Tag Archives: LOG

Linux

Nat and packet limits with iptables

Leave a comment

By ahmerin

Hi all,

I have a following situation:

– I want certain source IPs to be natted to a different destination IP and Port. Following is how I am achieving it:

/usr/local/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.10.12 –dport 1500 -j DNAT –to-destination 192.168.10.20:2000

Above runs on 192.168.10.12 and is working perfectly fine.

– Now, I want that if there are more than, say 20 packets per minute from source IP then further packets should be dropped.

Above is what I am having difficulty to achieve.

I have done the following but is not working:

/usr/local/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.10.12 –dport 1500 -m limit –limit 20/m –limit-burst 5 -j DNAT –to-destination 192.168.10.20:2000

/usr/local/sbin/iptables -t nat -A PREROUTING -p tcp -s 192.168.10.12 –dport 1500 -j LOG –log-level 4 –log-prefix “192.168.10.12 Packet Limit exceeded: “

/usr/local/sbin/iptables -A INPUT -p tcp -s 192.168.10.12 –dport 1500 -j DROP

Can someone help me get the correct statement or confirm whether I can achieve the above requirement through IP tables.

Many thanks for your help.

Regards
Ahmerin

…read more

Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Process dies when launched in system startup script

Leave a comment

By carpannav

Good morning!

I’m trying to add Maven to the system boot by the moment without success.
Testing the operation of the script I realize that the process isn’t persistent when the program is launched with the start option.

—- #Startup Script —-

Code:
#! /bin/sh
# chkconfig: 345 99 1
# description: xxx
# processname: Application
#
. /etc/rc.d/init.d/functions

BIN="/projects/user/app/appsysv.sh start $VERSION"
PIDFILE="/projects/user/app/pid.file"
#LOG
LOGFILE="/projects/user/log/app.log"

start()
{
su - user -c "/etc/init.d/app start_internal" &
echo -n "Starting App ... "
echo
}

start_internal()
{
# Remember PID
echo $$ > $PIDFILE
# Exec application
exec $BIN >> $LOGFILE 2>&1
if [ $(cat $PIDFILE) -gt 0 ]; then
ps -p $(cat $PIDFILE) > /dev/null
if [ $? -eq 0 ]; then
echo "App started successfully"
fi
fi
}

stop()
{
if [ -f ${PIDFILE} ]; then
kill $(cat $PIDFILE)
echo -n "App stopped"
echo
fi
}

case "$1" in
start)
start
;;
start_internal)
start_internal
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo "Usage $0 {start|stop|restart}"
exit 1
esac

And this is how the application is natively launched out of the system startup (the script which i’m pointing):

Code:
#!/bin/sh

#Set Maven
export M2_HOME=/opt/apache-maven-2.2.1
# Set Java environment
export JAVA_HOME=/opt/jdk1.6.0_22
PATH=$JAVA_HOME/bin:$PATH
# Oracle environment
export ORACLE_BASE=/home/oracle/app/oracle
export ORACLE_SID=db
export ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/client_1
export PATH=$ORACLE_HOME/bin:$PATH
source /projects/tcatnbia/app/nbis-execution/app.cfg
PIDFILE="/projects/user/app/pid.file"
start()
{dformat=`date '+%y%m%d_%H%M%S'`
export MAVEN_OPTS="-server -Xms512m -Xmx2048m -XX:MaxPermSize=256m -Xloggc:/projects/user/log/gc-${dformat}.log -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=7091 -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=app_jmxremote.password -Dcom.sun.management.jmxremote.access.file=app_jmxremote.access -Dcom.sun.management.jmxremote.ssl=true -Djavax.net.ssl.keyStore=nbis_jmx_key -Djavax.net.ssl.keyStorePassword=123456 -Duser.timezone=$TIMEZONE"
nohup mvn -e -o -Dapp.version=$1 -Dnbis.env=$ENV -Dlocal.server.file.locn=$LOCAL_SERVER exec:java > /projects/user/log/app-out.log 2>&1 &
}

stop()
{
if [ -f ${PIDFILE} ]; then
kill `cat $PIDFILE`
echo -n "App stopped"
echo
fi
}

case "$1" in
start)
start $2
;;
stop)
stop
;;
restart)
stop
start $2
;;
*)
echo Usage:
echo $0 'start [App_version]'
echo 'or restart [app_version]'
echo 'or stop'
exit 1
esac
exit 0

Can anybody help to find out what’s happening? When I check for the process, I find that …read more

Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

The pipe not use "tee" to print on the screen for specific function

Leave a comment

By yanglei_fage

I have code fragment like

Code:
{
aa
bb
cc
} > $LOG

aa bb cc, all call function “ff”, I want “ff” to print on the screen,but others do not print on the scree, is there a method? I can’t use “tee”, becasue tee I meet the write “error”

Code:
ff()
{
echo "hello"
}

From: http://www.unix.com/shell-programming-scripting/221311-pipe-not-use-tee-print-screen-specific-function.html

Linux

The pipe not use "tee" to print on the screen for secific fucntion

Leave a comment

By yanglei_fage

I have code fragment like

Code:
{
aa
bb
cc
} > $LOG

aa bb cc, all call function “ff”, I want “ff” to print on the screen,but others do not print on the scree, is there a method? I can’t use “tee”, becasue tee I meet the write “error”

Code:
ff()
{
echo "hello"
}

From: http://www.unix.com/shell-programming-scripting/221311-pipe-not-use-tee-print-screen-secific-fucntion.html

Linux

iptables Rules for my network

Leave a comment

By Vaibhav.T

Hi Champs

i am new in Iptables and trying to write rules for my Samba server.I did some help from internet, created one script and run from rc.local :

#Allow loopback

iptables -I INPUT -i lo -j ACCEPT

# Accept packets from Trusted network

iptables -A INPUT -s my-network/subnet -j ACCEPT

# to allow established session to received traffic

iptables -A INPUT -m conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

# to allow SSH on port 22 from my network

iptables -A INPUT -i eth0 -p tcp -s my-network/subnet –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp –sport 22 -m state –state ESTABLISHED -j ACCEPT

# To Allow incoming traffice on default SAMBA PORTS

iptables -A INPUT -p udp –dport 137 -j ACCEPT
iptables -A INPUT -p udp –dport 138 -j ACCEPT
iptables -A INPUT -p udp –dport 139 -j ACCEPT
iptables -A INPUT -p tcp –dport 139 -j ACCEPT
iptables -A INPUT -p tcp –dport 445 -j ACCEPT

#Enable Logging

iptables -A INPUT -j LOG
iptables -A INPUT -m limit –limit 2/min -j LOG –log-prefix “Iptables packet Drop” –log-level 7

# Drop all other Packets

iptables -A INPUT -j DROP

I also created one separate log file for iptables in /var/log/iptables.log and edit /etc/syslog.conf :

*.info;kern!=warning;mail.none;news.none;authpriv.none;cron.none /var/log/message

# Add new location

kern.warning /var/log/iptables.log

But my Drop packets are not showing in iptables.log file.Please let me know if i am doing wrong and let me know the correct way to write.I only want samba communication nothing else.

Thank You

Vaibhav

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Store results in table

Leave a comment

By Rami Reddy

Hello everyone,

I have a shell script, which connects to the database and runs .sql file.
after executing of .sql file, i need to store the results in error table.
How can i achieve this one? could you please give your suggestions.
here is my code.

#!/bin/sh
#set -vx

SCHEMA_NAME=$1
LOG="/db01/apps/applvis/VIS/apps/apps_st/appl/xxhex/12.0.0/sql/test1.log_rundate_`date +%Y%m%d`.`date +%H%M%S`"

echo ' '>>$LOG
echo 'start sqlplus .sql '>>$LOG
date >>$LOG

sqlplus apps/apps@VIS @/db01/apps/applvis/VIS/apps/apps_st/appl/xxhex/12.0.0/sql/test1.sql ${SCHEMA_NAME} 1>>$LOG

EXIT_CODE=$?
if [$EXIT_CODE = 0]
then
echo "Program successfull" >>$LOG
echo '<<>$LOG
date >>$LOG
else
echo "ERROR Program did not successfully execute " >> $LOG
echo "EXIT CODE = $EXIT_CODE"
date >>$LOG
exit 1
fi
echo ' ' >>$LOG
echo 'end sqlplus .sql ' >>$LOG
echo ' ' >>$LOG

Thanks,
Rami Reddy

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

iptables not logging

Leave a comment

By christr

I need to log iptables to see what ports are being dropped. I followed this article and several others I looked at via Google, but it’s still not working.

Red Hat Magazine | How do I add logging for iptables using the /etc/sysconfig/iptables file for Red Hat Enterprise Linux4?

I added the following entry to my /etc/sysconfig/iptables file just before the last COMMIT line:

Code:
-A RH-Firewall-1-INPUT -p tcp --dport 443 -j ACCEPT #example#
-A RH-Firewall-1-INPUT -j LOG
COMMIT

I’ve also tried it as shown:

Code:
-A RH-Firewall-1-INPUT -p tcp --dport 443 -j ACCEPT #example#
#log
-A RH-Firewall-1-INPUT -j LOG
#drop all other packets
-A RH-Firewall-1-INPUT -j DROP
COMMIT

My problem is when I got to /var/log/messages I don’t see it logging anything whatsoever from iptables.

I also added the following to /etc/syslog.conf:

Code:
kern.* /var/log/debug

Still no matter what I do no information shows up in any log files, and I’ve tried numerous ports on this host that I know aren’t opened in iptables from another test host in hopes that I would see it logging the dropped connection attempts, but nothing I’ve done will log anything whatsoever.

I’ve also tried using this article for advise, but still nothing I do works:
Example iptables firewall

Any advise would be greatly appreciated. This is on Red Hat Enterprise 5.7. Every time I make these changes I of course restart the iptables and syslog services.

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Solaris 9 Zone : Date command in crontab shows delayed(One Hour) output

Leave a comment

By judi

SOLARIS 9 Zone :

date command in crontab shows delayed(One Hour) output

Hi folks,
the date command shows the correct date and time, How ever, if the date command executed through crontab in any form of scrip the output shows as one hour delayed, similar to date -u..

Can some one help in this..
++++++++++++++++++++++++++++++++++++++++++

Date command perfectly shows

judi:root:/tmp# date
Fri Feb 15 15:08:03 MET 2013
judi:root:/tmp#

The script used to get the output to test.out

judi:root:/tmp# more test.sh
#!/usr/bin/ksh
DT=`date ‘+%y%m%d-%H:%M’`
LOG=/tmp/test.out
echo $DT >> $LOG
judi:root:/tmp#

the cron entry used..

* * * * * /tmp/test.sh

output of the script execution (delayed for one hour)
judi:root:/tmp# more test.out
130215-14:03
130215-14:04
130215-14:05
130215-14:06
130215-14:07
130215-14:08
judi:root:/tmp#

judi:root:/tmp# date
Fri Feb 15 15:08:10 MET 2013
judi:root:/tmp#

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Howto cancel I/O redirection ?

Leave a comment

By Fundix

Hi

on AIX systems (6.x and 7.x) I have ksh scripts redirecting I/O, and running another script script000.ksh ie :

# my script
...
>${LOG}
>${LOGCTRL}

exec >>${LOG} 2>>${LOG}

. ${PROJECT}/.../script000.ksh

# hereafter, restore default I/O
...

Is it possible at the end of the script to restore I/O to their normal state, not feeding ${LOG} file ?

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Log file Creation

Leave a comment

By cnrj

Hi

I have unix script which does execute some OS commands and DB Commands. I would like to create log file for each command execution, Could some one advise how do we create log file.

Example Script:

###########################################################################
ORACLE_SID=ERS11G
ORACLE_HOME=/u03/app/oracle/product/11.2.0/db_1
LD_LIBRARY_PATH=$ORACLE_HOME/lib
PATH=$PATH:$ORACLE_HOME/bin
export ORACLE_SID ORACLE_HOME PATH LD_LIBRARY_PATH
###################################### Defining the Paths####################
SOURCETYPE=$1
INPUTFILESPATH=/ersdg3/ERS/TEST/RIO/files
BASEPATH=/ersdg3/ERS/TEST
ARCHIVEPATH=$BASEPATH/$SOURCETYPE/archive
CONTROLFILEPATH=$BASEPATH/$SOURCETYPE/control
AUDITFILENAME=${SOURCETYPE}_AUDIT_FILE.TXT
SOURCELOADER=${SOURCETYPE}_SOURCE_LOADER
AUDITCONTROLFILENAME=${SOURCETYPE}_REC_CNT.ctl
SOURCECONTROLFILENAME=$SOURCETYPE.ctl
SOURCECONTROLFILENAMENEW=${SOURCETYPE}_NEW.ctl
SOURCETABLENAME=ERS_${SOURCETYPE}_SRC
ARCHAUDITFILEPATH=${ARCHIVEPATH}/auditfiles
USERID=ETL_ERS
PASSWORD=ETL_ERS
SCHEMA=ERS11G
#####################################End of Paths###########################
cd $INPUTFILESPATH
################# Entry into Audit Table####################################
if [ -f *.LOG ]
then
sqlplus -s -L ETL_ERS/ETL_ERS@ERS11G<<EOF
set feedback off heading off
#exec ETL_LOG.P_LOG_START_PROCESS(trunc(sysdate),'${SOURCELOADER}','ETL_SRC');
exit;
EOF
else
echo "Files doesnt exist"
exit;
fi
####################End of Entry into Audit Table##########################
ls *.LOG >FILE.LIST
###################Check whether Audit file Exists#########################
if [ -f $AUDITFILENAME ]
then
rm $AUDITFILENAME
else
touch $AUDITFILENAME
fi
#########################################################################
while read filename
do
##############Date Format for Sql Loader Script and for Directory Creation#####
filename=$filename
fname=${filename%%.*}
date1=${fname##*_}
date=`print $date1 |cut -c1-8`
dat=`print $date |cut -c7-8`
yr=`print $date |cut -c1-4`
mon=`print $date |cut -c5-6`
var01="Jan"
var02="Feb"
var03="Mar"
var04="Apr"
var05="May"
var06="Jun"
var07="Jul"
var08="Aug"
var09="Sep"
var10="Oct"
var11="Nov"
var12="Dec"
val=$( eval eval echo $var$mon )
DATE="$dat-$val-$yr"
dir=${SOURCETYPE}_${DATE}
echo $dir
############End of Date Format################################################
done <FILE.LIST

…read more
Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

How get program name that produced an IO error redirected to a LOG in a nohup command?

Leave a comment

By enriquegm82

Good afternoon,

I’m have program that executes in background another programs. The main program would be programA and the programs executed by the main one, would be program1a, program1b and program1c.

I need the programs to continue the execution no matter if the shell connection is lost, so I’m using the NOHUP command.

However, each program has its own LOG file, like follows.-

programA –> logfileA.txt
program1a –> logfile1a.txt
program1b –> logfile1b.txt
program1c –> logfile1c.txt

When an error occurs in one of the child programs, the error message is displayed in the LOG file corresponding to the main program.

Example.-

1) The programA is invoked from another routine.-

nohup nice -10 programA 2>&1 > logfileA.txt

2) Inside programA it invokes the other 3 programs.-

nohup nice -10 program1a 2>&1 > logfile1a.txt
nohup nice -10 program1b 2>&1 > logfile1b.txt
nohup nice -10 program1c 2>&1 > logfile1c.txt

When an error occurs, it is showed or displayed in the logfileA.txt, instead of being displayed in the logfile1a.txt or logfile1b.txt or logfile1c.txt

How can I know what program produced the error that it is displayed in the main program’s LOG file?

Thanks in advance for your responses.

Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Test exit status of last cmd via ssh

Leave a comment

By jack.bauer

see below for a housekeeping script which constructs an ssh cmd using some server/path/sudo info found in $HRINST.
the script should hop to each server and if it finds a file to cleanup, moves it to the archive dir
if there is nothing to move, it should report so and email the output
currently i have got it working to perform the cleanup but struggling at the stage where it should report the error if nothing found.

was trying to perform a test on the exit status of the mv comd and if !=0 then report the error? not quite working as the cmd is issued via ssh. pls help

Code:

cat $HRINST | while read configline

do
myhost=`echo $configline | awk -F":" '{print $1}'`
mypath=`echo $configline | awk -F":" '{print $2}'`
myuserid=`echo $configline | awk -F":" '{print $3}'`
myinstance=`echo $mypath | awk -F"/" '{print $5}'`
myyesterdaylog=`echo $myinstance| sed -e 's/_/./g'`

echo "Files cleaned up on $myinstance"
echo " "
ssh -n $myuserid@$myhost "ls $mypath/OrderDump*"
ssh -n $myuserid@$myhost "mv $mypath/OrderDump* $mypath/archive/"
echo " "
echo " "

done >> $LOG 2>&1

echo "Executed housekeeping script cleanup.sh" >> $LOG 2>&1

Code:

function TestCleanup {

if [ $? != 0 ]; then
printf "nothing to remove in $myinstance"
fi;
}

Source: FULL ARTICLE at The UNIX and Linux Forums

Linux

Multiple attachments using mutt

Leave a comment

By Shaishav ShahI am trying to attach multiple files using mutt command, and all file names to be attached are taken from a flat file. and mutt command is called from a bash script when :

1. Script execution is completed.
2. Script execution is interrupted for some reason.

——————————————————————-

Code:
Contents of REPORTS.LOG:
/home/jboss/temp/a.html
/home/jboss/temp/temp/b.html

TOTAL_REPORTS=`cat REPORTS.LOG | wc -l`
for (( i=0; i
Source: The UNIX and Linux Forums