Rsyslog+MySQL+LogAnalyzer

yum install –y rsyslog httpd php mysql php-mysql mysql-serverr syslog rsyslog-mysql phpmyadmin

service httpd start
chkconfig httpd on

[root@localhost log]# cat /usr/share/phpmyadmin/config.inc.php
$cfg['Servers'][$i]['auth_type'] = 'http';

[root@localhost log]# cat /etc/my.cnf
[client]
default-character-set=utf8

[mysqld]
init_connect='SET NAMES utf8'
default-character-set=utf8
default-collation=utf8_general_ci

[root@localhost ~]# cat /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql
CREATE DATABASE Syslog;
USE Syslog;
CREATE TABLE SystemEvents
(
        ID int unsigned not null auto_increment primary key,
        CustomerID bigint,
        ReceivedAt datetime NULL,
        DeviceReportedTime datetime NULL,
        Facility smallint NULL,
        Priority smallint NULL,
        FromHost varchar(60) NULL,
        Message text,
        NTSeverity int NULL,
        Importance int NULL,
        EventSource varchar(60),
        EventUser varchar(60) NULL,
        EventCategory int NULL,
        EventID int NULL,
        EventBinaryData text NULL,
        MaxAvailable int NULL,
        CurrUsage int NULL,
        MinUsage int NULL,
        MaxUsage int NULL,
        InfoUnitID int NULL ,
        SysLogTag varchar(60),
        EventLogType varchar(60),
        GenericFileName VarChar(60),
        SystemID int NULL
) DEFAULT CHARSET=utf8;

CREATE TABLE SystemEventsProperties
(
        ID int unsigned not null auto_increment primary key,
        SystemEventID int NULL ,
        ParamName varchar(255) NULL ,
        ParamValue text NULL
) DEFAULT CHARSET=utf8;

serice mysqld start
chkconfig mysqld on

mysqladmin -u root password NewPassword

mysql u root –p NewPassword

CREATE USER 'mysql'@'localhost' IDENTIFIED BY 'NewPassword';
GRANT ALL PRIVILEGES ON * . * TO 'test'@'localhost' IDENTIFIED BY 'NewPassword' WITH GRANT OPTION MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
quit

mysql -u mysql -p < /usr/share/doc/rsyslog-mysql-3.22.1/createDB.sql

[root@localhost log]# cat /etc/rsyslog.conf
$ModLoad ommysql.so
*.*     :ommysql:localhost,Syslog,mysql,NewPassword

[root@localhost log]# cat /etc/sysconfig/rsyslog
SYSLOGD_OPTIONS="-m 0 -r514"

service syslog stop
chkconfig syslog off

service rsyslog start
chkconfig rsyslog on

cd
wget http://download.adiscon.com/loganalyzer/loganalyzer-3.0.0.tar.gz
tar –zxvf  loganalyzer-3.0.0.tar.gz
mv loganalyzer-3.0.0/src /var/www/html/loganalyzer
mv loganalyzer-3.0.0/contrib/* /var/www/html/loganalyzer/
cd /var/www/html/loganalyzer
chmod 777 *.sh
./configure.sh
chmod 777 config.php

http://localhost/loganalyzer
next
next

next

finish!!!

Linux DHCP+DDNS LAB

LAB環境說明:
1. DHCP+DNS主機IP = 10.1.3.222 , MASK = 255.255.255.0 , GATEWAY = 10.1.3.254
2. DNS Domain Name = example.local
3. Reverse DNS Domain Name = 3.1.10.in-addr.arpa

[root@localhost etc]# cat /etc/dhcpd.conf
ddns-update-style interim;
ddns-domainname "example.local";
ddns-rev-domainname "in-addr.arpa.";

key DHCP_UPDATER {
         algorithm hmac-md5;
         secret pRP5FapFoJ95JEL06sv4PQ==;
       };

       zone example.local. {
         primary 10.1.3.222;
         key DHCP_UPDATER;
       }

       zone 3.1.10.in-addr.arpa. {
         primary 10.1.3.222;
         key DHCP_UPDATER;
       }

subnet 10.1.3.0 netmask 255.255.255.0 {
range 10.1.3.50 10.1.3.100;
        option routers                  10.1.3.254;
        option subnet-mask              255.255.255.0;
        option domain-name              "example.local";
        option domain-name-servers      10.1.3.222, 168.95.192.1;
        option time-offset              -18000;
        option ntp-servers              clock.via.net;
        option netbios-name-servers     10.1.3.222;
        option netbios-node-type 8;
        allow client-updates;
        allow unknown-clients;
        ddns-updates on;
        authoritative;

[root@localhost etc]# cat /var/named/chroot/etc/named.conf
options {
        directory "/etc";
        pid-file "/var/run/named/named.pid";
        };

key DHCP_UPDATER {
         algorithm hmac-md5;
         secret pRP5FapFoJ95JEL06sv4PQ==;
       };

zone "example.local" {
        type master;
        file "/var/named/slaves/example.local.hosts";
        allow-update {
                key DHCP_UPDATER;
                };
        };
zone "3.1.10.in-addr.arpa" {
        type master;
        file "/var/named/slaves/10.1.3.rev";
        allow-update {
                key DHCP_UPDATER;
                };
        };

備註:
named.conf檔案中定義的zone file必須要存放在
/var/named/chroot/var/name/slaves目錄下(才可讀寫動態產生的dns record)

Cisco Switch Database Template(SDM)

! 調整SDM模式來增加Routing table大小
sdm prefer routing

驗證方式
調整前(Default)
#show sdm prefer | begin unicast routes
number of IPv4 unicast routes: 8K
number of directly-connected IPv4 hosts: 6K
number of indirect IPv4 routes: 2K
number of IPv4 policy based routing aces: 0
number of IPv4/MAC qos aces: 512
number of IPv4/MAC security aces: 1K

調整後
#show sdm prefer | begin unicast routes
number of IPv4 unicast routes: 11K
number of directly-connected IPv4 hosts: 3K
number of indirect IPv4 routes: 8K
number of IPv4 policy based routing aces: 512
number of IPv4/MAC qos aces: 512
number of IPv4/MAC security aces: 1K

Spanning-Tree Port-priority Example

未調整前，Port-Priority先比較Port-ID   

調整介面Port-Priority值


!-----手動指定為vlan 4,44,52,63的Spanning-tree Root
spanning-tree vlan 4,44,52,63 root primary

! -----手動指定fa0/14的Spanning-tree Port-Priority為32
interface FastEthernet0/14
spanning-tree vlan 4,44,52,63 port-priority 32

! -----手動指定fa0/15的Spanning-tree Port-Priority為16
interface FastEthernet0/15
spanning-tree vlan 4,44,52,63 port-priority 16

驗證方式
#show spanning-tree vlan 44 detail
Port 15 (FastEthernet0/13) of VLAN0044 is blocking
Designated port id is 128.15, designated path cost 0  
-----預設值128

Port 16 (FastEthernet0/14) of VLAN0044 is blocking
Designated port id is 32.16, designated path cost 0
-----手動調整為32

Port 17 (FastEthernet0/15) of VLAN0044 is forwarding
Designated port id is 16.17, designated path cost 0   
-----手動調整為16 (值較低故優先)

Fall Back Bridge Example

 

!-----啟動Integrated Routing and Bridging模式
bridge irb

! -----指定Bridge-Group 1 (Fa0/0介面界接SW1 VLAN 10)
interface FastEthernet0/0
no ip address
bridge-group 1

!-----指定Bridge-Group 1 (Fa0/0介面界接SW2 VLAN 20)
interface FastEthernet0/1
no ip address
bridge-group 1

! -----建立Bridge Virtual Interface
interface BVI1
ip address 192.168.1.254 255.255.255.0

! -----指定Bridge-Group的封裝模式為802.1q
bridge 1 protocol ieee

!-----指定Bridge-Group的Routing模式為IP Routing
bridge 1 route ip

驗證方式
#show interface irb | begin FastEthernet0/0
FastEthernet0/0
Routed protocols on FastEthernet0/0:
ip
Bridged protocols on FastEthernet0/0:
appletalk clns decnet ip

#show interface irb | begin FastEthernet0/1
FastEthernet0/1
Routed protocols on FastEthernet0/1:
ip
Bridged protocols on FastEthernet0/1:
appletalk clns decnet ip

802.1x & Radius Auth Example

!-----透過aaa來指定802.1x所使用的認證機制
aaa new-model
aaa authentication dot1x default group radius

!-----啟動系統的802.1x認證機制
dot1x system-auth-control

!-----在介面上啟動802.1x認證機制
interface FastEthernet0/9
switchport mode access
dot1x port-control auto
!
interface FastEthernet0/10
switchport mode access
dot1x port-control auto

!-----指定連線到Radius主機所使用的IP位址
ip radius source-interface Loopback0

!-----指定用來認證的Radius主機位址
radius-server host 204.12.1.100

驗證方式
#show dot1x
Sysauthcontrol = Enabled
Supplicant Allowed In Guest Vlan = Disabled
Dot1x Protocol Version = 1

#show dot1x all
Dot1x Info for interface FastEthernet0/9
<output omitted>
HostMode = Single
PortControl = Auto
ControlDirection = Both
QuietPeriod = 60 Seconds
Re-authentication = Disabled
<output omitted>
Dot1x Info for interface FastEthernet0/10

#show aaa servers
RADIUS: id 1, priority 1, host 204.12.1.100, auth-port 1645, acct-port
1646
State: current UP, duration 3634s, previous duration 0s