the Zen of Communication.

Running some performance tuning, the app needed to know how many flops (floating point operations) per cycle the system could handle.

I used SiSoftware’s Sandra benchmarking app. It told me that my Intel Pentium D Dual Core 1.8ghz proc was producing 10.86gflops, but not the flops per clock cycle.

From this we know: a) the total gigaflops (10.86), b) the number of cores (2), and c) the number of clock cycles per second (1.8ghz)

Example of the standard formula:
The formula to determine total gigaflops is:
Flops per cycle x # of Cores x Clock speed.

This involves four values:

a = flop per clock cycle
b = clock speed (ghz)
c = cores
n = gflops

For a dual core 3ghz system with 4 flops per cycle, we can deduce 24gflops (a x c x b = n, or 4 x 2 x 3 = 24) . But I only have the total gflops, clock speed, and number of cores.

Reverse algebra:

a = n / b / c

Or in my case:
10.86 gflops / 1.8ghz / 2 cores = 3.01 flops per cycle (per core). So the E2610 chip at 1.8ghz produces 3 flops per cycle per core, or 6 flops total. Ta da.

Note: It’s worth mentioning that in this case, 10.86 gflops and 1.8ghz seem like closely related numbers, and that it would be quick to figure out how many gflops a system can handle by its clock speed (i.e. 1.8ghz equals 10.86gflops).  This is not the case.  In the first example of a dual core 3ghz proc producing 24gflops, you can’t deduce the one from the other.  It was just a coincidence in my case, so don’t do that.

I’ve spent an awful lot of hours trying to track down the SNMP MIBs for a Barracuda spam firewall. Searches on the Barracuda website for “MIB” and “SNMP” returned very few results – but I was looking for the MIB files themselves.

It turns out Barracuda has cunningly hidden the MIBs within their devices. Read http://www.barracudanetworks.com/ns/downloads/Other/OTHER_Barracuda_Spam_&_Virus_Firewall_SNMP.4.pdf

Specifically, under page bloody one:

MIBs
You will need to obtain and import two MIB files to your SNMP monitor:
1. The Barracuda Reference MIB (standard across all Barracuda Networks products)
2. The Barracuda Spam & Virus Firewall MIB
You can use reference objects included in these MIBs for monitoring either from custom scripts or from
your SNMP monitor. The MIB files are located on the appliance and can be obtained by replacing
YOURBARRACUDA in the following links with the IP address of your Barracuda Spam & Virus Firewall:

http://YOURBARRACUDA:8000/Barracuda-SPAM-MIB.txt

http://YOURBARRACUDA:8000/Barracuda-REF-MIB.txt

Isn’t that great? I thought that was great.

Anyway. There it bleedin is.

Windows 7 will install a hidden 100mb partition at the front of your drive when you do a clean install.  It uses this for system recovery if your install goes belly up, and/or bitlocker headers for drive encryption.

I need neither.  And the kicker is some apps (like TrueCrypt) don’t function correctly with the 100mb partition.  In fact, TrueCrypt CAN’T encrypt your system drive because the bootloader is on the other partition.  Not very helpful.

MyDigitalLife shows how to work around this – http://www.mydigitallife.info/2009/08/20/hack-to-remove-100-mb-system-reserved-partition-when-installing-windows-7/ .  See part three, “Method 3: Trick to Remove 100.00 MB System Reserved Partition During Setup” .

In a nutshell, when you’re installing Win7 (note, if you’re reinstalling, this will erase your data, no two ways about it) and you reach the portion allowing you to select your partition, erase your existing 100mb system partition, and your existing OS partition.  Then pick the freshly unallocated space and tell it to install there.  It will say “We’ll create a hidden system partition for your protection” – say OK.  Now delete the new OS volume – not the 100mb partition. Yes, delete the new partition it created for your OS.

You should have a 100mb system partition, unallocated space, and maybe another partition for your data, if that’s how you roll.

Next select the hidden partition, and click Extend.  This will allocate the rest of the unused space (from the system partition you just deleted) to the hidden partition – giving you a single OS volume with no hidden partition.

Ta-da.

Thanks MDL – saved me some headache there.

Note: this trick only works during reinstallation of Windows.  They have a couple other hacks to remove the hidden partition after you’ve installed, but they didn’t suit my purpose.  AGAIN: THIS WILL ERASE YOUR DATA. Don’t cry to me if you didn’t back it up.

So, vLite out of the box (or extracted download, as it were) requires three files to run – wimgapi.dll, wimfltr.inf, and wimfltr.sys (wimfltr.inf is a driver file that requires .sys).

The interesting thing about Win7 and vLite is that Win7 already has wimgapi.dll in c:\windows\system32 (or syswow64, I presume).

“Neat!” thinks I, and copies that to the c:\windows\program files\vlite directory, and pulls wimfltr.inf and wimfltr.sys from another server I have with the WAIK on it. I run Vlite. It runs slow, but runs. I configure my install source, it runs slow, but runs. I get to modifying my install source (removing components), it runs VERY slow, then crashes. Consistently. Changing options, running as admin, running in a compatibility layer, all return crashes after it runs.

Turns out vLite does NOT like the wimgapi.dll that comes with Win7. So, moral of the story folks – use all the same versions from the same source.  In my case, I pulled them from c:\program files\windows aik\Tools\x86.  In your case, unless you’ve downloaded the 2gb WAIK iso, you’ll need to find them from Google or Bing.  Distribution is apparently some form of international terrorism.

From the WAIK I’d installed, these were files modified 11/1/2006 and 11/2/2006 . As soon as I replaced wimgapi.dll in the C:\Program Files\vLite\ directory with the older version  (replacing the one from 7/9/2009, with the one from 11/1/2006) vLite screamed to life and ran as expected and followed all the way through without a single crash.

This was, needless to say, a relief.  Happy trails.

Installed cacti from the “easy” installer – http://forums.cacti.net/about14946-0-asc-0.html – which does simplify a lot, but there are a lot of other hacks i’ve had to implement to make it work.

First and foremost, any time the poller runs i was getting “Cannot find module (IP-MIB): At line 0 in (none)”

Repeat about a dozen times for various mibs, and you obviously have a problem.

Under System Properties, Advanced, Environment Variables, there’s a new variable called MIBDIRS .  It’s pointed to c:\php\extras\mibs which in my case, after running the installer, was empty.

TO FIX: Either update this to point to your actual mib directory (mine was c:\usr\mibs , i’ve also seen d:\usr\mibs) or copy your populated mib directory (with IP-Mib and about a dozen others) to c:\php\extras\mibs .  Presto, the poller now runs as it should.

Loaded MRTG, followed as many how-tos as I could get my hands on, configured a WMI script, and all I get was:

C:\Program Files\mrtg-2.16.0\bin>perl mrtg mrtgwmi.cfg
Daemonizing MRTG …
Do Not close this window. Or MRTG will die
2009-12-17 13:06:38: ERROR: Target[my.monitor][_IN_] ‘cscript //nologo mymonitor.vbs myserver’ (kill): Search pattern not terminated at (eval 18) line 1.
2009-12-17 13:06:38: ERROR: Target[my.monitor][_OUT_] ‘cscript //nologo mymonitor.vbs myserver’ (kill): Search pattern not terminated at (eval 19) line 1.
Terminating on signal SIGINT(2)

Turns out in my config, the line calling the script:
cscript //nologo “c:\program files\mrtg-2.16.0\scripts\mymonitor.vbs” myserver

I wasn’t wrapping it in the right apostrophe. The line should read:

Target[my.monitor]: `cscript //nologo “c:\program files\mrtg-2.16.0\scripts\mymonitor.vbs” myserver`

Using the apostrophe left of the 1 (`) and NOT the apostrophe next to the return key (‘) . I love perl, really.

Setting up a new pool (persistent linked clone, in this instance) for VMWare View 4. Had the template built, took a snapshot, then tried to create the pool. Got all the way through setup to select the template and snapshot, but voila. Snapshot wasn’t there.

VMWare View templates require the snapshot to be taken WITHOUT the VM memory state. If the memory state is taken with the snap, the snapshot isn’t available – except it won’t tell you why.

VMWare also highly recommends/suggests that the VM template be powered off. This makes a lot of sense, and you really should, but I had two snaps taken with the system powered on which I built VDI Persistent Linked Pools from, and 10 desktops worked fine.

Warranty service required on a PowerEdge (m600 specifically, but pick your poison). Replacement motherboard shipped, with no service tag burned in. Requires “asset.com” (DOS .com file).

Note: Some people have reported Asset.com running in a dos box under Windows.  All I know is it doesn’t work under x64.

How to update the service tag:
- Download the Dell Diagnostics CD (R212797 – Extracts to an exe which then makes an ISO or USB stick.  http://support.dell.com/support/downloads/driverslist.aspx?os=LIN45&catid=13&dateid=-1&impid=-1&osl=EN&servicetag=&SystemID=PWE_2900&hidos=NW&hidlang=EN&TabIndex=).
- Create the ISO. Load up your DRAC/iDRAC interface. Mount the ISO as the virtual CD ROM drive.  (Path will be different, wherever it expanded to.  I moved mine.)

- Reboot your server. From the console (iDRAC or physical) hit the boot menu, select Virtual CD. It will boot to the diagnostics.

> ALTERNATIVELY: Burn the ISO to a CD, boot your CD from that instead.

- Once booted, Pick option 4 – quit. Drops you to a D:> dos prompt.

- change to C:, cd to UTIL . dir should reveal asset.com

- Run asset.com to see your service tag number (or if it’s blank).

- Run asset.com /s AB12345 to update the service tag number (AB12345 will be the number you want to burn in).

- Run asset.com to check that the change has taken. If so, reboot your machine, disconnect your Diags ISO, and walk away from a job well done.

Ta da.

In most other versions of XP, the instructions at http://www.jakeludington.com/windows_xp/20060219_change_xp_boot_screen.html for changing the boot screen work fine. For XP Embedded (or Embedded Standard 2009, whatever you want to call it), you have to change number 1, not number 5.

Conversely, on the HP Thin Clis, there are two kernels – ntoskrnl.exe and ntkrnlpa.exe . I’m not sure which one made the change, as I edited both of them.

16 color bitmaps look like crap. When is Win7 Embedded coming?

In lieu of not updating for the next few months (50 – 60 hrs working weeks don’t leave lots of time for creative writing), I’m going to start putting up brief outlines of things I’ve run into, and problems I’ve managed to figure out. Hopefully it will be enough for you, dear reader, to follow my train of thought. If not, leave a comment – I’ll respond as soon as I can.

First – Windows Update error 80070490
or 0×80070490
Vista x86 (same will probably be true of XP and Win7, x86 and x64)

stop windows update service
delete c:\windows\softwaredistribution
reboot
start windows update
download and install updates

This worked for me (for a couple of reboots) but the problem seems to have returned. Anyone have any ideas beyond a reinstall/repair install as Msft unhelpfully recommends?

If you’ve been following along, you may have noticed a distinct lack of progress with the MRTG/IIS thread, and the server mod.  That’s because shortly after I finished up the first round, the RAID array on my server took a dive.  Everything’s intact, but the server is limping right now, and I need to migrate to different hardware.  It, of course, is high priority just like everything else in life, and I need more than an hour or two to do it… easy, right?

So, once that’s been done, I can get back to rolling like we do.  Till then, keep tuned in. 

Last time (here) I introduced an OID tree for the descriptions of Storage.  I hope you copied and pasted your results into a new window, because we’ll need them.

If not, here’s mine:

c:\SNMP>snmputil walk 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.3
Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.1
Value    = String A:\

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.2
Value    = String C:\ Label:  Serial Number 2053422

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.3
Value    = String D:\ Label:Data  Serial Number c9d83a42

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.4
Value    = String E:\

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.5
Value    = String F:\

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.6
Value    = String G:\ Label:FileDump  Serial Number 0dc359f2

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.7
Value    = String Virtual Memory

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.8
Value    = String Physical Memory

End of MIB subtree.

c:\SNMP>

So these are all the OIBs we can pull from the branch .1.3.6.1.2.1.25.2.3.1.3, which is the “Host Resource Storage Description” or hrStorageDescr for short. 

In MRTG’s case, we can’t set up a chart to poll .1.3.6.1.2.1.25.2.3.1.3, because it has subvalues.  So how do we get there?  Well, first – keep track of what number goes to what drive.  .2 is my C: drive, .3 is my D: drive, and .5 is my F: drive.  .4 and .5 have no descriptions because they’re CD-ROM drives.  I want to stress:  Your values may be different!  Your C: drive may be .3, .4, or any other number depending on your system configuration.

Now just for kicks, try entering this (one line):

c:\SNMP>snmputil get 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.5.2

You’ll notice the subtle change – we’re not ..2.3.1.3.2 anymore, we just switched to ..2.3.1.5.2 .  We stayed with .2 at the end because that’s the value for the C: drive (on my system – yours may be different!).  But the .5 is now a different OID tree.  Want to find out what?  Type (again, one line):

c:\SNMP>snmputil walk 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.5

You should get a listing of all the total storage sizes for all volumes on your system, including Virtual and Physical memory spaces.  But it’s not going to look sensible, because it’s giving us the number of blocks on each volume – not Kilobytes, Megabytes, or Gigabytes.  [For a complete explanation, read this post from the MRTG Mailing List.]

Remember what the value was for .2, or whatever your C:\ drive was.

So we have the number of blocks, but that doesn’t tell us much.  We want to know in megs or gigs what the total storage space is.  Next we need to find out what the block sizes are.  Lucky for us, there’s an SNMP OID for that.

c:\SNMP>snmputil walk 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.4

This will ‘walk’ the OID tree of block sizes for each volume on our system.  Lets say we just wanted to find the C: drive block size.  We’d use:

c:\SNMP>snmputil get 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.4.2

to which my system responded:

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageAllocationUnits.2
Value = Integer32 4096

Which tells me that my C: drive, has a block size of 4096 bytes.  So, for our own math here – My C:\ drive has a total number of 8958237 blocks.  We multiply that by 4096 to get 36,692,938,752 bytes.  To reduce that to Gigabytes, we divide by 1024, three times.

36,692,938,752 / 1024 = 35,832,948 Kilobytes.
35,832,948 Kb / 1024 = 34,993 Megabytes
34,993 Mb / 1024 = 34.17 Gigabytes.

Which, if I’ve done my math correctly, is exactly what I should see when you pull up the properties on my C: drive.  And sure enough -

So that’s a very basic introduction-by-example to an OID tree, and it’s uses.  I’ll write another example about calculating the percentage of used space on a drive with MRTG, which will use more OIDs. 

For more information on MRTG, SNMP, and MIBs, see this post.

A client is using a mixed environment, with several VMWare ESXi clusters, and several ESX clusters.  They’ve been running a number of maintenance tasks through SSH on the ESX clusters, but believed one could not get to a console under ESXi 3.5.  I found a quick howto:  http://www.vm-help.com/esx/esx3i/ESXi_enable_SSH.php

The short of it is you have to enter a debug mode in the console.  From the main console window, press ALT+F1 to get to the console terminal.  You’ll start out with:

(names have been changed to protect the innocent).  And after hitting ALT+F1, you’ll get:

Whereupon you’ll type “unsupported” (no quotes) and hit enter, and it will not be visible.  Just trust me, it’s there.  You may need to try it a couple of times if the console has had any keypresses still in the buffer.  Afterwards, you’ll get:

Enter your root console password here.  You’ll get dumped to a linux prompt.  Know this: Yes, it’s “linux”, but it’s stripped.  Many rudimentary functions are not present. 

From here, edit /etc/inetd.conf (using vi).  Scroll down until you find the line with “#ssh” .  Remove the # to enable the line .  (the vm-help.com page has detailed vi instructions.  I won’t go into those here.  But here’s more help) 

Once you’ve uncommented the ssh service, write and quit.  Then run /sbin/services.sh restart. 

Now, every other howto out there would leave you believing you should be all set.  If you’re anything like me, you’ll reboot your host, and then wonder where you went wrong.  In life.  After all, 5 or 10 how-tos have the same instruction set, and everyone else said “hai this rox kthxbye!”.  And yet I followed the instructions and I still had no joy.  I killed the inetd process numerous times, and had no joy.  What was a frustrated sysadmin who enjoyed such problems as this to do?  Get cracking.

I eventually hit the logs and discovered a couple of parameters were missing for their implementation of the ssh server, dropbear.  The path in the /etc/inetd.conf file was simply /sbin/dropbear .  For kicks, I tried to run ./sbin/dropbear.  It, in a world of generosity, spit out a list of symlinks I needed to create.

If I’m remembering this right, I did what it asked but it still didn’t work.  So, the actual path I ended up using in /etc/initd.conf was:

/sbin/dropbearmulti [tab] dropbear ++min=0,swap,group=shell –i

This calls the dropbearmulti app, and instead of using the symlink method it’s asking for, just tells it “here, run the server, and here’s your arguments.” .  It seems to be working, because several weeks and a few reboots later I’m SSH’d into the server to pull up the details for this post. 

Back with the MRTG and SNMP series, I spent a good number of hours trying to get otherwise-working configurations to work on my server with rare success.  Every once in a while, I’d get a completely different value than what I expected, and other times I’d get no value whatsoever because that OID couldn’t be found, even though it worked on another (live!) config!  This will be an overview about how to find the OID value you’re looking for, specifically Hard Drives and Memory.

I’m going to presume you’ve already become vaguely familiar with what SNMP is as a concept, you’ve installed the Windows SNMP server, and you’ve configured a community name and set allowed hosts.  If you haven’t, start here.

Once you have the basics done, get a copy of SNMPUtil.exe .  If you have a Windows NT4 cd laying around, how handy.  If not, go here and get it.  Note: That site also has an app called SNMP-Informant available.  I’ve heard it simplifies things considerably, but I’m not using it at present, I like the pain.  Once you’ve downloaded SNMPUtil, move the .exe to your windowssystem32 directory that way you can use it from a command line without specifying a full path. 

[ For those still wondering, the windowssystem32 directory is already in the “Path” portion of your Environmental Variables, which means we can call a program in the dir from anywhere.  While we could have added whatever directory you placed snmputil.exe in to the Path variable, my way was easier.  Google Environmental Variables for more help. ]

Once you have snmputil placed, open a command prompt and run it with no flags/arguments.  You should get a response like:

c:SNMP>snmputil
Error:  Incorrect number of arguments specified.

usage:  snmputil [get|getnext|walk] agent community oid [oid ...]
        snmputil trap

c:SNMP>

That tells us that there are three options – get, getnext, and walk – when we’re using the app.  The rest of the arguments are agent (which is the device/server you’re trying to poll, in my case localhost or 127.0.0.1), community (uhh… Google.) and oid which is the number found in a MIB. 

Quick explanation: A MIB is a “database” (big text file) with individual OIDs in them.  An OID is a specific resource with a value.  So if I’m looking for an OID that will poll my Windows Server’s Processor utilization, I want the Windows NT Performance MIB (http://www.mibdepot.com/cgi-bin/vendor_index.cgi?r=microsoft&id=144151), and the corresponding OID.

Back to SNMPUtil…

Those arguments (get, getnext, walk) will do three related but different things.  Get will get the value from a specific OID (such as “total hard disk space”).  getnext will get the NEXT OID in line (don’t worry about this yet).  And walk will follow  a an OID tree to show you every value you can get.

Now the configuration sections that I found and used (such as from snmpboy.msft.net) referenced specific OIDs.  What I’ve discovered: NOT ALL OIDS ARE THE SAME FROM SYSTEM TO SYSTEM.  Let me make that perfectly clear, because nowhere did I find this written, and it’s taken me days to suss out.  An OID that polls Virtual Memory for one system will NOT be the same OID on another!  The same holds true for drives.  Where the config demonstrated may find free space on drive C, that same OID for you could be polling drive A, B, D, or anything else.

So how do we find the OIDs for our specific system? 

I’m going to introduce the rather disturbingly simple hierarchy that is in place with SNMP.  The OID we’re going to start with is .1.3.6.1.2.1.25.2.3.1.3 .  This is not a final value (such as “total hard disk space”, but one branch in a tree (such as: “storage resources”).  These examples will assume you’re using an SNMP Server from your local machine, and your community string is public – Substitute Accordingly.  From your console, type (all one line):

c:SNMP>snmputil walk 127.0.0.1 public .1.3.6.1.2.1.25.2.3.1.3

which, if your system is anywhere like mine, will return something similar to:

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.1
Value    = String A:

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.2
Value    = String C: Label:  Serial Number 2053422

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.3
Value    = String D: Label:Data  Serial Number c9d83a42

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.4
Value    = String E:

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.5
Value    = String F:

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.6
Value    = String G: Label:FileDump  Serial Number 0dc359f2

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.7
Value    = String Virtual Memory

Variable = host.hrStorage.hrStorageTable.hrStorageEntry.hrStorageDescr.8
Value    = String Physical Memory

End of MIB subtree.

c:SNMP>

Now at first glance, these results might be somewhat confusing.  They were to me.  Here’s the down and dirty:

That OIB we entered (.1.3.6.1.2.1.25.2.3.1.3) was the “Host Storage Description” tree/branch.  The values underneath it pull the descriptions of storage objects that SNMP is mapping.  In my case, .1 goes to my floppy, .2 to my C: drive, .3 to my D: drive, etc.  This also includes .7 for Virtual Memory, and .8 for Physical Memory.  (Remember that).  Do yourself a favor and copy and paste those results into a text file for easy viewing and reference.

What we’ll do with these will be in the next post.

The following is a compilation of the resources I’ve been taking advantage of in configuring MRTG and SNMP on my system.  Given how long they took me to put together and the number of hours I spent trawling, hopefully it will be of some use and a bit of a timesaver.

The App itself -

- MRTG itself: http://oss.oetiker.ch/mrtg/
(the documentation section is mostly your friend, but can be unhelpful, especially with a WinNT implementation)

- SNMPBoy: http://snmpboy.msft.net/ . A live demonstration of MRTG for capturing both WS-Man information and SNMP information.  View in IE to use the drop-down menus on the left (that took me days).  His MRTG config is at http://snmpboy.msft.net/pub/mrtg.cfg.txt .  He also has all of the Windows MIBs available.

Get MRTG up and running -

- Install and Setup MRTG on Windows and IIS: http://www.amset.info/netadmin/mrtg.asp .  A basic installation guide for monitoring an SNMP enabled device. Not much detail, but it got me started. 

- MRTG for Intrusion Detection w/ IIS 6: http://www.securityfocus.com/infocus/1721 .  A very good article, but he jumped from “Here’s how to configure MRTG” to “Here are the VBScripts I use for pulling WMI data”.  I had a lot of in-between work to do.

- Burnett (the author of the above article) posted his config files at: http://www.securityfocus.com/microsoft/images/burnett_MRTG_files.zip .  I used them as a starting point, but what he fails to mention is that OIDs can be different from system to system.  I also bailed on the WMI scripts. 

- Another MRTG/SNMP/Windows config guide: http://www.syslog.gr/content/view/10/99 .  This one had much more detail, but you have to remember configs are unique to the system.

Other helpful stuff:

- Configure MRTG as a service: http://forums.firedaemon.com/showthread.php?t=45 

- SNMP4tPC: http://www.wtcs.org/snmp4tpc/testing.htm#SNMPUTIL .  An older page, but search results just kept coming back to it.  A lot of the theory is still sound, but be sure you discover the OIDs yourself.  The page also has Microsoft’s legacy SNMPUtil available for download – get it.  (His app turned into SNMP Informant, which I’ve read is very useful.)

- MIBDepot: http://www.mibdepot.com  .  A database of MIBs and OIDs.  Although comprehensive, I have yet to find a way to download a MIB.

- NetSNMP tools compiled for Windows.  http://www.elifulkerson.com/articles/net-snmp-windows-binary-unofficial.php .  The *nix SNMP utils compiled for Windows.  Nice job. 

The more I find the more I will add.  Good hunting.

I’ve undertaken the task of installing MRTG on one of my servers.  I plan on using it for the usual – network load, memory usage, drive space, etc – but at some point I’m going to find a way to poll event logs for things like Failed Login Attempts (to look for a brute force attack), or a high number of disk errors to indicate a dying drive, things like that.

What I’m going to write up in a series of posts will not be a how-to guide to get MRTG up and running under 2003.  Plenty of sites (referenced below) already give you that, some of which I used.  The biggest problems I’ve had are:
A) once I get MRTG installed and running, what then?  and
B) What MIB or OID do I use and for what, and how do I find them?

A number of the scripts, howtos, and other get-started pages include entries that you can copy and paste into your MRTG config.  Some of them work straight off the bat.  Others leave you scratching your head.  And yet others look like they should work, but can produce insane errors.  Such as this one:

(from a config section to poll memory stats)

YLegend[localhost.memoryUsed]: % Memory Used
Options[localhost.memoryUsed]: growright,gauge
Target[localhost.memoryUsed]: .1.3.6.1.2.1.25.2.3.1.6.3&.1.3.6.1.2.1.25.2.3.1.6.4:public@localhost / .1.3.6.1.2.1.25.2.3.1.5.3&.1.3.6.1.2.1.25.2.3.1.5.4:public@localhost * 100
MaxBytes[localhost.memoryUsed]: 523444000
Title[localhost.memoryUsed]: Server: Memory Used
ShortLegend[localhost.memoryUsed]: %
Legend1[localhost.memoryUsed]: Vir in next minute
Legend2[localhost.memoryUsed]: Phy in next minute
Legend3[localhost.memoryUsed]: Maximal 5 Minute Vir
Legend4[localhost.memoryUsed]: Maximal 5 Minute Phy
LegendI[localhost.memoryUsed]:  Vir
LegendO[localhost.memoryUsed]:  Phy
PageTop[localhost.memoryUsed]: <H1>Memory Utilization</H1>
    <TABLE>
       <TR><TD>System:</TD>     <TD>Server</TD></TR>
        <TR><TD>Vir</TD><TD>.1.3.6.1.2.1.25.2.3.1.6.3</TD></TR>
        <TR><TD>Phy</TD><TD>.1.3.6.1.2.1.25.2.3.1.6.4</TD></TR>
    </TABLE>

Looks relatively straight forward.  And given that I copied and pasted quite blatently from a functioning config (see http://snmpboy.msft.net, but make sure you use Internet Explorer – that “bug” took me days to work out.) you’d think it would work just fine.  But it produced two sets of errors – the first was difficulty with the OIDs.  They didn’t poll my RAM and pagefile.  The second, once I fixed that, was a set of errors:

SNMP Error:
no response received
SNMPv1_Session (remote host: "localhost" [127.0.0.1].161)
                  community: "public"
                 request ID: 780985927
                PDU bufsize: 8000 bytes
                    timeout: 2s
                    retries: 5
                    backoff: 1)

followed by:

Use of uninitialized value in division (/) at (eval 30) line 1.

The fun part was that the second error then seemed to hose up the rest of an already functioning config, apparently by deciding that it would no longer poll localhost for any info.  As localhost is the only server I’m polling, that obviously presents a bit of a problem.

Since I was adding new sections into the config one at a time and testing them, I knew exactly which one had the problem – the memory usage stats.  Something I found interesting was that when I moved the failing section to the very end of the cfg file, it worked.  More intrigued, I did some poking around.  Google turned up some not so helpful results which were mostly mailing lists where people asked “what does this uninitialized value mean?” but received no answer.

Flashback (6 hours): I’d been playing around with SNMPUtil’s get function earlier today when I was figuring out what OIBs mapped to what components (another post will follow on that), and I noticed that some polls were taking quite a while to respond – 4 to 5 seconds sometimes.  That first error tells me that the timeout is 2 seconds.  If the poll was taking longer than that, MRTG would fail it and move onto the next operation – in this case, dividing another poll against the one that just failed.  Essentially, a 0 divided-by error. 

“Ok, so how do you turn up the timeout value?” you may ask.  Good question!

http://oss.oetiker.ch/mrtg/doc/mrtg-reference.en.html (the official MRTG reference guide) has a section on SNMPOptions, one of which includes setting the timeout value.  The exact syntax is:

snmpoptions[cfgname]: timeout => (x)

I used 5 seconds, so I set it to timeout => 5 .  In my implementation, this looks like:

####
#
# Memory Utilization (SNMP)
#
####

YLegend[localhost.memoryUsed]: % Memory Used
Options[localhost.memoryUsed]: growright,gauge
SnmpOptions[localhost.memoryUsed]:timeout => 5
Target[localhost.memoryUsed]: .1.3.6.1.2.1.25.2.3.1.6.7&.1.3.6.1.2.1.25.2.3.1.6.8:public@localhost / .1.3.6.1.2.1.25.2.3.1.5.7&.1.3.6.1.2.1.25.2.3.1.5.8:public@localhost * 100
MaxBytes[localhost.memoryUsed]: 523444000
Title[localhost.memoryUsed]: Stargate: Memory Used
ShortLegend[localhost.memoryUsed]: %
Legend1[localhost.memoryUsed]: Vir in next minute
Legend2[localhost.memoryUsed]: Phy in next minute
Legend3[localhost.memoryUsed]: Maximal 5 Minute Vir
Legend4[localhost.memoryUsed]: Maximal 5 Minute Phy
LegendI[localhost.memoryUsed]: &nbsp;Vir
LegendO[localhost.memoryUsed]: &nbsp;Phy
PageTop[localhost.memoryUsed]: <H1>Memory Utilization</H1>
    <TABLE>
       <TR><TD>System:</TD>     <TD>Server</TD></TR>
        <TR><TD>Vir</TD><TD>.1.3.6.1.2.1.25.2.3.1.6.7</TD></TR>
        <TR><TD>Phy</TD><TD>.1.3.6.1.2.1.25.2.3.1.6.8</TD></TR>
    </TABLE>

(more will come about why the OIBs changed).  Sure enough, though, those errors ceased and a previously hosed configuration now worked fine.  So if you receive an uninitialized value error, or a no response received error, try increasing the timeout. 

Anyone running a modern Windows Mobile 6 phone has probably thought about customizing the shell at one point or another.  Whether it’s adding features to the today screen, or putting in a complete shell revamp, the stock shell leaves much to be desired.  This is even more true when all your colleagues are walking around with Iphones, Blackberry Storms, or HTC Touch Diamonds. 

Well, now there’s something to bring you up to the finger-swiping era.  PointUI .  It’s an open-source Today Screen applet that doesn’t replace anything, just adds to it.  When used properly, the Today screen is still there, but instead of displaying the usual Owner Info, Calendar, Email, WiFi Status, etc, it displays this UI.

The UI gives you a finger-swiping controllable UI to get to all your applications, view email, modify settings, etc.  Most programs are simply linked from each of the menu options (i.e. I open Bubble Breaker, it still opens the WinMo Bubble Breaker – the menu bar and app are stock.), and only a few start out linked but you can add to this at any time.

The home screen has a built in weather app, and – major kudos on this one – the home screen will let you change views by sliding.  Drag the typical display screen (Date, Time, Weather, Agenda) from side to side, and you get a ‘rotating’ display of email with subject previews, a world map with your location, tasks, and a slideshow app.  The Start menu remains at the top left for rapid access.  There are also community-developed themes out there for almost anything you want, and designing your own is apparently not all that difficult (I’m too lazy though).

Prior to PointUI I was using Slide2Unlock, an Iphone shell clone, but found major problems when it interacted with the phone app.  It may have just been me, but it would often lock up when I received a call and told it to answer (whether using the slider or the button), and often it would jam to the point I couldn’t make any calls.  On top of that, it would grind my phone to a halt if I had email, a browser, or other app open, when it tried to load it.  Doesn’t help usability much. 

This is probably the best non-invasive (as in, doesn’t require a ROM reload) UI app I’ve come across.  It hasn’t slowed my phone down (a Toshiba Portege G900), and has added a fair amount of functionality as I don’t have to pull the stylus or use the nav keys to go around the screen, open apps quickly, etc.  Gets my vote.

I just performed a long overdue upgrade of WP to the latest rev.  I’ve put it off until now because I’ve spent so long customizing the pages, adding plugin sources to pages, changing layouts, etc, I was rather nervous about an updated install hosing something up that would take days to find and fix a comma out of place (been there, esp. with the PHP mods).  But, I have to admit it was much simpler than I’d anticipated. 

The instructions at http://codex.wordpress.org/Upgrading_WordPress make things very simple, and point out “don’t do this”.  I followed the guide for both my sites (Zen & Wings), and it worked quite instantly.  I backed up everything first though (including MySQL databases, as the new rev will make some changes) just as a precaution.  The new rev will also run automatic updates, saving me the trouble. 

So there’s a new login page, and a bunch of updated behind the scenes stuff.  If there are any issues, please let me know. 

And while I’m at it, is this site helpful?  Aside from more regular posts, I’m curious if there is anything you’d like to see added, more of, etc. 

Update: Turns out SemiSecure Login doesn’t like WP 2.7.1 .  After logging out, I was locked out again.  If you run into this, just rename the plugin directory to disable it, and then deactivate it.  I’ve replaced it with SemiSecure Login Reimagined which uses RSA keys over OpenSSL, which is much better anyway.

People talk about getting into the stock market… consumer electronics man, that’s where the money is.  What a ‘Super Deal’. 

Just bought a series of HP DL360s from a firesale.  AOL was refreshing a datacenter, these things were dirt cheap.  I’ve outfitted one with a pair of UW320 hotswap 72gb drives, but I’m figuring out a mod to put SATA drives in – cheaper, readily available, and don’t require ubercash and ebay to pick up if one dies.  It looks straight forward enough.  From my initial pokings, the SCSI backplane just lifts out.  The power connector is a single molex to the backplane that distributes it to the two drives, so I need a y-cable.

Empty drive trays are $10 a pop, so I’ll use those to lock the drives in place.  I have one outfitted with 4gb ram already which should be enough for most ops.  They’re dual-proc Xeons (single core, no VT) at 2.8ghz, and should make nice dogfood boxes for labs w/ VMWare GSX server.  Once I load test them, know they’re stable and won’t crap out on me, I may replace my dual p3-800 server which hosts my critical stuff.  At the very least, with a cheap SATA raid array, great media and file server.

www.nautilusnet.com was the company.  The chassis were $20 a pop, came with the procs and 1gb ram, no drives.  They had a 3.04ghz model for $30, same outfit (240 mhz doesn’t make that much diff. to me).  The company has everything else needed to outfit them – drives (36 or 72gb), memory kits, and redundant power supplies.  I’ve put in three orders with them now, and they’re awesome to work with.

Disclaimer: I’m not paid nor do I benefit in any way from this plug.  I don’t get kickbacks, gift cards, taken out for free drinks by the sales staff, free gear, logo’d jackets, tote bags, bumper stickers, or any special sale price on equipment.  They’re good people that do a good job and are worth a mention.

I also just bought a Linksys WMP300N PCI Wifi N card, and a WRT600N “Ultra RangePlus Dual-Band Wireless-N Gigabit Router” .  I installed them last night in hopes of getting better “reception” with my home-theater box (which I use for Netflix On Demand, and MS Flight Simulator – rest in peace – on my TV), but ran into a few hurdles configuring the 5ghz N signal.  A post will be forthcoming about that and some mild insanity once I stop foaming at the mouth about the Linksys wifi manager software.