Show log (shows syslog info)
sh server conn (shows the connections for the cache farm)
rconsole virtual
sh server conn (shows the connections per Barrel Proccesor)
rconsole-exit
Wednesday, February 16, 2011
Adding a New port to a SLB Alteon
Go to the VLAN and define the new ports for the vlan
def X (where x is the new port number)
/c/l2/vlan 4090
learn ena
def 18
Configure the port itself
pvid 4090
/c/port xx/fast
speed 100
mode full
auto off
setup server load balancing on the port by :
/c/slb/port xx
client ena
server ena
(Server if there moving servers behind this port, client if clients are going to come from it also.)
And turn filter processing on (even if there are no filters, it needs to be on for SLB)
/c/slb/port xx
filt ena
client ena
server ena
(Server if there moving servers behind this port, client if clients are going to come from it also.)
And turn filter processing on (even if there are no filters, it needs to be on for SLB)
/c/slb/port xx
filt ena
Tuesday, November 2, 2010
FortiNet Flow Traces
Flow Traces are useful for seeing things like which Policy Rule is getting hit, and which routes are being used to go to a specific IP.
- addr ip address
- clear clear filter
- daddr dest ip address
- dport destination port
- negate inverse filter
- port port
- proto protocol number
- saddr source ip address
- sport source port
Example;
- diag debug enable
- diag debug flow filter daddr 10.10.10.10
- diag debug flow show console enable
- diag debug flow trace start 100
Thursday, October 7, 2010
SNMP TNT / APX Management
All the SNMP manager configurations are stored in SNMP-MANAGER profiles. You can use "save console snmp-manager" to look over them.
Don't use SNMP::read-access-hosts or SNMP::write-access-hosts to specify a manager to be given read/write access anymore, since these fields are deprecated. Instead, SNMP-MANAGER profile should be used. E.g.
tnt6> new snmp-manager
SNMP-MANAGER/"" read
tnt6> set name = 203.97.93.168
(New index value; will save as new profile SNMP-MANAGER/203.97.93.168.)
tnt6> set active = yes
tnt6> write
SNMP-MANAGER/203.97.93.168 written
tnt6> snmpmgrstat
SnmpManager Illegal Access Invalid Version Bad Community
135.252.141.3 0 0 0
135.252.136.234 0 0 0
203.97.93.168 0 0 0 <==== This is the manager just added.
tnt6> save co snmp-manager
; saved Tue Sep 14 12:48:11 2010
; saving profiles of type SNMP-MANAGER
new SNMP-MANAGER
set name = 135.252.136.234
set active = yes
write -f
;
new SNMP-MANAGER
set name = 135.252.141.3
set active = yes
write -f
;
new SNMP-MANAGER
set name = 203.97.93.168
set active = yes
write -f
;
So instead of using "set read-access-hosts 1 = 203.167.203.56", you are supposed to use the SNMP-Manager section. Then to view what you have made use the "save console snmp-manager".
Don't use SNMP::read-access-hosts or SNMP::write-access-hosts to specify a manager to be given read/write access anymore, since these fields are deprecated. Instead, SNMP-MANAGER profile should be used. E.g.
tnt6> new snmp-manager
SNMP-MANAGER/"" read
tnt6> set name = 203.97.93.168
(New index value; will save as new profile SNMP-MANAGER/203.97.93.168.)
tnt6> set active = yes
tnt6> write
SNMP-MANAGER/203.97.93.168 written
tnt6> snmpmgrstat
SnmpManager Illegal Access Invalid Version Bad Community
135.252.141.3 0 0 0
135.252.136.234 0 0 0
203.97.93.168 0 0 0 <==== This is the manager just added.
tnt6> save co snmp-manager
; saved Tue Sep 14 12:48:11 2010
; saving profiles of type SNMP-MANAGER
new SNMP-MANAGER
set name = 135.252.136.234
set active = yes
write -f
;
new SNMP-MANAGER
set name = 135.252.141.3
set active = yes
write -f
;
new SNMP-MANAGER
set name = 203.97.93.168
set active = yes
write -f
;
So instead of using "set read-access-hosts 1 = 203.167.203.56", you are supposed to use the SNMP-Manager section. Then to view what you have made use the "save console snmp-manager".
SNMPTT for Trap Monitoring with Nagios + Cacti Install
Install & Configure Prerequisites
CentOS 5.5
Install Net-SNMP for the perl Modules
yum install net-snmp net-snmp-utils net-snmp-devel -y
yum groupinstall 'Development Tools'
yum groupinstall 'Development Libraries'
yum install perl-Config-IniFiles-2.56-1.el5.rf.noarch
Install Apache
yum install httpd php gcc glibc glibc-common gd gd-devel
Configure Apache to start on boot
/sbin/chkconfig --levels 345 httpd on
Configure iptables to allow Apache traffic
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart
Install & Configure Nagios
Install Nagios & Plugins
yum install nagios nagios-plugins nagios-plugins-setuid
Create the default Nagios web access user & set a password
htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
Verify default config files
nagios -v /etc/nagios/nagios.cfg
Start Nagios
/etc/init.d/nagios start
Start Apache
/etc/init.d/httpd start
Download SNMPTT
wget http://downloads.sourceforge.net/project/snmptt/snmptt/snmptt_1.3/snmptt_1.3.tgz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fsnmptt%2Ffiles%2Fsnmptt%2Fsnmptt_1.3%2F&ts=1299457062&use_mirror=cdnetworks-us-2
Extract SNMPTT
tar xvzf snmptt_1.3.tgz
From the files it extracts
1. Copy snmptt to /usr/sbin/ and ensure it is executable (chmod +x snmptt)
2. Copy snmptthandler to /usr/sbin/ and ensure it is executable (chmod +x snmptthandler)
3. Copy snmptt.ini to /etc/snmp/ or /etc/ and edit the options inside the file.
4. Create the log folder /var/log/snmptt/.
Create the file snmptrapd.conf in /etc/snmp
nano snmptrapd.conf and add
traphandle default /usr/sbin/snmptt
disableAuthorization yes
donotlogtraps no
5. For daemon mode:
Modify the Net-SNMP snmptrapd.conf file by adding the following line:
traphandle default /usr/sbin/snmptthandler
Create the spool folder /var/spool/snmptt/:
mkdir /var/spool/snmptt/
A startup script is included which can be used to start and stop snmptt on Mandrake, RedHat and other systems. Copy the script to the init.d directory (renaming the file during the copy):
cp snmptt.init.d /etc/rc.d/init.d/snmptt
Add the service using chkconfig:
chkconfig --add snmptt
Configure the service to start at runlevel 2345:
chkconfig --level 2345 snmptt on
Snmptt will be started at the next reboot, or can be started immediately with:
service snmptt start
or
/etc/rc.d/init.d/snmptt start
To manually start snmptt, use:
snmptt --daemon
6. A log rotation script is included which can be used to rotate the log files on Mandrake, RedHat and other systems. Copy the file to the logrotate.d directory (renaming the file during the copy):
cp snmptt.logrotate /etc/logrotate.d/snmptt
Edit the /etc/logrotate.d/snmptt and update the paths and rotate frequency as needed.
7. Start snmptrapd using the command line: snmptrapd -On.
You should be able to edit the /etc/rc.d/init.d/snmptrapd script if you have one and change
the OPTIONS to "-On".
Note: The -On is recommended. This will make snmptrapd pass OIDs in numeric form and prevent SNMPTT from having to translate the symbolic name to numerical form. If the UCD-SNMP / Net-SNMP Perl module is not installed, then you MUST use the -On switch. Depending on the version of UCD-SNMP / Net-SNMP, some symbolic names may not translate correctly. See the FAQ for more info.
As an alternative, you can edit your snmp.conf file to include the line: printNumericOids 1. This setting will take effect no matter what is used on the command line.
Install instructions
http://xavier.dusart.free.fr/joomla/index.php/en/nagios/47-traps-snmp-dans-nagios
and
http://www.snmptt.org/docs/snmptt.shtml
For Testing enable
unknown_trap_log_enable = 1
log_system_enable = 1
Place holder
Useful Websites
http://xavier.dusart.free.fr/joomla/index.php/en/nagios/47-traps-snmp-dans-nagios
http://docstore.mik.ua/orelly/networking_2ndEd/snmp/appc_03.htm
Testing traps on Centos
snmptrap -v 1 -c public localhost UCD-SNMP-MIB::ucdStart "" 6 17 "" SNMPv2-MIB::sysLocation.0 s "HelloWorld"
CentOS 5.5
Install Net-SNMP for the perl Modules
yum groupinstall 'Development Tools'
yum groupinstall 'Development Libraries'
yum install perl-Config-IniFiles-2.56-1.el5.rf.noarch
Install Apache
yum install httpd php gcc glibc glibc-common gd gd-devel
Configure Apache to start on boot
/sbin/chkconfig --levels 345 httpd on
Configure iptables to allow Apache traffic
/sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT
/etc/init.d/iptables save
/etc/init.d/iptables restart
Install & Configure Nagios
Install Nagios & Plugins
yum install nagios nagios-plugins nagios-plugins-setuid
Create the default Nagios web access user & set a password
htpasswd -c /etc/nagios/htpasswd.users nagiosadmin
Verify default config files
nagios -v /etc/nagios/nagios.cfg
Start Nagios
/etc/init.d/nagios start
Start Apache
/etc/init.d/httpd start
Download SNMPTT
wget http://downloads.sourceforge.net/project/snmptt/snmptt/snmptt_1.3/snmptt_1.3.tgz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fsnmptt%2Ffiles%2Fsnmptt%2Fsnmptt_1.3%2F&ts=1299457062&use_mirror=cdnetworks-us-2
Extract SNMPTT
tar xvzf snmptt_1.3.tgz
From the files it extracts
1. Copy snmptt to /usr/sbin/ and ensure it is executable (chmod +x snmptt)
2. Copy snmptthandler to /usr/sbin/ and ensure it is executable (chmod +x snmptthandler)
3. Copy snmptt.ini to /etc/snmp/ or /etc/ and edit the options inside the file.
4. Create the log folder /var/log/snmptt/.
Create the file snmptrapd.conf in /etc/snmp
nano snmptrapd.conf and add
traphandle default /usr/sbin/snmptt
disableAuthorization yes
donotlogtraps no
5. For daemon mode:
Modify the Net-SNMP snmptrapd.conf file by adding the following line:
traphandle default /usr/sbin/snmptthandler
Create the spool folder /var/spool/snmptt/:
mkdir /var/spool/snmptt/
A startup script is included which can be used to start and stop snmptt on Mandrake, RedHat and other systems. Copy the script to the init.d directory (renaming the file during the copy):
cp snmptt.init.d /etc/rc.d/init.d/snmptt
Add the service using chkconfig:
chkconfig --add snmptt
Configure the service to start at runlevel 2345:
chkconfig --level 2345 snmptt on
Snmptt will be started at the next reboot, or can be started immediately with:
service snmptt start
or
/etc/rc.d/init.d/snmptt start
To manually start snmptt, use:
snmptt --daemon
6. A log rotation script is included which can be used to rotate the log files on Mandrake, RedHat and other systems. Copy the file to the logrotate.d directory (renaming the file during the copy):
cp snmptt.logrotate /etc/logrotate.d/snmptt
Edit the /etc/logrotate.d/snmptt and update the paths and rotate frequency as needed.
7. Start snmptrapd using the command line: snmptrapd -On.
You should be able to edit the /etc/rc.d/init.d/snmptrapd script if you have one and change
the OPTIONS to "-On".
Note: The -On is recommended. This will make snmptrapd pass OIDs in numeric form and prevent SNMPTT from having to translate the symbolic name to numerical form. If the UCD-SNMP / Net-SNMP Perl module is not installed, then you MUST use the -On switch. Depending on the version of UCD-SNMP / Net-SNMP, some symbolic names may not translate correctly. See the FAQ for more info.
As an alternative, you can edit your snmp.conf file to include the line: printNumericOids 1. This setting will take effect no matter what is used on the command line.
Install instructions
http://xavier.dusart.free.fr/joomla/index.php/en/nagios/47-traps-snmp-dans-nagios
and
http://www.snmptt.org/docs/snmptt.shtml
For Testing enable
unknown_trap_log_enable = 1
log_system_enable = 1
Place holder
Useful Websites
http://xavier.dusart.free.fr/joomla/index.php/en/nagios/47-traps-snmp-dans-nagios
http://docstore.mik.ua/orelly/networking_2ndEd/snmp/appc_03.htm
Testing traps on Centos
snmptrap -v 1 -c public localhost UCD-SNMP-MIB::ucdStart "" 6 17 "" SNMPv2-MIB::sysLocation.0 s "HelloWorld"
Linux Commands
Ubuntu
apt-get install
apt-get update
apt-get upgrade
sudo -s
CentOS
yum install
yum upgrade
snmptrap -v 1 -c public 10.10.10.60 '1.2.3.4.5.6' '192.193.194.195' 6 99 '55' 1.11.12.13.14.15 s "teststring" used for testing snmptt installs
/etc/sysconfig/network-scripts home of the ifcfg-eth0
dig www.google.com dns info command
apt-get install
apt-get update
apt-get upgrade
sudo -s
CentOS
yum install
yum upgrade
snmptrap -v 1 -c public 10.10.10.60 '1.2.3.4.5.6' '192.193.194.195' 6 99 '55' 1.11.12.13.14.15 s "teststring" used for testing snmptt installs
/etc/sysconfig/network-scripts home of the ifcfg-eth0
dig www.google.com dns info command
NagiosQL
NagiosQL3 Install on CentOS 4
So I downloaded the NagiosQL
wget http://ovh.dl.sourceforge.net/sourceforge/nagiosql/nagiosql302.tar.gz
tar xzf nagiosql302.tar.gz
Put the now extracted nagiosql3 folder into /var/www/html
nano /etc/httpd/conf/httpd.conf
Throw this at the bottom.
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/html/nagiosql3
ServerName 10.10.10.60/nagiosql
ErrorLog logs/nagiosql3.log
CustomLog logs/nagiosql3 common
</VirtualHost>
touch /var/www/html/nagiosql3/install/ENABLE_INSTALLER
http://localhost
Follow the steps in the install once done.
rm /var/www/html/nagiosql3/install/ENABLE_INSTALLER
http://localhost
Done
Reserved for http://www.nagiosql.org/ write up.
So I downloaded the NagiosQL
wget http://ovh.dl.sourceforge.net/sourceforge/nagiosql/nagiosql302.tar.gz
tar xzf nagiosql302.tar.gz
Put the now extracted nagiosql3 folder into /var/www/html
nano /etc/httpd/conf/httpd.conf
Throw this at the bottom.
<VirtualHost *:80>
ServerAdmin webmaster@dummy-host.example.com
DocumentRoot /var/www/html/nagiosql3
ServerName 10.10.10.60/nagiosql
ErrorLog logs/nagiosql3.log
CustomLog logs/nagiosql3 common
</VirtualHost>
touch /var/www/html/nagiosql3/install/ENABLE_INSTALLER
http://localhost
Follow the steps in the install once done.
rm /var/www/html/nagiosql3/install/ENABLE_INSTALLER
http://localhost
Done
Reserved for http://www.nagiosql.org/ write up.
Subscribe to:
Posts (Atom)