernet-switching interfaces
Interface State VLAN members Tag Tagging Blocking
bme0.32770 down mgmt untagged unblocked
ge-0/0/10.0 down VLAN-10 10 untagged blocked by STP
ge-0/0/11.0 down VLAN-10 10 untagged blocked by STP
ge-0/0/20.0 down VLAN-20 20 untagged blocked by STP
ge-0/0/21.0 down VLAN-20 20 untagged blocked by STP
ge-0/0/23.0 up default 1 untagged unblocked
VLAN-10 10 tagged unblocked
VLAN-20 20 tagged unblocked
default 1 tagged unblocked
me0.0 down mgmt untagged unblocked
root# run show ethernet-switching interfaces
Interface State VLAN members Tag Tagging Blocking
bme0.32770 down mgmt untagged unblocked
ge-0/0/10.0 down VLAN-10 10 untagged blocked by STP
ge-0/0/11.0 down VLAN-10 10 untagged blocked by STP
ge-0/0/20.0 down VLAN-20 20 untagged blocked by STP
ge-0/0/21.0 down VLAN-20 20 untagged blocked by STP
ge-0/0/23.0 up default 1 untagged unblocked
VLAN-10 10 tagged unblocked
VLAN-20 20 tagged unblocked
default 1 tagged unblocked
me0.0 down mgmt untagged unblocked
Thank you,
source : http://blogbt.net/index.php/2014/09/setting-up-trunks-juniper-switches/
Two Ways of Setting Up VLANs on Juniper Switches
With Cisco IOS, when it comes to setting up a VLAN and VLAN
Membership, the process is in fact very straight forward. JunOS give us
two ways of setting up a VLAN’s membership – regardless the method you use, the result will be exactly the same.
As usually, let’s see a diagram:
So we will setup two VLANs – there is one way only for creating a VLAN; we will use the following set commands:
Few things already to observe here:
Let’s now move onto the two methods of creating the VLAN membership – i.e., which ports belong to which vlan.
Thank you,
source: http://blogbt.net/index.php/2014/09/two-ways-setting-vlans-juniper-switches/
Q: Isn’t this already explained on Juniper’s website?
A: Yes, it is!
Q: So why would you carry on reading?
A: I reckon that, on Juniper’s website some things are not clear. Secondly, I will be showing you a few gotchas which Juniper doesn’t mention either – this will mostly relate to the implementation logic.
A: Yes, it is!
Q: So why would you carry on reading?
A: I reckon that, on Juniper’s website some things are not clear. Secondly, I will be showing you a few gotchas which Juniper doesn’t mention either – this will mostly relate to the implementation logic.
So we will setup two VLANs – there is one way only for creating a VLAN; we will use the following set commands:
root# run show configuration vlans
VLAN-10;
vlan-20 {
vlan-id 20;
}
VLAN-10;
vlan-20 {
vlan-id 20;
}
{master:0}[edit]
root# run show configuration vlans | display set
set vlans VLAN-10
set vlans vlan-20 vlan-id 20
root# run show configuration vlans | display set
set vlans VLAN-10
set vlans vlan-20 vlan-id 20
- When creating a VLAN, we give it a name, a vlan-id, or both! Should a vlan-id not be specified, that vlan will handle untagged frames. On Juniper’s website it is mentioned that the vlan-id is automatically generated – I could not verify this, as shown below. You can see that tagging is only enabled for VLAN-20.
- Another thing we notice is that by default, there is already a VLAN setup on the switch – this is called the default vlan and it carries untagged frames. Unlike Cisco switches, it *does not* have the vlan-id 1. Here is something very cool: even though both vlans (default & vlan-10) carry untagged frames, the broadcast domain is still separate!
{master:0}[edit]
root# run show vlans detail
VLAN: VLAN-10, 802.1Q Tag: Untagged, Admin State: Enabled
root# run show vlans detail
VLAN: VLAN-10, 802.1Q Tag: Untagged, Admin State: Enabled
VLAN: default, 802.1Q Tag: Untagged, Admin State: Enabled
VLAN: vlan-20, 802.1Q Tag: 20, Admin State: Enabled
{master:0}[edit]
root# run show vlans extensive
VLAN: VLAN-10, Created at: Fri Sep 13 07:32:47 2013
Internal index: 4, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 0 (Active = 0)
root# run show vlans extensive
VLAN: VLAN-10, Created at: Fri Sep 13 07:32:47 2013
Internal index: 4, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 0 (Active = 0)
VLAN: default, Created at: Fri Sep 13 06:41:28 2013
Internal index: 3, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 0 (Active = 0)
Internal index: 3, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 0 (Active = 0)
VLAN: vlan-20, Created at: Fri Sep 13 07:32:47 2013
802.1Q Tag: 20, Internal index: 5, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 0 (Active = 0)
802.1Q Tag: 20, Internal index: 5, Admin State: Enabled, Origin: Static
Protocol: Port Mode, Mac aging time: 300 seconds
Number of interfaces: Tagged 0 (Active = 0), Untagged 0 (Active = 0)
Thank you,
source: http://blogbt.net/index.php/2014/09/two-ways-setting-vlans-juniper-switches/
Đăng ký:
Bài đăng (Atom)