Tripp Lite 0 Idades Manual

							171
Chapter 10: Nagios Integration
define service {
 service_description  Host Ping
 host_name  server
 use   generic-service
 check_command  check_ping_via_tripplite
 }
define service {
 service_description host-ping-server
 host_name  server
 use   generic-service
 check_command  check_ping_via_tripplite
 active_checks_enabled 0
 passive_checks_enabled 1
 }
define servicedependency{
 name    tripplite_nrpe_daemon_dep
 host_name   tripplite
 dependent_host_name  server
 dependent_service_description  Host Ping
 service_description  NRPE Daemon
 execution_failure_criteria w,u,c
 }
; SSH Port
define command{
        command_name    check_conn_via_tripplite
        command_line    $USER1$/check_nrpe -H 192.168.254.147 -p 5666 -c\
 host_$HOSTNAME$_$ARG1$_$ARG2$
        }
define service {
 service_description  SSH Port
 host_name  server
 use   generic-service
 check_command  check_conn_via_tripplite!tcp!22
 }
define service {
 service_description host-port-tcp-22-server
    ; host-port---
 host_name  server
 use   generic-service
 check_command  check_conn_via_tripplite!tcp!22
 active_checks_enabled 0
 passive_checks_enabled 1
 }
define servicedependency{
 name    tripplite_nrpe_daemon_dep
 host_name   tripplite
 dependent_host_name  server
 dependent_service_description  SSH Port
 service_description  NRPE Daemon
 execution_failure_criteria w,u,c
 }  
						

							172
Chapter 10: Nagios Integration
10.4.2 Basic Nagios plug-ins 
Plug-ins are compiled executables or scripts that can be scheduled to be\
 run on the Console Server to check the status of a 
connected host or service. This status is then communicated to the upstr\
eam Nagios server which uses the results to monitor 
the current status of the distributed network. Each Console Server is pr\
econfigured with a selection of the checks that are part 
of the Nagios plug-ins package:
 check_tcp and check_udp are used to check open ports on network hosts
 check_ping is used to check network host availability
 check_nrpe is used to execute arbitrary plug-ins in other devices
Each Console Server is also preconfigured with two checks that are spe\
cific to the Console Server:
 check_serial_signals is used to monitor the handshaking lines on the serial ports
 check_port_log is used to monitor the data logged for a serial port.
10.4.3 Additional plug-ins
Additional Nagios plug-ins (listed below) are available for all the Tripp Lite Console Servers: 
check_apt
check_by_ssh
check_clamd
check_dig
check_dns
check_dummy
check_fping
check_ftp
check_game
check_hpjd
check_http
check_imap
check_jabber
check_ldap
check_load
check_mrtg
check_mrtgtraf
check_nagios
check_nntp
check_nntps
check_nt
check_ntp
check_nwstat
check_overcr
check_ping
check_pop
check_procs
check_real
check_simap
check_smtp
check_snmp
check_spop
check_ssh
check_ssmtp
check_swap
check_tcp
check_time
check_udp
check_ups
check_users
There also are bash scripts which can be downloaded and run (primarily check_log.sh). 
• To configure additional checks, the downloaded plug-in program must be \
saved in the tftp addins directory on the USB 
flash and the downloaded text plug-in file saved in /etc/config
• To enable these new additional checks, you select Serial&Network: Network Port, then you Edit the Network Host to be 
monitored, and select New Checks. The additional check option will have been included in the updated Nagios Checks 
list. You can again customize the arguments   
						

							173
Chapter 11: System Management
This chapter describes how the Administrator can perform a range of gene\
ral system administration and configuration tasks on 
the Console Server, such as:
• Applying Soft and Hard Resets to the gateway 
• Re-flashing the firmware 
• Configuring the Date, Time and NTP
• Setting up Backup of the configuration files (B095-004/003 only)
• Configuring the console server in FIPS mode(B095-004/003 only)
• Delayed configuration commits
System administration and configuration tasks covered elsewhere includ\
e: 
• Resetting the System Password and entering a new System Name and Description for the Console S\
erver (Chapter 3.2)
• Setting the Console Server’s System IP Address (Chapter 3. 3)  
• Setting the permitted Services used to access the Console Server (Chapter 3.4) 
• Setting up OoB Dial-in (Chapter 5) 
Configuring the Dashboard (B095-004/003 only) (Chapter 12)
11.1  System Administration and Reset
The Administrator can reboot or reset the gateway to default settings. 
A soft reset is affected by: 
• Selecting Reboot in the System: Administration menu and clicking Apply 
The Console Server reboots with all settings (e.g. the assigned network IP address) preserved. However this soft reset does 
disconnect all users and ends any SSH sessions that had been established. 
A soft reset will also be affected when you switch OFF power from the Console \
Server, and then switch the power back ON. 
However if you cycle the power while the unit is writing to flash you \
could corrupt or lose data, so the software reboot is the 
safer option.
A hard erase (hard reset) is effected by:
• Pushing the Erase button on the rear panel twice. A ball point pen or bent paper clip is a suitable tool for performing \
this 
procedure. Do not use a graphite pencil. Depress the button gently twice (within a couple of second period) while the unit 
is powered ON.
This will reset the Console Server back to its factory default settings \
and clear the Console Server’s stored configuration 
information (i.e. the IP address will be reset to 192.168.0.1). You will be prompted to log in and must enter the default 
administration username and administration password (Username: root  Password: default).  
						

							174
Chapter 11: System Management
11.2 Upgrade Firmware 
Before upgrading you should ascertain if you are already running the mos\
t current firmware in your gateway. Your Console 
Server will not allow you to upgrade to the same or an earlier version. \
• The Firmware version is displayed in the header of each page 
• Or select Status: Support Report and note the Firmware Version 
• To upgrade, you must first download the latest firmware image from 
http://www.tripplite.com/EN/support/downloads/driver-firmware-downloads.cfm 
• Save this downloaded firmware image file on to a system on the same \
subnet as the Console Server
• Also download and read the release_notes.txt for the latest information
• To then upload the firmware image file to your Console Server, select System: Firmware 
• Specify the address and name of the downloaded Firmware Upgrade File, or\
 Browse the local subnet and locate the 
downloaded file
• Click Apply and the Console Server appliance will undertake a soft reboot and comme\
nce upgrading the firmware. This 
process will take several minutes
• After the firmware upgrade has completed, click here to return to the Management Console. Your Console Server will have 
retained all its pre-upgrade configuration information  
						

							175
Chapter 11: System Management
11.3 Configure Date and Time 
It is recommended that you set the local Date and Time in the Console Se\
rver as soon as it is configured. Features such as 
Syslog and NFS logging use the system time for time-stamping log entries\
, while certificate generation depends on a correct 
Timestamp to check the validity period of the certificate. 
• Select the System: Date & Time menu option
• Manually set the Year, Month, Day, Hour and Minute using the Date and Time selection boxes, then click Set Time
The gateway can synchronize its system time with a remote time server us\
ing the Network Time Protocol (NTP). Configuring the 
NTP time server ensures that the Console Server clock will be accurate s\
oon after the Internet connection is established.  Also 
if NTP is not used, the system clock will be reset randomly every time t\
he Console Server is powered up. To set the system 
time using NTP:
• Select the Enable NTP checkbox on the Network Time Protocol page 
• Enter the IP address of the remote NTP Server
• If your external NTP server requires authentication, you need to specify\
 the NTP Authentication Key and the Key Index 
to use when authenticating with the NTP server 
• Click Apply Settings
You must now also specify your local time zone so the system clock can sh\
ow local time (and not UTP):
• Set your appropriate region/locality in the Time Zone selection box and \
click Set Timezone  
The Time Zone can also be set to UCT (Coordinated Universal Time) which replaced Greenwich Mean Time as the World 
standard for time in 1986:  
						

							176
Chapter 11: System Management
11.4 Configuration Backup 
It is recommended that you back up the Console Server configuration wh\
enever you make significant changes (such as adding 
new Users or Managed Devices) or before performing a firmware upgrade\
. 
• Select the System: Configuration Backup menu option or click the  icon
Note: The configuration files can also be backed up from the command lin\
e (refer Chapter 14)
You can save the backup file remotely on your PC and you can restore co\
nfigurations from remote locations: 
• Click Save Backup in the Remote Configuration Backup menu
• The config backup file (System Name_date_config.opg) will be downloaded to your PC and saved in the location you 
nominate
To restore a remote backup:
• Click Browse in the Remote Configuration Backup menu and select the Backup File you wish to restore
• Click Restore and click OK. This will overwrite all the current configuration settings in your C\
onsole Server
Alternately you can save the backup file locally onto the USB storage.\
 To do this your Console Server must support USB and 
you must have an internal or external USB flash drive installed.  
To backup and restore using USB:
• Ensure the USB flash is the only USB device attached to the Console Se\
rver 
• Select the Local Backup tab and click here to proceed. This will set a Volume Label on the USB storage device. This 
preparation step is only necessary the first time, and will not affect\
 any other information you have saved onto the USB 
storage device. However it is recommended that you back up any critical \
data from the USB storage device before using it 
with your Console Server. If there are multiple USB devices installed you will be warned to remo\
ve them.
• To backup to the USB enter a brief Description of the backup in the Local Backup menu and select Save Backup
• The Local Backup menu will display all the configuration backup file\
s you have stored onto the USB flash 
• To restore a backup from the USB simply select Restore on the particular backup you wish to restore and click Apply  
						

							177
Chapter 11: System Management
After saving a local configuration backup, you may choose to use it as\
 the alternate default configuration.  When the Console 
Server is reset to factory defaults, it will then load your alternate de\
fault configuration instead of its factory settings:
• To set an alternate default configuration, check Load On Erase and click Apply
Note: Before selecting Load On Erase please ensure you have tested your alternate default configuration by\
 clicking Restore
If for some reason your alternate default configuration causes the Con\
sole Server to become unbootable recover your unit to 
factory settings using the following steps:
• If the configuration is stored on an external USB storage device, unpl\
ug the storage device and reset to factory defaults as 
per section 11.1 of the user manual
• If the configuration is stored on an internal USB storage device reset\
 to factory defaults using a specially prepared USB 
storage device:
  o The USB storage device must be formatted with a Windows FAT32/VFAT file system on the first partition or the    
    entire disk, most USB thumb drives are already formatted this way
 o The file system must have the volume label: OPG_DEFAULT
  o Insert this USB storage device into an external USB port on the Console \
Server and reset to factory defaults as    
    per section 11.1
After recovering your Console Server, ensure the problematic configuration is no longer selected for Load \
On Erase
11.5 Delayed Configuration Commit
The Delayed Config Commit mode allows the grouping or queuing of confi\
guration changes and the simultaneous application 
of these changes to a specific device.  For example, changes to authentication methods or user accounts may be gr\
ouped and 
run once to minimize system downtime. To enable:
• Check the Delayed Config Commits button under System: Administration
• Click Apply
• The Commit Config icon  will now be displayed in top right-hand corner of the screen between the\
 Backup and Log 
Out icons
To queue then run configuration changes:
• Firstly apply all the required changes to the configuration e.g. modif\
y user accounts, amend authentication method, 
enable OpenVPN tunnel or modify system time
• Click the Commit Config button. This will generate the System: Commit Configuration screen displaying all the 
configurators to be run  
						

							178
Chapter 11: System Management
• Click Apply to run all the configurators in the queue 
• Alternately click Cancel and this will  discard all the delayd configuration changes
Note: All the queued configuration changes will be lost if Cancel is selec\
ted 
To disable the Delayed Configuration Commits mode:
• Uncheck the Delayed Config Commits button under System: Administration and click Apply
• Click the Commit Config button in top right-hand corner of the screen to display the System: Commit Configuration 
screen 
• Click Apply to run the systemsettings configurator
The Commit Config button will no longer be displayed in the top right-hand corner of the \
screen and configurations will no 
longer be queued.
11.6  FIPS Mode 
Note: The US National Institute of Standards and Technology (NIST) publishes the FIPS (Federal Information Processing 
Standard) series of standards. FIPS 140-1 and FIPS 140-2 are both techn\
ical standards and worldwide de-facto standards for 
the implementation of cryptographic modules. These standards and guideli\
nes are issued by NIST for use government-wide. 
NIST develops FIPS when there are compelling Federal government requirem\
ents such as for security and interoperability and 
there are no acceptable industry standards or solutions. 
Console Servers with Revision 3.0.1 firmware (or later) use an embed\
ded OpenSSL cryptographic module that has been 
validated to meet the FIPS 140-2 standards and has received Certificat\
e #1051. This firmware is only currently available on 
B095-004-1E / B095-003-1E-M Console Servers
When configured in FIPs mode all SSH, HTTPS and SDTConnector access to all services on the Console Servers will use the 
embedded FIPS compliant cryptographic module. To connect you must also be using cryptographic algorithms that are FIPs 
approved in your browser or client or the connection will fail. 
• Select the System: Administration menu option
• Check FIPS Mode to enable FIPS mode on boot, and check Reboot to safely reboot the console server
• Click Apply and the Console Server will now reboot. It will take several minutes to\
 reconnect as secure communications 
with your browser are validated, and when reconnected it will display “\
FIPs mode: Enabled” in the banner  
Note: To enable FIPS mode from the command line, login and run these commands:
   config -s config.system.fips=on
   touch /etc/config/FIPS
   chmod 444 /etc/config/FIPS
   flatfsd -b
The final command saves to flash and reboots the unit.  The unit wil\
l take a few minutes to boot into FIPS mode. To disable 
FIPS mode:
   config -d config.system.fips
   rm /etc/config/FIPS
   flatfsd –b  
						

							179
Chapter 12: Status Reports
This chapter describes the dashboard feature and the status reports that\
 are available: 
• Port Access and Active Users 
• Statistics
• Support Reports
• Syslog 
• Dashboard
The UPS, RPC and Environmental Status reports are covered in Chapter 8
12.1  Port Access and Active Users 
The Administrator can see which Users have access privileges with which \
serial ports: 
• Select the Status: Port Access 
The Administrator can also see the current status as to Users who have a\
ctive sessions on those ports:
• Select the Status: Active Users
With firmware v3.11 and later, the Status: Active Users menu has been extended to enable Administrators to selectively 
terminate serial sessions. Connection types telnet, SSH, raw TCP and unauthenticated telnet can be disconnected. However, 
an RFC2217 session cannot be disconnected.
The root user (or any user in the admin group) can access the Active Users page. The Active Users page shows a snapshot 
of the connected sessions indicated by the timestamp displayed at the to\
p of the page. Note that this page only shows the 
local console ports and does not include any cascaded ports. 
There are “Disconnect Sessions” buttons along the right side of the table that list active users. These\
 buttons disconnect 
all sessions from their corresponding Port. If the port is not set up in Console Server mode, the user will see a pop-up 
error informing them that they need to configure the port as Console Server mode before they can proceed to connect and 
disconnect.
After pressing the buttons, the selected sessions will be disconnected a\
nd the number of disconnect sessions will be displayed 
to the user. 
To allow more detailed control of whom to disconnect, a table with drop d\
own lists is located at the bottom of the page for 
all connected users and all connected ports that allow the user to choos\
e from whom to disconnect. For example, if you wish 
to disconnect the user ‘tester’ from all ports, choose ‘tester’ in the Users box, and All ports in the Ports box. Then click the 
Disconnect Sessions button.
Note: You can also disconnect serial sessions from the command line using the --disconnect option with the pmusers 
command.  
						

							180
Chapter 12: Status Reports
12.2 Statistics
The Statistics report provides a snapshot of the status, current traffi\
c and other activities and operations of your Console 
Server:
• Select the Status: Statistics  
12.3  Support Reports
The Support Report provides useful status information that will assist t\
he Tripp Lite technical support team to resolve any 
issues you may experience with your Console Server.
If you do experience an issue and have to contact Support, ensure you in\
clude the Support Report with your email support 
request. The Support Report should be generated when the issue is occurr\
ing, and attached in plain text format.
• Select Status: Support Report and you will be presented with a status snapshot
• Save the file as a text file and attach it to your support email