Schemathings

Just ran across a little thingie mabob that caused some head scratching. Was testing my new postfix / smtp-auth setup and discovered that if I telnet SERVERNAME 25 from within my network I get all the nice server responses after an EHLO myserver.mydomain.com … turns out if i do the same from outside I get ‘550 command not implemented’. After a little digging and testing various combinations it occured to me that the firewall was the likely culprit, and sure enough The Debian-ISP list had this thread about exactly the same problem. Its odd that a bug identified with ESTMP on Cisco PIX routers in January 2003 still exists in late 2005. Anyway the simple fix was to issue the following command to the PIX:
no fixup protocol smtp 25
and it worked.

I ran across S5 Presents – An open-source web-based slideshow application: while I was doing some further reading about yum repositories and rpm. The S5 presents package is written in very few lines of ruby using Ruby on Rails and implements the spec proposed by Eric Meyers of CSS book fame at S5: A Simple Standards-Based Slide Show System.

I found all this because of Bart Teeuwisse who had a presentation on the S5 Presents site about using yum repositories to distribute OpenACS rpms as a means of promoting the use of OpenACS and AOLserver, a very powerful webserver with great database connection pooling and embedded tcl intpereter. I’m wondering if there is some sort of sampling bias in effect. It seems like whenever I research web topics of any note I run across pages by OpenACS developers, even if they are currently developing on different platforms.

I’ve been doing some research on the best way to consolidate server logs so they actually get looked at (gasp!)

Since I’m far more linux than windows, it makes sense to use syslog. I understand that in windows you can consolidate event logs, but that’s not useful to me here. What’s nice is all the devices (router, firewalls, switches) will also log to syslog, so its a pretty
obvious thing to do.

For now I’ll just list the tools and approach I’m considering:
To enable any windows machines to dump the event logs to syslog: Snare Eventlog Agent for Windows.
As mentioned above, all my other devices already have syslog enabled.

So now that I can log everything to one place, what do I use for threshold / event monitoring?

The leaders in the race appear to be:

• LogSurfer or LogSurfer+ (same site) – which grew out of the Swatch project.
• Simple Event Coordinator, which is described quite thoroughly in this SEC tutorial/article and in a very thorough paper describing the operations at John Rouillard’s site. SEC seems very robust, but maybe overkill to configure, since I generally know if the machines are misbehaving. I’ll definitely at least play with it to see what its capable of.

Setting up cacti is a bit confusing at first. By using the method I did to configure snmp, it’s easy to see how to configure scripts to return data at certain MIB numbers.

The main thing to be clear on when setting up cacti is the sequence you go through to get a graph up.

1. Create a device
2. Create a Data Input Method
3. Create a Data Source
4. Create a Graph
5. Add Graph to Graph View

For details, there is a good walkthrough at Simplest Method of Going from Script to Graph.

Quick method, immediately after install:

yum install net-snmp
yum install net-snmp-utils

snmpconf -g basic_setup

Pick reasonable values. I enable one of each kind of monitor so I have some examples, and only enable snmp 1 / 2c READONLY communities with a community string specific to my setup. I enable one rocommunity for localhost testing and then create another with the same community name reachable from my cacti server.
This ends up looking like this in /etc/snmp/snmpd.conf (use your settings)
rocommunity MYCOMMUNITY1234 cactiserver.localdomain.com
rocommunity MYCOMMUNITY1234 localhost

I use localhost rather than hostname so the config is portable across machines.

FOR those like me that are too lazy to walk to the console and use the GUI, otherwise enable snmp/UDP in the GUI.

iptables --insert RH-Firewall-1-INPUT 9 --protocol udp --dport 161 -j ACCEPT

note – rule 9 in the chain is about right if you have ssh and http enabled. Just want it to be before the final rule.
Do an iptables –list and count down to right before the final REJECT rule – use that number (one less than reject) instead of 9.

chkconfig snmpd on
service snmpd start

lsof -i UDP:snmp
#confirm its listening on port
snmpwalk -Os -c MYCOMMUNITY1234 -v 1 localhost system
#confirm its up locally
snmpwalk -On -c MYCOMMUNITY1234 -v 1 localhost prTable
#look at process monitor you setup during config, get MIB number
snmpwalk -On -c MYCOMMUNITY1234 -v 1 localhost dskTable
#look at disk monitor you setup during config, get MIB number

Etc. You can read the whole list in /usr/share/snmp/mibs/UCD-SNMP-MIB.txt in the section called ‘Current UCD core mib table entries’.

#Test again from cactiserver
snmpwalk -Os -c MYCOMMUNITY1234 -v 1 TARGETMACHINE system

It works? —

iptables-save > /etc/sysconfig/iptables

(or it won’t work after you reboot!)

DONE!

I just ran across this site Silicon Valley CCIE. They have 3 great online guides:

• Linux Networking
• Cisco Networking
• Data Center Relocation

Worth a visit!

I’m listening to my favorite radio station right now – WPKN and the program right now is an interview with the James Kakalios, author of “The Physics of Superheroes”.

The author is explaining the ‘one time miracle exemption’ for superheros. They have to obey normal laws of physics, which he explains throughout his book, and he concludes the book with a chapter that explains the exemptions the superheros have been granted

We heard about Flash, The Atom, T.H.U.N.D.E.R., the X-men, WonderWoman and many others.

A good discussion of the legacy of the hard sci-fi era, silver age of comics, etc. I wish there were an mp3 archive

I decided to call in and point out a cool place I ran across in Brooklyn, Brooklyn Superhero Supply Center, a retail store that sells superhero supplies to fund a non-profit that does reading programs for kids. A good place to buy invisibilty spray and costume your superhero (or villain) alter ego. I also threw in a few sci-fi authors who were in the hard scifi camp – Larry Niven, Isaac Asimov, Vernor Vinge, etc.

The author’s site is at The Physics of Superheros.

In some vague sense, I have been trying to build my datacenter with the principles over at Infrastructures.org. One of the principles is Time Synchronization.

I considered buying a network time device that uses GPS to provide a local stratum 1 server -gizmos such as Symmetricom or Spectracom product line.

After looking at their sites as well as several others and only finding links for ‘request quote’ for pricing, I decided to look for alternatives. I’m obsessive, but not so obsessive that I feel like getting marketing spam just for looking at gear.

University of Utah IT Department did a good writeup of their NTP architecture and how they intend to distribute time across campus.

A little too big an architecture for me – I just want to set the time on a few dozen servers and clients without having each of them go out to the net.

So, with a dedicated device purchase on hold because of arcane marketing practices, I happened to be setting up BGP on my router with the help of my friend Brian who runs Secure Network Designs. He set up a large-ish ISP called Airnetlink, which was doing wireless T1 sales in office parks. Since he had multiple T3s that were multi-homed (and he’s an old friend) he was able to quickly set me up on the BGP side, and I noticed in the Cisco config script the following:

ntp clock-period 17180547
ntp master 6
ntp server 192.5.41.41

So, I did a little digging, and discovered that my router can poll data from the US Naval Observatory (most people’s choice for an NTP server) – there are two, tick and tock. Also, the router can do NTP broadcast into my network, which eliminates the need for each machine to poll.

So I will just be setting the cisco to broadcast ntp into my interior and configure NTPD to listen in broadcast mode.

An important aspect of maintaining the systems will be to keep current copies of the software I use. I have settled on using yum for my package maintenance and upgrades, and a few packages I like aren’t in the default centos distribution.

To add my favorites, I am using Dag Wieers’ Repository by doing the following (on centos 4.2):

create a file called /etc/yum.repos.d/dag.repo with the following:
[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1

and then import the gpg key like this:
rpm –import http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt

After that I was able to just run
yum install cacti
and had all I needed to run cacti. PHP-SNMP, Mysql, RRDtool etc.

Very cool!

I’ve been thinking about ways to play radio from a central PC in my house and looked at quite a few devices.

Here’s a short list of ones that look cool:

CD3o makes adapters that stream to your stereo

Slim Devices Squeezebox looks very cool.

Sound Blaster Wireless Music is in the category but seems more limited.

Roku Soundbridge is another cool looking device.
The Squeezebox and SBWM are compared in Tom’s Hardware Guide

More later – just starting to investigate.