fortigate more than one syslog setting

http://docs-legacy.fortinet.com/fgt/handbook/cli_html/index.html#page/FortiOS%205.0%20CLI/config_log.17.15.html

# config log syslogd setting
       # set status enable
       # set server [FQDN Syslog Server or IP]
       # set reliable [Activate TCP-514 or UDP-514 which means UDP is default]
       # set port [Standard 514]
       # set csv [enable | disable]
       # set facility [By Standard local7]
       # set source-ip [Source IP of FortiGate; By Standard 0.0.0.0]
       # end
 

{syslogd | syslogd2 | syslogd3} setting

Use this command to configure log settings for logging to a remote syslog server. You can configure the FortiGate unit to send logs to a remote computer running a syslog server.

Using the CLI, you can send logs to up to three different syslog servers. Configure additional syslog servers using syslogd2and syslogd3 commands and the same fields outlined below.

Syslog CLI commands are not cumulative. Using a syntax similar to the following is not valid: config log syslogd syslogd2 syslogd3 setting

Syntax

config log {syslogd | syslogd2 | syslogd3} setting

set status {enable | disable}

set csv {enable | disable}

set facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}

set port <port_integer>

set reliable {enable | disable}

set server <address_ipv4 | FQDN>

set source-ip <address_ipv4>

end

 

Variable	Description	Default
status {enable | disable}	Enter enable to enable logging to a remote syslog server.	disable
csv {enable | disable}	Enter enable to enable the FortiGate unit to produce the log in Comma Separated Value (CSV) format. If you do not enable CSV format the FortiGate unit produces plain text files.	disable
facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}	Enter the facility type. facility identifies the source of the log message to syslog. You might want to change facility to distinguish log messages from different FortiGate units. Available facility types are: •alert: log alert •audit: log audit •auth: security/authorization messages •authpriv: security/authorization messages (private) •clock: clock daemon •cron: cron daemon performing scheduled commands •daemon: system daemons running background system processes •ftp: File Transfer Protocol (FTP) daemon •kernel: kernel messages •local0 – local7: reserved for local use •lpr: line printer subsystem •mail: email system •news: network news subsystem •ntp: Network Time Protocol (NTP) daemon •syslog: messages generated internally by the syslog daemon	local7
port <port_integer>	Enter the port number for communication with the syslog server.	514
reliable {enable | disable}	Enable reliable delivery of syslog messages to the syslog server. When enabled, the FortiGate unit implements the RAW profile of RFC 3195 for reliable delivery of log messages to the syslog server. Reliable syslog protects log information through authentication and data encryption and ensures that the log messages are reliably delivered in the correct order.	disable
server <address_ipv4 | FQDN>	Enter the IP address of the syslog server that stores the logs. Host names must comply with RFC1035.	No default.
source-ip <address_ipv4>	Enter source IP address for syslogd, syslog2 and syslog3	0.0.0.0

wINODWS 2012 R2 time sync W32TM

w32tm /config /manualpeerlist:"192.168.31.2" /syncfromflags:manual /reliable:yes /update
w32tm /resync
w32tm/query /status


https://technet.microsoft.com/en-us/library/cc731191(v=ws.10).aspx



http://www.sysadminlab.net/windows/configuring-ntp-on-windows-server-2012

Start from scratch

If you completely screwed up the config, you can always do the following command and it will completely erase and add a default W32time configuration:

Stop-Service w32time
w32tm /unregister
w32tm /register

connect Load balancer and static route

LInux base,

connect Load balancer and static route

Web server gateway
Default route:
10.229.3.0 to 0.0.0.0 eth0
0.0.0.0 to 192.168.10.254 eth1 (to LB)

powershell reset office 365 password

reset password

PS C:\> Set-MsolUserPassword -UserPrincipalName "30234653@stu.scs.cuhk.edu.hk" -NewPassword "Lriwsajiu456"

powershell check inactive user

last logon server user account  over 400 days

Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 400 | ?{$_.enabled -eq $True} | Get-ADUser -Properties Name, sAMAccountName, givenName, sn | Select Name, sAMAccountName, givenName, sn


---------------------------------------------------------------------------------------------------------
Fine tune script over 400 days

Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 400 | Get-ADUser -Properties Name, sAMAccountName, givenName, sn | Select Name, sAMAccountName, givenName, sn > c:\report\test1.txt


Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 400 | Get-ADUser -Properties Name, sAMAccountName, givenName, sn | Select Name, sAMAccountName, givenName, sn | export-csv c:\report\test1.csv



-------------------------------------------------------------------------------------------------------

since day

Search-ADAccount -AccountInactive -DateTime 10/15/2015 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass –A > c:\temp\xxx.txt

-----------------------------------------------------------------------------------------------------
Base OU finding incative account

Search-ADAccount -UsersOnly -SearchBase "OU=Students,OU=SCS Users,DC=scs,DC=local" -AccountInactive -TimeSpan 400 | Get-ADUser -Properties Name, sAMAccountName, givenName, sn | Select Name, sAMAccountName, givenName, sn > c:\temp\test1.txt


"OU=Students,OU=SCS Users,DC=scs,DC=local"

Data center server 過熱對答

Dear Operator,

Recently our IBM SAN Storage DS4700 (installed at the bottom of Colo-2, CDC1 at PiChiu) has generated a lot of Critical Alerts, stating the device has exceeded its nominal temperature.
We have already tried our best to clear all unused objects around the device, and we checked the cooling system of the device is working properly, but the overheat situation still occur. Would you please help to take a look at this issue, and improve the cooling performance of Colo-2 accordingly?

Thank you very much.

Best regards,



------------------------------------------------------------------------------------------------------------------------------------------

We checked the temperature at the back side of COLO-2 was 31°C at 1000, July 24, 2017.  It is caused by compressor failure of one of the air conditioners in CDC1.  The anticipated recovered time of the captioned event is July 28, 2017 due to waiting for parts delivery.

At 1030, July 24, 2017, the on-duty computer operators had set up the cooling fan at the back side of COLO-2 and the temperature was dropped to 26°C at 1300, July 24, 2017.  We will monitor the temperature closely.

Please have a check of your servers in COLO-2.

Windows Time Sync

https://technet.microsoft.com/en-us/library/cc756549(v=ws.10).aspx

Verify

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To verify that the Windows Time service is synchronizing correctly:

1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
2. At the command prompt, type W32TM /resync, and then press ENTER.
3. At the command prompt, type W32TM /query /status, and then press ENTER. The command displays the status of the Windows Time service synchronization. The Last Successful Sync Time line of the output displays the date and time that you ran the W32TM /resync command in the previous step. Also, check the computer name that is shown as the Source. This should be the name of a domain controller (or administrator-configured time server).

To confirm that the Windows Time service was synchronized successfully with its time source when you ran the W32TM /resync command, verify that Event ID 35 appears in the Event Viewer.