Join domain ให้ Ubuntu เป็นสมาชิกของ domain
แก้ไขไฟล์ /etc/resolv.conf
1
| sudo nano /etc/resolv.conf |
ป้อนข้อมูลดังนี้
1
2
| search sci.com
nameserver 192.168.0.254 |
แก้ไขไฟล์ /etc/hostname
ป้อนข้อมูลดังนี้
Join domain โดยใช้คำสั่งดังนี้
1
2
| sudo apt-get install likewise-open
sudo domainjoin-cli join sci.com administrator |
Written by Komkid on February 17th, 2010 with no comments.
Read more articles on Admin and Networking and Ubuntu.
ติดตั้ง Ubuntu 8.04 Server
1.Boot จากแผ่นติดตั้ง เลือกภาษาที่จะใช้ในการติดตั้ง : English
2.เลือกการติดตั้ง : Install Ubuntu Server
3.เลือกภาษาสำหรับระบบ : English
4.เลือกประเทศ : other -> Thailand
5.Detect keyboard layout : No -> Thailand -> Thailand
6.เลือกปุ่มเปลี่ยนภาษา : Alt+Shift
7.ตั้งชื่อ Server : Go Back (เพื่อกลับไปตั้งค่า IP)
8.ตั้งค่า Network : Configure network manually
8.1 IP Address : 192.168.0.251
8.2 Netmask : 255.255.255.0
8.3 Gateway : 192.168.0.3
8.4 Name server : 192.168.0.254
9.ตั้งชื่อ Server : Server1
10.Domain : sci.com
11.จัดการ Partition : Guided – use entire disk -> Yes
12.ตั้งชื่อ user : System Administrator -> sa
13.ตั้งรหัสผ่านและยืนยัน : *** -> ***
14.ตั้งค่า proxy :
15.เลือก Software ที่จะติดตั้ง : OpenSSH server
16.Restart (หลังจากนี้สามารถ ssh มาจากเครื่องอื่นได้)
17.Login ด้วย User ที่สร้าง
18.กรณีไม่ได้ตั้งค่า IP ในขั้นตอนที่ 8 ตั้งค่าได้โดยใช้คำสั่ง
1
| sudo nano /etc/network/interfaces |
แก้ไขให้เป็นดังนี้
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| # The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.0.251
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.3
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 192.168.0.254
dns-search sci.com |
19.Update and Upgrade
1
2
3
| sudo apt-get update
sudo apt-get upgrade
reboot |
ติดตั้ง Time Server
1
2
| sudo apt-get install ntp
sudo nano /etc/ntp.conf |
แก้ไขให้เป็นดังนี้
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
| # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
#statistics loopstats peerstats clockstats
#filegen loopstats file loopstats type day enable
#filegen peerstats file peerstats type day enable
#filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
server 203.185.69.60 dynamic
server time.navy.mi.th dynamic
server time.nist.gov dynamic
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
broadcastdelay 0.008
keys /etc/ntp/keys
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
#restrict -4 default kod notrap nomodify nopeer noquery
restrict default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
#restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient |
restart ntp service
1
| sudo /etc/init.d/ntp restart |
ตั้งค่า linux เครื่องอื่นให้มารับเวลาจากเครื่องนี้
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
| # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
#statistics loopstats peerstats clockstats
#filegen loopstats file loopstats type day enable
#filegen peerstats file peerstats type day enable
#filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three). (192.168.0.251 is Log Server)
server 192.168.0.251
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
#restrict -4 default kod notrap nomodify nopeer noquery
#restrict -6 default kod notrap nomodify nopeer noquery
restrict default ignore
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
#restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated. (192.168.0.251 is Log Server)
restrict 192.168.0.251 mask 255.255.255.255 nomodify notrap noquery
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient |
ตั้งค่า Windows ให้มารับเวลาจากเครื่องนี้ โดยใช้ regedit.exe (save เป็นไฟล์นามสกุล .reg แล้ว double click)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]
"AnnounceFlags"=dword:00000005
"MaxNegPhaseCorrection"=dword:00000e10
"MaxPosPhaseCorrection"=dword:00000e10
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]
"NtpServer"="192.168.0.251,0x1"
"Type"="NTP"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient]
"SpecialPollInterval"=dword:00000384
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]
"Enabled"=dword:00000001
|
ติดตั้ง Syslog-NG และ PHP SYSLOGVIEWER
1.ติดตั้ง apache
1
| sudo apt-get install apache2 |
2.ดาวน์โหลดและเตรียมติดตั้ง PHP SYSLOGVIEWER
1
2
3
| wget http://jaist.dl.sourceforge.net/sourceforge/phpsyslogviewer/phpsyslogviewer-7.2.1.tar.bz2
tar xjvf phpsyslogviewer-7.2.1.tar.bz2
cd phpsyslogviewer-7.2.1 |
3.ติดตั้ง mysql-server
1
| sudo apt-get install mysql-server |
4.ติดตั้ง phpmyadmin ไว้ช่วยจัดการฐานข้อมูล
1
| sudo apt-get install phpmyadmin |
5.สร้างฐานข้อมูล
1
2
3
4
| mysql -u root -p
mysql> create database syslogng;
mysql> exit;
mysql -u root -p syslogng < install/phpsyslogviewer.sql |
6.ติดตั้ง php-cli
1
| sudo apt-get install php5-cli |
7.สร้างรายชื่อผู้ใช้
1
2
| php install/newuser.sql.php
php install/newuser.sql.php | mysql -u root -p syslogng |
8.สร้างหน้า web
1
2
3
4
| cp -R htdocs /var/www/phpsyslogviewer
nano /var/www/phpsyslogviewer/config.php
chown root:www-data /var/www/phpsyslogviewer/config.php
chmod 440 /var/www/phpsyslogviewer/config.php |
9.ลองเข้าดูได้ที่ http://192.168.0.251/phpsyslogviewer
10.เพิ่มความเร็วในการเก็บ log เข้า MySQL ด้วย speedupd
1
2
3
4
5
6
7
8
9
10
11
| wget http://jaist.dl.sourceforge.net/sourceforge/phpsyslogviewer/speedupd-7.3.2.tar.bz2
tar xjvf speedupd-7.3.2.tar.bz2
cd speedup-7.3.2/
apt-get install debhelper cmake libdaemon-dev libconfuse-dev fakeroot
apt-get install build-essential libmysqlclient15-dev
dpkg-buildpackage -rfakeroot
cd ..
dpkg -i speedupd_7.3.0_i386.deb
nano /etc/speedupd.conf
update-rc.d speedupd defaults
/etc/init.d/speedupd start |
ติดตั้ง Syslog-NG
1.ติดตั้ง
1
| sudo apt-get install syslog-ng |
2.ตั้งค่า
1
| nano /etc/syslog-ng/syslog-ng.conf |
ป้อนข้อมูลดังนี้
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
| options {
recv_time_zone (+07 :00 );
send_time_zone (+07 :00 );
sync (0 );
time_reopen (100 );
log_fifo_size (1000 );
long_hostnames (off );
use_dns (no );
use_fqdn (no );
create_dirs (yes );
chain_hostnames (yes );
keep_hostname (yes );
};
source s_sys {
file ("/proc/kmsg" log_prefix ("kernel: "));
unix -stream ("/dev/log");
internal ();
#udp(ip(0.0.0.0) port(514));
#tcp(ip(0.0.0.0) port(514) keep-alive(yes));
};
destination d_mysql {
pipe ("/var/log/mysql.pipe"
template ("INSERT INTO logs (host, facility, priority, level, tag, datetime, program, msg) VALUES ( '$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY $HOUR:$MIN:$SEC', '$PROGRAM', '$MSG' );\n")
template -escape (yes ));
};
filter f_filter1 { facility (kern ); };
filter f_filter2 { level (info ..emerg ) and not facility (mail,authpriv ,cron ); };
filter f_filter3 { facility (authpriv ); };
filter f_filter4 { facility (mail); };
filter f_filter5 { level (emerg ); };
filter f_filter6 { facility (uucp ) or (facility (news ) and level (crit ..emerg )); };
filter f_filter7 { facility (local7 ); };
filter f_filter8 { facility (cron ); };
log { source (s_sys ); filter (f_filter1 ); destination (d_mysql ); };
log { source (s_sys ); filter (f_filter2 ); destination (d_mysql ); };
log { source (s_sys ); filter (f_filter3 ); destination (d_mysql ); };
log { source (s_sys ); filter (f_filter4 ); destination (d_mysql ); };
log { source (s_sys ); filter (f_filter5 ); destination (d_mysql ); };
log { source (s_sys ); filter (f_filter6 ); destination (d_mysql ); };
log { source (s_sys ); filter (f_filter7 ); destination (d_mysql ); };
log { source (s_sys ); filter (f_filter8 ); destination (d_mysql ); };
#####################################################################
# Source from remote client
source s_client {
tcp (ip (0 .0 .0 .0 ) port (514 ) keep -alive (yes ) max -connections (300 ));
udp (ip (0 .0 .0 .0 ) port (514 ));
};
log {source (s_client ); destination (d_mysql ); }; |
3.สร้างคำสั่งสำหรับเขียนลง mysql
1
| nano /usr/local/bin/syslog2mysql.sh |
ป้อนคำสั่งดังนี้
1
2
3
4
5
6
7
8
9
| #!/bin/bash
if [ ! -e /var/log/mysql.pipe ]
then
mkfifo /var/log/mysql.pipe
fi
while [ -e /var/log/mysql.pipe ]
do
mysql -u root --password=*** syslogng < /var/log/mysql.pipe > /dev/null
done |
ทำให้คำสั่ง execute ได้
1
| chmod +x /usr/local/bin/syslog2mysql.sh |
4.ทำให้ script run ทุกครั้งที่ boot
1
| nano /etc/init.d/syslog2mysql |
ป้อนคำสั่งดังนี้
1
2
3
4
5
6
7
8
9
10
11
12
13
14
| #!/bin/sh
# run syslog2mysql.sh at boot
case "$1" in
'start')
sh /usr/local/bin/syslog2mysql.sh &
;;
'stop')
;;
*)
echo "Usage: $0 { start | stop }"
;;
esac
exit 0 |
ทำให้ execute ได้แล้วเพิ่ม startup link ใน RC
1
2
| sudo chmod +x /etc/init.d/syslog2mysql
sudo update-rc.d syslog2mysql defaults |
run script แล้วก็ restart syslog-ng
1
2
| /etc/init.d/syslog2mysql start
/etc/init.d/syslog-ng restart |
5.ติดตั้ง Syslog-NG ที่ Linux Server เครื่องอื่นและตั้งค่าให้ส่ง log มาเก็บที่เครื่องนี้
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
| options {
sync (0 );
time_reopen (10 );
log_fifo_size (1000 );
long_hostnames (off );
use_dns (no );
use_fqdn (no );
create_dirs (yes );
keep_hostname (yes );
};
source s_sys {
file ("/proc/kmsg" log_prefix ("kernel: "));
unix -stream ("/dev/log");
internal ();
#udp(ip(0.0.0.0) port(514));
#tcp(ip(0.0.0.0) port(5149) keep-alive(yes));
};
destination logserver { tcp ("192.168.0.251" port (514 )); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog" sync (10 )); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_kern { file("/var/log/kern"); };
destination d_mlal { usertty ("*"); };
filter f_filter1 { facility (kern ); };
filter f_filter2 { level (info ..emerg ) and not (facility (mail) or facility (authpriv ) or facility (cron )); };
filter f_filter3 { facility (authpriv ); };
filter f_filter4 { facility (mail); };
filter f_filter5 { level (emerg ); };
filter f_filter6 { facility (uucp ) or (facility (news ) and level (crit ..emerg )); };
filter f_filter7 { facility (local7 ); };
filter f_filter8 { facility (cron ); };
# Remove the 'squid' log entries from 'user' log facility
filter f_remove { not program ("squid"); };
log { source (s_sys ); filter (f_filter1 ); destination (d_cons ); };
log { source (s_sys ); filter (f_filter1 ); destination (d_kern ); };
log { source (s_sys ); filter (f_filter2 ); filter (f_remove ); destination (d_mesg ); };
log { source (s_sys ); filter (f_filter3 ); destination (d_auth ); };
log { source (s_sys ); filter (f_filter4 ); destination (d_mail ); };
log { source (s_sys ); filter (f_filter5 ); destination (d_mlal ); };
log { source (s_sys ); filter (f_filter6 ); destination (d_spol ); };
log { source (s_sys ); filter (f_filter7 ); destination (d_boot ); };
log { source (s_sys ); filter (f_filter8 ); destination (d_cron ); };
filter f_squid { program ("squid") and facility (user ); };
destination d_squid {
file("/var/log/$HOST/$YEAR/$MONTH/squid.$YEAR-$MONTH-$DAY"
owner (root ) group (adm ) perm (665 )
create_dirs (yes ) dir_perm (0775 ));
};
log { source (s_sys ); filter (f_squid ); destination (d_squid ); };
log { source (s_sys ); destination (logserver ); }; |
6.ส่ง Log จาก Windows Server มาเครื่องนี้
6.1 Download Lasso (Windows Event Collector) จาก http://open.loglogic.com
6.2 ตั้งค่า hostlist.ini
6.3 ตั้งค่า lasso.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
| SkipInitDLLScan,0
LogAppliance,192.168.0.251
RepositoryPath,C:\Program Files\Lasso\LassoRepository\
SpoolPath,C:\Program Files\Lasso\LassoRepository\Spool\
EventPollInterval,10
SpoolFileSize,1.0
WatermarkWriteInterval,100
MaxTraceFileSize,20
MaxNumWorkerThreads,4
DllLoadInterval,3600
HighWaterMarks,ON
#DefaultLassoShare,LassoShare=C:\LassoTemp
CheckHostListInterval,3600
NewHostSkipHistorical,0
EnableShareDlls,1
CheckRemHostAvail,0
EnableAdminSharesIfDisabled,0
DebugLevel,0
LogLevel,1
DebugHostFileSize,20
AccessReport,0 |
6.4 start service Lasso Windows Event Collector
Written by Komkid on February 17th, 2010 with no comments.
Read more articles on Admin and Internet and Networking and Ubuntu.
