Strony

Bash zadanie


Jakiś czas temu na prośbę kolegi rozwiązałem poniższe zadanie. Może się komuś przyda ten okropny dwulinijkowiec, tak na trójkę :)

Niepokojące zdarzenia naszego serwisu ABC logowane są w pliku tekstowym ABC.log; ponieważ plik rośnie dość szybko, to trzeba napisać
skrypt, który:

1. sprawdza, czy ABC.log > 1MB (lub >x Bajtów, gdzie x podajemy
wewnątrz skryptu)
2. jeśli tak, to:
- plik ABC.log ma być zamieniony na ABC.log.0
- były ABC.log.0 ma zostać spakowany i nazwany ABC.log.1.gz
- byłe ABC.log.n.gz mają być nazwane ABC.log.(n+1).gz (gdzie n=1,2,3....)

kderynski@e4310:~$FILESIZE=$(ls -l | grep "ABC.log$" | awk '{print$5}') && if [ $FILESIZE -gt 20 ];then if [ -f ABC.log ]; then mv ABC.log ABC.log.0; fi; if [ -f ABC.log.0 ]; then gzip ABC.log.0; fi; fi;

kderynski@e4310:~$for i in `ls -la | grep 'ABC.log.[1-9]*.gz' | awk '{print $9;}'`; do newfile=`echo $i | awk -F . '{ printf $1 "." $2 "." $3+1 "gz";}'`; mv "$i" "$newfile"; done

Why IS-IS adjacency is not UP ?

Basic routine performed when IS-IS adjacency is not UP on example lt-0/0/0.10 interface.

1. Check if ISO family is configured on interface
root# run show interfaces lt-0/0/0.10 | match iso 
    Protocol iso, MTU: 1497
2.Check what level was configured on interface. In this case only Level 1 was configured.
root# run show isis interface | match "Level|lt-0/0/0.10"  
Interface             L CirID Level 1 DR        Level 2 DR        L1/L2 Metric
lt-0/0/0.10           1   0x1 0172.0027.2554.02 Disabled               10/10
3.Check if authentication was configured.
root# run show isis authentication | match "Level|lt-0/0/0.10" 
Interface             Level IIH Auth  CSN Auth  PSN Auth
lt-0/0/0.10           1     Simple    MD5       MD5     
4. If simple Hello authentication was configured, check if keys are the same on the both sides. Please note that in this moment you could also check area address (49.0001). On Level 1 area addresses must be the same on both sides
root# run monitor traffic interface lt-0/0/0.10 detail           
...
16:16:43.340481 Out IS-IS, length 65
        L1 Lan IIH, hlen: 27, v: 1, pdu-v: 1, sys-id-len: 6 (0), max-area: 3 (0)
          source-id: 0172.0027.2551,  holding time: 6s, Flags: [Level 1 only]
          lan-id:    0172.0027.2554.02, Priority: 64, PDU length: 65
            IS Neighbor(s) TLV #6, length: 6
              SNPA: 0205.8671.5034
            Protocols supported TLV #129, length: 1
              NLPID(s): IPv4 (0xcc)
            IPv4 Interface address(es) TLV #132, length: 4
              IPv4 interface address: 172.27.0.10
            Area address(es) TLV #1, length: 4
              Area address (length: 3): 49.0001
            Restart Signaling TLV #211, length: 3
              Flags [none], Remaining holding time 0s
            Authentication TLV #10, length: 8
              simple text password: Juniper

What else can be checked ? :)

Junos read-only user in freeradius

When we have defined only one junos login "remote" in our devices with class super-user, and we want to add read-only login without touching junos config. We have to add couple of lines to user file in freeradius, as below:

# file /etc/freeradius/users
 
ro Auth-type := Local, User-Password = "password"
      Juniper-Local-User-Name = "ro",
      Juniper-Deny-Commands = "configure|request|reboot",
      Service-Type = "NAS-Prompt-User"
 
# on juniper
show configuration system login
 
user remote {
    full-name "All remote users";
    uid 2000;
    class super-user;                   
}