Alder Technical LLC

An Auto Transfer Switch – Why you need it In the data center many items such as firewall boxes, routers, switches, etc. only have one power supply (ps). While all data centers provide dual power strips (hope- fully, each strip is powered from a separate substation) Only plugging single ps items into one strip leaves that Item vulnerable if power is lost on that strip. An auto Transfer switch is a power strip that has has dual power Input cords. The transfer switch monitors the input Power from both sources and if power is lost on one Input, then the power is switched so that there is no Power loss to the power strip. This is a must have item if you have single ps units. Wire Shark Wire Shark provides you with the capability to monitor network traffic coming to and going from your server. It is extremely configurable and easy to use. Wire Shark requires a windows manager since it only runs a GUI. With Wire Shark it is possible to filter any type of network traffic that is coming across your network. Visit wiki.wireshark.org to learn how to obtain and use Wire Shark. Using strace When you are having problems understanding what a program is doing and you have not clue as to what is going on, then strace is can be your friend for I/O problems. Strace displays all system calls that your process invokes. Strace shows you the paths to files and environment variables that are being used. A lot of output is spewed out by strace, so it really helps if you have an idea of what type of file I/O that you are looking for. Here is an example of how to attach strace to an already running process, lets say its process id is 458. strace -o output_data.txt -p 458 Or for a program that is not running: strace -o outptu_data.txt /path/to/file Using rsync for backups Using rsync to do directory backups from one Machine to another can be rather confusing Plus In order to get rsync to work from a crontab file a public Key needs to be created so there is no prompting for a Password. Below is the syntax for backing up a home Directory from one machine to another. /usr/bin/rsync --verbose --progress \ --stats --compress --rsh=/usr/bin/ssh \ --recursive --times --perms --links \ --delete --exclude "*bak" --exclude \ "tmp" --exclude "Cache" --exclude \ "cache" --exclude ".beagle" \ /home/al/* 192.168.0.244:/home/al Nagios Configuration Manually configuring nagios for server monitoring is an extremely tedious task. Webmin is a tool that can be locally installed on the nagios server. Webmin can be downloaded from www.webmin.com. For webmin, nagois is a separate third party module that can be downloaded. If you are not using the commercial version of nagios, Nagios XI, then webmin is an excellent web GUI for configuring and administering nagios. Using tar command to copy files You can use other tools for copying files, but this Tar command works great even if you are using a nfs file system. Some copy commands can have problems when an nfs file system is involved. tar -cf - file2copy | ( cd /dir_location;\ tar -xf - ) Using gnu privacy guard (gpg) for file security When you have files that you want to encrypt for Security reasons, use gpg. Before encrypting a file You first must create a gpg key by doing: # gpg --cert-digest-algo=SHA256 \ --default-preference-list="h10 h8 h9 \ h11 s9 s8 s7 s3 z2 z3 z1 z0" –gen-key When prompted select all defaults and enter your Full name, email address and then a pass-phrase. To encrypt a file now do: # gpg -c filename Enter password 2 times To un-encrypt: # gpg -c filename.gpg Using sar and ksar Sar/ksar collects server system information, which includes the following: CPU utilization Memory paging and its utilization Network I/O, and transfer statistics Process creation activity All block devices activity Interrupts/sec etc. Sar is in the sysstat package. Ksar is found at: ksar.atomique.net Ksar does graphically displays of the collected data. If you don't use cacti, you certainly would want ksar. Cacti – the server trend tracking tool While nagios performs server monitoring, cacti does Real time display and graphing of server resource Trends. From the www.cacti.net web site: Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templates, multiple data acquisition methods, and user management features out of the box. tcpdump for capturing network traffic To monitor web traffic on the server web01, do the Following: # tcpdump -lnni eth0 -w tracefile \ -s 65535 host web01 and port 80 -lnni says to use interface eth0, write the raw output to a file named tracefile. Use a packet size of 65535, i.e. capture the whole packet. The host is web01 and capture packets only for port 80. Next, you can take the raw data and use wireshark to analyze it. # wireshark tracefile Using iostat to monitor network traffic As a quick way to check the network traffic on a server Do the following: # iostat -zxcn Mpstat – Multi-processor usage The mpstat command displays information for multiple Processors. Processor 0 is the first processor. # mpstat -P 0 To display all processors: # mpstat -P ALL Process memory usage with pmap To show the amount of shared and unshared memory that a process uses, do: # pmap -d process_id For example, if the process id is 3378, then: # pmap -d 3378 Using ps to list top ten memory hogs # ps -auxf | sort -nr -k 4 | head -10 Using ps to list top ten CPU hogs # ps -auxf | sort -nr -k 3 | head -10 Accessing a Linux Server from Windows To access the command line interface on a Linux box do: download and install putty on the windows machine. See: www.putty.org once installed start up putty, the install should have put an icon on your desktop. in the putty window enter either the hostname of the Linux server or its ip address click 'open' next enter the name of the person to login in as enter the correct password Now you are in. How to get the Server serial number At the command line prompt type: # dmidecode | grep Serial The serial number will be the first one listed SSH with no password prompt On the local machine: the permissions on the home dir must be 755 % ssh-keygen -t dsa just enter Return for the passphrase % chmod 600 $HOME/.ssh/id_dsa copy the id_dsa.pub file to the remote machine in /tmp % scp $HOME/.ssh/id_dsa.pub remote_machine:/tmp On the remote machine, now do: %cat/tmp/id_dsa.pub >>$HOME/.ssh/authorized_keys %chmod 640 $HOME/.ssh/authorized_keys #required make sure the the $HOME/.ssh/config file has: StrictHostKeyChecking=no Host * ForwardX11 yes Strace Analyzer – Next Generation Strace's output can be very copious. If you have a system that runs for a long time and only misbehaves occasionally, then the strace analyzer is perfect for tracking down when this misbehavior occurs and from which system calls. On any system that does tons of I/O operations tracking down an I/O bottle neck can be a very daunting task. The strace analyzer is the tool to use. This link clusterbuffer.wetpaint.com/page/Strace+Analyzer+-+Next+Generation is where you need to start. Traceroute a Host Name To trace where a host name is do the following steps: In your browser go to: http://www.geektools.com/traceroute.php Choose one of the links from any country, it does really matter which one you choose Type in the host name i.e. www.hostname.com the system will begin searching for the home of www.hostname.com. Usually takes about 13 hops to determine this. Finally it will present you with an ip address, copy this address In your browser go to: vmstat It will find the physical location and the hosting site Using vmstat vmstat gives system activity, hardware and system configuration data. To get an infinite report every 10 seconds: vmstat 10 to display memory utilization: vmstat -m to get info about active/inactive memory pages: vmstat -a