In order to do this, we first need to set up a way to pull this information from the router. The best way to do this is to install an SNMP (Simple Network Management Protocol) daemon on the system.

The main roadblock we face here is that the system mainly runs in volatile system memory, meaning that every time the system is rebooted the filesystem is reset. Fortunately Tomato provides a way to get around this using CIFS shares. Follow the steps below (as modified from here) to install an SNMP server on a Tomato router.

1. Create a network (samba, CIFS) share somewhere on the network. This computer must be on all of the time in order for Tomato to run the SNMP server.
2. Download the snmpd.zip file from one of these locations:
   [xs4all.nl]
   [systembash]

   expand the binary and .conf file into the share or a subdirectory (for example, <share name>/snmp)

   MD5 for snmpd binary is ae0d622648efdb8dceb7b3b5a63e23ac

3. Set up the shared directory on the router. Visit Administration->CIFS Client. Add the share as follows, with your correct share information:
4. Log into the Tomato router via ssh, and start SNMPd on the router by issuing the command:

   /cifs1/snmp/snmpd -c /cifs1/snmp/snmpd.conf &

5. Test that SNMP is running and can be accessed on another computer on the network. To test it, you can use snmpwalk like so:

   snmpwalk -c public -v 2c <IP Address of Router>

   If it works properly, it will list the available OIDs from the router. You do not need to take note of these, but they will be used in the graphing software later.

6. Finally, we need to launch the SNMP server when the router is restarted. You do this by adding the command to start it in the area Administration -> Scripts -> Firewall:

   sleep 30
   /cifs1/snmp/snmpd -c /cifs1/snmp/snmpd.conf -s &

   This launches the snmp server 30 seconds after the router is started or rebooted.

Thats it! SNMP is now running on the router.

Now to add this SNMP host to your graphing software. For this example, I will use Cacti, which I will assume you have already set up. If you need to set it up, please follow the directions on the Cacti site for installation.

First, add the router as a new device, using the information below (change IP to suite your needs):

After adding the device, you have several options depending on what sort of data you are looking for. For system information on the router – for example CPU usage, memory usage, etc; you can go directly to Create -> New Graphs. Select your device and then add the graph you are looking for.

The graph will show as a broken image at first, or a blank graph with “NaN” as the data source. Give it a few minutes to update, and the information should start to flow through. The ucd/net options work best, but feel free to experiment.

To get traffic stats on the interface, you first need to “Walk” the device.  Go back to your device list, and edit the device you added. Under “Associated Data Queries”, Add Data Query, add “SNMP – Interface Statistics” with Re-Index period as “Uptime goes backwards”. After adding it you should see under status something like: Success [39 Items, 6 Rows].

Since these data sources are now added, you can go back to Add a new Graph. After selecting the device, you should see a list of these new interfaces. Select the interfaces you wish to graph, and select the graph type (I suggest In/Out bits with Total).

After a few minutes, the data should start filling in. After a while, you will get a graph like this:

In conclusion, with a little work, you can get enterprise class graphing from your consumer router. The total project took me about 45 minutes, and I was trying to figure out all of the data sources and the correct way to enter everything.

Let me know your experiences, suggestions and corrections!

It is dirt simple to set up.

Go into Appearance -> Widgets and select the widget area you wish to add the twitter search stream to;

Add “RSS” and position the widget accordingly.

Click “Edit” and “Enter the RSS feed URL here:”. This is the link from search.twitter.com where it says “Feed for this query”.

Enter a title, if appropriate.

Thats it! You will see an area on the site such as the one below:

To summarize: There is no Twitter Search Plugin but Wordpress’s RSS feature works just fine!

Came across this little maddening issue again today after fixing it a few months back. I created a directory that is password protected using a .htaccess file. However, when trying to access this folder or anything under this directory, a File Not Found 404 error from Wordpress is displayed before it even prompts you for the password. The problem here lays within the main Wordpress .htaccess file

The default .htaccess file for WordPress is:

# BEGIN wordpress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END wordpress

This means that if a file is requested from the server, if it is not a file that exists in the server’s folder directory (!-f) and if it is not a directory that exists in the server’s folder directories (!-d) then pass the request onto index.php. This way, Wordpress will handle both customized URLs (such as those used for SEO) and also 404 File Not Found errors.

If you set up a password protected folder in a directory included in a Wordpress install, all of a sudden Wordpress takes over that folder and returns a 404 page, like the file doesn’t exist.

This happens because of a little ‘gotcha’ in the apache configuration. Luckily it is an easy fix.

In the password protected folder’s .htaccess file, you may already have the entries to ask for password access. Before all of that, place the following line:

ErrorDocument 401 /401.html

Then create a 401.html in the main folder, with any text, for example:

PASSWORD PROTECTED FOLDER – Please enter the correct username/password.

Voila, you can now enter your password protected folder again.

There is another workaround this little error, but since it involves editing the main wordpress .htaccess file, it can be overridden during an upgrade.

Solution found on: http://www.webmasterworld.com/apache/3688208.htm

Zabbix is an excellent system monitoring package. It does everything from basic availability checking to detailed system resource analysis. It is capable of graphing the variables pulled from the system, and alerting admins if there is a problem or something needed for attention.

Once you have the Zabbix server set up, you need to install the client on any systems you want to monitor. Windows systems have a precompiled binary to install. On linux, unix or freebsd systems you’ll need to compile binaries. If you have a range of systems that are homogeneous, you can port the binary to those or also compile it with static dependencies. Below are steps to compile, configure and install the zabbix client:

Steps to install a Zabbix Client

1. Download zabbix source code from www.zabbix.com; decompress with ‘tar zxvf’ and cd to directory
2. Configure the make program: ./configure –enable-agent
3. Compile and install the program: make install
4. Add zabbix group and user: groupadd zabbix; adduser -g zabbix -s /sbin/nologin -M -p RANDOMPASS zabbix
5. Create log file: touch /var/log/zabbix_agentd.log; chown zabbix.zabbix /var/log/zabbix_agentd.log
6. Copy init script to /etc/init.d. Scripts are located in ./misc/init.d/ and your distro directory.
7. Make sure bin directory in init script is where Zabbix actually compiled to.
8. chmod 755 /etc/init.d/zabbix_agentd
9. chkconfig zabbix_agentd on
10. Copy agent config script to /etc/zabbix/zabbix_agentd.conf. Current one is:

    # This is config file for zabbix_agentd
    # To get more information about ZABBIX, go http://www.zabbix.com
    
    # This is the ip and port of the main zabbix server
    Server=10.0.0.1
    ServerPort=10051
    Hostname=AGENTHOSTNAME
    ListenPort=10050
    # ListenIP=10.0.0.2
    StartAgents=5
    DisableActive=1
    DebugLevel=1
    PidFile=/var/tmp/zabbix_agentd.pid
    # LogFile=/var/log/zabbix_agentd.log
    LogFileSize=1
    Timeout=10

11. Start the zabbix service: service zabbix_agentd start
12. Open firewall for zabbix port (10050) if necessary.
13. Log into Zabbix on the server, Add server to hosts – use correct templates and groups depending on what type of server it is.
14. Add monitoring and notification as appropriate.
15. Consider if all necessary services are being monitored; test that detection of down services and notifications work properly.

To get Postini to white list an IP address, you need to go into the Batch editing mode and issue this command:

addallowedip organization name,domain.com:10.0.0.0

Full Postini Batch Reference

See page 30 for ‘addallowedip’ syntax and more information.

By default Installatron disables all Wordpress plugins when doing an upgrade. This is due to the Wordpress best practices for upgrading the version of their system. When you have a lot of Wordpress installs to go through this is a big pain because it usually breaks the site.

According to this post, you disable the disabling of the plugins by creating a file named .dont_disable_plugins in the directory that wordpress is installed to.

Via command line it is as simple as this:

touch /path/to/wordpress/.dont_disable_plugins

Execute that command on the command line (or upload an empty file via FTP/SCP) and the plugins will remain enabled. There is also an option in the installatron settings to enable this file creation upon install.

Note that if you have a plugin that is not compatible with a new version of Wordpress, it may break your install!

[2009-03-23 15:51:40 xend.XendDomainInfo 3310] DEBUG (XendDomainInfo:1603) XendDomainInfo.destroy: domid=None
[2009-03-23 15:51:40 xend 3310] ERROR (xmlrpclib2:184) (12, 'Cannot allocate memory')

I checked the memory, and sure enough, all of the VPSes were using up the memory. More specifically, dom0 (the main server) had ‘ballooned’ and begun to take up 3GB of RAM, this is more than the system should need:

[2009-03-22 18:03:08 xend.XendDomainInfo 3310] DEBUG (XendDomainInfo:1113) Setting memory target of domain Domain-0 (0) to 2903 MiB.
[2009-03-22 18:03:09 xend 3310] DEBUG (balloon:127) Balloon: 537840 KiB free; need 537600; done.

Basically when memory ballooning is set, the memory available to the main hypervisor will have a minimum value set and will balloon according to the current requirements. This setting is in the config file which for me is at /etc/xen/xend-config.sxp:

# Dom0 will balloon out when needed to free memory for domU.
# dom0-min-mem is the lowest memory level (in MB) dom0 will get down to.
# If dom0-min-mem=0, dom0 will never balloon out.
(dom0-min-mem 256)

I changed this line to:

(dom0-min-mem 0)

I also modified grub to set an absolute amount of memory to dom0:

title CentOS (2.6.18-92.1.22.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-92.1.22.el5 dom0_mem=1536M
module /vmlinuz-2.6.18-92.1.22.el5xen ro root=/dev/vg_root/lv_root
module /initrd-2.6.18-92.1.22.el5xen.img

The value for dom0_mem sets the system memory at boot time. This will be set on the kernel line. Make sure this is large enough to handle system tasks; 1.5G seems to be good for me right now.

Reboot the server to set the memory for dom0.

You could also set the memory usage for dom0 temporarily by using the ‘xm mem-set’ command:

Usage: xm mem-set <Domain> <Mem>

This would not apply after a reboot. Good luck!

Reading package lists... Done

W: GPG error: http://ppa.launchpad.net intrepid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 313D312748A22A95

W: You may want to run apt-get update to correct these problems

Ah ha! But apt-get update is the command causing this problem.

The solution is to import this key from the gpg servers; I don’t know why this isn’t done automatically, but here is it:

sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 313D312748A22A95; gpg --export --armor 313D312748A22A95 | sudo apt-key add -

Resulting in:

Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --recv-keys --keyserver keyserver.ubuntu.com 313D312748A22A95
gpg: requesting key 48A22A95 from hkp server keyserver.ubuntu.com
gpg: key 48A22A95: public key "Launchpad PPA for Filip Brcic" imported
gpg: Total number processed: 1
gpg: unchanged: 1
OK

Congrats! sudo apt-get update now works properly!

• Don’t allow connections to this computer
• Allow connections from computers running any version of Remote Desktop (less secure)
• Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)

At first blush, you would probably choose the “more secure” option. Practically, this mainly means that it only allows connections from the latest Remote Desktop software in Windows Vista. It is probably another attempt by Microsoft to force consumers and businesses into upgrading to Windows Vista. But… I digress.

When connecting with an older Terminal Services (TS) client in XP or even Vista, you will get this message:

“Remote computer requires Network Level Authentication, which your computer doesn’t support”

Not all is lost. There are two ways around this. The first and most obvious solution is to select the less secure option and disabled Network Level Authentication (NLA). If you are in an environment that does not allow this change, or there are some other circumstances where you need to keep Network Level Authentication enabled, you can get a Remote Desktop connection from Windows XP.

The first step is to download the latest Remote Desktop Client for Windows XP. As of the writing of this article, the latest version is 6.1.

For XP SP3: here

For XP SP2: here

That is not it. For XP, you need to enable CredSSP – Credential Security Service Provider.

CredSSP is a new Security Service Provider (SSP) that is available in Windows XP SP3 by using the Security Service Provider Interface (SSPI). CredSSP enables a program to use client-side SSP to delegate user credentials from the client computer to the target server.

Directions on how do do this are available at Microsoft here:

http://support.microsoft.com/kb/951608/

The quick and dirty summary:

1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Exit Registry Editor.
9. Restart the computer.

For more information on CredSSP including how to deploy this setting using Group Policy, see the CredSSP page here.

Let me know if you have any other tips or a simpler way to connect to the more secure version of Remote Desktop.

$ export KERN_DIR=/usr/src/kernels/2.6.18-92.1.22.el5-i686/
$ /etc/init.d/vboxdrv setup
Stopping VirtualBox kernel module [  OK  ]
Removing old VirtualBox netflt kernel module [  OK  ]
Removing old VirtualBox kernel module [  OK  ]
Recompiling VirtualBox kernel module [  OK  ]
Starting VirtualBox kernel module [FAILED]
(modprobe vboxdrv failed. Please use 'dmesg' to find out why)

dmesg shows this:

vboxdrv: disagrees about version of symbol struct_module

Interesting!

After several missteps, it turns out there is a separate development rpm for the PAE kernel:

$ yum install kernel-PAE-devel

After that installs, we are good:

$ export KERN_DIR=/usr/src/kernels/2.6.18-92.1.22.el5-PAE-i686/
$ /etc/init.d/vboxdrv setup
Stopping VirtualBox kernel module [  OK  ]
Removing old VirtualBox netflt kernel module [  OK  ]
Removing old VirtualBox kernel module [  OK  ]
Recompiling VirtualBox kernel module [  OK  ]
Starting VirtualBox kernel module [  OK  ]

Golden.