We all know the great things screen can do for a sysadmin – you can detach running process and come back to see it anytime.
But if you want to see what was happening while you were gone, you need to browse the history of the shell process.
It’s simple, CTRL+A [. That means CTRL+A to enter command mode, then release it and press character “[“.
More in detail here.
After setting up a config file for the NTP on every server, i figured out that a stock settings just work.
so adding:
ntpd_enable="YES"
ntpdate_enable="YES"
to the /etc/rc.conf just does the trick (and starting services if not rebooting the server).
After some moments of running the ntp client you can check it with:
# ntpq -c peers
remote refid st t when poll reach delay offset jitter
==============================================================================
*ntp2.Housing.Be 128.32.206.55 2 u 16 64 377 189.371 -14.785 5.513
mighty.poclabs. 169.229.70.64 3 u 28 64 377 132.913 -14.411 5.034
+vps1.cobryce.co 64.235.98.66 3 u 16 64 377 180.600 -22.410 5.258
where servers marked with * are the selected server and + are the candidates for ntp sync.
In order for HP iLo 2 management interface to continue working on a shared ethernet port after FreeBSD kernel loads the bge drivers, you must add following line to /boot/loader.conf
hw.bge.allow_asf="1"
And reboot.
Hope it will save you some minutes figuring it out…
S.
Since many of you are still connecting to your Cisco boxes with the plain ssh/telnet command (typing password every time) and since Cisco boxes don’t have SSH public key authentication, the tool to use comes from Rancid (Really Awesome New Cisco confIg Differ) package.
It’s called “clogin” as Cisco login script.
It requires all the credentials in ~/.cloginrc file (protocol / password / enable).
Syntax of .cloginrc file can be found here.
and usage is simple, just clogin hostname
And besides loging it’s very usefull for multiple box configuration. Let’s say you just need to write configs of your 5 routers.
clogin -c "write;exit" router1 router2 router3 router4 router5
and Voila !
S.
There’s a really easy way of controlling bandwidth of an interface (e.g. guest interface).
It’s done via queues:
/queue simple add interface=guest max-limit=2M/2M disabled=no
Where “guest” is the interface name and 2M is the down/uplink speed in bps you want to shape it to.
More about this on Mikrotik Wiki
S.
I had a strange issue with hp-ux x11 forwarding over ssh. xclock, xterm ran fine but hpterm and some other x11 programs didn’t start, claiming error:
X11 connection rejected because of wrong authentication.
after some searching I found following fixed the issue:
/opt/ssh/etc/sshd_config:
X11UseLocalhost no
(must be set to no, default is yes)
S.
I can’t believe it…
Failover on Cisco ASA silently stops working after you enable ipv6 configuration.
We’re used of stupid Cisco bugs, but this wins it all !
S.
Portfwd was the choice of software when I ever needed to forward a port from the server to another server – multiple hops away (not NAT port mapping).
It uses configuration like this (193.2.1.66 is the local ip, 193.2.1.80 is destination server IP):
bind-address 193.2.1.66
tcp { 55443 { => 193.2.1.80:443 } }
tcp { 55022 { => 193.2.1.80:22 } }
But it fails doing its job right when you use this on a really busy port/service (500 or more simultaneous established TCP connections).
pf does the forwarding well even over 1000 TCP connections. Example:
rdr on em0 proto tcp from any to 193.2.1.66 port 55443 -> 193.2.1.80 port 443
rdr on em0 proto tcp from any to 193.2.1.66 port 55022 -> 193.2.1.80 port 22
nat on em0 from any to 193.2.1.80 -> 193.2.1.66
– the em0 is the name of the outside interface. Without the nat rule, destination server would see a packet with source ip of the client so it would send a packet back directly to the client which causes asymmetric routing and very possible problems. The nat rule changes the source IP to the port forwarders one.
Happy forwarding,
S.
A few minutes before coding my own perl script, which would alert me on certain log entries, I’ve found a software which does it’s job very well.
It’s called swatch – yes, really impressing web site and lack of documentation, examples is tipical for a geek’s tool.
example config – very simple:
watchfor /Security violation occurred/
mail addresses=ninja@level13.org,subject="SWATCH warning - switch_name"
and the command line invocation:
# /usr/local/bin/swatch -c /usr/local/etc/swatch/switch_name.conf -t /var/log/syslog/switch_name.log --daemon --use-cpan-file-tail
–daemon for forking it in the background
–use-cpan-file-tail is needed so that the swatch will tail file even after it’s rotated by the rotating script, but make sure that the perl module File::Tail is installed
It can of course match multiple patterns (multiple watchfor sections) on the same log file, but you must run multiple instances of the software for tailing multiple log files.
Make sure to read swatch man page.
S.
I think it is better to write in english, since I’m often googling around about some problem and land on a site in chinese with some configuration pasted in the site.
The problem is I don’t know what poor chinese boy wrote: “This configuration is working for me:” or “This configuration is not working at all, can someone help me:”. So I try it. Never worked.
Recently I found a post which nicely describes statuses of FreeBSD memory allocation.
Top shows:
Mem: 4589M Active, 13G Inact, 489M Wired, 733M Cache, 214M Buf, 886M Free
And the snip from the post:
Memory normally moves along the following path:
Wired -> Active -> Inactive -> Cached -> Free
and then when it gets allocated and used it moves back to Wired.
The difference between the categories is mainly that “Inactive” and
“Cached” memory still contains data that the system might be able to
reuse, while “Free” memory is completely free and unused.
In order to use Cached or Inactive memory it might need to be flushed
first, with Inactive probably being dirty and Cached probably not.
(“Active” memory is almost certainly dirty and is therefore somewhat
more expensive to reuse.
Copyright © 2004–2009. All rights reserved.
RSS Feed. This blog is proudly powered by Wordpress and uses Modern Clix, a theme by Rodrigo Galindez.