1. Skip to Menu
  2. Skip to Content
  3. Skip to Footer>
Image 1

WE Solutions / Our services

  • Previous
  • Next
  • Stop
  • Play

SAMBA/LDAP

Thin Client Server

Postfix Mail Server

Postfix Mail Server

HA Clustering

Centralized Log Server

PDF Print E-mail

Written by Mr. Sontaya Photibut Saturday, 02 May 2009 14:56

การติดตั้ง Centralized Log Server บน Linux SUSE Enterprise Server 10 SP2.

# Centralize Log Server IP Address : 192.168.1.13

แก้ไขโปรแกรม syslog เพื่อให้รับ Message จากเครื่องอื่นๆ

$ vim /etc/sysconfig/syslog
SYSLOGD_PARAMS="" แก้ไขเป็น SYSLOGD_PARAMS="-r -m 0"
-r , -m เพื่ออนุญาตใหรับ Message จากเครื่องอื่นๆ
:wq! (บันทึก)

Configuration Firewall
$ vi /etc/sysconfig/scripts/SuSEfirewall2-custom
ให้เพิ่มบรรทัดข้างล่างในส่วนของ fw_custom_before_antispoofing()
#incoming syslog clients
 iptables -t filter -A INPUT -p udp -s 192.168.0.2 --dport 514 -j ACCEPT
 iptables -t filter -A INPUT -p udp -s 192.168.1.10 --dport 514 -j ACCEPT
 iptables -t filter -A INPUT -p udp -s 192.168.11.2 --dport 514 -j ACCEPT
 iptables -t filter -A INPUT -p udp -s 192.168.11.200 --dport 514 -j ACCEPT
:wq! (บันทึก)

$ vi /etc/sysconfig/SuSEfirewall2
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" <-uncomment
#FW_CUSTOMRULES="" <-comment
:wq! (บันทึก)
$ rcSuSEfirewall2 restart


Configuration syslog-ng
$ vim /etc/syslog/syslog-ng.conf
#
# Global options.
#
#options { long_hostnames(off); sync(0); perm(0640); stats(3600); };
options {
   sync (0);
   time_reopen (10);
   log_fifo_size (1000);
   long_hostnames (off);
   use_dns (no);
<-ให้ resolve ค่า IP address ในข้อมูลล็อก เป็น hostname (default = yes)
   use_fqdn (no);
<-บันทึก full name ของเครื่องที่ส่ง tcp/udp message (default = no)
   create_dirs (no);
<-เป็นตัวบอกว่าจะให้ syslog-ng สร้างไดเรกทอรีใหม่ได้หรือไม่ ในกรณีที่ path ที่ระบุไม่มีอยู่จริงในระบบ (default = no)
   keep_hostname (yes);
<-ให้เชื่อใจ (trust) ค่า hostname ที่อยู่ใน tcp/udp message (default = no)
};
source src {
        #
        internal(); 
<-ล็อกที่รับมาจาก syslog-ng daemon
        #pipe("/proc/kmsg");
<-ล็อกที่รับมาจาก name pipe
        unix-dgram("/dev/log");
<-ล็อกที่รับมาจาก Unix socket ที่อยู่ในโหมด connectionless datagram เช่น ล็อกของ klogd จาก /dev/log
        #file("/proc/kmsg" log_prefix("kernel:"));
<-ล็อกที่อ่านมาจากไฟล์ที่ระบุไว้ เช่น /proc/kmsg
        unix-dgram("/var/lib/dhcp/dev/log");
        unix-dgram("/var/lib/named/dev/log");
};



## สำหรับค่าที่ใช้งาน  ให้เพิ่มในส่วนของ options ##
options {
   sync (0);
   time_reopen (10);
   log_fifo_size (1000);
   long_hostnames (off);
   use_dns (no);
   use_fqdn (no);
   create_dirs (no);
   keep_hostname (yes);
   log_msg_size (4096);
};
##-----------------------------------------------------#
#Source from remote client
source s_client {
          udp(ip("0.0.0.0") port(514));
        };
##-----------------------------------------------------#
# Filter Log Squid (Proxy) from clients:
#
filter f_squid { program("squid"); };
destination d_squid {
 file("/var/log/$HOST/$YEAR/$MONTH/squid_access.log"
 owner(root) group(root) perm(0600)
 create_dirs(yes) dir_perm(0700));
};
log { source(s_client); filter(f_squid); destination(d_squid); };

##-----------------------------------------------------#
# Filter Log ssh from clients:
#
filter f_ssh { program("sshd") and facility(auth, authpriv); };
destination d_ssh {
  file("/var/log/$HOST/$YEAR/$MONTH/ssh_access.log"
  owner(root) group(root) perm(0600)
  create_dirs(yes) dir_perm(0700));
};
log { source(s_client); filter(f_ssh); destination(d_ssh); };

##-----------------------------------------------------#
# Filter Log Firewall (iptables) from clients:
#
destination d_firewall {
  file("/var/log/$HOST/$YEAR/$MONTH/firewall"
  owner(root) group(root) perm(0600)
  create_dirs(yes) dir_perm(0700));
};

log { source(s_client); filter(f_iptables); destination(d_firewall); };

##-----------------------------------------------------#
# Log apache2 (httpd) web server:
#
filter f_apache { program("apache")or match ("logger:");};
destination d_apache {
file("/var/log/$HOST/$YEAR/$MONTH/apache_access.log"
owner(root) group(root) perm(0640)
create_dirs(yes) dir_perm(0700));
};
log { source(s_client); filter(f_apache); destination(d_apache); };




##------------------------------------------------------#
# Log pop3 from mail_server Server:
#
filter f_pop3 { match("vpopmail_server|pop3"); };
destination d_pop3 {
  file("/var/log/$HOST/$YEAR/$MONTH/pop3.log"
  owner(root) group(root) perm(0600)
  create_dirs(yes) dir_perm(0700));
};
log { source(s_client); filter(f_pop3); destination(d_pop3); };

##-------------------------------------------------------#
# Log IMAP from mail_server Server:
#
filter f_imap { match("imap"); };
destination d_imap {
  file("/var/log/$HOST/$YEAR/$MONTH/imap.log"
  owner(root) group(root) perm(0600)
  create_dirs(yes) dir_perm(0700));
};
log { source(s_client); filter(f_imap); destination(d_imap); };

##---------------------------------------------------------#
# Log SMTP or Sendmail_server from mail_server Server:
#
filter f_smtp { match("qmail_server-scanner"); };
destination d_smtp {
  file("/var/log/$HOST/$YEAR/$MONTH/smtp.log"
  owner(root) group(root) perm(0600)
  create_dirs(yes) dir_perm(0700));
};
log { source(s_client); filter(f_smtp); destination(d_smtp); };
:wq (บันทึก)
Note: MTA is Qmail_server.
- vpopmain คือ Package สำหรับทำ Multiple domain name.
-Courier-imap คือ IMAP จาก Courier mail_server server บริการ POP3, POP3-SSL, IMAP และ IMAP-SSL
-qmail_serveradmin คือ Web-based สำหรับผู้ดูแลระบบ (administrator) ที่สามารถเข้าถึง mail_serverboxes, autoresponders, และ mail_serverling lists ภายใต้ domain นั้นๆ.
-vqadmin คือ Web-based สำหรับจัดการ สร้าง, แก้ไข, ลบ, อีเมล์บนโดเมน.
-ucspi-ss คือ โปรแกรมเปิดบริการ socket SSL. 

$ SuSEconfig --module syslog-ng
$ rcsyslog restart
$ syslog-ng  <-ถ้าไม่ขึ้น error ก็ผ่านครับ.
หรือ
$ syslog-ng -d <- ดู debug

Configuration Apache2 (เครื่องเครื่อง mail_server server.)
$ vi /etc/apache2/httpd.conf
ErrorLog /var/log/apache2/error_log
ErrorLog syslog
LogLevel notice
CustomLog "|/bin/logger -p local1.info" combined
:wq! (บันทึก)
$ rcapache2 reload

Ref : http://www.devshed.com/c/a/Apache/Logging-in-Apache/4/

ตรวจสอบ Log ว่ามี client ติดต่อเข้ามายัง.
$ tail -f /var/log/messages
syslog-ng[5236]: AF_INET client connected from 192.16 8.1.11
แสดงว่ามีการติดต่อเข้ามาแล้ว.



สร้างไฟล์สำหรับ rotateใน  /etc/logrotate.d/
$ vi /etc/logrotate.d/logserver
#Rotate 90
/var/log/mail_server/*/*/squid_access.log
/var/log/mail_server/*/*/ssh_access.log
/var/log/mail_server/*/*/firewall.log
/var/log/mail_server/*/*/apache_access.log
/var/log/pattayapdc/*/*/squid_access.log
/var/log/pattayapdc/*/*/ssh_access.log
/var/log/pattayapdc/*/*/firewall.log
/var/log/pattayapdc/*/*/apache_access.log
/var/log/koratpdc/*/*/squid_access.log
/var/log/koratpdc/*/*/ssh_access.log
/var/log/koratpdc/*/*/firewall.log
/var/log/chaingmaipdc/*/*/squid_access.log
/var/log/chaingmaipdc/*/*/ssh_access.log
/var/log/chaingmaipdc/*/*/firewall.log
{
    compress
    dateext
    maxage 365
    rotate 90
    missingok
    notifempty
    size +4096k
    create 640 root root
    postrotate
        /etc/init.d/syslog reload
    endscript
}
:wq! (บันทึก)


ตั้งเวลาให้ทำการ ratate ด้วย crontab.

$ crontab -e
# logserver
59 23 * * * /usr/sbin/logrotate -f /etc/logrotate.d/logserver > /dev/null

สั่ง Logrotate ทําการ Reload เฉพาะ Configuration File (ถ้าต้องการทดสอบ)
$ logrotate -f /etc/logrotate.d/logserver

สร้าง Script ดู Log. (ในกรณีที่ไม่ได้ติดตั้ง mullitaill)
ตัวอย่าง : Script สำหรับดู log proxy (squid)
$ vi /logsquid-koratpdc
#!/bin/sh
ylog=$(date +%Y)
mlog=$(date +%m)
curelog=squid_access.log
hostlog=pattayapdc
tail -f /var/log/$hostlog/$ylog/$mlog/$curelog
$ chmod 700 /logsquid-koratpdc

รันคำสั่งสำหรับดู Log.
$ /logsquid-koratpdc

เข้ารหัสไฟล์ (Encryption Log files and md5sum):
สร้าง Directory สำหรับเก็บ Encrypt Logs
$ mkdir /var/log/backup
$ cd /var/log/backup
สร้าง Scripts Encryption
$ vi encrypt.sh
#!/bin/sh
## Script encryption log files. ##
mkdir $(date +%F)
cd $(date +%F)
pass="1234"
server1=mail_serverserver
server2=koratpdc
server3=chaingmaipdc
server4=pattayapdc
# Path files.
log_path1=/var/log/mail_server
log_path2=/var/log/koratpdc
log_path3=/var/log/chaingmaipdc
log_path4=/var/log/pattayapdc
# Create archive.
tar zcvf $server1.tar.gz $log_path1
tar zcvf $server2.tar.gz $log_path2
tar zcvf $server3.tar.gz $log_path3
tar zcvf $server4.tar.gz $log_path4
# Encryption files.
openssl des -in "$server1".tar.gz -k "$pass" -out "$server1".tar.gz.sec
openssl des -in "$server2".tar.gz -k "$pass" -out "$server2".tar.gz.sec
openssl des -in "$server3".tar.gz -k "$pass" -out "$server3".tar.gz.sec
openssl des -in "$server4".tar.gz -k "$pass" -out "$server4".tar.gz.sec
# Check sum.
md5sum "$server1".tar.gz.sec > MD5SUM-$server1
md5sum "$server2".tar.gz.sec > MD5SUM-$server2
md5sum "$server3".tar.gz.sec > MD5SUM-$server3
md5sum "$server4".tar.gz.sec > MD5SUM-$server4
# Delete archive.
rm *.tar.gz
echo "encrypt finish. "

:wq! (บันทึก)
$ chmod 700 encrypt.sh


ถอดรหัสไฟล์ (Decryption Log files):
$ vi decrypt.sh
#!/bin/sh
## Script encryption log files. ##
mkdir $(date +%F)
cd $(date +%F)
pass="1234"
server1=mail_serverserver
server2=koratpdc
server3=chaingmaipdc
server4=pattayapdc
# Decryption files.
openssl des -d -in "$server1".tar.gz.sec -k "$pass" -out "$server1".tar.gz
openssl des -d -in "$server2".tar.gz.sec -k "$pass" -out "$server2".tar.gz
openssl des -d -in "$server3".tar.gz.sec -k "$pass" -out "$server3".tar.gz
openssl des -d -in "$server4".tar.gz.sec -k "$pass" -out "$server4".tar.gz
# Check SUM.
md5sum -c MD5SUM-$server1 >> OUTPUT_MD5
md5sum -c MD5SUM-$server2 >> OUTPUT_MD5
md5sum -c MD5SUM-$server3 >> OUTPUT_MD5
md5sum -c MD5SUM-$server4 >> OUTPUT_MD5
# Extact files
tar zxvf $server1.tar.gz
tar zxvf $server2.tar.gz
tar zxvf $server3.tar.gz
tar zxvf $server4.tar.gz
# Delete archive.
rm *.tar.gz
echo "decrypt finish. "

:wq! (บันทึก)
$ chmod 700 decrypt.sh

ตรวจสอบ Log ไฟล์ว่ามีการแก้ใขหรือไม่ (Check sum):
$ cat OUTPUT_MD5
# ถ้า Log files อยู่ในสภาพเดิม :
pattayapdc.tar.gz.sec: OK

# ถ้า Log files มีการแก้ไข :
pattayapdc.tar.gz.sec: no properly formatted MD5 checksum lines found.
ตั้งเวลาให้ Scripts ทำงาน
#encryption log
0 0 * * 0 /var/log/backup/encrypt.sh 2>&1 > /dev/null

ติดตั้งโปรแกรมเพื่อดู Log ไฟล์ (Log  Monitoring by multitail):
$ wget http://www.vanheusden.com/multitail/multitail-5.2.2.tgz
$ tar xvf multitail-5.2.2.tgz
$ cd multitail-5.2.2
$ make install
$ make thanks

ตัวอย่างการใช้คำสั่ง
Show 5 logfiles while merging 2 and put them in 2 columns with only one in the left column:
$ multitail -s 2 -sn 1,3 /var/log/mail_server/2008/09/apache_access.log -I /var/log/mail_server/2008/09/pop3.log /var/log/pattayapdc/2008/09/squid_access.log /var/log/koratpdc/2008/09/squid_access.log /var/log/squid/access.log

Show 3 logfiles in 2 columns:
$ multitail -s 2  /var/log/mail_server/2008/09/smtp.log  /var/log/mail_server/2008/09/imap.log /var/log/mail_server/2008/09/pop3.log


แก้ไขให้เมล์ที่ส่งภายใน โดเมน (local to local) ให้เข้าqmail_server-scanner (Changing Your Tcp Rules):
$ /etc/tcprules.d/tcp.smtp
# adding the Qmail_serverQUEUE variables to 127.
127.:allow,RELAYCLIENT="",Qmail_serverQUEUE="/var/qmail_server/bin/qmail_server-scanner-queue.pl"
192.168.1.1:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",
CHKUSER_WRONGRCPTLIMIT="10",Qmail_serverQUEUE="/var/qmail_server/bin/qmail_server-scanner-queue.pl"

192.168.:allow,RELAYCLIENT="",Qmail_serverQUEUE="/var/qmail_server/bin/qmail_server-scanner-queue.pl"
:allow,BADMIMETYPE="",BADLOADERTYPE="M",CHKUSER_RCPTLIMIT="50",
CHKUSER_WRONGRCPTLIMIT="10",Qmail_serverQUEUE="/var/qmail_server/bin/qmail_server-scanner-queue.pl"

:wq! (บันทึก)

Rebuild cdb file:
$ qmail_serverctl cdb
Restart Qmail_server Server:
$ qmail_serverctl restart

ตรวจสอบ log (qmail_server-scanner): ที่เครื่อง Centralized Log Server
$ tail -f /var/log/mail_server


สำหรับ Client

Firewall Setting:
$ vi /etc/sysconfig/SuSEfirewall2
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" <-uncomment
#FW_CUSTOMRULES="" <-comment
:wq! (บันทึก)

$ rcSuSEfirewall2 restart
$ vi /etc/sysconfig/scripts/SuSEfirewall2-custom
#example: allow incoming multicast packets for any routing protocol
#iptables -A INPUT -j ACCEPT -d 224.0.0.0/24
#Syslog-ng
    iptables -t filter -A OUTPUT -p udp -s 192.168.1.13 --dport 514 -j ACCEPT

   true
}
:wq! (บันทึก)

Update Squid 2.5 to 2.6 (Version 2.5 ไม่สนับสนุน syslog)
$ rcsquid stop
$ rpm -Uvh squid-2.6.STABLE5-31.1.i586.rpm
 (created as /etc/squid/squid.conf.rpmnew)
 (rpm -Fvh ) -F : upgrade package(s) if already installed

$ vim /etc/squid/squid.conf
# comments
    #httpd_accel_host virtual
    #httpd_accel_port 80
    #httpd_accel_with_proxy on
    #httpd_accel_uses_host_header on



http_port 3128 transparent
##Additional line for Log Server
access_log syslog squid
access_log /var/log/squid/access.log squid

cache_dir ufs /var/cache/squid 2000 16 256
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

:wq! (บันทึก)
$ rcsquid start

Config syslog-ng (Version 1.6.8)
$ vim /etc/syslog-ng/syslog-ng.conf
#options { long_hostnames(off); sync(0); perm(0640); stats(3600); };
options {
   sync (0);
   time_reopen (10);
   log_fifo_size (1000);
   long_hostnames (off);
   use_dns (no);
   use_fqdn (no);
   create_dirs (no);
   keep_hostname (yes);
};
source src {
        internal();
        unix-dgram("/dev/log");
        unix-dgram("/var/lib/dhcp/dev/log"); # for dhcp server, if you run service dhcp.
        unix-dgram("/var/lib/named/dev/log");
};
ให้พิมพ์เพิ่ม ต่อจากบรรทัดสุดท้าย
## LogServer additional by Sontaya Photibut ##
destination logserver {udp("192.168.1.13" port(514));};

#
# Squid log to Centralized Log Server:
#
filter f_squid { program("squid"); };
destination d_squid {
 file("/var/log/$HOST/$YEAR/$MONTH/squid.$YEAR-$MONTH-$DAY"
 owner(root) group(root) perm(0600)
 create_dirs(yes) dir_perm(0700));
};
log { source(src); filter(f_squid); destination(logserver); };

#
# SSH log to Centralized Log Server:
#
filter f_ssh { program("sshd") and facility(auth, authpriv); };
destination d_ssh {
  file("/var/log/$HOST/$YEAR/$MONTH/ssh.$YEAR-$MONTH-$DAY"
  owner(root) group(root) perm(0600)
  create_dirs(yes) dir_perm(0700));
};
log { source(src); filter(f_ssh); destination(logserver); };

#
# Firewall (iptables) log to Centralized Log Server:
#
destination d_firewall {
  file("/var/log/$HOST/$YEAR/$MONTH/firewall.$YEAR-$MONTH-$DAY"
  owner(root) group(root) perm(0600)
  create_dirs(yes) dir_perm(0700));
};
log { source(src); filter(f_iptables); destination(logserver); };

#
# Apache2 (httpd) log to Centralized Log Server:
#
filter f_apache { program("apache") or match ("logger:"); };
destination d_apache {
file("/var/log/$HOST/$YEAR/$MONTH/apache.$YEAR-$MONTH-$DAY"
owner(root) group(root) perm(0600)
create_dirs(yes) dir_perm(0700));
};
log { source(src); filter(f_apache); destination(logserver); };

#
# POP3  Log Service.
#
filter f_pop3 { match("vpopmail|pop3"); };
destination d_pop3 {
  file("/var/log/$HOST/$YEAR/$MONTH/pop3.log"
  owner(root) group(root) perm(0600)
  create_dirs(yes) dir_perm(0700));
};
log { source(src); filter(f_pop3); destination(logserver); };
#
# IMAP Log  Service.
#
filter f_imap { match("imap"); };
destination d_imap {
  file("/var/log/$HOST/$YEAR/$MONTH/imap.log"
  owner(root) group(root) perm(0600)
  create_dirs(yes) dir_perm(0700));
};
log { source(src); filter(f_imap); destination(logserver); };
#
# SMTP or Sendmail Log Service.
#
filter f_smtp { match("qmail-scanner"); };
destination d_smtp {
  file("/var/log/$HOST/$YEAR/$MONTH/smtp.log"
  owner(root) group(root) perm(0600)
  create_dirs(yes) dir_perm(0700));
};
log { source(src); filter(f_smtp); destination(logserver); };

:wq (บันทึก)

$ SuSEconfig --module syslog-ng
$ rcsyslog restart

แก้ไข httpd.conf
$ vi /etc/apache2/httpd.conf
ErrorLog /var/log/apache2/error_log
## Add line for syslog-ng
ErrorLog syslog
LogLevel notice
CustomLog "|/bin/logger -p local1.info" combined

:wq! (บันทึก)
$ rcapache2 restart


 


Comments (0)Add Comment

Write comment

security code
Write the displayed characters


busy
 

SUSE Linux Enterprise Cool Solutions

  • ovpnstatd
    license: 
    GNU General Public License

    About:

    How 'ovpnstatd' works.

    ovpnstatd is a status collector daemon for OpenVPN. ovpnstatd can be started either interactively at the console or as a daemon in the background (--daemon).

    Use "--help", to get a brief listing of available options.

    If started interactively, all connected users and their update-events will be shown on the console-display. This start-mode is merely meant for testing/debugging.

    A tcp-port (50505) will be opened, by which a very simple but useful web page can be viewed (http://yourhost:50505). There you get an entry for every OpenVPN-user, whose status-data is available as a result of a connect-event since ovpnstatd's startup. Users who are online, appear as a light-green(ish) entry, disconnected users are shown in grey/white.

    The web page will remain empty, as long as no users have connected since startup of ovpnstatd.

    The web page is intended for internal (administrator) use only - no "mass media", as ovpnstatd is not a multi-threaded program.

    Should ovpnstatd already be running in the background, then you would have to change the port number (--tcp-port <NNNNN>) for your interactive session (if you really want it twice).

    Only if started as daemon, ovpnstatd will serve its main purpose, it will collect data of all connect, disconnect, update events, which are reported by any OpenVPN server-process, and write history in csv-format, that can easily be loaded into a database or viewed in a spread-sheet.

    In the same time, this data is also written to a FIFO-file "/<status_dir>/send_nsca_data" (/var/run/openvpn/send_nsca_data) in a format suitable for nagios's "send_nsca" utility.

    The default location, where collector-data is written, is /srv/www/apps/ovpnstat/datacol - it can be changed with:
    "--collect-dir <path-to-your-collector-directory>".

    The location where event-data of OpenVPN-hooks is expected, is "/var/run/openvpn". This can be changed with the option:
    "--status-dir <path-to-Your-status-directory>".

    NOTE: For this to work, you also have to turn on status-logging in OpenVPN config-file(s): "status <path-to-status-data.status>" AND activate the hooks: "client-connect <your-con-script.sh>" and: "client-disconnect <your-dis-script.sh>"

    Into the hook-script "your-script.sh" simply place/add the following echo command:

    into "client-connect.sh" add the lines
    echo -e "OVPN_PID=$PPID\n`env`" \
    >/var/run/openvpn/${common_name}.con

    into "client-disconnect.sh" add the lines
    echo -e "OVPN_PID=$PPID\n`env`" \
    >/var/run/openvpn/${common_name}.dis

    NOTE: The extension of hook output-files has to be
         .con for client-connect data-files
         .dis for client-disconnect data-files
         .status for status data-files given in OpenVPN config-file
    otherwise those files will not be recognized by ovpnstatd.

    You can display your favoured icon as a header of the web page.

    As default for this, a built-in OpenVPN-icon is displayed.

    If you want to replace the default icon in the source (ovpnstatd.h) look for variable "def_web_img64" and substitute its assignment by the output of "base64 -w0 <your-preferred-image>".
    But only take tiny images for this !!!

    If the TUN/TAP device driver control is not "/dev/net/tun" on your Linux-System, change it with: "--dev-node <Your tun/tap ctrl>"

    In case you want to raise the debug-level, use "--debug <N>"
    Level 0 = off, 1 = default, 2 = all

    Installation:

          # assuming that You've downloaded the tar-file to /usr/local/src
          # proceed als follows:
    
          cd /usr/local/src
          tar -xjvf ovpnstat.tar.bz2
          cd ovpnstat
          make clean
          make
    
          # Now for a test start openvpn status collector daemon interactively :
          bash ovpnstatd-test.sh
          
          # If You got an OpenVPN server up and running on the same host
          # then You can already take a look on the web-page
    
          firefox http://your-host-name:12345/
    
          # But NOTE: ovpnstatd must run on the SAME HOST, where openvpn-server is on
    
          # Also note, that collector-data is only written, if the program
          # is started in the background (--daemon ) .
    
          # So to start it for "normal" usage copy file into place:
          cp init-ovpnstatd /etc/init.d/ovpnstatd
          cp ovpnstatd /usr/sbin/ovpnstatd
    
          # only if You want to send data to Nagios, otherwise leave this away:
          cp send_nsca.sh
    
          # You also will have to create the collector directory
          # if this location does not meet Your needs, just modify STARTOPTS
          # in /etc/init.d/ovpnstatd and set --collect-dir to Your favoured 
          mkdir -p /srv/www/apps/ovpnstat/datacol
    
          # then start openvpn status daemon
          /etc/init.d/ovpnstatd start
    	  
    	  

    Special hints:

    Regarding Nagios NSCA:

    Before you use the Nagios notification script "send_nsca.sh", you need to edit it - change the ip of the Nagios host therein - have a look if all the path-names are suiting your needs - AND install the "send_nsca" binary. It comes with package nagios-nsca-<version>

    Once you have installed nagios-nsca on the Nagios server, you may just copy send_nsca from there to your openvpn-server (including its config-file) - that's all it needs.

    Also add a Nagios configuration - a hostname entry for your openvpn-server where ovpnstatd will be running (must match exactly the output of 'hostname' and a service entry for each common-name (service_description must match common-name), that you want to monitor passively.

    An example of a passive service config also is included here.

    Regarding collector data:

    The collector data is in csv format which allows you to easily load it into some database for your own web application.

    Bugs (and the like creepers):

    ovpnstatd is tested valgrind-clean and is running stable since quite a couple of months now on my openvpn-server.

    AttachmentSize
    ovpnstat.tar.bz255.34 KB
  • supportconfig for Linux
    download url: 
    http://download.opensuse.org/repositories/Novell:/NTS/SLE_10/noarch/
    license: 
    GPLv2
    home page url: 
    http://en.opensuse.org/Supportutils

    Description

    The updateSupportutils command compares the current versions of supportutils and its plugins to those installed on your server. Those that are outdated or missing are automatically downloaded and installed. Only those plugins that apply to your server are installed. The command supports creating a weekly or monthly cron entry to automatically check and update the supportutils package and its plugins. Click here to see a list of the current supportutils and plugin packages. The updateSupportutils command help screen follows:

    ################################################################
    # Supportutils Auto Update Client
    ################################################################
    
    Usage: updateSupportutils [OPTION]
    
    Description
      Makes sure the supportutils and supportutils plugin packages are
      installed and current.
    
    Options
      -m  Install a monthly cron for updateSupportutils
      -w  Install a weekly cron for updateSupportutils
      -d  Delete all installed cron entries for updateSupportutils
      -l  List all cron entries for updateSupportutils
      -u  Force RPM update on applicable packages
      -p  Exclude supportutils plugin packages
      -v  Verbose mode
      -h  This screen

    Note: Detailed system information and logs are collected and organized in a manner that helps reduce service request resolution times. Private system information can be disclosed when using this tool. If this is a concern, please prune private data from the log files. Several startup options are available to exclude more sensitive information. Refer to the supportconfig(8) man page to see these options.

    Update Instructions

    Run updateSupportutils as root.

    If you do not already have the supportutils-plugin-updater package installed, refer to the Installation Instructions below. If your server does not have network connectivity to http://download.opensuse.org, then install using the Option B (Manual) method.

    Installation Instructions

    Option A (Automated)

    1. Download the supportutils-plugin-updater
    2. Login as root
    3. Install the updater package
      # rpm -Uvh supportutils-plugin-updater-*.noarch.rpm
    4. Run updateSupportutils as root
      # updateSupportutils

    Option B (Manual)

    1. Download the supportutils and any applicable supportutils plugin packages for your server.
    2. Login as root
    3. Install the supportutils-X.XX-XX.XX.noarch.rpm
      # rpm -Uvh supportutils-X.XX-XX.XX.noarch.rpm
    4. Install the supportutils-plugin-*-X.X-X.X.norarch.rpm packages you want
      # rpm -Uvh supportutils-plugin-*-X.X-X.X.norarch.rpm

    Using Supportconfig

    To upload a supportconfig to Novell, run supportconfig -ur $srnum; where $srnum is your 11 digit service request number. You can also just run supportconfig for local use. By default, supportconfig saves its information in /var/log/nts_hostname_date_time.tbz.

    Consider using the Novell Support Advisor to perform an initial analysis of your servers. It will generate an HTML report that links you to Technical Information Documents that directly relate to any server issues identified.

    Reporting Bugs

    Updates to Supportconfig Version 2.25-320:

    • Fixed HA error when cibadmin -Q doesn't connect
    • Fixed ldapsearch search on non-default port
    • Added systool base output to sysfs.txt
    • Added getappcore tool to gather application core files
    • Added analyzevmcore tool for kernel core analysis
    • Supportconfig includes analyzevmcore files in crash.txt
    • /etc/services included in network.txt

    Updates to Supportconfig Version 2.25-314:

    • Changed to systool for sysfs.txt
    • Added local binary list to rpm.txt
    • Added nlvm to novell-nss.txt for OES11
    • Updated copyright years
    • Added curl check for update registrations to update.txt
    • Fixed conf file execution in plugins directory
    • Added a supportconfig summary in summary.xml
    • Added /etc/init.d/halt.local to boot.txt
    • Added OPTION_UFILES for fs-files-additional.txt. [see supportconfig.conf(5)]
    • Fixed fslist_info order
    • Added kdump rpm check for sles11sp1
    • Added plugin-icommand to scplugin.rc for internal bash commands
    AttachmentSize
    supportutils-plugin-updater-1.0-19.1.noarch.rpm6.99 KB
    supportutils-1.20-59.1.noarch.rpm107.48 KB
  • Deploying Linux images can be fun!

    Johannes Renner, one of the developers in our SUSE Manager team, recently posted a very useful blog post about using SUSE Studio to create Linux images. The latest update for SUSE Manager makes this a lot simpler.

    He wrote:

    You already know that it’s possible to use SUSE Studio for creating Linux images that will automatically register with SUSE Manager once deployed to a virtual host and booted for the first time.

    From now on you can make use of this feature in a much more convenient way. The final piece of the integration between the two SUSE products is now included with the latest update for SUSE Manager.

    Starting up a new virtual system using SUSE Manager can now be simplified to the following steps:

    1. Choose the image from a list.
    2. Specify deployment parameters.
    3. Go for it.

    For the details, read this post.

  • ATT Live - Last Call

    As the event owner for ATT Live, I want to reach out and extend one last invite to this year's ATT Live conference in Las Vegas Nevada - May 15th-18th. For as long as I can remember, this has been a December conference, with an occasional repeat in the early spring based on demand. However, this year... the sunshine and warm weather of May are awaiting us in Vegas, and it could not be more welcomed!

    If you have not attended ATT Live in the past 10 years, I encourage you to check it out. You can link to the live landing page at www.novell.com/attlive. Over the years, we have made this the premier technical conference and each year we listen to our attendee's feedback making each year an improvement on the previous. This year is no exception!

    I wanted to share some highlights of this year's conference for your consideration, and if you are looking for that last attempt to get approval these things might just help.

    • Additional hands-on sessions - We have extended our tracks from 10 to 12, offering a good mix of sessions across the three Business Units. You will find 6 tracks focused on Novell ZENworks, Open Enterprise Server and GroupWise. Three tracks on NetIQ, both legacy Novell Identity and Security products and legacy NetIQ products, giving you a great opportunity to explore some new products in this space, and last, but not least, three full tracks on Suse Linux. Check out the full schedule here - http://www.novell.com/training/attlive/sessions.html
    • We have invited more product experts - In order to extend our tracks, we have invited more services employees to help deliver these sessions, adding their product knowledge and real world experience to the sessions. Product managers will also be coming to explore product roadmaps and take your feedback back to the office.
    • Certification and Practicum - Whether you are seeking certifications to validate your knowledge, seek a career advancement or just test your knowledge, certification has been included in the price of the event. We ran out of seats last year, so we opened up more sessions this year to make sure all those wanting a chance to test, have the chance. The Linux practicum will also be available in limited slots to help you get that professional Linux certification. Of course we would want you to pass, but because there is no additional charge, no one has to know if you fail.... nothing is harder than submitting a failed exam on your expense report.
    • More food, more afternoon sleeping - The M resort is known for its excellent food, buffets, and restaurants, so we are taking what worked well for us last year and have extended our buffet vouchers for lunch, giving you your choice and quantity of food, not ours. If you have any complaints on the food, you can only blame yourself for filling up your plate with the wrong things.
    • First ever Alumni event, a thanks to those who always support us - If you are an ATT Live Alumni we want to welcome you to our first Alumni event on Tuesday night. We are excited to have the M Resort open up the Winery for our use. Make sure if you are registered that you plan to join us on Tuesday night. Check out the venue here - http://www.themresort.com/dining/hostilegrape.html
    • Low travel costs. Vegas always offers the most affordable travel costs of anywhere I know. Seems you get more for your money when you keep it in your pocket and off the tables. However, I thank those that put the money down, seems to keep the expenses for the rest of us to a minimum (as if... I keep my money in my wallet). We have worked hard to keep the costs of the hotel down, with a low rate, and travel to and from the airport included.

    There are plenty of reasons for coming, and we look forward to "filling" the hotel during the week. We will have one of the highest attendances yet, and look forward to seeing you there. If you have considered attending, don't wait, it will be well worth your time and investment.

    If you have any questions or comments, you can reach my team at training@novell.com. We will be watching the inbox for your interest and will do what we can to get you there, and home happy that you came.

    Thanks -
    Jeff McMurdie

  • ATT Live 2012 Session Spotlight--Dr L's CLP 11 Pain Points Sessions

    (Note: To see a list of all the sessions planned for ATT Live 2012, go to http://bit.ly/Asgjo4.)

    At ATT Live 2012, Dr Bjoern Lotz, the designer and creator of the CLP 11 exam scenarios and evaluation scripts, will be presenting 3 sessions on the various common issues and mistakes that most often make the difference between passing and failing the SUSE Certified Linux Professional (CLP) 11 Practicum Exam. These sessions are:

    • Dr. L's Treatment for the CLP Pain Points #1: Scripting in the CLP
    • Dr. L's Treatment for the CLP Pain Points #2: NFSv4 and Syslog-ng
    • Dr. L's Treatment for the CLP Pain Points #3: Apache and Samba

    These sessions will be especially helpful for SLES 11 server administrators who want to achieve the SUSE CLP 11 certification. And ATT Live 2012 is a prime opportunity to get this certification because the CLP 11 practicum exam will be offered for free on days 3 and 4 of the event.

    I asked Bjoern to provide a bit of useful information from each session that would give you an idea of what to expect if you're interested in taking advantage of this opportunity to prepare for and take the CLP 11 exam. The following information is just a taste of what you'll learn in these sessions. You'll really need to come to ATT Live if you want the full learning experience--demonstrations, hands-on labs, interaction with the instructor, etc.

    Scripting in the CLP

    One of the common issues that comes up when performing scripting tasks in the CLP exam is that the script does not execute without errors. Among the steps you can take to make sure the script executes properly is to use the following script troubleshooting techniques:

    If you do not immediately see why a script is returning errors, you can

    • Add set -x at the top of your script - when executing the script you see additional information that can help you find the error
    • Put echo in front of commands – that way they are not executed but displayed in the output
    • Put read into your script to pause it – hit enter to continue it
    • If you don't want to run the whole script, put exit at the point where you want it to end
    • Don't forget to remove (or change into a comment with #) the above when you are done

    NFSv4 and Syslog-ng

    The common mistakes made when performing Syslog-ng tasks in the CLP exam arise from not knowing how to create filters or modify existing ones. Filtering rules that will help you in performing these tasks successfully include the several criteria that can be used for filtering:

    • Facility:
      filter f_news { facility(news); };
    • Priority
      filter f_alert { level(alert); };
    • Program (regular expression)
      filter f_dhcpd { program(“dhcpd”); };
    • String (regular expression)
      filter f_firewall { match(“IN=”): };
    • Hostname (regular expression)
      filter f_gateway { host(gateway); };
    • Elements can be combined:
      filter f_errcrit { level(err, crit); };
      filter f_mailnews { facility(mail, news); };
      filter f_iptables { match(“IN=”) and match(“OUT=”) ; };

    Apache and Samba

    A common mistake seen in the exam related to the CLP 11 Practicum Apache tasks is there are missing elements in the virtual host configuration. Some tips to keep in mind to perform these tasks successfully are:

    • The configuration is distributed across several files in /etc/apache2/, including
      • httpd.conf
      • default-server.conf
      • vhost.d
      • listen.conf
      • error.conf
      • Some configuration options are contained in /etc/sysconfig/apache2, which are used to create configuration files in /etc/apache2/sysconfig.d/
    • Virtual hosts are used to provide the Web pages of several domains on one IP address
    • To create a virtual host, you need to create a configuration file in the /etc/apache2/vhsots.d/ directory
    • The file name has to end in .conf
    • The /etc/apache2/vhosts.d/vhost.template file lists the needed parameters with comments explaining their use. You can copy that file and edit it for your virtual host

    Register today for the event and for Dr L's CLP 11 Pain Point sessions before they fill up at: www.novell.com/attlive!

    ATT Live 2012
    May 15-18, 2012
    Henderson (Las Vegas), NV
    4 days of instructor-led, hands-on advanced technical training for only $1,750

    Please follow Novell, SUSE, and NetIQ Training on:
    http://twitter.com/novell_training
    http://www.facebook.com/NovellTraining