You have a lot of boxes. You would like to be able to parse through the logs of all those boxes at the same time, searching for a given timestamp across a set of machines for a specific string (like a filename or a port number). elasticsearch, logstash and kibana are one way to answer that kind of need. This will involve downloading three separate packages (which for this article, we’ll do in /usr/local) and creating a config file. First, install the latest Java JDK. This is available at jdk8-downloads-2133151.html. The following is going to download the latest version of logstash and untar the package into /usr/local/logstash (I like nesting…
- Active Directory, Mac OS X, Mac OS X Server, Microsoft Exchange Server, Network Infrastructure, Ubuntu, Unix, VMware, Windows Server
- Active Directory, Mass Deployment, Microsoft Exchange Server, Network Infrastructure, Windows Server
Use Active Directory Commandlets On Computers That Aren’t Domain Controllers
By default, the Active Directory Powershell management tools are not installed on Windows Servers. Commandlets are instead installed when the Active Directory Domain Controller role is added. However, you can install them even without installing the role. To do so, open Server Manager and go to Add and Remove Roles and Features. Don’t add any Roles, instead skip to add features. Then open Remote Server Administration Tools and then Role Administration Tools. From there expand on AD DS and AD LDS Tools and then highlight the Active Directory Module for Windows PowerShell. Once enabled, click Next through the end of the wizard. Once the wizard is complete, open Powershell and use…
- iPhone, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Microsoft Exchange Server, Network Infrastructure, Ubuntu, Unix, VMware
Quick nmap Hacks
The nmap application is a pretty easy-to-use tool that can be used to port scan objects in a network environment. To obtain mmap in an easy-to-use package installer, for OS X check out the download page at http://nmap.org/download.html#macosx (use the same page to grab it for Windows or *nix as well). Once downloaded run the package/rpm/whatever. Before I scan a system, I like to pull the routing table and eth info to determine how scans are being run, which can be run by using the mmap command anong with the —iflist option: nmap —iflist Basic Scanning To then scan a computer, just use the mmap command followed by the host…
- Active Directory, cloud, Consulting, iPhone, Kerio, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Microsoft Exchange Server, Network Infrastructure, Windows Server
Dig TTL While Preparing For A Migration
Any time doing a migration of data from one IP to another where that data has a DNS record that points users towards the data, we need to keep the amount of time it takes to repoint the record to a minimum. To see the TTL of a given record, let’s run dig using +trace, +nocmd to turn off showing the version and query options, +noall to turn off display flags, +answer to still show the answer section of my reponse and most importantly for these purposes +ttlid to toggle showing the TTL on. Here, we’ll use these to lookup the TTL for the https://krypted.com/ A record: dig +trace +nocmd…
- Mac OS X, Mac OS X Server, Mac Security, Network Infrastructure, Network Printing, Ubuntu, Unix, VMware
Use Netstat To Locate What Process Is Using A Port
You’re installing software on some host. The installation goes well and then you go to access the information you need or connect to the service from another host. Wait, what’s that? Port is already in use? Crap. We’ve all been there. The quick and dirty answer: netstat. Let’s say you’re trying to use port 8080: netstat -tuln | grep 8080 Let’s say the response is httpd. OK, let’s see where that’s located using whereis: whereis httpd And what kind of file is httpd: file /usr/sbin/httpd Which responds with: /usr/sbin/httpd: Mach-O 64-bit executable x86_64 I guess we knew that since it had a port open, but what type of executable is…
-
Clear Squid Proxy Caches
Every now and then you run into a problem with a caching server that causes you to need to clear out the cache. If running Squid, you can look in the /etc/squid/squid.conf configuration file and find a setting in that file called the cache_dir, which is a path. For example, we’ll use /var/squid/cache in this article. You can clear the cache of a Squid proxy then, by deleting that directory: rm -Rf /var/squid/cache Then recreate the cache directory: mkdir /var/squid/cache Then run squid with a -z option: squid -z Then fire up squid again: squid
-
Scripting Azure On A Mac
Microsoft Azure is Microsoft’s cloud services. Azure can host virtual machines and act as a location to store files. However, Azure can do much more as well, providing an Active Directory instance, provide SQL database access, work with hosted Visual Studio, host web sites or provide BizTalk services. All of these can be managed at https://manage.windowsazure.com. You can also manage Windows Azure from the command line on Linux, Windows or Mac. To download command line tools, visit http://www.windowsazure.com/en-us/downloads/#cmd-line-tools. Once downloaded, run the package installer. When the package is finished installing, visit /usr/local/bin where you’ll find the azure binary. Once installed, you’ll need to configure your account from the windowsazure.com site to…
-
Configure Static Addresses On A Meraki
Most Meraki appliances come with DHCP enabled on the WAN interface. Once you connect to the Internet through such a configuration you can claim the device using your Meraki account and then configure it. However, what if the Internet connection at your location won’t actually work with a DHCP WAN address. If you need to configure a static WAN address in order for your appliance to connect to the Internet then you’ll need to first connect an Ethernet cable to a LAN port of your appliance and your computer and make sure to disable any other interfaces on your computer. Also configure the network settings to use DHCP. Then open…
-
The Cumulus Command Line Interface
Cumulus comes with a number of commands installed in /usr/local/Cumulus_Workgroup_Server. The assets can be in a shared directory location, such as an NFS mount mapped to /cumulus or /Volumes/Cumulus. But in the /usr/local/Cumulus_Workgroup_Server directory there are a number of commands that can be pretty useful. For example, the stop-admin, stop-cumulus, start-cumulus and start-admin commands can be used to restart the Cumulus using a simple ARD template: /usr/local/Cumulus_Workgroup_Server/stop-admin.sh /usr/local/Cumulus_Workgroup_Server/stop-cumulus.sh sleep 30 /usr/local/Cumulus_Workgroup_Server/start-cumulus.sh /usr/local/Cumulus_Workgroup_Server/start-admin.sh There are others, such as status.sh, which shows size of repository, PIDs, and the time running. The repair.sh can be used to repair the database and remove-admin.sh and remove-cumulus.sh can uninstall the admin console and cumulus servers respectively…