Mar 14

Monitoring HP Windows Servers with Nagios

I want to love Nagios, I really do. The learning curve has been a bit steep but I think it’s finally paying off.

One problem that I continued to have no luck with was monitoring HP servers. Obviously I was interested in monitoring things like temperature, RAID status, failures, etc.

For reference, I am currently running the following on my Nagios server:

CentOS 6.4
Nagios Core 3.5.1
Adagios 1.40

I’m assuming that you’ve added hosts, understand how to install NSClient++, and have a basic understanding of what’s under the hood with Nagios, including installing plugins.

The test server I am trying to pull SNMP data from is a DL380 G7 running Server 2008 R2. I have all HP System Management tools installed and am using the check_hpasm plugin.

Adding hosts with Adagios is really easy thanks to OKConfig. After adding the host I went ahead and installed NSClient++ and restarted Nagios. I checked the host in the Status pane and I can confirm that the basic Windows checks are working.

Basic checks working...one in the red

But the one that’s not is super important to me, which is the HP plugin. Drilling down to the alert for the specific service on this host, I see this:

SNMP error, wrong device???

SNMP error, wrong device???

CRITICAL – could not contact snmp agent, wrong device is the error I see.

Just for fun (and because rechecks from the web GUI are sometimes slow) I ran the command from the CLI:

/usr/lib64/nagios/plugins/check_hpasm -H -C public --perfdata=long -v

This gave me the same error, but at least it’s consistent.

Googling that didn’t give me too much. Lots of recommendations of what needed to be running on the client side, but most of these posts were referencing *nix running on HP, not Windows. Other recommendations were to install/update the Perl SNMP modules from CPAN, but that all looked good.

Instead, I started digging into how SNMP was running on the Windows side. First of all, I confirmed that the HP Management Agent was running, as well as the SNMP service in Windows.

Next, I poked around the System Management Homepage. I browsed to Settings » SNMP Webagent » SNMP & Agent Settings. Under Security I found what I was looking for.

HP's SNMP settings

HP’s SNMP settings

So two options, accept from ANY host or from a defined host list. By default only localhost is allowed; by separating each host with a semicolon, then applying and restarting agents, polling began to work as expected.


It works!

All green in the status pane

And that’s it. One quick check in the Status Pane to confirm it’s looking pretty and I’m done.

I expect to continue playing with Nagios and working towards a write-up that will describe some of the nuances I hit.


Sep 13

Have Raspberry Pi Email Your IP

Hi all.

I was scrolling through reddit when I noticed a post in the /r/raspberry_pi section.

In the post, the user is showing how he plugs in his Pi to the school network but then has to IP scan the network to find his Pi since he’s running it headless.

I guess that works, especially with using native shell commands to form a ping sweep.

But that might be against the network’s terms, he might have trouble finding it if he doesn’t know the subnet, who knows.

So I whipped up a script to kick off a cron job after boot to run a script which will give us the Pi’s IP if your’e running headless.

First off, we need some packages installed and configured. My example uses Gmail as the SMTP server.

You’d do the following:

sudo apt-get install mailutils
sudo apt-get install ssmtp
sudo vi /etc/ssmtp/ssmtp.conf

Add the following:


Now to make the script:

#! /bin/bash
#Wait to ensure system is up with an IP
sleep 60
#Set variable to get interface's IP assuming interface is eth0
IP=$(/sbin/ifconfig eth0 | grep -E '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
#Send mail to admin with IP address in body
#Set subject
SUBJECT="Pi's Current IP"
# Email To ?
# Email text/message
echo "Your IP is:"> $EMAILMESSAGE
# send an email using /bin/mail
/usr/bin/mail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE

So what we’re doing here is waiting to ensure the system is up, parsing ifconfig’s output with grep for the relevant string we’d like, and then forming a quick email message to deliver via the previously installed packages.

Now all that’s left to do is to configure it as a cron job.

crontab -e

And add

@reboot /path/to/script

And that should be it. Anytime your Pi boots or reboots, it’ll kick out an email after a minute with it’s IP.



Apr 13

Quick and Easy XenServer to Hyper-V Conversion

Lately I’ve been standing up more and more Hyper-V hosts – I’d estimate my environment is 80% virtual at this point with a total of 20 servers.

I had one remaining XenServer with about 4 VMs running on it.  I wanted an easy way to move these VMs to Hyper-V.  I tried using the XenCenter GUI to export to a workable format but that kept failing – unfortunately I don’t have any screenshots since this was done a while ago so the exact errors escape me.

This was tested on XenServer 5.6

My process was:

  • Decide where to export the converted virtual machines to.  I opted for an SMB share on a NAS, but you can easily adjust to save to a USB drive or to local storage, if you’d like.
  • Power down the virtual machine you’re moving
  • Log in to console, drop to shell on the XenServer host.
  • Install XenConvert on your Windows machine, link here
  • Export your VM using:

xe vm-export vm=VMNAME filename=/path/tofile/filename.xva>, preferably to a mounted share.  For example, xe vm-export vm=appserver1 filename = /mnt/export/appserver1.xva

  • Open the XVA in XenConvert and follow the prompts to convert it into an OVF.
  • Once the OVF is saved, browse to the folder. The VHD should be inside.
  • Create the machine in Hyper-V with the VHD attached. Remember to install Hyper-V guest additions and to check network settings.

That should be it!  This was the easiest way I found to convert virtual machines from XenServer to Hyper-V VHDs.

Apr 13

Disable Time Synchronization on All Virtual Machines

The scenario that started my day: One of my programmers complains of time-drift on his workstation. His machine has synced to a VM domain controller, which is odd, since it’s not the PDC, doesn’t hold any FSMO roles…I’ll figure that out later.

I recall reading about the time synchronization integration feature that Hyper-V has, and the problems it can cause with VM time settings. I want to query my Hyper-V server and see if the feature is enabled for any of the VMs.

Normally I’d pull up the Hyper-V Manager GUI, right click the VM, go to integration services, blahblahblah…


Lately I’ve been looking into more and more automation – the sentiment of “Work smarter, not harder” comes to mind. If you’re a Windows admin, this means your gonna have to crack your knuckles and launch into Powershell.

For some time I’ve dreamed of being a Powershell guru – I’ve always been jealous of the guys who bang out amazing one-liners in bash, creating miracles in strings.

Sure, I’ve “scripted” a bit. I know many can relate to this: putting scripts together can be a collage-type experience; that is, Googling each piece and pulling snippets from the various resources, a little regex from StackOverflow, some modification followed by trial and error from a Technet thread, a random tool pulled from some guy’s blog.

But more and more I want to learn the tools and syntax so I can do things my way first and only ask for help later.

I’ll assume:

  • You already have RSAT tools installed/enabled on whatever machine you’re connecting from
  • You understand the terrible oversight of Microsoft to only allow 2012 management tools to be installed on Windows 8.
  • Additionally, these tools don’t allow backwards compatibility, so if you’re still using a 2008/2008 R2 HV server, you’ll need Win 7 or Server 2008 to connect via a GUI or cmdlet.

My goals:

  • Find all servers which have time sync enabled as a Hyper-V integration feature.
  • Disable feature on all servers

Note:  I’ve only tested this from my Windows 8 machine connecting to my 2012 Hyper-V server.

Open up Powershell and run:

Import-Module Hyper-V

Next, run:

Get-VMIntegrationservice -Name 'Time Synchronization' -ComputerName HYPERVHOST -vmname *

This cmdlet queries your HV host for the Time Synchronization feature and accepts the * wildcard for VMname, listing the features status on all VMs.

Ready to turn the feature off?

Disable-VMIntegrationService -name 'Time Synchronization' -Computername HYPERVHOST -Vmname *

Same idea, but instead of a query, this cmdlet disables the feature. You can run the previous command to confirm it’s now disabled on all machines.

That’s it?  Yup.  Quick and easy.

Feb 13

Delete A Message From All Mailboxes in Exchange 2010

I have an external service which provides blacklist and RBL filtering, as well as SPAM fingerprinting.  It’s pretty effective.  Even so, here’s one that comes up fairly regularly:  an email with a malicious link makes it into many user’s mailboxes.

Usually this sender is trusted, such as an employee’s personal email address, a customer’s address, or the like.  With that, lots of people will assume it’s legit and click the link…and it’s off to the races depending how well you’re patched against things like the recent wave of Java 0-days.

In this scenario, I received such email from a known good customer.  In the To and CC lines, I saw many people in my organization ended up on the receiving end of this email, too.

Here’s a quick Powershell script to run that’ll scoop out emails from your Exchange store using any combination of subject, from sender, and sent date.

Get-Mailbox -resultsize unlimited | Search-Mailbox -SearchQuery “Subject:xxxxxx",”From:user@yahoo.com”,”Sent:02/22/2013" –DeleteContent -TargetMailbox “youraddress@domain.com” -TargetFolder “export-folder”  -loglevel full

Ok, so let’s look at that really quickly.  We’re using the Exchange Powershell module and calling the Get-Mailbox cmdlet with no extra arguments other than “-resultsize unlimited”.  This makes the entire mailstore your searchbase.  Next, we pipe the search base to “search-mailbox” with our query criteria.  Like I mentioned, you can mix and match based on what you have to work with – so if the message you need deleted has no subject, take that out, if it’s from random email addresses but has a common subject, take that out.

The last part is DeleteContent with a target mailbox.  This should be an admin users’ box – what this does is it deletes mail from any other users’ box and drops it into your TargetFolder (if this folder doesn’t exist, it’ll be created for you).  Now you can verify all the messages you wanted deleted are present in Outlook/OWA and erase the folder.  Malicious message gone from your Exchange server!


Remember, the more specific you are, the better.  Searching for any email with the subject of “Hey” mailed last Thursday WILL delete all messages that match, legit or not.

Also useful for when you send the embarrassing tale of your weekend escapades to “All” instead of “Allie”, the cute girl in accounting.