How to configure Zyxel GS2200-24 VLan

All ZyXEL switches have the same rule to create new VLAN, and we take ES-315F for example: (Note: words wrapped in the slashes // are the explanation to the CLI commands.) ES-315-F# configure // enter configure mode // ES-315-F(config)# vlan 100 // create VLAN 100 // ES-315-F(config-vlan)# fixed 1,5 // set member port 1 & 5 // ES-315-F(config-vlan)# untagged 1 // set client port 1's egress as untag // ES-315-F(config-vlan)# no untagged 5 // set Core switch port 5 as tag // ES-315-F(config-vlan)# exit // back to root configure mode // ES-315-F(config)# interface port-channel 1 // enter interface mode // ES-315-F(config-interface)# pvid 100 // set port's PVID=100 //


http://www.zyxel.com/support/knowledge_base/kb_detail_6838.shtml

Cisco ASA 5520 Basic Configuration

Management interface

---

Then you need to configure the the management interface with an ip address in order to be able to connect to the computer you are managing the device from
interface Management0/0
speed 100
duplex full
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0

Upgrade the Cisco IOS

---

Then you need to copy the latest release of the cisco IOS software for the appropriate appliance version from the TFTP server (usually your laptop's ip address here depicted as 192.168.1.100 running a TFTP server that can be downloaded here)
copy tftp://192.168.1.100/asa821-k8.bin flash:
boot system disk0:/asa821-k8.bin

Management Gui Configuration

---

Then you you need to configure the ASDM gui management interface of the ASA .Bear in mind once the image file is copied to the flash of the device you also need to enable the http server and enable who is able to access the service

copy tftp://192.168.1.100/asdm-621.bin flash:
asdm image disk0:/asdm-621.bin
http server enable
http 0 0 inside

Basic Static Routing Configuration

---

Then you need to configure the basic outside interface parameters as well as routing on the outside interface so you can communicate with the outside world.Once that's done you have to enable the transition of traffic from the inside interface trough a feature called network address translation or NAT.A lot of things have been written about nat i am not going to go trough all of them here suffice to say if you issue the bellow commands the translation will happen and you will be able to establish a bridge between the inside and the outside interfaces.
interface GigabitEthernet0/0
speed 100
duplex full
nameif outside
security-level 0
ip address 196.15.131.202 255.255.255.240


! the bellow command is used to enable default routing on the ASA device using 196.15.131.201 as the default destination to send its traffic to
route outisde 0 0 196.15.131.201

Basic Global Natting Configuration

---

The natting feature is basically used on the Cisco ASA as measure of protecting your private network addresses when they are accessing the internet.Its achieved by the bellow commands
nat (inside) 1 192.168.0.0 255.255.0.0
global (outside) 1 interface

More complex Cisco NATing Concepts

---

The bellow Section Describes natting order of operation in more detail.Cisco ASA natting is considered one of the most complicated and challenging subjects .If it looks intimidating thats because it is .If you require some assistance with that you can always contact us for more info.
Order of NAT Commands Used to Match Real Addresses
The security appliance matches real addresses to NAT commands in the following order:

1. NAT exemption (nat 0 access-list)—In order, until the first match. Identity NAT is not included in this category; it is included in the regular static NAT or regular NAT category. We do not recommend overlapping addresses in NAT exemption statements because unexpected results can occur.

2. Static NAT and Static PAT (regular and policy) (static)—In order, until the first match. Static identity NAT is included in this category.

3. Policy dynamic NAT (nat access-list)—In order, until the first match. Overlapping addresses are
allowed.

4. Regular dynamic NAT (nat)—Best match. Regular identity NAT is included in this category. The order of the NAT commands does not matter; the NAT statement that best matches the real address is used. For example, you can create a general statement to translate all addresses (0.0.0.0) on an interface. If you want to translate a subset of your network (10.1.1.1) to a different address, then you can create a statement to translate only 10.1.1.1. When 10.1.1.1 makes a connection, the specific statement for 10.1.1.1 is used because it matches the real address best. We do not recommend using overlapping statements; they use more memory and can slow the performance of the security appliance.

Basic Access list Configuration

---

Then you you need to configure some access lists allowing certain hosts to access resources on the internet or other connected interfaces on the firewall.Then assign and apply that access group to the inside interface
access-list inside extended permit ip any any
access-group inside in interface inside

Basic Troubleshooting commands enabling

---

After that's done you have configured the basic settings on your ASA device .The bellow settings are recommended in order to troubleshoot simple connectivity and other issues you may encounter on the asa device by the ways of logging .The logging functionality on the ASA is extensive and is unparalleled in troubleshooting usefulness in determining where the problem lies .
logging enable
logging timestamp
logging buffer-size 999999
logging buffered debugging
logging trap debugging
logging history debugging
logging asdm debugging
logging facility 23

Viewing the logs on the Cisco ASA appliance

---

show logging | include 192.168.1.1

Best Practice management Configuration suggestions

---

A best practice would be to configure remote management access to a device by allowing only a few hosts to connect to the Cisco ASA device for remote management as shown bellow
ssh 196.1.1.1 255.255.255.255 outside
ssh verion 2

How to install splunk in CentOS

Installation Of Splunk Server

Configure Splunk server on 192.168.10.209
1. Download latest splunk.tar.gz from http://www.splunk.com/download?r=header
2. copy download files to /opt
3. untar the downloaded splunk file

# cd /opt
# tar -xzvf splunk-4.0.8-73243-Linux-i686.tgz
# cd splunk/bin/
# ./splunk start

Accecpt the agreement and default settings.

4. Open the splunk webUI (http://localhost:8000)
5. Use the default username password to login i.e. admin/changeme

#### Setup splunk as a Reciever #####
1. Login to WebUI using the above mentioned credentionals. eg. http://192.168.10.209:8000
2. Go to Manager » Forwarding and receiving » Receive data
3. Click on New Button and add default port i.e. 9997
4. Click on save button to save the settings.
Now Splunk server has been setup as reciever on port 9997.

Note: If you are running any firewall please allow the above Port.

####### Setup Splunk as a Forwarder ####
IP Add of forwarder machine: 192.168.10.225
IP Add for Reciever server: 192.168.10.209

You have the following preconfigured forwarder choices:
* Splunk forwarder
* Splunk light forwarder
1. ssh to forwarder machine(whom to be monitored) eg. ssh ramesh@192.168.10.225
2. Use the above mentioned installation steps to install splunk on client machine
3.

# cd /opt/splunk/bin
# ./splunk enable app SplunkLightForwarder -auth admin
# ./splunk add forward-server reciever_serverip:port -auth admin
eg.  ./splunk add forward-server 192.168.10.209:9997 -auth admin
# ./splunk restart

######## Setup Splunk Alerts #########
NOTE: We assume that splunk server has been installed on a Linux Box.

1. Login to Splunk server (http://192.168.10.209:8000)
2. Go to App >> Search
3. Click on /var/log/secure under source section
Above will show the whole data of secure file
4. Click on the string/strings that you want to search or setup alert. Eg. “Accepted Password”

It will look like source=”/var/log/secure” “Accepted Password” in search box.

5. Then go to Action >> Save Search
It will pop-up a window.
6. Name – SSH Access Authenticated
Search – will be coming default that we search earlier.
Description – It can be anything you like.
Check on Schedule this search
Schedule Type – Basic
Run Every – Minute
Alert Condition
Perform actions (optional) – if no. of events – is greater than – 0
Alert Action
check on send Email
Email Addresses: abc@abc.com,xyz@xyz.com

Click on save Button to save your Alert.

To verify Your alert setup go to
Manager » Searches and reports >> SSH Access Authenticated

Simple How to's:

How to Add Route in Linux:

route add [-net|-host] <IP/Net> netmask <Mask> gw <Gateway IP>

How to set time and date in Centos: 

ntpdate pool.ntp.org

server 0.pool.ntp.org

server 1.pool.ntp.org

server 2.pool.ntp.org

server 3.pool.ntp.org

How to show harware clock: 

hwclock

How to find files in Linux using 'find'

How to find files in Linux using 'find'

$ find / -name 'program.c' 2>/dev/null
$ find / -name 'program.c' 2>errors.txt

/		Start searching from the root directory (i.e / directory)
-name		Given search text is the filename rather than any other attribute of a file
'program.c'		Search text that we have entered. Always enclose the filename in single quotes.. why to do this is complex.. so simply do so.

Note : 2>/dev/null is not related to find tool as such. 2 indicates the error stream in Linux, and /dev/null is the device where anything you send simply disappears. So 2>/dev/null in this case means that while finding for the files, in case any error messages pop up simply send them to /dev/null i.e. simply discard all error messages.

Alternatively you could use 2>error.txt where after the search is completed you would have a file named error.txt in the current directory with all the error messages in it.


$ find /home/david -name 'index*'
$ find /home/david -iname 'index*'
The 1st command would find files having the letters index as the beginning of the file name. The search would be started in the directory /home/david and carry on within that directory and its subdirectories only.
The 2nd command would search for the same, but the case of the filename wouldn't be considered. So all files starting with any combination of letters in upper and lower case such as INDEX or indEX or index would be returned.

$ find -name met*
The above command would start searching for the files that begin with the letters 'met' within the current directory and the directories that are present within the current directory. Since the directory is not specified as the the second parameter, Linux defaults to using the current directory as the one to start the search in.
 
$ find /mp3collection -name '*.mp3' -size -5000k
$ find / -size +10000kThe 1st command would find within a directory called /mp3collection, only those mp3 files that have a size less than 5000 Kilobytes ( < 5MB)
The 2nd command would search from the / directory for any file that is larger than 10000k (> 10MB)  

$ find /home/david -amin -10 -name '*.c'
$ find /home/david -atime -2 -name '*.c'
$ find /home/david -mmin -10 -name '*.c'
$ find /home/david -mtime -2 -name '*.c'
The 1st commmand searches for those files that are present in the directory /home/david and its subdirectoires which end in .c and which have been accessed in the last 10 minutes.
The 2nd command does the same but searches for those files that have been accessed in the last 10 hours.
The 3rd and the 4th commands do the same as the 1st and 2nd commands but they search for modified files rather than accessed files. Only if the contents of the files have been modified, would their names be returned in the search results.
 
$ find / -mount -name 'win*'
This command searches for files starting with the letters 'win' in their filenames. The only difference is that the mounted filesystems would not be searched for this time. This is useful when you have your Windows partitions mounted by default. And a search for 'win' might return many files on those partitions, which you may not be really interested in. This is only one use of -mount parameter. 

$ find /mp3-collection -name 'Metallica*' -and -size +10000k
$ find /mp3-collection -size +10000k ! -name "Metallica*"
$ find /mp3-collection -name 'Metallica*' -or -size +10000kBoolean operators such as AND, OR and NOT make find an extremely useful tool.
The 1st command searches within the directory /mp3-collection for files that have their names beginning with 'Metallica' and whose size is greater than 10000 kilobytes (> 10 MB).
The 2nd command searches in the same directory as above case but only for files that are greater than 10MB, but they should not have 'Metallica' as the starting of their filenames.
The 3rd command searches in the same directory for files that begin with 'Metallica' in their names or all the files that are greater than 10 MB in size.

-

The exec option is probably the most important feature of the find tool. The exec command allows you to execute a particular command on the results of the find command. A simple demonstration of this feature is shown below. Its upto your imagination to make maximum use of this feature. Suppose you wanted to see the details of the files (read, write, execute permission, file size, owner etc..) that have been returned as a search result you could do the following

$ find / - name 'Metallica*' -exec ls -l {\}\ \;

This command would find all the files on your system that begin with the letters 'Metallica' and would then execute the 'ls -l' command on these files. So basically you would be able to see the details of the files that were returned according to your search criteria.

The words following the -exec option is the command that you want to execute i.e. ls -l in this case.
{\}\ is basically an indicator that the filenames returned by the search should be substituted here.
\; is the terminating string, and is required at the end of the command

How to install and configure cacti

Install and Configure Cacti

1. Extract the distribution tarball.
   

   shell> tar xzvf cacti-version.tar.gz

2. Create the MySQL database:
   

   shell> mysqladmin --user=root create cacti

3. Import the default cacti database:
   

   shell> mysql cacti < cacti.sql

4. Optional: Create a MySQL username and password for Cacti.
   

   shell> mysql --user=root mysql
   mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somepassword';
   mysql> flush privileges;

5. Edit include/config.php and specify the database type, name, host, user and password for your Cacti configuration.
   

   $database_type = "mysql";
   $database_default = "cacti";
   $database_hostname = "localhost";
   $database_username = "cactiuser";
   $database_password = "cacti";

6. Set the appropriate permissions on cacti's directories for graph/log generation. You should execute these commands from inside cacti's directory to change the permissions.
   

   shell> chown -R cactiuser rra/ log/

   (Enter a valid username for cactiuser, this user will also be used in the next step for data gathering.)
7. Add a line to your /etc/crontab file similar to:
   

   */5 * * * * cactiuser php /var/www/html/cacti/poller.php > /dev/null 2>&1

   Replace cactiuser with the valid user specified in the previous step.
   Replace /var/www/html/cacti/ with your full Cacti path.
8. Point your web browser to:
   

   http://your-server/cacti/

   Log in the with a username/password of admin. You will be required to change this password immediately. Make sure to fill in all of the path variables carefully and correctly on the following screen.
   
   
   

How to configure Rsyslog

#Use traditional timestamp format

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

$ModLoad imuxsock.so

$ModLoad imklog

$ModLoad imtcp

$InputTCPServerRun 514

$ModLoad imudp.so

$WorkDirectory /var/spool/rsyslog

#load the network stuff

$UDPServerAddress 10.134.0.58

$UDPServerRun 514

#reduce any duplicates

$RepeatedMsgReduction on

# The template that wil format the message as it is writen to the file

# you can edit this line if you want to customize te message format

$template TraditionalFormat,"/var/opt/syslog/%timegenerated% %HOSTNAME% %syslogtag%%msg%%$YEAR%-%$MONTH%-%$DAY%.log"

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none                /var/log/secure

if \

        $source == '10.134.0.58' \

        and \

               $syslogseverity <= '6' \

     and ( \

                        $syslogfacility-text != 'mail' \

                and \

                        $syslogfacility-text != 'authpriv' \

                and \

                        $syslogfacility-text != 'cron' \

        ) \

then   /var/log/messages;TraditionalFormat

authpriv.* /var/log/secure;TraditionalFormat

# The authpriv file has restricted access.

# authpriv.*                                              /var/log/secure

if \

        $source == '10.134.0.58' \

                and \

        $syslogfacility-text == 'authpriv' \

then    /var/log/secure;TraditionalFormat

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

# mail.* /var/log/maillog;TraditionalFormat

if \

   $source == '10.134.0.58' \

                and \

        $syslogfacility-text == 'mail' \

then    /var/log/maillog;TraditionalFormat

# Log cron stuff

# cron.* /var/log/cron;TraditionalFormat

if \

        $source == '10.134.0.58' \

                and \

        $syslogfacility-text == 'cron' \

then    /var/log/cron;TraditionalFormat

# Everybody gets emergency messages

#*.emerg *

if \

        $source == '10.134.0.58' \

                and \

        $syslogseverity-text == 'emerg' \

then    *

# this line creates a template that will store the messages for each host in a seperate file.