Monday, January 06, 2014

解決facility與severity在LogAnalyzer是空白的問題

最近實作中也碰到了這個問題,解決的方法如下:
http://wiki.rsyslog.com/index.php/Fix_blank_Facility_and_Severity_columns_in_loganalyzer

補充:
如何改變syslog到Rsyslog format23? 原文並沒有提到唷!這邊幫忙補充一下。

只需要一個步驟,那就是修改LogAnalyzer的config.php,把LogLineType從syslog改成syslog23如下:
$CFG['Sources']['Source2']['LogLineType'] = 'syslog23';

Wednesday, December 18, 2013

How to turn on wireless monitor mode to sniffer 802.11 wireless frame on OSX 10.9?

Install:
Step1. Install XQartz(X11) for OSX 10.6 or later (http://xquartz.macosforge.org/landing/)
Step2. Logout and login OSX by Admin account.
Step3. Install Wireshark for OSX 10.6 and later Intel 64 bit (http://www.wireshark.org/download.html)
Step4. Launch Wireshark and chose XQartz as X11 environment.
Step5. Turn on monitor mode -> http://ask.wireshark.org/questions/26270/how-to-turn-on-monitor-mode-on-mac-osx-1075

Specify channel for 2.4G or 5G radio:
Step1. sudo ln -s /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport
Step2. sudo airport -z #disassociates you card from the current network
Step3. sudo airport --channel= ["channel you want to switch to"] #sets the channel the card monitors on

Tuesday, December 03, 2013

為何tail -f | grep "" >> 檔案 然後發現資料不完全? missing line?

昨天被同事問到這個問題,由於小弟智力有限一時間竟無法理解,然而今天找到答案了,原來是libc對於這種 pipe的結構不會自動去清除buffer,所以一旦buffer滿了(4KB by default)那接下來的資料就無法繼續傳給pipe之後來處理,所以就會missing line囉,解決的方法就是手動自行清除buffer如下以避免爆炸。

tail -f | grep "pattern" --line-buffered >> /tmp/log &

Monday, October 28, 2013

How does snmptrap work on Linux?

在此簡單記錄下如何設定CentOS接收snmp v2與v3的trap event.

Steps:
1. 安裝net-snmp。

2. 確定snmptrapd已經安裝於系統。

3. 匯入mibs files:
先確定mibs的目錄:
[root@localhost ~]# net-snmp-config --default-mibdirs
/root/.snmp/mibs:/usr/share/snmp/mibs
可以看到我的mibs可以放在/root/.snmp/mibs or /usr/share/snmp/mibs,在此我選擇放在/usr/share/snmp/mibs。

4. 設定snmptrapd可以接收snmp v2與v3的trap event:
開啟並編輯[root@localhost mibs]# vi /etc/snmp/snmptrapd.conf 如下:
#SNMP v2 with community as public
disableAuthorization no
authCommunity log,execute,net public
# SNMP v3 with user as admin and passphase as aaaaaaaa
createUser admin MD5 aaaaaaaa DES aaaaaaaa
authUser log,execute,net admin

5. 不以daemon的方式啟動snmptrapd:
[root@localhost mibs]# snmptrapd -m all -c /etc/snmp/snmptrapd.conf -Lo -f
NET-SNMP version 5.3.2.2
-m all -> 讀入所有的mibs files
-c -> 預設的configuration file
-Lo -> 輸出到基本output
-f -> do not fork from the shell
這邊你會看到snmp trap event會輸出至螢幕,方便debug用。

6. 以daemon的方式啟動snmptrapd:
[root@localhost mibs]# /etc/init.d/snmptrapd start
正在啟動 snmptrapd:                                        [  確定  ]
而這裡你將會看到snmp trap event會被寫入到/var/log/messages。






Friday, August 02, 2013

How to enable auth details in FreeRADIUS log?

Here to describe how to enable detail auth information and authentication requests to the log file in FreeRADIUS.

FreeRADIUS 1.x:
Open and edit /etc/raddb/radiusd.conf to set:
log_auth = yes
auth_log
detail auth_log {
                detailfile = ${radacctdir}/%{Client-IP-Address}/auth-detail-%Y%m%d
                #
                #  This MUST be 0600, otherwise anyone can read
                #  the users passwords!
                detailperm = 0600
         }


FreeRADIUS 2.x:
Open and edit /etc/raddb/radiusd.conf to set:
auth = yes
Open and edit /etc/raddb/sites-available/default to set:
auth_log



Thursday, June 27, 2013

How can I allow IP protocol 47 (gre) via iptables to connect a GRE GW?

Topology:
GRE GW1 ----- Switch -----(eth0)Linux NAT Router(eth1) ----- Switch ----- GRE GW2

To configure IP protocol 47 to GRE GW on NAT Router below:
# iptables -t nat -A PREROUTING -i eth0 -p gre -j DNAT --to-destination 10.10.2.186  
Where 10.10.2.186 is GRE GW2's IP.


To configure L2oGRE on Linux:
# modprobe ip_gre
# ip link add link gre0 name tunnel0 type gretap remote 192.168.0.1 local 10.10.2.186
# ip link set tunnel0 up
# brctl addbr br0
# ip link set br0 up
# ip link set eth2 up
# brctl addif br0 tunnel0
# brctl addif br0 eth2

Monday, April 01, 2013

Set http/https proxy server in Linux CLI

HTTP:
# export http_proxy="http://10.10.10.254:8080"

HTTPs:
# export https_proxy="https://10.10.10.254:8080"

Where 10.10.10.254 is the IP of Proxy Server, and 8080 is port number.

Remove:
# unset http_proxy
# unset https_proxy

Afterward you can use curl to verify.