/home

Icon

Informations, tips and technics.

How to log in syslog-ng when the message does not have the hostname field

Depending of you syslog-ng configuration, you may have configured your logging system to write a different at different place (folder created by year and month for ex) and for each different hosts that contact your syslog server.

I will not detail here all the configuration needed for that (or maybe later if you are nice) but I will explain a trick that can help you when the syslog-ng server does not want to create a file for a host and put its messages in the Fallback file. 

Usually, all is working fine with simple filters, like this one :

filter my_filter { host("myserver");};

Here, ‘myserver‘ is in fact the hostname in the message header (should be in third position after the date and the hour/timestamp). Some device may send their messages without the hostname field in the message resulting the log written in the fallback file.

In this case, you can use netmask intead of host, like this:

filter my_filter { netmask("<ip address of the server>/<netmask>");};

for ex : filter my_filter { netmask(“192.168.1.100/255.255.255.0“);};

Which should this time make your redirection to work well and the file created for this host correctly.

Note: using /32 does not work at all, use the entire netmask instead.

Advertisements

Filed under: Linux, , , , ,

Nagios NRPE_NT configuration with MSSQL$…service

I don’t know if you know Nagios but it is a quite nice (yet tricky) monitoring solution for you IT infrastructure. With this open-source solution, you can monitor daemons and services, nics, CPU load, memory use, disk usage, etc. for your Linux and Windows systems. 

I came recently across a problem when adding a SQLServer service to my nrpe.cfg config file using the NRPE_NT client. For the background, some software like McAfee Epolicy Orchestrator, BrigthStore Arcserver installed themselves with a limited version of SQLServer. The point is the SQLServer service (name of the service) is listed in the registry something like this MSSQL$<name of your application> (ex: MSSQL$EPOSERVER).

If you try to just copy/paste that name in your nrpe config file, Nagios will says something like:

MSSQL$EPOSERVER$ : Service unknown

As you can see, it add a $ sign at the end.

To correctly monitor this service in Nagios (when your use NRPE_NT), configure your nrpe.conf file like this:

  • # Epolicy Orchestrator MSSQL Service
    command[check_epomssqlservice]=c:\nagios\nt_plugins\check_nt -H localhost -v SERVICESTATE -l MSSQL”$$”EPOSERVER

Note the “$$” (double quote, dollar sign, dollar sign, double quote) between MSSQL and the name your application/software.

Filed under: Windows, , , , ,

Catalyst 8.1 are out with AGP patch

A good news for all of us that have a AGP card and DirectX issues with the 4 or 5 previous drivers from AMD. The Catalyst 8.1 drivers are out and the fix for AGP card also (the web page that is fix is unsupported which I found funny but well, if they works…).

I will test them as soon as I can and try to find how they manage to fix the AGP issue.

The links:

Note: The fix is for Windows XP and Windows Vista. For 64 bits versions or to access the general driver download section, go here. 

Filed under: Windows, , , , ,

Error occurred while downloading file SiteStat.xml

When you use McAfee Epolicy Orchestrator and have deployed CMA (Common Framework Agent) AKA McAfee agent or Epo Agent, you can receive this error message when you try to update the agent and when it contact the EPO server:

Le log are located in C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_<server_name>.log:

...
Error occurred while downloading file SiteStat.xml
Error downloading file \SiteStat.xml, naInet GetLastError() = 0
...

In my case I was able to resolve this issue because Epo Server or the CMA installation is confused about what IP address to use. On my Epo Server, I have two NICs, one is for the backup network and the other one the normal LAN access.

I have created the Framework package called FramePkg.exe and installed it manually on some servers. The server then reported them as non compliants and each CMA failed to retreive the SiteStat.xml file from the Epo server.

I had to modify the following files on each problematic server located at C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework:

  • SiteMapList.xml
  • SiteList.xml
  • ServerSiteList.xml
  • Stop the McAfee Common Framework service
  • Go the the folder indiacted above
  • Locate for each files indicated above the IP address, check and modify if needed the false IP address of the EPO server and replace it with the good one.
  • Restart the service

Of course, you will have to do this at the server level also. On the EPO server, there are some files you could edit and change the ip address:

  • In C:\Program Files\McAfee\ePolicy Orchestrator, open SiteInfo.ini and modify the value for LastKnownIP (LastKnownIP=<ip address>)
  •  In C:\Program Files\McAfee\ePolicy Orchestrator, open server.ini and add at the end of the [SERVER] section the value ServerIPAddress=<ip address>
  • Restart the EPO services and you should be ok.

After that, if you starts an update session, all should be correct this time.

Filed under: Windows, , , ,

Recover root password in linux

I will post some comments later but here are some interesting links.

Filed under: Linux, , , ,

bash and time calculation

I could be fun to have a little time calculation when executing a script within a crontab job, so here is a small one:

#!/bin/ksh# At script beginning, get day of month.
BDAY=$(date +%e)
# Get time in seconds.
((BTIME=($(date +%H)*3600)+($(date +%M)*60)+$(date +%S)))

#
# script
#

# At script end, get the end day of month.
EDAY=$(date +%e)
# Add 24hrs in seconds, if days don't match.
# It assumes run time is not over 48 hours.
[[ $BDAY == $EDAY ]] && DAY=0 || DAY=86400
# Get the end time in seconds.
((ETIME=$DAY+($(date +%H)*3600)+($(date +%M)*60)+$(date +%S)))

# Calculate and print the time elapsed.
((TOTAL=$ETIME - $BTIME))
print "Elasped Time: \c"
((HOURS=TOTAL / 3600))
((TOTAL=TOTAL - (HOURS*3600)))
print "$HOURS hours, $((TOTAL / 60)) minutes, $((TOTAL % 60)) seconds."

Ref : link

Filed under: Bash, Linux, , , ,

rsync and ssh

I am currently working on a project that involve doing an rsync session to a server using ssh to secure the transfer. I have found very interesting articles to do this and I post them here in case someone want to read them too:

I will try to post my recipe has soon as I can but I hope those informations and link above can help.

Filed under: Linux, , , ,

Happy New Year 2008!

Dear visitor,

I wish you, your friends and family to have a great 2008 year, with plenty of success in your professional an personal life, happiness and of course health. May this year 2008 the year of the accomplishment of all your dreams and hopes.

May also this year give us at last working drivers for Linux and Windows for those having trouble like me to make them work correctly.. 😉

Happy new year 2008!

Filed under: Uncategorized,