UNI-FIX Computer

pmacct og mysql installeres via apt.
i mysql oprettes databasen pmacct og brugeren pmacct@localhost med koden pmacct:
  
  create database pmacct;
  grant all privileges on pmacct.* to pmacct@localhost identified by 'pmacct';

følgende config bruges: (/etc/pmacct/pmacctd.conf)

! pmacctd configuration
!
!
!
daemonize: true
pidfile: /var/run/pmacctd.pid
syslog: daemon
interface: eth1

aggregate[inbound]: dst_host
aggregate[outbound]: src_host
aggregate_filter[inbound]: dst net 217.195.176.0/24
aggregate_filter[outbound]: src net 217.195.176.0/24
plugins: mysql[inbound], mysql[outbound]
sql_table[inbound]: acct_in
sql_table[outbound]: acct_out
sql_table_version[inbound]: 1
sql_table_version[outbound]: 1

sql_host: localhost
sql_db: pmacct
sql_user: pmacct
sql_passwd: pmacct
sql_refresh_time: 60
sql_history: 1h
sql_history_roundoff: mh


Følgende sql script bruges til at oprette tabeller: 
(vim /usr/share/doc/pmacct/sql/pmacct-create-db_v1_in-out.mysql)

use pmacct;

drop table if exists acct_in;
create table acct_in (
        mac_src CHAR(17) NOT NULL,
        mac_dst CHAR(17) NOT NULL,
        ip_src CHAR(15) NOT NULL,
        ip_dst CHAR(15) NOT NULL,
        src_port INT(2) UNSIGNED NOT NULL,
        dst_port INT(2) UNSIGNED NOT NULL,
        ip_proto CHAR(6) NOT NULL,
        packets INT UNSIGNED NOT NULL,
        bytes BIGINT UNSIGNED NOT NULL,
        stamp_inserted DATETIME NOT NULL,
        stamp_updated DATETIME,
        PRIMARY KEY (mac_src, mac_dst, ip_src, ip_dst, src_port, dst_port, ip_proto, stamp_inserted)
);
drop table if exists acct_out;
create table acct_out (
        mac_src CHAR(17) NOT NULL,
        mac_dst CHAR(17) NOT NULL,
        ip_src CHAR(15) NOT NULL,
        ip_dst CHAR(15) NOT NULL,
        src_port INT(2) UNSIGNED NOT NULL,
        dst_port INT(2) UNSIGNED NOT NULL,
        ip_proto CHAR(6) NOT NULL,
        packets INT UNSIGNED NOT NULL,
        bytes BIGINT UNSIGNED NOT NULL,
        stamp_inserted DATETIME NOT NULL,
        stamp_updated DATETIME,
        PRIMARY KEY (mac_src, mac_dst, ip_src, ip_dst, src_port, dst_port, ip_proto, stamp_inserted)
);


Start pmacctd og lad den guffe traffik:

/etc/init.d/pmacct start

Optimer udlæsning af traffikken lidt:

CREATE VIEW vTraffic AS SELECT acct_in.ip_dst AS ip, acct_in.stamp_inserted AS Time, acct_out.bytes AS Sent, acct_in.bytes AS Recieved FROM acct_in, acct_out WHERE acct_in.ip_dst = acct_out.ip_src AND acct_in.stamp_inserted = acct_out.stamp_inserted ORDER BY Time, inet_aton(ip);

(Der burde være brugt outer join, da hosts som kun sender eller modtager i en given time ikke bliver målt. I praksis ser jeg bort fra dette, da vi nok ikke har den slags hosts overhovedet?)

/etc/issue.ssh should contain the banner:

web01:~# cat /etc/issue.ssh

This is a Level2 system

web01:~#


and add:

Banner /etc/issue.ssh

to /etc/ssh/sshd_config

then sighup

 --- Remote anvendelse:

Log ind på CVS Serveren og log herefter ind på remote maskinen med flg. kommando:

# ssh web01.mcs.bz -R 2401:127.0.0.1:2401

Herefter kan CVS Serveren tilgåes fra web01 ved at connecte til localhost port 2401, trafik mellem CVS Serveren og web01 er krypteret vha. SSH

 --- Login på CVS

# cvs -d :pserver:mike@localhost:/root login


 --- Oprettelse af Projekt

Opret ønsket mappestruktur el. anvend eksisterende inkl. filer for at oprette et projekt i CVS, og anvende herefter følgende kommando:

# cvs -d :pserver:mike@localhost:/root import -m "" Thyfisk MCS production


 --- Checkud af projekt

# cvs -d :pserver:mike@localhost:/root checkout Thyfisk

 --- Commit af projektet
 - virker kun med filer som allerede ligger i CVS og engang er hentet derfra.
# cvs -d :pserver:mike@localhost:/root commit

 --- Indsendelse af ændringer/nye ting
 - virker med alle filer
# cvs -d :pserver:mike@localhost:/root import -m "Tilføjelse af README.TXT" Thyfisk MCS production


 --- Kortere kommandoer

# export CVSROOT=:pserver:mike@localhost:/root

Installing an configuring mrtg on debian is quite straightforward. Just issue a "apt-get install mrtg" and you're done. 
As for configuring it, there are just another few minutes more. You can use a very useful utility, called "cfgmaker" 
to generate the config file needed by mrtg. For example:

~#cfgmaker community@device1 > /etc/mrtg/device1.cfg,
where community is the ro snmp community, device1 is either an ip address either it's FQDN hostname. 
Next you can edit /etc/mrtg/device1.cfg to fine tune the configuration. 
It's recommended that you make a different config for every device you wish to monitor. Also, make sure you edit the 
WorkDir parameter in the config file which tells mrtg where to put the generated html files. You can use "indexmaker" 
to generate an index file for the html files that mrtg outputs in WorkDir.

Next, we need to poll the snmp on the device periodically, so we add some entries in the crontab like this:

*/5 * * * *     nice /usr/bin/mrtg /etc/mrtg/device1.cfg 2>&1 >/dev/null 2>/dev/null
which will run mrtg every 5 minutes with low priority.

For calculating mrtg totals I've used a tool called mrtg_total which can be found here: 
http://www.geocities.com/josef_wendel/mrtg_total.html

Basically, it's a perl script that totals the information stored in the mrtg log files. Installation is straightforward,
just add the required tags (described in the documentation) to the mrtg config file and add another entry to crontab:

30 0 * * *      nice /usr/sbin/mrtg_total.pl /etc/mrtg/device1.cfg 2>&1 >/dev/null 2>/dev/null

This is run only once per day because mrtg_total only totals a complete day.

Another tool that could be used in this case is mrtg-traffic-sum. You can read more about this and other mrtg tools 
here: http://oss.oetiker.ch/mrtg/doc/mrtg-traffic-sum.en.html

This works on Sarge and Etch:

apt-get install mono libmono-corlib2.0-cil