Option 1 – Quick and Dirty

You can quickly turn on logging by typing in the following into the server shell:

rndc querylog

Then you can follow the information in the standard syslog.

tail -f /var/log/syslog

You should see output like the following letting you know that queries are now logged:

Sep 14 22:23:20 ns01.companya.local named[7896]: query logging is now on

<h3>Option 2 – Full and Stored Logs</h3>
If you want to store full logs that you can go back to at a later date you’ll need to make some changes to the BIND configuration.

Logon to your shell as usual, and type the following:
nano /etc/bind/named.conf

Put in the following code at the bottom:

logging {
channel query.log {
file “/var/log/query.log”;
severity debug 3;
category queries { query.log; };

Now we need to create the log:

touch /var/log/query.log

Make it writable by the BIND process:

chown named.named /var/log/query.log

Give BIND a reboot:

service bind9 restart

And now you should be able to follow the queries as any other log:

tail -f /var/log/query.log



Connect to xbian using ssh

Default username xbian password raspberry

Perform package update and upgrade

[email protected]:/home/xbian#apt-get update
[email protected]:/home/xbian#apt-get upgrade –y

Install xbian optimized transmission binary

[email protected]:/home/xbian#apt-get install -y -o Dpkg::Options::=”–force-confdef” -o Dpkg::Options::=”–force-confold” xbian-package-transmission


1. Default download location is at /home/xbian
2. Access webui via http://xbianip:9091
3. Default webui login admin password raspberry

It seems that Ubuntu/Debian (or perhaps other distros as well) prefer IPv6 DNS records instead of IPv4 when applicable and some times this results in loss of connectivity or similar problems.
I ran into this issue today while trying to update an old VPS with apt-get/aptitude. Specifically, security.ubuntu.com was being resolved in an unreachable IPv6 address and I had to wait some minutes for timeout every time.
Fortunately, there is an easy fix for this; you just have to edit the file located at: /etc/gai.conf which is the configuration for getaddrinfo(). There you have to uncomment line ~54 which reads: “precedence ::ffff:0:0/96 100″, and you are all set! (assuming that every other option is commented out by default as in my case).


Reference: http://bruteforce.gr/make-apt-get-use-ipv4-instead-ipv6.html

Network Topology

From Dashboard-Network Topology-click on any nodes and getting this error “It appears as though you do not have permission to view information for any of the services you requested…
If you believe this is an error, check the HTTP server authentication requirements for accessing this CGI
and check the authorization options in your CGI configuration file.”
Edit /omd/sites/xxx/etc/nagios/cgi.cfg, look for below variable and change to * (all authenticated users)

Then restart apache


Posted in NMS.

SanDisk Mobile Ultra Micro SDHC
Screen Shot 2014-12-14 at 11.36.02 PM

SanDisk Ultra Micro SDHC
Screen Shot 2014-12-14 at 11.36.25 PM

There’s no differences in term of performance or physical appearance. I found this solid answer:

I rang Technical Support at SanDisk to ask what’s the difference between “Mobile Ultra” and “Ultra”

“Mobile Ultra” and “Ultra” are the same card, the name difference was just for marketing purposes, to show people the card could be used in mobiles. However the plan backfired and people thought they couldn’t use “Mobile Ultra” in their camera, so the name was dropped.

To decipher the codes such as SDSDQUA-032G-U46A:
SDSD=sd card
Q =class 4 (black) available in 2,4,8,16,32GB
QY =class 6 “Ultra” (red & grey) available in 4GB (8,16,32gb discontinued but still on sale)
QUA=class 10 “Ultra” 8,16,32=SDHC 64=SDXC* (UHS-I = UHS class 1 = 10mb/s #)
QUI=class 10 “Ultra” apparently “designed for cameras” and NOT the same card (black packaging)
-U46=EU [email protected]
-A11=US [email protected]
-FFP=Amazon frustration free [email protected]
A=picture of android on package

* Compatible devices only
# If used in a non UHS-I compliant phone, it will revert to class 10
@ If it doesn’t have a code at the end, it’s not covered by SanDisk warranty


What is SSL Cipher Suite?
A cipher suite is a named combination of authentication, encryption, message authentication code (MAC) and key exchange algorithms used to negotiate the security settings for a network connection using the Transport Layer Security (TLS) / Secure Sockets Layer (SSL) network protocol

Below bash script gets a list of supported cipher suites from OpenSSL and tries to connect using each one. If the handshake is successful, it prints YES. If the handshake isn’t successful, it prints NO, followed by the OpenSSL error text.

#!/usr/bin/env bash

# OpenSSL requires the port number.
ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g')

echo Obtaining cipher list from $(openssl version).

for cipher in ${ciphers[@]}
echo -n Testing $cipher...
result=$(echo -n | openssl s_client -cipher "$cipher" -connect $SERVER 2>&1)
if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher    :" ]] ; then
  echo YES
  if [[ "$result" =~ ":error:" ]] ; then
    error=$(echo -n $result | cut -d':' -f6)
    echo NO \($error\)
    echo $result
sleep $DELAY

Here’s sample output showing 3 unsupported ciphers, and 1 supported cipher:

[@linux ~]$ ./test_ciphers
Obtaining cipher list from OpenSSL 0.9.8k 25 Mar 2009.
Testing ADH-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA...NO (sslv3 alert handshake failure)
Testing DHE-DSS-AES256-SHA...NO (sslv3 alert handshake failure)
Testing AES256-SHA...YES


Posted in OS.


Using Microsoft Windows built in VPN Client to connect to remote PPTP VPN server through Cisco ASA firewall.


Error 619


In ASA Firewall, enter below command.
ASA-active#conf t
ASA-active(config)#policy-map global_policy
ASA-active(config-pmap)# class inspection_default
ASA-active(config-pmap-c)#inspect pptp
ASA-active(config)#access-list $Inbound_Interface_ACL permit gre $source_ip/network any
ASA-active(config)#access-list $Inbound_Interface_ACL permit permit tcp $source_ip/network any eq pptp

Common Troubleshooting in Windows VPN Client

1. Open VPN Properties window, go to Security tab.
2. Change “Type of VPN” to PPTP


Received error “Could not bind UDP syslog input to address /, Failed to bind to: /, Address already in use” when adding log input using UDP 514 (default syslog port).


In UNIX/LINUX, assigned port 1024 and below require root privilege. Either you run graylog2 as root (not recommended) or follow below workaround.


1. Create new Syslog UDP inputs and listen to any port (ex: 5514).
2. Manipulate traffic using iptable:
iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport 514 -j REDIRECT --to-ports 5514


I have 4 dhcp server (in 2 failover cluster) running in Windows Server 2012 R2 with Mac filter enabled.


Failover cluster will not synchronize Mac filter database, for adding new record we have to do it manually in all dhcp server.


PowerShell script to add Mac filter to multiple server

$mac = Read-Host 'ENTER MAC ADDRESS'
$des = Read-Host 'ENTER DESCRIPTION'
Add-DhcpServerv4Filter -List Allow -MacAddress $mac -Description $des -ComputerName dhcp01.domain.local -Verbose
Add-DhcpServerv4Filter -List Allow -MacAddress $mac -Description $des -ComputerName dhcp02.domain.local -Verbose
Add-DhcpServerv4Filter -List Allow -MacAddress $mac -Description $des -ComputerName dhcp03.domain.local -Verbose
Add-DhcpServerv4Filter -List Allow -MacAddress $mac -Description $des -ComputerName dhcp04.domain.local -Verbose

object-group network og-rfc1918 /8 /12 /16
ip access-list extended acl-nat
permit ip object-group og-rfc1918 any
route-map rm-site-a
match ip address acl-nat
match interface FastEthernet0/0
route-map rm-site-b
match ip address acl-nat
match interface FastEthernet1/0
ip nat inside source route-map rm-site-a interface FastEthernet0/0 overload
ip nat inside source route-map rm-site-b interface FastEthernet1/0 overload

This keeps things a bit simpler because the router can rely on the routing table to figure out which NAT table to use based on the destination rather than hard-coding the destination into the ACLs.