Cron Example

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name  command to be executed

3 0 * * * root /raid/log/dailytar.sh >> /raid/data/log/dailytar.log 2>&1
33 0 * * * root /raid/log/synclog.sh >> /raid/syslog/TPBak/rsync.log 2>&1
*/3 1-23 * * * root /raid/log/checklog.sh
50 23 * * * root /raid/data/module/rSyslog/system/etc/rc.d/rsyslog-server restart > /dev/null

Splunk滙入Cisco ASA5550 firewall log並指定特殊字串,避免超出限額

1. Splunk Monitor D:\Firewall-Log-Splunk\filter-tpe-asa5550* file
2. Use 【props.conf】 TRANSFORMS-set
3. Define transforms.conf to filter event include string "0x"
4. After configure need restart splunk service.

C:\Program Files\Splunk\etc\apps\search\local
inputs.conf
===================================================================
[monitor://J:\Firewall-Log-Check]
disabled = false
index = firewall-log-check
whitelist =

[monitor://D:\Firewall-Log-Splunk]
disabled = false
index = tpe-asa5550
whitelist = filter-tpe-asa5550*

[monitor://D:\014-FirewallLog-Splunk]
disabled = false
index = 014-firewalllog-splunk
whitelist = tpe-014pix*

C:\Program Files\Splunk\etc\apps\learned\local

props.conf(與【資料輸入】->【檔案和目錄】->【來源類型】有關)

=================================================================

[filter-tpe-asa]

TRANSFORMS-set = setnull, setparsing

MAX_TIMESTAMP_LOOKAHEAD = 36

is_valid = True

C:\Program Files\Splunk\etc\system\local

transforms.conf(與【欄位】->【欄位轉換】有關)

=================================================================

[setnull]

REGEX = .

DEST_KEY = queue

FORMAT = nullQueue

[setparsing]

 REGEX = 0x

 DEST_KEY = queue

 FORMAT = indexQueue

Cisco Router/Switch Enable SSH

Follow the next steps to enable SSH:
• Configure the hostname command.
• Configure the DNS domain.
• Generate RSA key to be used.
• Enable SSH transport support for the virtual type terminal (vty)

Example SSH version 2 configuration:

hostname ssh-router
aaa new-model
username cisco password cisco
ip domain-name routers.local

! Specifies which RSA keypair to use for SSH usage.
#在Cisco 4506與4507上無法下這段指令
ip ssh rsa keypair-name sshkeys

! Enables the SSH server for local and remote authentication on the router.
! For SSH Version 2, the modulus size must be at least 768 bits.
crypto key generate rsa usage-keys label sshkeys modulus 1024


! Configures SSH control variables on your router.
ip ssh timeout 120

! configure SSH version 2 (will disable SSH version 1)
ip ssh version 2


!--- disable Telnet and enable SSH
line vty 0 4
transport input SSH


Commands to verify SSH configuration:
• show ssh
• show ip ssh
• debug ip ssh

###Remove RSA key
(config)#crypto key zeroize rsa 
% All RSA keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: no

=====================================================================
ip domain-name pro.tcbank.cop

crypto key generate rsa usage-keys label sshkeys modulus 1024

ip ssh time-out 120

ip ssh version 2


line vty 0 4
no access-class VTY_ACL in

exit

no ip access-list extended VTY_ACL

ip access-list extended VTY_ACL
 permit tcp host 192.168.91.44 any eq telnet
 permit tcp host 192.168.1.45 any eq telnet
 permit tcp host 172.17.1.18 any eq telnet
 permit tcp host 172.16.11.21 any eq 22
 permit tcp host 172.16.11.196 any eq 22
 permit tcp host 172.17.1.27 any eq 22
 permit tcp host 172.17.1.33 any eq 22
 permit tcp host 172.17.1.56 any eq 22
 permit tcp host 192.168.1.25 any eq 22
 permit tcp host 192.168.1.25 any eq telnet
 permit tcp host 192.168.1.28 any eq 22
 permit tcp host 192.168.90.27 any eq 22
 permit tcp host 192.168.90.27 any eq telnet
 permit tcp host 192.168.90.7 any eq 22
 permit tcp 10.91.0.0 0.0.255.255 any eq 22
 permit tcp 10.90.0.0 0.0.255.255 any eq 22

line vty 0 4
access-class VTY_ACL in
transport input ssh telnet

xShell使用SSH時出現【WARNING! The remote SSH server rejection agent-forwarding request.】

使用xShell SSH連線Cisco Switch時輸入完username/password後，會出現
【WARNING! The remote SSH server rejection agent-forwarding request.】
只需設定SSH Tunneling Forwarding Port即可解決此問題。




reference url:https://www.netsarang.com/tutorial/xshell/1018/Using_X11_forwarding

Cisco 4507R+E Upgrade IOS-xe Firmware

Cisco 4507R+E Upgrade IOS-xe Firmware

Model：Cisco 4507rpluse
OS：ios-xe / 03.04.00.SG
Supervisor：WS-C4507R+E 7 / WS-X45-SUP7L-E

# Define ftp server username & password
config term
ip ftp username tcbnetadmin
ip ftp password 7 01070506035D535D701C1950
exit

# Use ftp service transfer IOS to flash
copy ftp://172.17.200.1/CiscoIOS/cat4500e-universalk9.SPA.03.06.03.E.152-2.E3.bin bootflash:

# Verify IOS file
verify /md5 flash:/cat4500e-universalk9.SPA.03.06.03.E.152-2.E3.bin

# Setup Boot from IOS c2960-lanbasek9-mz.150-2.SE5.bin
config term
boot system flash bootflash:cat4500e-universalk9.SPA.03.06.03.E.152-2.E3.bin
exit

write