2018年3月13日 星期二

fortigate more than one syslog setting

http://docs-legacy.fortinet.com/fgt/handbook/cli_html/index.html#page/FortiOS%205.0%20CLI/config_log.17.15.html

# config log syslogd setting
       # set status enable
       # set server [FQDN Syslog Server or IP]
       # set reliable [Activate TCP-514 or UDP-514 which means UDP is default]
       # set port [Standard 514]
       # set csv [enable | disable]
       # set facility [By Standard local7]
       # set source-ip [Source IP of FortiGate; By Standard 0.0.0.0]
       # end
 


{syslogd | syslogd2 | syslogd3} setting
Use this command to configure log settings for logging to a remote syslog server. You can configure the FortiGate unit to send logs to a remote computer running a syslog server.
Using the CLI, you can send logs to up to three different syslog servers. Configure additional syslog servers using syslogd2and syslogd3 commands and the same fields outlined below.
 
Syslog CLI commands are not cumulative. Using a syntax similar to the following is not valid:
config log syslogd syslogd2 syslogd3 setting
Syntax
config log {syslogd | syslogd2 | syslogd3} setting
end
 
Variable
Description
Default
status {enable | disable}
Enter enable to enable logging to a remote syslog server.
disable
csv {enable | disable}
Enter enable to enable the FortiGate unit to produce the log in Comma Separated Value (CSV) format. If you do not enable CSV format the FortiGate unit produces plain text files.
disable
facility {alert | audit | auth | authpriv | clock | cron | daemon | ftp | kernel | local0 | local1 | local2 | local3 | local4 | local5 | local6 | local7 | lpr | mail | news | ntp | syslog | user | uucp}
Enter the facility type. facility identifies the source of the log message to syslog. You might want to change facility to distinguish log messages from different FortiGate units. Available facility types are:
alert: log alert
audit: log audit
auth: security/authorization messages
authpriv: security/authorization messages (private)
clock: clock daemon
cron: cron daemon performing scheduled commands
daemon: system daemons running background system processes
ftp: File Transfer Protocol (FTP) daemon
kernel: kernel messages
local0 – local7: reserved for local use
lpr: line printer subsystem
mail: email system
news: network news subsystem
ntp: Network Time Protocol (NTP) daemon
syslog: messages generated internally by the syslog daemon
local7
port <port_integer>
Enter the port number for communication with the syslog server.
514
reliable {enable | disable}
Enable reliable delivery of syslog messages to the syslog server. When enabled, the FortiGate unit implements the RAW profile of RFC 3195 for reliable delivery of log messages to the syslog server.
Reliable syslog protects log information through authentication and data encryption and ensures that the log messages are reliably delivered in the correct order.
disable
server <address_ipv4 | FQDN>
Enter the IP address of the syslog server that stores the logs.
Host names must comply with RFC1035.
No default.
source-ip <address_ipv4>
Enter source IP address for syslogd, syslog2 and syslog3
0.0.0.0

2017年9月29日 星期五

wINODWS 2012 R2 time sync W32TM

w32tm /config /manualpeerlist:"192.168.31.2" /syncfromflags:manual /reliable:yes /update
w32tm /resync
w32tm/query /status


https://technet.microsoft.com/en-us/library/cc731191(v=ws.10).aspx



http://www.sysadminlab.net/windows/configuring-ntp-on-windows-server-2012


Start from scratch
If you completely screwed up the config, you can always do the following command and it will completely erase and add a default W32time configuration:
Stop-Service w32time
w32tm /unregister
w32tm /register

2017年9月28日 星期四

connect Load balancer and static route

LInux base,

connect Load balancer and static route


Web server gateway
Default route:
10.229.3.0 to 0.0.0.0 eth0
0.0.0.0 to 192.168.10.254 eth1 (to LB)

powershell reset office 365 password

reset password

PS C:\> Set-MsolUserPassword -UserPrincipalName "30234653@stu.scs.cuhk.edu.hk" -NewPassword "Lriwsajiu456"

2017年7月24日 星期一

powershell check inactive user

last logon server user account  over 400 days

Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 400 | ?{$_.enabled -eq $True} | Get-ADUser -Properties Name, sAMAccountName, givenName, sn | Select Name, sAMAccountName, givenName, sn


---------------------------------------------------------------------------------------------------------
Fine tune script over 400 days

Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 400 | Get-ADUser -Properties Name, sAMAccountName, givenName, sn | Select Name, sAMAccountName, givenName, sn > c:\report\test1.txt


Search-ADAccount -UsersOnly -AccountInactive -TimeSpan 400 | Get-ADUser -Properties Name, sAMAccountName, givenName, sn | Select Name, sAMAccountName, givenName, sn | export-csv c:\report\test1.csv



-------------------------------------------------------------------------------------------------------

since day

Search-ADAccount -AccountInactive -DateTime 10/15/2015 | where {$_.ObjectClass -eq 'user'} | FT Name,ObjectClass –A > c:\temp\xxx.txt

-----------------------------------------------------------------------------------------------------
Base OU finding incative account

Search-ADAccount -UsersOnly -SearchBase "OU=Students,OU=SCS Users,DC=scs,DC=local" -AccountInactive -TimeSpan 400 | Get-ADUser -Properties Name, sAMAccountName, givenName, sn | Select Name, sAMAccountName, givenName, sn > c:\temp\test1.txt


"OU=Students,OU=SCS Users,DC=scs,DC=local"

Data center server 過熱對答

Dear Operator,

Recently our IBM SAN Storage DS4700 (installed at the bottom of Colo-2, CDC1 at PiChiu) has generated a lot of Critical Alerts, stating the device has exceeded its nominal temperature.
We have already tried our best to clear all unused objects around the device, and we checked the cooling system of the device is working properly, but the overheat situation still occur. Would you please help to take a look at this issue, and improve the cooling performance of Colo-2 accordingly?

Thank you very much.

Best regards,



------------------------------------------------------------------------------------------------------------------------------------------
We checked the temperature at the back side of COLO-2 was 31°C at 1000, July 24, 2017.  It is caused by compressor failure of one of the air conditioners in CDC1.  The anticipated recovered time of the captioned event is July 28, 2017 due to waiting for parts delivery.

At 1030, July 24, 2017, the on-duty computer operators had set up the cooling fan at the back side of COLO-2 and the temperature was dropped to 26°C at 1300, July 24, 2017.  We will monitor the temperature closely.


Please have a check of your servers in COLO-2.

2017年5月3日 星期三

Windows Time Sync

https://technet.microsoft.com/en-us/library/cc756549(v=ws.10).aspx


Verify

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To verify that the Windows Time service is synchronizing correctly:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type W32TM /resync, and then press ENTER.
  3. At the command prompt, type W32TM /query /status, and then press ENTER. The command displays the status of the Windows Time service synchronization. The Last Successful Sync Time line of the output displays the date and time that you ran the W32TM /resync command in the previous step. Also, check the computer name that is shown as the Source. This should be the name of a domain controller (or administrator-configured time server).
To confirm that the Windows Time service was synchronized successfully with its time source when you ran the W32TM /resync command, verify that Event ID 35 appears in the Event Viewer.