Cisco ASA HA Link – Active/Standby

Cisco ASA HA Link – Active/Standby


In this example I am connecting my two ASA firewalls directly together via port GigabitEthernet0/2

SSH into the firewall and setup the HA – Active/Standby using the following commands. In this example I have used a /30 network for the direct connection between the two units

failover lan unit primary
failover lan interface London GigabitEthernet0/2
failover link London GigabitEthernet0/2
failover interface ip London standby


The interface is now configured to use GigabitEthernet0/2 as its failover interface

interface GigabitEthernet0/2
 description LAN/STATE Failover Interface


Now I need to configure each interface using a standby IP address


interface GigabitEthernet0/1
 nameif MPLS-LAN
 security-level 100
 ip address standby

That should be it, once you disconnect an interface on the main firewall the standby should take over the IP address and you have a consistent connection

VNC centos

A quick guide for setting up a VNC server on CentOS

VNC Sever Setup

yum install vnc-server

yum groupinstall "GNOME Desktop Environment"


Perform the following steps to configure your VNC server:

  1. Create your VNC users
  2. Set your users’ VNC passwords
  3. Edit the server configuration
  4. Create xstartup scripts
  5. Test each VNC user

1. Create VNC user

Add a VNC user

useradd vncjim



2. Set Password

Login to each user, and run vncpasswd. This will create a .vnc directory.

[~]$ cd .vnc

[.vnc]$ ls



3. Edit configuration – /etc/sysconfig/vncservers

Add the following to the end of the file.


VNCSERVERS="1:VNCJim 2:anotheruserexample 3:anotheruser" 

Notice the :1,:2,:3 – this is the port number the user goes in on – so it will be 5901, 5902, 5903 and so on


VNCSERVERARGS[1]=”-geometry 800×600″ – this will set the screen resolution –




VNCSERVERS="1:VNCJim 2:anotheruserexample 3:anotheruser"

VNCSERVERARGS[1]="-geometry 800x600"

VNCSERVERARGS[2]="-geometry 1024x768"



4. Create xstartup scripts

# service vncserver start

# service vncserver stop

Login to each user and edit the xstartup script. To use VNCJim as an example, first login as VNCJim.

[~]$ cd .vnc

[.vnc] ls

mymachine.localnet:1.log passwd xstartup

Edit xstartup. Add the line indicated here, and uncomment the two lines as directed

nano /etc/vnc/xstartup

#!/bin/sh (-)

# Add the following line to ensure you always have an xterm available.

( while true ; do xterm ; done ) &

# Uncomment the following two lines for normal desktop:


exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources

xsetroot -solid grey

vncconfig -iconic &

xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &

twm &



# Uncomment the following two lines for normal desktop:


exec /etc/X11/xinit/xinitrc

[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup

[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources

xsetroot -solid grey

vncconfig -iconic &

xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &

twm &

5.Test each VNC user

Let us assume that mymachine has an IP address of The URL to connect to each of the users will be:

VNCJim is

Testing with a vnc client

For VNCJim: vncviewer



chkconfig vncserver on

Make sure port is 5901

To get real time VNC loading – vnc-server X11 “always on” option

1. On the the system you want to run vnc-server, install vnc-server as noted above.

2. Edit /etc/X11/xorg.conf, as root, and add/create a ‘Module’ Section and add ‘Load “vnc”‘:

Section “Module”

Load “vnc”


3. For standard vnc authentication, edit /etc/X11/xorg.conf, as root, and add to the ‘Screen’ Section:

Option “SecurityTypes” “VncAuth”

Option “UserPasswdVerifier” “VncAuth”

Option “PasswordFile” “/root/.vnc/passwd”

4. As root, run ‘vncpasswd” to create the password noted above.

5. Restart X11 (<Ctrl>+<Alt>+<BS> will work if on the console already)

6. You should be able to connect with a vncviewer client as normal.

7. To trouble shoot, check for errors in the /var/log/Xorg.0.log or verify that iptables or selinux is not interfering with remote connections. Additional information is at



Nagvis SNMP data / rawout



To SNMP query devices & get a value back – This value is then used for display purposes in NAGVIS using the RAWout gadget

All you need to change is the to your custom SNMP query — OID_UNAME=”.″

Get the OID you want to use from your device, I am using  . as i want the data on my dashboard. This particular value is PBX calls present on an asterisk PBX 

Edit the end of the file so the perf data is displayed properly

Edit the parts in RED – Call the perdata something then edit the 48 section so you get the correct value when running the query

# Plugin Processing




PERF="OK | "




Here is the script –


[root@rev-mon1 ~]# /scripts/pbx_calls -H -C public

OK | pbx_calls= 0



# check_snmp_uname

# Description: Check the uname -a string

# Version: 0.1

# Author: Patrick Regnouf

# License: GPLv2


# Commands




# Version



# SNMPv2-MIB::sysDescr.0



# Default Options



# Plugin return codes




# Option processing

print_usage() {

echo “Usage ./check_snmp_uname -H <IP or Host Name> -C <Community, Default: public>”

echo ” $SCRIPTNAME -v prints version”

echo ” $SCRIPTNAME -h prints short help”



print_version() {


echo “”

echo “This Nagios plugin comes with ABSOLUTELY NO WARRANTY. “

echo “You may redistribute copies of the plugin under the terms of the GNU General Public License v2.”





while getopts H:C:hv OPT


case $OPT in











# Plugin Processing





PERF=”/:OK |’/’=”





# echo “TEST: “$TEST

# echo “TEST_LEN: “$TEST_LEN


# echo “PERF: “$PERF


# echo “RESULT: “$RESULT


VLAN Cisco switch

How to configure VLAN on a Cisco Switch?

VLAN stands for virtual LAN and technically we can say, a VLAN is a broadcast domain created by switch. When managing a switch, the management domain is always VLAN 1, the default VLAN. All ports of switch are assigned to VLAN 1 by default.  VLAN increase the performance of a network because it divide a network logically in different parts and limit the broadcasts.

Any member of VLAN 2 can not talk with any member of VLAN 3 without router but all the members of VLAN 2 and VLAN 3 can talk with other members within their VLANs.

This Lab will also help how VLANs can be used to separate traffic and reduce broadcast domains. 

To create a VLAN, first enter global configuration mode to run the following commands.

 Configuration to create VLAN 2 

SwitchA(config)#configure terminal               (enter in global configuration mode) 

SwitchA(config)#vlan 2                                        (defining the vlan 2) 

SwitchA(config)#vlan 2 name marketing       (assigning the name marketing to vlan 2)

SwitchA(config)#exit        (exit from vlan 2) 


Configuration to create VLAN 3 

SwitchA(config)#configure terminal                 (enter in global configuration mode) 

SwitchA(config)#vlan 3                                        (defining the vlan 3) 

SwitchA(config)#vlan 3 name management      (assigning the name management to vlan 3)

SwitchA(config)#exit        (exit from vlan 3)

 Now assigning the ports 2 and 3 to VLAN 2, it must be done from the interface mode. Enter the following commands to add port 2 and 3 to VLAN 2. 

SwitchA(config)#configure terminal                                 (enter in global configuration mode) 

SwitchA(config)#interface fastethernet 0/2                     (select the Ethernet 0 of port 2) 

SwitchA(config-if)#switchport access vlan 2                  (allot the membership of vlan 2)

SwitchA(config-if)#exit                                                        (exit from interface 2)


Now adding port 3 to VLAN 2 

SwitchA(config)#interface fastethernet 0/3                     (select the Ethernet 0 of port 3) 

SwitchA(config-if)#switchport access vlan 2                  (allot the membership of vlan 2)

SwitchA(config-if)#exit                                                        (exit from interface 3) 


Now assigning the ports 4 and 5 to VLAN 3, enter the following commands to add port 4 and 5 to VLAN 3. 

SwitchA(config)#configure terminal                                 (enter in global configuration mode) 

SwitchA(config)#interface fastethernet 0/4                     (select the Ethernet 0 of port 4) 

SwitchA(config-if)#switchport access vlan 3                  (allot the membership of vlan 3)

SwitchA(config-if)#exit                                                        (exit from interface 4) 


Now adding port 5 to VLAN 3 

SwitchA(config)#interface fastethernet 0/5                     (select the Ethernet 0 of port 5) 

SwitchA(config-if)#switchport access vlan 3                  (allot the membership of vlan 3)

SwitchA(config-if)#exit                                                        (exit from interface 5) 

To show the VLAN interface information, run the command show vlan.


Ticket Creation in Check_MK

We have a ticketing system that can create a ticket based on an email sent.

I have re-purposed the send custom notification function to a ticket creation, makes much more sense for my needs


The file /usr/share/check_mk/web/plugins/views/ holds the command and the html for the Send Notification button.

Edit the file “/usr/share/check_mk/web/plugins/views/

Working file here = commands

My edits are below
_(“Send custom notification”),
_(“Manually let the core send a notification to a host or service in order “
“to test if notifications are setup correctly”),
[ “user”, “admin” ])

def command_custom_notification(cmdtag, spec, row):
if html.var(“_customnotification”):
comment = html.var_utf8(“_cusnot_comment”)
broadcast = html.get_checkbox(“_cusnot_broadcast”) and 1 or 0
forced = html.get_checkbox(“_cusnot_forced”) and 2 or 0
command = “SEND_CUSTOM_%s_NOTIFICATION;%s;%s;%s;%s” % \
( cmdtag, spec, broadcast + forced, config.user_id, comment)
title = _(“<b>send a custom notification</b> regarding”)
return command, title
“tables” : [ “host”, “service” ],
“permission” : “action.customnotification”,
“title” : _(“Create Ticket”),
“render” : lambda: \
html.write(_(‘Ticket Description’) + “: “) == \
html.text_input(“_cusnot_comment”, “”, size=20, submit=”_customnotification”) == \
html.write(” &nbsp; “) == \
html.checkbox(“_cusnot_forced”, True, label=_(“forced”)) == \
html.checkbox(“_cusnot_broadcast”, False, label=_(“broadcast”)) == \
html.write(” &nbsp; “) == \
html.button(“_customnotification”, _(‘Create’)),
“action” : command_custom_notification,


Then change the subject of the notification email to reflect the text entered in the Ticket Description box:

The subject of the email is – Nagios: $HOSTNAME$ – $NOTIFICATIONCOMMENT$

instead of Nagios: $HOSTNAME$ – $NOTIFICATIONTYPE$

The option of “forced” is used since i disable notifications globally. We don’t want notification enabled since it creates tickets for items we don’t want. We want to be able to look at the board and then create a ticket based on what we see.

Check logs

tail -f /var/lib/check_mk/notify/notify.log


VMware Update Manager DELL repo

DELL has VMware Update Manager (VUM) Repo, this is used to add Dell drivers & applications like Open manage to your VMware host. The Dell repo can be found here:

You can simply add the repo into the VUM  Download Settings. It should looks like on the screenshot below.


To download the patches you can wait for next download task or you can click the button “Download Now” to start downloading patches immediately. When patches are downloaded you can see them in “Patch Repository”.


As mentioned above the reason why you would use the DELL VUM repo is add DELL software components, like Open manage.  
OpenManage (OpenManage Server Administrator or OMSA) is a software component used for managing the Dell hardware. It’s also necessary when you want integrate your ESX host with OpenManage Essentials or with vSphere Management Plugin called “OpenManage Integration for VMware vCenter

Another software component provided by Dell is iSM – Integrated Dell Remote Access Controller(iDRAC) Service Module. The iDRAC Service Module complements iDRAC interfaces – Graphical User Interface (GUI), RACADM CLI and Web Service Management (WSMAN) with additional monitoring data. 

VUM takes care of everything, all the updates are done automatically based on baselines. 

There is the same functionality with HP servers, the repo is:

Passwordless SSH connection

Quick guide on how to setup passwordless SSH between servers

Generate a key

ssh-keygen -t rsa

SSH to the destination server

ssh -p 22 root@destinationserver mkdir -p .ssh

SSH to the destination server again

cat .ssh/ | ssh -p 22 root@destinationserver 'cat >> .ssh/authorized_keys'

Done !

If having trouble then go to the destination server and chmod 644 .ssh/authorized_keys & chmod 700 .ssh

chmod 700 .ssh 
chmod 644 .ssh/authorized_keys

Get Nagios alerts into Kaseya

My present employer uses a product called “Kaseya”, it’s a tool for managing remote Windows machines aimed at MSP’s

It lacks in some areas of the monitoring so we use Nagios to monitor certain devices i.e. Vmware / Cisco routers / switches. The issue is we have one main dashboard that hooks into Kaseya and didn’t want to add another board just for Nagios. So i have some up with a hackish way of getting Nagios alerts onto our Kaseya board.

First of all I will say I am using Check_Mk plugin for Nagios, this gives many great features that expand Nagios, once being the Flexible notifications. This gives us the ability to script a task when an event occurs within Nagios.

Kaseya is really geared towards the Windows environment and therefore has a built in “eventlog” monitoring. Kaseya can generate an alert if it detects a specified eventlog.

So i thought if i can get Nagios to generate a Windows eventlog then i can get a solution to our problem of displaying Nagios alerts onto the Kaseya dashboard.


The solution i came up with was to install “FreeSSHd” onto a Windows server that is running a Kaseya agent. This is a dedicated machine just for monitoring, it can be just a workstation if your low on server licenses. FreeSSHd lets you SSH into your Windows server and run commands just like you do when you SSH into your Linux servers. From the Windows command line we can generate eventlogs. Next I wrote some scripts that run from the Nagios server that automatically login via SSH to the Windows server and run the “create event” command. The script is called whenever Nagios procedures an alert using the Check_MK flexible notifications. This event is then picked up by Kaseya and we now get an alarm on the dashboard.

So here it is

Install FreeSSHd onto Windows server, that has a Kaseya agent running

Now create the script below on the Nagios host to login automatically to the Windows server and run a command. The script below uses “Expect” please read up on Expect if your not familiar. For my example I’ve placed the script in “/scripts” and called it “windows-event”  =  /scripts/windows-event


### script to login to Windows via FreeSSHd & excute commands - JW

####create event log  ---   eventcreate /ID 1 /L APPLICATION /T INFORMATION  /SO MYEVENTSOURCE /D "My first log"
#### run script with ---  /scripts/login-windows 2200 james password logdetails

set timeout 20
set ip [lindex $argv 0]
set port [lindex $argv 1]
set user [lindex $argv 2]
set password [lindex $argv 3]
set logdetails [lindex $argv 4]

spawn ssh $user@$ip -p $port
expect "'^]'." sleep .1;
send "\r";
sleep .1;
expect "password:"
send "$password\r";

## What is actually on the command line on the test server -- C:\Users\DASHBOARD\Desktop>

expect "Desktop>"
sleep .1;
send "eventcreate /ID 1 /L APPLICATION /T INFORMATION  /SO NAGIOS /D \"$logdetails\"\r";
sleep .1;
expect "Desktop>"
send "exit\r";

Test the script above my issuing the command

/scripts/windows-event 2200 james password

The script should login automatically to the Windows server.  You now need to create two more scripts. One for “host” monitoring the other for “service” monitoring.

These simple bash scripts call the script above whilst passing the Nagios variables through. The two scripts must be in the Check_MK notification directory. In my case its


Host Script


/scripts/windows-event 2200 james password Name=$NOTIFY_HOSTNAME Address=$NOTIFY_HOSTADDRESS State=$NOTIFY_HOSTSTATE Output=$NOTIFY_HOSTOUTPUT

Service Script


/scripts/windows-event 2200 james password Name=$NOTIFY_HOSTNAME Address=$NOTIFY_HOSTADDRESS Service-State=$NOTIFY_SERVICESTATE Service-Output=$SERVICEPERFDATA

Now go to the Check_MK web interface, Go to:

WATO-Configuration / Users / Edit Nagiosadmin / Notifications / Notification Method / Flexible Custom Notifications / Then choose the Notification Plugin, it will list the two scripts created in the previous step (Shown Below)



That’s it ! – Now you have Nagios creating a Windows Event each time it Alarms. The Kaseya eventlog monitoring looks for a “source” called Nagios and will then generate an alarm. I won’t cover the eventlog monitoring on Kaseya as this is will documented on the Kaseya site and I am sure most Kaseya admins know how to do this.

Setup LVM

The following tutorial shows creating two 1TB disks into one logical volume of 2TB

Add the 2 disks into the machine, in this case its a VM so added 2 1TB disks via the VM setup options

Check the disks have been added using fdisk, -l will list all the physical disk’s attached to the host

fdisk -l

Now you need to set a partition on the disks, again use fdisk

fdisk /dev/sdb 
root@rsync:~# fdisk /dev/sdb

Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the DOS compatibility flag
   d   delete a partition
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

Command (m for help):




Now select t to set it to LVM




Do the above fdisk procedure for all the disks you want on the volume, so in my case it was /dev/sdb and /dev/sdc. Now you can start to create the logical volume

pvcreate /dev/sdb1 /dev/sdc1
vgcreate rsync-vol /dev/sdb1 /dev/sdc1
lvcreate --name nas-data --size 1.9TB rsync-vol

Now format the logical volume

mkfs.ext3 /dev/mapper/rsync--vol-nas--data

Then mount

mount /dev/mapper/rsync--vol-nas--data /mnt/nas-vol 

Setup Check MK Centos 6


I have been using Nagios for years and frankly love this piece of software.  Recently i wanted to setup Check_MK which is an add-on for Nagios. The reason for my interest was the “livestatus” that Check_MK uses. I was finding NDOutils was crashing and causing weekly maintenance work so wanted to look at other options

The installation is for Centos 6 going from a fresh minimal installation.

As its a minimal installation i need to install wget & nano

yum -y nano wget

First of all disable selinux, this causes issues ! If you want it enabled then please create the exceptions

nano /etc/sysconfig/selinux

Then you need to add the epel repository, I’ve also included remi

rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm

Now install the following applications, i’ve included gcc & make as we are going to manually compile the latest version of Check_MK

yum -y install nagios gcc httpd gcc-c++ autoconf automake mlocate xinetd check-mk-agent nagios-plugins-all.x86_64

Now go to the Check_MK and get the latest version, 1.2.5i2 is the latest at the time of writing

wget --no-check-certificate

Then move to an appropriate directory and extract the archive

tar -xvvzf check_mk-1.2.5i2.tar.gz

Since we installed apache and Nagios in the previous step we need to start the services as when we compile Check_MK it will automatically detect the services

service nagios start
service httpd start 

Now go into the directory where you extracted Check_MK and start the setup

cd /check_mk


Within the setup I followed most the defaults, it should automatically detect your Nagios installation and apache installation so just use the defaults. The program should compile without any errors

After the install restart Nagios & apache

service nagios restart
service httpd restart

As this is a brand new install you will need to setup a Nagios password to access the webpage

htpasswd -c /etc/nagios/passwd nagiosadmin

If you want PNP graphs which i would recommend then this can be installed via yum

yum -y install pnp4nagios.x86_64

Then you need to tell Nagios to use pnp4nagios for its performance data processing

nano /etc/nagios/objects/commands.cfg

Change the following

# 'process-host-perfdata' command definition
#define command{
#       command_name    process-host-perfdata
#       }

# 'process-service-perfdata' command definition
#define command{
#       command_name    process-service-perfdata
#       }

define command {
       command_name    process-service-perfdata
       command_line    /usr/bin/perl /usr/libexec/pnp4nagios/


define command {
       command_name    process-host-perfdata
       command_line    /usr/bin/perl /usr/libexec/pnp4nagios/ -d HOSTPERFDATA

Then view the nagios.cfg file to make sure its processing performance data, change the following if not already set

nano /etc/nagios/nagios.cfg

# These commands are run after every host and service check is
# performed.  These commands are executed only if the
# enable_performance_data option (above) is set to 1.  The command
# argument is the short name of a command definition that you
# define in your host configuration file.  Read the HTML docs for
# more information on performance data.


If like me you intend to use the livestatus and want remote access to it, you need to setup xinetd

nano /etc/xinetd.d/livestatus

Then copy the configuration below into the file

service livestatus
	type		= UNLISTED
	port		= 6557
	socket_type	= stream
	protocol	= tcp
	wait		= no
# limit to 100 connections per second. Disable 3 secs if above.
	cps             = 100 3
# set the number of maximum allowed parallel instances of unixcat.
# Please make sure that this values is at least as high as
# the number of threads defined with num_client_threads in
# etc/mk-livestatus/nagios.cfg
        instances       = 500
# limit the maximum number of simultaneous connections from
# one source IP address
        per_source      = 250
# Disable TCP delay, makes connection more responsive
	flags           = NODELAY
	user		= nagios
	server		= /usr/bin/unixcat
	server_args     = /var/spool/nagios/cmd/live
# configure the IP address(es) of your Nagios server here:
#	only_from       =
	disable		= no
service xinetd restart