SNMP LINUX

Nagios
/etc/snmp/snmpd.conf
rocommunity public


/etc/snmp/snmpd.conf

agentAddress  udp:10.x.x.x:161
rocommunity public  10.x.x.x
                                               
# rocommunity public  default    -V systemonly

sysLocation   Lokalizacja
sysContact     Me w nawiasach większe mniejsze adres email



Xenserver 6.x

How to enable SNMP on Citrix XenServer 6

Today I needed to enable SNMP on my XenServer lab at home, I was looking for an efficient way to monitor my XenServer. I found a Linux distribution very handy for a Cacti box, EZCacti, you can download it here : http://cactiez.cactiusers.org/download/

So to enable SNMP on XenServer 6, you need to follow the following guide. Please keep in memory you shouldn’t do that on your XenServer in a production environment, Citrix won’t be able to bring support if you modify the dom0.

First step, you need to allow SMTP to be able to collect and allow Cacti to get information from SNMP on the port 161/UDP :

Edit the file /etc/sysconfig/iptables with vi and add the following line :

/etc/sysconfig/iptables

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT

and then restart the iptables service using the following command line : service iptables restart

Now you need to configure your SNMP settings (community etc…) by editing the following file with vi : /etc/snmp/snmpd.conf

/etc/snmp/snmpd.conf

###############################################################################
# Access Control
###############################################################################
 
# As shipped, the snmpd demon will only respond to queries on the
# system mib group until this file is replaced or modified for
# security purposes.
 
####
# First, map the community name "public" into a "security name"
 
#       sec.name       source        community
com2sec archynet 192.168.0.0/24 public
 
####
# Second, map the security name into a group name:
 
#       groupName      securityModel securityName
group notConfigGroup v1 archynet
group   notConfigGroup v2c           notConfigUser
 
####
# Third, create a view for us to let the group have rights to:
 
#    name          incl/excl  subtree         mask(optional)
view    systemview    included   system
view    systemview    included   interfaces
view    systemview    included   at
view    systemview    included   ip
view    systemview    included   icmp
view    systemview    included   tcp
view    systemview    included   udp
view    systemview    included   snmp
 
####
# XenServer control domain does not support IPv6.
#
view    systemview    excluded   ipv6InterfaceTableLastChange
view    systemview    excluded   icmpStatsInErrors.ipv6
view    systemview    excluded   icmpStatsInMsgs.ipv6
view    systemview    excluded   icmpStatsOutErrors.ipv6
view    systemview    excluded   icmpStatsOutMsgs.ipv6
view    systemview    excluded   icmpMsgStatsInPkts.ipv6
view    systemview    excluded   icmpMsgStatsOutPkts.ipv6
 
####
# Finally, grant the group read-only access to the systemview view.
 
#       group          context sec.model sec.level prefix read       write  notif
access  notConfigGroup ""      any       noauth    exact  systemview none   none
 
###############################################################################
# System contact information
#
 
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root  (edit /etc/snmp/snmpd.conf)

Make the change on your smtpd.conf file on the two line (in red) you can find in the example above, of course you’ll need to change the IP range to match your network subnet.

Now you need to start the SNMP service using the following command line : service snmpd start

Finally, to enable the automatic start of the SNMP service at your XenServer startup, type : chkconfig snmpd on

Now I can begin to work on Cacti and try to monitor the host and the VMs (Next blog to come)

mount vmfs iscsi console

1. Log in as root to the ESX host which cannot mount the datastore using an SSH client. For more information, see Unable to connect to an ESX host using Secure Shell (SSH) (1003807).
   Note: All of the commands listed are available in ESXi via the vSphere CLI.
2. Run the command:
   
   # esxcfg-volume -lThe results appear similar to:
   
   VMFS3 UUID/label: 4b057ec3-6bd10428-b37c-005056ab552a/ TestDS
   Can mount: Yes
   Can resignature: Yes
   Extent name: naa.6000eb391530aa26000000000000130c:1 range: 0 - 1791 (MB)Record the UUID portion of the output. In the above example the UUID is 4b057ec3-6bd10428-b37c-005056ab552a.Note: The Can mount value must be Yes to proceed with this workaround.
   Note: The esxcfg-volume command has been depreciated in ESXi 5.0 in favor of the esxcli command. For more/related information, see vSphere handling of LUNs detected as snapshot (1011387).
    
3. Run the command:
   np:
   # esxcfg-volume -m 4b057ec3-6bd10428-b37c-005056ab552a
 

4. Rescan All

uninstall firefox psexec

psexec -s \\computer_name "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /S

Wireshark example

Show only SMTP (port 25) and ICMP traffic:

*

tcp.port eq 25 or icmp

Show only traffic in the LAN (192.168.x.x), between workstations and servers -- no Internet:

*

ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16

TCP buffer full -- Source is instructing Destination to stop sending data

*

tcp.window_size == 0 && tcp.flags.reset != 1

Filter on Windows -- Filter out noise, while watching Windows Client - DC exchanges

*

smb || nbns || dcerpc || nbss || dns

Sasser worm: --What sasser really did--

*

ls_ads.opnum==0x09

Match packets containing the (arbitrary) 3-byte sequence 0x81, 0x60, 0x03 at the beginning of the UDP payload, skipping the 8-byte UDP header. Note that the values for the byte sequence implicitly are in hexadecimal only. (Useful for matching homegrown packet protocols.)

*

udp[8:3]==81:60:03

The "slice" feature is also useful to filter on the vendor identifier part (OUI) of the MAC address, see the Ethernet page for details. Thus you may restrict the display to only packets from a specific device manufacturer. E.g. for DELL machines only:

*

eth.addr[0:3]==00:06:5B

It is also possible to search for characters appearing anywhere in a field or protocol by using the matches operator.

Match packets that contains the 3-byte sequence 0x81, 0x60, 0x03 anywhere in the UDP header or payload:

*

udp contains 81:60:03

Match packets where SIP To-header contains the string "a1762" anywhere in the header:

*

sip.To contains "a1762"

The matches operator makes it possible to search for text in string fields and byte sequences using a regular expression, using Perl regular expression syntax. Note: Wireshark needs to be built with libpcre in order to be able to use the matches operator.

Match HTTP requests where the last characters in the uri are the characters "gl=se":

*

http.request.uri matches "gl=se$"

Note: The $ character is a PCRE punctuation character that matches the end of a string, in this case the end of http.request.uri field.

Filter by a protocol ( e.g. SIP ) and filter out unwanted IPs:

ip.src != xxx.xxx.xxx.xxx && ip.dst != xxx.xxx.xxx.xxx && sip

[ Feel free to contribute more ]

Gotchas

Some filter fields match against multiple protocol fields. For example, "ip.addr" matches against both the IP source and destination addresses in the IP header. The same is true for "tcp.port", "udp.port", "eth.addr", and others. It's important to note that

*

ip.addr == 10.43.54.65

is equivalent to

ip.src == 10.43.54.65 or ip.dst == 10.43.54.65

This can be counterintuitive in some cases. Suppose we want to filter out any traffic to or from 10.43.54.65. We might try the following:

*

ip.addr != 10.43.54.65

which is equivalent to

ip.src != 10.43.54.65 or ip.dst != 10.43.54.65

This translates to "pass all traffic except for traffic with a source IPv4 address of 10.43.54.65 and a destination IPv4 address of 10.43.54.65", which isn't what we wanted.

Instead we need to negate the expression, like so:

*

! ( ip.addr == 10.43.54.65 )

which is equivalent to

! (ip.src == 10.43.54.65 or ip.dst == 10.43.54.65)

This translates to "pass any traffic except with a source IPv4 address of 10.43.54.65 or a destination IPv4 address of 10.43.54.65", which is what we wanted.

Expand VMFS

When trying to grow or expand a VMFS volume, you see these symptoms:

* One or more storage devices have been increased in capacity from the storage array.
* When you click Increase, there are no available devices to select.
* When you click Increase, a device is listed but does not have Expandable = Yes.
* When you select the volume and click Next, you see the error:

ESXi 5.0 slow run blade to RAW mapped

To mark the MSCS LUNs as permanently reserved on an already upgraded ESXi 5.0 host, run the same esxcli command as above and all subsequent rescans/boots will be at normal speed.

1. Determine which RDM LUNs are part of an MSCS cluster.
2. From the vSphere Client, select a virtual machine that has a mapping to the MSCS cluster RDM devices.
3. Edit your Virtual Machine settings and navigate to your Mapped RAW LUNs.
4. Select Manage Paths to display the device properties of the Mapped RAW LUN and the device identifier (that is, the naa ID).
5. Take note of the naa ID, which is a globally unique identifier for your shared device.
6. Use the esxcli command to mark the device as perennially reserved:
Najważniejsze
esxcli storage core device setconfig -d ==naa.id== --perennially-reserved=true

7. To verify that the device is perennially reserved, run this command:

esxcli storage core device list -d ==naa.id==

In the output of the esxcli command, search for the entry Is Perennially Reserved: true. This shows that the device is marked as perennially reserved.

8. Repeat the procedure for each Mapped RAW LUN that is participating in the MSCS cluster.

Note: The configuration is permanently stored with the ESXi host and persists across reboots. To remove the perennially reserved flag, run this command:

PowerShell - hurtowe uprawnienia

W cmd na prawach admin wykonaj Powershell Set-ExecutionPolicy Unrestricted

c:\skrypt\permission.ps1

$dirPath = "C:\test\"
$dirs = Get-ChildItem $dirPath | where {$_.PsIsContainer} | Select Name, FullName
foreach($item in $dirs)
{
$acl = Get-Acl $item.FullName
$permission = ("DOMENA\{0}" -f $item.Name),"FullControl","Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule $permission
$acl.SetAccessRule($accessRule)
$acl | Set-Acl $item.FullName
}