Saturday, December 28, 2013

When use PCL or PS printer drivers

Today we are going to talk about a topic that at first glance seems not interesting, printing performance.

At our office we've faced this problem as well as some clients asked us about slow performance printing PDF files through one our products.

The problem: 
After a new coorporative printer/drivers deploy, end users complaint about very slow printing when they print PDF medium size files and terribly slowness with large files.

Sunday, December 15, 2013

Wsus report with powershell


Last Tuesday, someone in our department asked us if it is possible to get a report via email that displays information about failed computers.

By default Windows 2008 R2 does not provide WSUS cmdlets, so we need to load WSUS assemblies from .NET, here is a URL with the method and properties http://msdn.microsoft.com/en-us/library/microsoft.updateservices.administration(v=vs.85).aspx

Recipe: IAS log parser

Today we need to parse an IAS log, we need to know who are logging in the system. Usually we use IASLogparser, but unfortunately in this case we did not have the license.
So, we need to read the file specifications from Microsoft in this URL http://technet.microsoft.com/es-es/library/dd197432(v=ws.10).aspx  and parse the log file.
We selected Powershell as our script language and it was easy to build a parser, we made it in less than one hour.

Thursday, November 28, 2013

Recipe: Linux SNMPD script OID & Cacti example ( VSFTD number of users )

Today we have to implement a new chart in our Cacti, this chart has to display the number of users connected to a VSFTPD server in a CentOS server.

VSFTPD CONFIG
Firstly, you have to setup VSFTD to display the number of connections, to do this, you have to add this variable setproctitle_enable=YES in the vsftpd.conf file and restart the service.
This setting allows you to monitor the clients, now you can see the connection in the output of ps command, in this case the output looks like this:
vsftpd_daemon_user 11203  1.0  0.3  56320  1548 ?        Ss   15:12   0:00 vsftpd: 90.IP.IP.IP: connected
Counting the number of connections is very easy, one script like this is enough:
 #!/bin/bash  
 ps aux | grep vsftp | grep connected | wc -l  
It will return the number of the connected users.
We are going to save it as /scripts/ftp-who.sh to use it in the next examples.
Now is time to integrate it on SNMPD config.

Wednesday, November 27, 2013

Recipe: How to know when was the last update in Linux

Today we are going to write about the difference between the two main package managers. Last week we were setting up some systems to be ready for ISO 27000 audit and we needed to know when the last updates were installed in  Linux servers. We have two types of Linux distributions in the company, Debian and CentOS, we think that CentOS is more enterprise friendly, especially the package manager (yum) is more enterprise friendly than dpkg and here is an example.

In CentOS you need to execute the command yum history to get a report of the last software installed in the machine. In Debian on the other hand, you need to execute something like this, date -d @$(stat -c %Y /var/cache/apt/) and it just return the last day when apt-get installed a package, it looks more tricky and it is not a function of dpkg.

This kind of details, like update history, are very important to us because they are very annoying in day by day operation, so we strongly recommend CentOS instead of Debian for enterprise systems.

Tuesday, November 26, 2013

Scom APM 2012 SP1

Definition of APM from MSDN:
In System Center 2012 – Operations Manager, you can monitor web applications and web services from server- and client-side perspectives to get details about application availability and performance that can help you pinpoint problems. (For System Center 2012 SP1 only: You can also monitor Windows Services.) When you specify settings, the types of events to collect, the performance goals to measure, and which servers to monitor, Operations Manager .NET Application Monitoring provides insights into how web-based applications are running. You can see how frequently a problem is occurring, how a server was performing when a problem occurred, and the chain of events related to the slow request or a method that is unreliable. You have to have this information to partner with software developers and database administrators to help ensure that applications are available and perform at optimal levels.

Recipe: last MSI installed on a computer

This is a PoC of Powershell script to monitor MSIs installed packages in the local machine, it is ready to run every 5 minutes and launches an action if anything is installed in this period of time.


 #Deploy as 5 minutes management task.  
  $softinst=Get-EventLog application -InstanceId 1033 -Source MsiInstaller -Before ([System.DateTime]::Now) -After ([System.DateTime]::Now).AddMinutes(-5)  
  if ($softinst -eq $null)  
  {  
   Write-Host "No new software installed in the last 5 minutes"  
  }  
  else{   
  #Skip autoupdates  
  if ($_.Message -notcontains "Microsoft Endpoint"){  
  #Action  
  }  
  }  

You can run it as scheduled task and send email as action to control every 5 minutes which are the new MSI packages installed in one machine.
You can deploy it across domain using GPO and scheduled task ( http://technet.microsoft.com/en-us/library/cc725745.aspx ) using powershell.exe with parameter -command{} and invoke-command{\\UNC\scripts}
Remember the execution policy, you can manage it with GPO in Computer Configuration | Administrative Templates | Windows Components | Windows PowerShell and configure the Turn On Script Execution setting

Monday, November 25, 2013

SCOM DMZ agent

Nowadays, there are a lot of great articles about this topic and we think that is not necessary to write a step-by-step article explaining how to run a Windows agent on the DMZ or out of the domain of SCOM server.

Here are some great examples of these articles explaining how to deploy a DMZ agent:
http://pkjayan.wordpress.com/2010/05/17/agent-managed-untrusted-servers-step-by-step-guide/
http://blogs.technet.com/b/stefan_stranger/archive/2012/04/17/monitoring-non-domain-members-with-om-2012.aspx

There are even some homemade scripts to deploy the agents like this one: http://systemscentre.blogspot.com.es/2012/03/scom-dmzworkgroup-agent-deployment.html

SCOM SNMP monitorig

SNMP monitoring is easy to implement in SCOM 2012.
SNMP monitoring in SCOM is an example of agentless monitoring.
Since SCOM 2012 there are a lot of templates related with SNMP devices, before SCOM 2012 you had to install the xSNMP management pack, nowadays a lot of vendors are included in SCOM 2012 by default.

Here is a list of well supported devices: http://www.microsoft.com/en-us/download/confirmation.aspx?id=26831

Friday, November 22, 2013

SCOM Linux Agents

This is the part four of a set of articles related to SCOM

How to deploy

Before SCOM 2012 SP1, if you didn´t  have the supported Linux Versions like Red Hat or SUSE, it was hard to deploy a Linux agent, nowadays with the new management packs, it is much easier.
In this article, we are going to a make a sumary which covers the installation and basic troubleshooting in Linux systems, but it could also be useful with Unix agents.

Thursday, November 21, 2013

SCOM scripting basics

This is the part three of a set of articles related to SCOM


Why scripting with SCOM?

Scripting is the most powerful tool in SCOM, with scripts and imagination you can monitor everything, from a folder in the filesystem to a coffee machine.

Usually we use Visual Basic Script for scripting in SCOM, because it works in all Windows systems, from 2003 to 2012R2, but you can use Powershell if you prefer,  as long as it is installed in the monitored system. Bash or Python can be used as well, if you are monitoring Linux servers.
Scripts could be emebeded in Management packs or can be developed from the administration console as monitor or rule.
This article is focused on monitor scripts, but it can give you an idea about how scripts work in SCOM and how to use them on rules or management packs.

Wednesday, November 20, 2013

Basic reporting in SCOM

This is the part three of a set of articles related to SCOM

Part1 - SCOM BASICS
Basic reports in SCOM
There are two main ways to edit or develop a report for SCOM: via Report Builder or via Visual Studio. 
In this article we are going to use Visual Studio 2010 with bussines inteligence tools installed.       

Useful SQL queries in SCOM database

This is the part two of a set of articles related to SCOM

Which are the differences between Operations and Datawarehouse databases.

Extracted from Microsoft web:
  • The operational database is a SQL Server database that contains all configuration data for the management group and stores all monitoring data that is collected and processed for the management group. The operational database retains short-term data, by default 7 days.
  • The data warehouse database is a SQL Server database that stores monitoring and alerting data for historical purposes. Data that is written to the Operations Manager database is also written to the data warehouse database, so reports always contain current data. The data warehouse database retains long-term data.
The data retentions in the operational database can be extended from the administration console in the menu Administration --> Settings --> Database Grooming. It is a good idea to extend them to two weeks if you do not have a lot of events in SCOM, because you can plot larger performance charts from the console or search alert events from the console without entering into reporting services. Remember, this is an operational database, so more than four weeks of retention usally can impact  the SCOM perfromance negatively.

Tuesday, November 19, 2013

SCOM basics


This is the part one of a set of articles related to SCOM

What is SCOM

The defintion from Wikipedia:
System Center Operations Manager (SCOM) is a cross-platform data center management system for operating systems and hypervisors. It uses a single interface that shows state, health and performance information of computer systems. It also provides alerts generated according to some availability, performance, configuration or security situation being identified. It works with Microsoft Windows Server and Unix-based hosts.

Recipe to get hits per browser by URL

This is our first recipe, a short article describing a specific task.
Today we need get hits by browser in specific URLs.
We have used the following tools, Logparser Lizard,Powershell and Excel to present a graphic report.