Doug Scoggan’s Blog

test

testing comments

cd to webhomes:

find . -maxdepth 1 -type d -nouser |  xargs chattr -R -i
find . -maxdepth 1 -type d -nouser | xargs rm -rf

get the files:

wget http://www.ossec.net/files/ossec-hids-2.5.1.tar.gz

decompres, then run install.sh

choose:

en

agent

default path (/var/ossec)

enter the ossec host server ip

choose to install all agents

On the server…

Run /var/ossec/manage_agents

Follow the prompts.  After the agent is added, (E)xtract the key and copy it.

On the client…

Run /var/ossec/manage_agents

(I)mport the key (E)xtracted on the Server.

Put any extra log files in /var/ossec/etc/ossec.conf in the appropriate area, format is like:

<localfile>
<location>/opt/zimbra/log/mailbox.log</location>
<log_format>syslog</log_format>
</localfile>

Issue a /var/ossec/bin/ossec-control restart on the server and client.  Logs should start coming in.

Required Software:

Windows

Compellent Enterprise Manager

Available At: adminserv – shares/nsg/applications/compellent

Steps:

Set up Compellent Enterprise Manager on your Workstation

Attach it to san-mgr.scad.edu

If you are logging in for the first time, you need to select “create new account”

You will need to add both sans if this is your first time (10.16.3.3/10.129.3.3)

Replication Agreements are created by right clicking the host san, choosing tasks, and choosing replicate volumes.  Make sure to change the target folder so that the replication volumes end up in Replications / “From Atlanta” or “From Savannah”.

You should schedule your replications in advance so that the majority of the changes are migrated before your scheduled move.

Steps:

shut down your server, it if it is a vm/vz make sure that the volume is unmounted and un-mapped from the virtual server.

Take a final Replay and set the expire time to 4hrs – Replications work off of of replays, taking the replay will trigger the SAN to start sending the changes.

Watch the replication to verify that the changes are sent between sites. This is best done under the standard web interface, under remote systems/”remote system name” and the replications button.

Once the changes are completely sent, break the replication agreement using enterprise manager (Go To replications in the bottom left, find your volume, and delete the replication agreement).

Find your “Repl of” volume in the replcations folder.  Rename it appropriately and move it into a new folder.

Verify the storage policy – in most cases this will need to be set back to “SCAD Standard”.  You should also make sure that write and read cache are enabled (this is normally disabled for replication volumes).

Add a replay policy to your replicated server volume.

Complete your mappings and boot up your migrated server.

delete filespace nodename # nametype=fsid

aka

delete filespace macscad 3 nametype=fsid

define dbvol x:\tivoli_database\tivoli_db7.db formatsize=50000

sometimes, paths go offline for no apparent reason:

update path storserver drive3 srct=server destt=drive library=t120 online=yes