viernes, 24 de marzo de 2017

Cisco. LOOPGUARD. Traffic limited.

In our case, a symptom that our Cisco Swich has reached the limit of its traffic management capacity at moment in  time is the  "LOOPGUAR_BLOCK" and "LOOPGUAR_BLOCK" alerts

At Switch
At Syslog

We can reproduce this problem when we move/copy big information amount. Example move Virtual Machines, Backup, etc.

A few of Literature:

"LoopGuard prevents alternateor root port from becoming designated in absence of BPDUs."

"Protects alternate (blocked) or root (forwarding) ports from moving to forwarding upon no receipt of BPDU’s."

"If a Port Receive state machine receives an inferior RST BPDU from a Port that believes itself to be a Designated Port AND is Learning or Forwarding it will set disputed, causing this state machine to transition a Designated Port to Discarding"

by GoN | Published: March 24, 2017 | Last Updated:

NAGIOS. Unauthorized user. Rapid Response

An anecdote in Nagios.

One user inform us that he can access a lot of information at our Nagios System. This user can't access to Nagios. And my questios was "How have you been able to do it?"

The user send us some screenshoot like:

We start a little analisys:

[ ] Check audit logs

I find which the user that have connected. I can view his username, IP address and date connection.

[ ]  Now, With your username and I can check his user privileges 

He has read only permissions.

[] I compare the audit date log with other user screenshot

[ ] I connect to Nagios server by console. With the IP addrees I check the Apache logs:

We can view what is the first user link connection.



In Apache logs We can see which URL he has used and how the user cut the URL (log apache second line) to connect to other Nagios options later ( https://servidor/nagiosxi).

The origin was one URL in a well-known informative email.

When the user clicking the link goes to Nagios: 

by GoN | Published: March 24, 2017 | Last Updated:

miércoles, 15 de marzo de 2017

WINDOWS. PS. Objects changed/created control by date

If you need or you want know when one user is created or modified at AD this post is for you:

We need one variable date (xuserdate) to found the created/modify user data info.

[ ] Example 1: 

$xuserdate = [datetime] "2/22/2017"
Get-ADObject -Filter ‘whenchanged -gt $xuserdate’ | Group-Object objectclass

In this example show all AD object.

To check $xuserdate

[ ] Example 2:

Get-ADUser -Identity pedro.Hernandez -Properties *

$xuserdate = [datetime] "2/22/2017"
Get-ADObject -Filter ‘whenchanged -gt $xuserdate’ | Group-Object objectclass


$xuserdate = [datetime] "2/22/2017"
Get-ADObject -Filter ‘whencreated -gt $xuserdate’| where{$_.DisplayName -like '*'} | Select Name, DistinguishedName

Get-ADObject -Filter ‘whencreated -gt $xuserdate’|  Select Name, DistinguishedName

Get-ADObject -Filter ‘whencreated -gt $xuserdate’|  Select Name, DistinguishedName


&&&&&&&&&&&&&&&&&& SCRIPT &&&&&&&&&&&&&&&&&&&&&&&&&


Import-Module ActiveDirectory



$mailbody2 = $nul

$mailbody3 = $nul
$mailbody4 = $nul
$mailbody5 = $nul
$mailbody6 = $nul
$mailbody7 = $nul

$ReportFile = ".\ADReport.txt" 


#$xuserdate = get-date -format M.d.yyyy 


#$xuserdate =(get-date).AddDays(-1).ToString("M-d-yyyy")


$xuserdate = [datetime] "2/15/2017"



$mailbody2 = @()

$mailbody3 = @()
$mailbody4 = @()
$mailbody5 = @()
$mailbody6 = @()
$mailbody7 = @()
$mailbody8 = @()



if((test-path $ReportFile) -like $false)

new-item $ReportFile -type file
del $ReportFile



$mailbody2 += "`n [0]*** WHENCHANGED FROM: " + $xuserdate + " ***" |  Out-File -Append $ReportFile   -NoClobber

$mailbody2 += Get-ADObject -Filter ‘whenchanged -gt $xuserdate’ | Group-Object objectclass |  Out-File -Append $ReportFile -NoClobber
$mailbody3 +=  "`n===[1. serviceConnectionPoint]=========================================================================================`n" |  Out-File -Append $ReportFile   -NoClobber
$mailbody3 += Get-ADObject -Filter ‘whencreated -gt $xuserdate’| where{$_.ObjectClass -like 'serviceConnectionPoint'} | Sort-Object -Property whencreated |  Select Name, DistinguishedName |  Out-File -Append $ReportFile -NoClobber
$mailbody4 +=  "`n===[2. organizationalUnit]=============================================================================================`n" |  Out-File -Append $ReportFile  -NoClobber
$mailbody4 += Get-ADObject -Filter ‘whencreated -gt $xuserdate’| where{$_.ObjectClass -like 'organizationalUnit'} | Sort-Object -Property whencreated |  Select Name, DistinguishedName  | Out-File -Append $ReportFile   -NoClobber
$mailbody5 +=  "`n===[3. person]=============================================================================================`n" |  Out-File -Append $ReportFile   -NoClobber
$mailbody5 +=Get-ADObject -Filter ‘whencreated -gt $xuserdate’| where{$_.ObjectClass -like 'person'} | Sort-Object -Property whencreated |  Select Name, DistinguishedName, description  | Out-File -Append $ReportFile   -NoClobber
$mailbody6 +=  "`n===[4. computer]=============================================================================================`n" |  Out-File -Append $ReportFile   -NoClobber
$mailbody6 +=Get-ADObject -Filter ‘whencreated -gt $xuserdate’| where{$_.ObjectClass -like 'computer'} | Sort-Object -Property whencreated |  Select Name, DistinguishedName  | Out-File -Append $ReportFile   -NoClobber
$mailbody7 +=  "`n===[5. dnsNodeperson]=============================================================================================`n" |  Out-File -Append $ReportFile   -NoClobber
$mailbody7 +=Get-ADObject -Filter ‘whencreated -gt $xuserdate’| where{$_.ObjectClass -like 'dnsNode'} | Sort-Object -Property whencreated |  Select Name, DistinguishedName  | Out-File -Append $ReportFile   -NoClobber
$mailbody8 +=  "`n===[6. group]=============================================================================================`n" |  Out-File -Append $ReportFile   -NoClobber
$mailbody8 +=Get-ADObject -Filter ‘whencreated -gt $xuserdate’| where{$_.ObjectClass -like 'group'} | Sort-Object -Property whencreated |  Select Name, description, DistinguishedName  | Out-File -Append $ReportFile   -NoClobber



The result is saved in a  ".\ADReport.txt"  file.

This script have a lot of possibilities with a few changes.

by GoN | Published: March 15, 2017 | Last Updated: