Friday, October 17, 2014

How to add custom sensor for PRTG monitor (Linux)

Let say You have some custom script on Linux You want to monitor in PRTG
Main, monitor Redis Keys.

nano /etc/snmp/snmpd.conf

Add the script as following to end of the file:

extend redis_keys /path/to/script.sh

Restart snmpd

/etc/init.d/snmpd restart

Now , we need to find the OID value for our script:


snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutputFull.\"scriptname\"

some times , you need to add mib library to get OID values:

apt-get install snmp-mibs-downloader

In my case , script name is “redis_keys” , so it look like:

snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutputFull.\"redis_keys\"
.1.3.6.1.4.1.8072.1.3.2.3.1.2.10.114.101.100.105.115.95.107.101.121.115

The output is our OID for PRTG:
.1.3.6.1.4.1.8072.1.3.2.3.1.2.10.114.101.100.105.115.95.107.101.121.115

Before deal with PRTG , I want to be sure , my script working and return value:

snmpwalk -v 2c -c [Community String] localhost .1.3.6.1.4.1.8072.1.3.2
 iso.3.6.1.4.1.8072.1.3.2.4.1.2.10.114.101.100.105.115.95.107.101.121.115= STRING: "/ssd/home/adika/monitor/keys" 


Where [Community String] is You PRTG Community String

Now In PRTG:


Choice CUSTOM


Add our OID


Posted by at No comments:

Thursday, October 16, 2014

Linux find files between dates

touch -t 201409070120.01 first (yyyymmdd-hour)
touch -t 201409080120.01 last (yyyymmdd-hour)

find perl files between date range:

find . -type f -name '*.pl' -newer /root/first ! -newer /root/last -exec ls -s {} \;

remove files with specific extension

find .  \( -name "*.php" -o -name "*.html" -o -iname "*.htm" \) -exec ls -s  {} \; -print -exec rm {} \;

remove files with specific extension and contains some expression:

find .  \( -name "*.php" -o -name "*.html" -o -iname "*.htm" \)  -exec grep -l "some expression"  {} \; -print -exec rm {} \;

find  files and directories between date range:

find .  -type d \( -name cache -o -name logs -o -name stats -o -name webalizer \) -prune -o \( -name "*.php" -o -name "*.html" -o -iname "*.htm" \) -newer /root/first ! -newer /root/last -print




Posted by at No comments:

Wednesday, October 15, 2014

alternative telnet send mail test

Instead of send a test mail using Telnet , simple
echo -e "To: mail@domain.com\nSubject: Test\nTest\n" | sendmail -bm -t -v

Posted by at No comments:

Thursday, October 9, 2014

Blog - How to remove default 'back to scoll' and 'Our customer service is available 24/7. Call us at (555) 555-0123.' un the hellowired Magento theme.

Blog - How to remove default 'back to scoll' and 'Our customer service is available 24/7. Call us at (555) 555-0123.' un the hellowired Magento theme.
Posted by at No comments:

Tuesday, October 7, 2014

Find and remove spam qmail

1.       Who is spam?
/var/qmail/bin/qmail-qread
10 Sep 2014 22:17:38 GMT  #7406528  1685  <info@hahaha.co.il>  bouncing
  done  remote  posluchova@7plus.ru
        remote  oriflame@7russia.ru
        remote  osanka@7russia.ru
        remote  sidaev@8-12.ru
        remote  nuser@92.14-157-90.telenet.ru
  done  remote  rsnrkx99c@923.ru
        remote  pmz-keig@9zk.ru
  done  remote  reklama@a24.spb.ru
  done  remote  p9373c95@a7344l19.com
  done  remote  sigor@aaa.ua
  done  remote  samson_don@aaanet.ru
  done  remote  ramuk@aaanet.ru
  done  remote  rem_pb@aaanet.ru
  done  remote  paschenko-dd@aaanet.ru
  done  remote  razborka61@aaanet.ru

find /var/qmail/queue/mess/ -name 7406528
/var/qmail/queue/mess/22/7406528
 
Now we try to check in the e-mail from what url and ip is send:
 
less /var/qmail/queue/mess/22/7406528
 
Received: (qmail 27017 invoked by uid 399); 11 Sep 2014 01:17:35 +0300
Received: from unknown (HELO hahaha.co.il) (info@hahaha.co.il@201.164.182.100)
  by mail.oyo.co.il with ESMTPAM; 11 Sep 2014 01:17:35 +0300
X-Originating-IP: 201.164.182.100
Message-ID: <E8362BC0.8CF16E69@hahaha.co.il>
Date: Thu, 11 Sep 2014 00:17:29 +0200
Reply-To: "=?UTF-8?B?UG9zbHVjaG92YQ==?=" <info@hahaha.co.il>
From: "=?UTF-8?B?UG9zbHVjaG92YQ==?=" <info@hahaha.co.il>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.12) Gecko/20080227 Thunderbird/2.0.0.12
X-Accept-Language: en-us
MIME-Version: 1.0
To: <posluchova@7plus.ru>
Cc: <oriflame@7russia.ru>,
        <osanka@7russia.ru>,
        <sidaev@8-12.ru>,
        <nuser@92.14-157-90.telenet.ru>,
        <rsnrkx99c@923.ru>,
        <pmz-keig@9zk.ru>,
        <reklama@a24.spb.ru>,
        <p9373c95@a7344l19.com>,
        <sigor@aaa.ua>,
        <samson_don@aaanet.ru>,
        <ramuk@aaanet.ru>,
        <rem_pb@aaanet.ru>,
        <paschenko-dd@aaanet.ru>,
        <razborka61@aaanet.ru>
Subject: =?UTF-8?B?0J3QsNC00L7QtdC70L4g0LbQuNGC0Ywg0LrQsNC6INC90LjRidC10LHRgNC+0LTRgz8g0K8g0YDQsNGB0YHQutCw0LbRgywg0LrQsNC6INC30LDRgNCw0LHQsNGC0YvQstCw0YLRjCDQvtGCIDE2MCQg0LfQsCAzINC00L3RjyE=
?=
 

The sending IP is 201.164.182.100  , so I want to block it.
iptables -I INPUT -s 201.164.182.100  -j DROP

2.       Install qmail-remove and remove mail’s from queue

wget  http://www.linuxmagic.com/opensource/qmail/qmail-remove/qmail-remove-0.95.tar.gz
tar -zxpf qmail-remove-0.95.tar.gz
cd qmail-remove-0.95
make
gcc -O2 -W -Wall -o qmail-remove qmail-remove.c
make install
cp qmail-remove /var/qmail/bin/
mkdir /var/qmail/queue/yanked
/var/qmail/bin/qmail-remove -p info@hahaha.co.il -y /var/spool/yanked
……
moved mess/5/7405637 to yanked/7405637.mess
moved remote/5/7405637 to yanked/7405637.remote
moved info/5/7405637 to yanked/7405637.info
moved bounce/7405637 to yanked/7405637.bounce
7406005: no
7407799: no
7405729: no
120 file(s) match



Now the situation in the queue

/var/qmail/bin/qmail-qstat
messages in queue: 335


qmail-remove [options]
  -e            use extended POSIX regular expressions
  -h, -?        this help message
  -i            search case insensitively [default: case sensitive]
  -n <bytes>    limit our search to the first <bytes> bytes of each file
  -p <pattern>  specify the pattern to search for
  -q <queuedir> specify the base qmail queue dir [default: /var/qmail/queue]
  -d            actually remove files not yank them, no -p will delete all the messages!
  -r            actually remove files, without this we'll only print them
  -s <split>    specify your conf-split value if non-standard [default: 23]
  -v            increase verbosity (can be used more than once)
  -y <yankdir>  directory to put files yanked from the queue [default: <queuedir>/yanked]
  -X <secs>     modify timestamp on matching files, to make qmail expire mail
                 <secs> is the number of seconds we want to move the file into the past.
                 specifying a value of 0 causes this to default to (604800)
  -x <timespec> modify timestamp on matching files, to make qmail expire mail
                 <timespec> is a date/time string in the format of output of the "date" program.

                 see manpage for strptime(2) for details of this format
Posted by at No comments:
Subscribe to: Posts (Atom)