Monday, November 7, 2016

OPUS & VP8 Codec with Asterisk 11.20 or higher

We have started to use OPUS codec to deploy our remote peers and so far it sounds amazing with very little bandwidth which almost matches GSM in terms of bandwidth and sound quality is as good as 48khz MP3 files. This is the future of IP telephony, for sure! Newer versions of Asterisk (13++), already comes with  OPUS built straight into the core code from Asterisk folks. However, for Asterisk 11, we need to configure it manually. This article attempts to provide some guide to setting up OPUS on Asterisk 11.2x or higher. Since Asterisk 11.24.1 was just released, i will be using that version  as part of this guide and the latest stable build of of libopus from xiph.org.

Note: Tested this with 11.20 through 11.24.1

This is not a guide on how to install Asterisk. This guide assumes you’ve already got Asterisk up and running without problems and just want to get OPUS running.

All credit for the original Asterisk patch to meetecho and forked by xxsl for Asterisk 11.20 or higher support.

Ok, let’s get down to business.

  1. Get “autoconf”, “automake” “pkg-config”
    # (yum install) apt-get install autoconf automake pkg-config
  2. Get the latest libopus
    # cd /usr/src
    # wget //downloads.xiph.org/releases/opus/opus-1.1.3.tar.gz && tar –zxvf opus-1.1.3.tar.gz && cd opus-1.1.3
    # ./configure
    # make all && make install
  3. That should get your opus ready for asterisk installation. Since vp8 is merely passthru, it will not require any libraries. It will allow two or more VP8 capable peers to passthru video without transcoding.
  4. Now, lets get started on asterisk side, assuming you’ve got the Asterisk source in /usr/src/, your version must be 11.20 or higher up until 11.24.1
    # cd /usr/src/asterisk-11.24.1
    # wget http://www.orencloud.com/public/opuspatch-ast11.2x.patch
    # patch -p1 -u < opuspatch-ast11.2x.patch
    You should NOT see any “failed” message
  5. Now go ahead and recompile Asterisk
    # ./bootstrap.sh
    # make clean && ./configure --with-crypto --with-ssl --with-srtp=/usr/local/lib --prefix=/usr
    IMPORTANT: If you do not have libsrtp, leave only with “--prefix=/usr”, remove the rest in that line. Libcryto and ssl are used for SRTP (for WebRTC mainly)
    # make menuselect
    IMPORANT: Please be sure to select 1) Codec Opus in Codec Translations, 2) Format VP8 in Format Interpreters and for best compatibility, 3) all sounds that’s SLIN16 (not selected by default) in Core Sound Packages, MOH Packages and Extra Sound..
    IMPORANT: If you can’t select Opus something went wrong in your libopus installation!, otherwise it should be preselected for you, but do check nontheless
    FREEPBX USERS! IMPORTANT: FreePBX users, be sure to select format_mp3, res_config_mysql, app_mysql, app_saycountpl and cdr_mysql in Add-ons
    # save and exit
    FREEPBX USERS! IMPORTANT: Run this # contrib/scripts/get_mp3_source.sh
    # make && make install
  6. Now if you use freepbx, simple run #amportal kill && amportal start
  7. Otherwise, simply kill and start back Asterisk
  8. You should see opus in the translation list
    # asterisk -rx "core show translation"
  9. Also, if you go into asterisk cli, you could type opus <tab> and set debug…that all means the patch worked great, now to test!
  10. Be sure to set allow=opus in your sip general setting or per peer/user. For FreePBX users, go to FPBX UX and select Asterisk SIP settings, set allow opus/vp8 like below right at the bottom of that page.
     image
  11. Use a phone that supports OPUS (on Windows you’ve got Phoner, MicroSIP, on mobile you’ve got CCIPSimple or BRIA) and dial away to test
  12. Here’s my BRIA on my Android with Opus at 48Khz, dialing the echo test on FreePBX *43
    ss 
  13. You can also fine tune the codec settings in /etc/asterisk/codec.conf, here’s an example from my own PBX
    image
    More info on codec.conf is explained below
  14. codec.conf configuration snippets for Asterisk
  15. ; Default Custom OPUS format definitions, only one custom OPUS format

    ; per sample rate is permitted.

    [opus48]

    type=opus

    samprate=48000 ; Sample rate of this opus format in hz.

    ; 8000, 12000, 16000, 24000, 48000 are acceptable values.

    ;fec=true ; turn on or off encoding with forward error correction.

    ; On recommended, off by default.

    ;maxbitrate=10000 ; Use the table below to make sure a useful bitrate is chosen

    ; for maxbitrate. If not set or value is not within the bounds

    ; of the encoder, a default value is chosen.

    ;

    ; sample rate | bitrate range

    ; 8khz | 6000 - 20000 bps

    ; 12khz | 7000 - 25000 bps

    ; 16khz | 8000 - 30000 bps

    ; 24khz | 18000- 28000 bps

    ; 48khz | 24000- 32000 bps

    ;dtx=true ; Encode using discontinuous transmission mode or not. Turning this

    ; on will save bandwidth during periods of silence at the cost of

    ; increased computational complexity. Off by default.

    ;cbr=true ; Whether or not to encode with constant or variable bit rate. Constant

    ; bit rate is disabled by default.

    [opus16]

    type=opus

    samprate=16000

Friday, September 9, 2016

Telekom Malaysia (TM) Multi-Line SIP setup with vanilla Asterisk or FreePBX over TEL URI

Telekom Malaysia
Src: https://www.tm.com.my/Office/Business/SME/Solutions/Pages/Multi-Line-SIP.aspx

Happy to say that we’ve successfully set up Asterisk 11 or higher with TM’s Multi-Line SIP which basically uses IMS signaling on Huawei devices used by Telekom Malaysia.

We had to modify chan_sip.c and parser  files to support TEL: URI for INVITE messages. Currently, we have enabled it to support incoming INVITES only. TM doesn’t require to send TEL: uri for outgoing calls and the usual SIP: uri is perfectly fine.

There are several steps involved and i will blog about it later (when i have the time). Generally its

1) Getting the hack from here: http://forums.asterisk.org/viewtopic.php?f=1&t=76432

2) Adding one or two more TEL support in the parser file

3) Configure trunks and registration

4) Setup an incoming dialplan to chomp down parts of the SIP header to be used as CallerID and DID values respectively.

5) Enable ringing into all inbound routes

We successfully tested incoming, outgoing, transfers using standard codecs. The audio quality is nearly as good as PRI tho sometimes, takes a bit longer to handshake the INVITE messages but its hardly noticeable. We might be able to send messages too over regular IP or SMS, i think that’s why the IMS is chosen in the first place, to enable multimedia over voip protocols.

If you need help, write to us info@astiostech.com and if you use Asterisk in a non-commercial environment, i will set it up for free Winking smile

For more information on TM’s MLS: https://www.tm.com.my/Office/Business/SME/Solutions/Pages/Multi-Line-SIP.aspx

Have a good one.
Sanjay

Monday, June 6, 2016

The 60 minute Nagios Core 4 install guide on Debian 7 Wheezy (Nagios 4, PNP4Nagios -with MRTG & NagiosQL) built from source or just use the VM OVA2.0

Version 1.1 – 07 June 2016


NOTES:

  • Copyright and registered trademarks are the properties of their respective companies/individuals
  • By all means, these are not my own guides but a collection of guides online with my own hacks here and there that didn’t work for me and now they do. THANK YOU ALL THOSE RESPECTABLE BLOGGERS FOR THEIR CONTRIBUTION
  • I do not provide any warranty whatsoever for using this guide or the OVA2 images herein
  • This guide doesn’t include how to make Nagios work for you, that’s something you need to learn  this guide is just for how to get Nagios working, period.
  • Copy paste as single lines unless otherwise told, the – denotes to run on cli, copy paste them line by line after the dash space (- ), e.g. – apt-get update, copy “apt-get update” without the quotes and paste into your putty/ssh session.

Software & versions:

  • Nagios Core 4.1.1
  • Nagios plugins including community add-ons and check_nrpe
  • MRTG graphing engine to monitor Nagios itself.
  • PNP4Nagios 0.6 with RRD
  • NagiosQL 3.20 for Web GUI to edit and manage Nagios configs

 

VM Edition download:

If you’re not interested to do all of this below yet want to get Nagios 4.1.1 up and running, then download the OVA2 format VM image from Sourceforge: https://sourceforge.net/projects/debiannagios. Be sure to read the notes there.

Build by hand guide:

  1. Download and install the latest iteration of Debian 7 64bit netinst here: http://cdimage.debian.org/cdimage/archive/7.10.0/amd64/iso-cd/debian-7.10.0-amd64-netinst.iso
  2. Update and install a couple of packages, at one point the mrtg installation will a question, just press enter to continue.

    - apt-get update
    - apt-get upgrade

    - apt-get install --force-yes apache2 build-essential libgd2-xpm-dev libssl-dev exim4 heirloom-mailx wget apache2-utils curl daemon apt-file libnet-snmp-perl libperl5.14 libpq5 libfreeradius-dev libfreeradius2 libsensors4 libsnmp-base libtalloc2 libtdb1 libwbclient0 samba-common samba-common-bin smbclient snmp mrtg libmysqlclient-dev libcgi-pm-perl librrds-perl libgd-gd2-perl python build-essential ssh sudo expect linux-headers-`uname -r` curl sox apache2 libssl-dev libncurses5-dev bison subversion libnewt-dev libcurl4-openssl-dev libnet-ssleay-perl openssl libauthen-pam-perl libio-pty-perl vim iftop tcpdump iptraf ngrep strace ltrace lsof htop sysstat nmap dstat powertop ntpdate ntp ssh libdbi-perl libhtml-template-perl libnet-daemon-perl libterm-readkey-perl mysql-client mysql-common psmisc ethtool apt-show-versions libapt-pkg-perl libmyodbc whois libusb-dev  libdigest-md5-file-perl uuid-dev uuid screen autoconf automake git module-init-tools iotop iftop nmap unzip checkinstall libcgi-pm-perl librrds-perl libapache2-mod-python libapache2-mod-php5 php5-sqlite php5-mcrypt libgd2-xpm-dev libdbi1 libdbi-dev libapache2-mod-proxy-html snmp php5 libsnmp15 libnagios-plugin-perl php5-gd graphviz graphviz-dev php5-mysql sqlite3 libssh2-php fping smokeping screen

  3. Create users and groups (this use will also be used for apache, explain why later), place a password for user nagios, enter it twice

    - useradd nagios && passwd nagios
    - groupadd nagios
    - usermod -a -G nagios nagios
    - usermod -a -G nagios www-data

  4. Create some directories

    - mkdir /usr/local/nagios
    - mkdir -p /usr/local/nagios/share/{stylesheets,images}
    - chown -R nagios:nagios /usr/local/nagios

  5. Get Nagios core 4.11 and Nagios plugins

    - cd /usr/src
    - wget
    http://downloads.sourceforge.net/project/nagios/nagios-4.x/nagios-4.1.1/nagios-4.1.1.tar.gz
    - wget http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz
    - tar -xzvf nagios-4.1.1.tar.gz
    - tar -xzvf nagios-plugins-2.1.1.tar.gz

  6. Configure, make Nagios core

    - cd nagios-4.1.1/
    - ./configure --prefix=/usr/local/nagios --with-nagios-user=nagios --with-nagios-group=nagios --with-command-user=nagios --with-command-group=nagios
    - make all
    - make install
    - make install-init
    - make install-commandmode
    - make install-config
    - make install-exfoliation
    - make install-webconf

  7. Copy over some scripts (useful for SNMPTT, explained later)

    - cp -R contrib/eventhandlers/ /usr/local/nagios/libexec/
    - chown -R nagios:nagios /usr/local/nagios/libexec/eventhandlers
  8. Create your nagiosadmin user!, this will be the user you will use to login to the core web console via http://.
    - htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin
  9. Nagios init file doesn’t fulfil some LSB requirements, so edit the init file and add two lines like this

    - nano /etc/init.d/nagios

    # Default-Start:      2 3 4 5
    # Default-Stop:       0 1 6


    image
  10. Alright, let’s restart apache for nagios web to work, set nagios to start automatically as well. Also, start the nagios core service. At this point, Nagios core is already installed, you can head over to http://<yourip>/nagios . Note, you may get check errors from the local services (localhost) that’s being monitored, that’s because we’ve not installed nagios plugins, yet. As long as you can see the webUI, that’s fine for now.

    - a2ensite nagios
    - service apache2 restart

    - ln -s /etc/init.d/nagios /etc/rc2.d/S20nagios
    - update-rc.d nagios enable

    - service nagios start
  11. Alright, let’s get the plugins installed now, after this is done, the web should show all plugins showing OK by right. You can recheck that if you want.

    - cd ..
    - cd nagios-plugins-2.1.1
    - ./configure --with-nagios-user=nagios --with-nagios-group=nagios --with-openssl=/usr/bin/openssl --enable-perl-modules --enable-libtap

    - make && make install

  12. Now, we will download and install NRPE just to get that binary to be used in almost all nagios agent based checks in your near future. After compiling, we will copy the binary to the libexec folder of Nagios.

    - cd ..
    - wget
    http://kent.dl.sourceforge.net/project/nagios/nrpe-2.x/nrpe-2.15/nrpe-2.15.tar.gz
    tar -zxvf nrpe-2.15.tar.gz
    - cd nrpe-2.15

    - ./configure --with-ssl=/usr/bin/openssl --with-ssl-lib=/usr/lib/x86_64-linux-gnu
    - make
    - cp src/check_nrpe /usr/local/nagios/libexec/
  13. You could also add some apt based contributed plugins like this below. This step is completely optional, though recommended. Note, this may install many other dependencies.

    - apt-get install nagios-plugins-contrib
    - cp -r /usr/lib/nagios/plugins/* /usr/local/nagios/libexec/

  14. Now, let’s get MRTG configured

    - cp /usr/src/nagios-4.1.1/sample-config/mrtg.cfg /usr/local/nagios/etc/
    - mkdir /usr/local/nagios/share/stats


    Edit the mrtg.cfg file and add a line right on the top of the file
    - nano /usr/local/nagios/etc/mrtg.cfg

    Add this to top of that file, save and exit.

    WorkDir: /usr/local/nagios/share/stats

    Run these at the command line.
    - env LANG=C mrtg /usr/local/nagios/etc/mrtg.cfg
    - indexmaker /usr/local/nagios/etc/mrtg.cfg --output=/usr/local/nagios/share/stats/index.html

    Now, we need to add the mrtg graphing to cron to run
    Create and edit a new crontab file, like below;

    - nano /etc/cron.d/nagiostats

    Paste this into that file, save and exit.
    */5 * * * *  root  env LANG=C /usr/bin/mrtg /usr/local/nagios/etc/mrtg.cfg
  15. Now, let’s go get pnp4nagios installed!, get rrdtool, download pnp4nagios and do the backend setup.

    - apt-get install rrdtool

    - cd /usr/src
    - wget -O pnp4nagios-0.6.25.tar.gz 
    http://downloads.sourceforge.net/project/pnp4nagios/PNP-0.6/pnp4nagios-0.6.25.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fpnp4nagios%2F&ts=1464497035&use_mirror=pilotfiber

    - tar -zxvf pnp4nagios-0.6.25.tar.gz 
    - cd pnp4nagios-0.6.25
    - ./configure --with-rrdtool=/usr/bin/rrdtool

    - make all
    - make fullinstall
    - a2enmod rewrite
    - service apache2 restart

  16. Now, let’s enable a cool pnp4nagios popup graph like you see in NagiosXI

    - cp contrib/ssi/status-header.ssi /usr/local/nagios/share/ssi/
    - chown nagios:nagios /usr/local/nagios/share/ssi/status-header.ssi
    - chmod 644 /usr/local/nagios/share/ssi/status-header.ssi

  17. At this point, you need to access the pnp4nagios website http://<yourIP>/pnp4nagios and proceed with the instructions therein. Basically, everything should appear in green i.e. ALL GOOD, then, you can delete this install file

    - rm /usr/local/pnp4nagios/share/install.php
  18. Now, we will attempt to add a few definitions inside Nagios core configs to show our graphs, please follow these steps carefully and repeat for other services that produce performance data.

    - nano /usr/local/nagios/etc/nagios.cfg

    Paste the following at the end of the file. Everything is a single line

    process_performance_data=1
    service_perfdata_file=/usr/local/pnp4nagios/var/service-perfdata
    service_perfdata_file_template=DATATYPE::SERVICEPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tSERVICEDESC::$SERVICEDESC$\tSERVICEPERFDATA::$SERVICEPERFDATA$\tSERVICECHECKCOMMAND::$SERVICECHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$\tSERVICESTATE::$SERVICESTATE$\tSERVICESTATETYPE::$SERVICESTATETYPE$
    service_perfdata_file_mode=a
    service_perfdata_file_processing_interval=15
    service_perfdata_file_processing_command=process-service-perfdata-file
    host_perfdata_file=/usr/local/pnp4nagios/var/host-perfdata
    host_perfdata_file_template=DATATYPE::HOSTPERFDATA\tTIMET::$TIMET$\tHOSTNAME::$HOSTNAME$\tHOSTPERFDATA::$HOSTPERFDATA$\tHOSTCHECKCOMMAND::$HOSTCHECKCOMMAND$\tHOSTSTATE::$HOSTSTATE$\tHOSTSTATETYPE::$HOSTSTATETYPE$
    host_perfdata_file_mode=a
    host_perfdata_file_processing_interval=15
    host_perfdata_file_processing_command=process-host-perfdata-file

    image
  19. Next, enable the perf data command file

    - nano /usr/local/nagios/etc/objects/commands.cfg

    Paste the following at the end of that file as well

    define command {
            command_name process-service-perfdata-file
            command_line /bin/mv /usr/local/pnp4nagios/var/service-perfdata /usr/local/pnp4nagios/var/spool/service-perfdata.$TIMET$
            }
    define command {
            command_name process-host-perfdata-file
            command_line /bin/mv /usr/local/pnp4nagios/var/host-perfdata /usr/local/pnp4nagios/var/spool/host-perfdata.$TIMET$
            }

    image
  20. Here’s an important note, we need to enable these graphs inside either hosts or services that produces performance data. Usually, hosts will always produce such data if you use the standard host check commands, however, services depends on how it is configured and what the plugin returns. In our example, we will use localhost (the nagios server itself) as hosts and current user count as a service in which we want performance graphs to be generated.

    - nano /usr/local/nagios/etc/objects/localhost.cfg

    Under host localhost, locate hostname localhost, below address 127.0.0.1, add a line like this and as shown in the example below that as well.. This can be done for all hosts!

    action_url              /pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=_HOST_' class='tips' rel='/pnp4nagios/index.php/popup?host=$HOSTNAME$&srv=_HOST_

    image

    Now, locate the “current users” service definition add a line like this as shown in the example below that as well. This can be used for all services that has performance data.

    action_url              /pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=$SERVICEDESC$' class='tips' rel='/pnp4nagios/index.php/popup?host=$HOSTNAME$&srv=$SERVICEDESC$


    image

  21. Now, let’s verify if we have done the above correctly or not by running the pre-flight nagios check like this

    - /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

    It should show zero errors and zero warnings. If it doesn’t, you’ve made a typo or an error with the steps above.
    image
  22. Now, if all goes well as above, restart nagios process and start the npcd process, which is the nagios performance data service, we will also set the npcd to start at boot, after the restart, go back to the webpage and you should see some extra icons appearing infront of “localhost” and “current users”. Do not panic if you see errors or no performance data, give it like 10 to 30 minutes for it to generate some data.

    - service npcd start
    - update-rc.d npcd enable

    - service nagios restart
  23. Go ahead and add the same service and host perf data action url to other hosts or services you’ve created and perf graphs will appear in the main nagios page. If you don’t want to show it on that page, they will be automatically generated and you can access them via http://<yourIP>/pnp4nagios
  24. Now, let’s install NagiosQL, one of the many tools out there to perform edits on Nagios configs without having to touch text editors and what not.

    - cd /usr/src
    - wget -O  nagiosql_320.tar.gz
    http://downloads.sourceforge.net/project/nagiosql/nagiosql/NagiosQL%203.2.0/nagiosql_320.tar.gz?r=https%3A%2F%2Fsourceforge.net%2Fprojects%2Fnagiosql%2Ffiles%2Fnagiosql%2FNagiosQL%25203.2.0%2F&ts=1464465362&use_mirror=ufpr

    - tar -zxvf nagiosql_320.tar.gz

    - cp -R nagiosql32 /var/www/nagiosql
    - chown -R nagios:nagios /var/www/nagiosql

  25. Edit the timezone in php.ini. This is an important step to ensure NagiosQL knows when files were edited etc. Locate the date.timezone definition and define it by uncommenting it. Refer to this for a list of countries and how to write that definition. In my case, i am of course going to set it to Kuala Lumpur, Malaysia, where i live.

    - nano /etc/php5/apache2/php.ini

    date.timezone = Asia/Kuala_Lumpur

    image

    - service apache2 restart
  26. Create some directories in which NagiosQL will write all config files.

    - mkdir /usr/local/nagios/etc/nagiosql
    - chown -R nagios:nagios /usr/local/nagios/etc/nagiosql


    Now, let’s create a NagiosQL apache2 definition

    - nano /etc/apache2/sites-available/nagiosql

    Paste, this below, save and exit.

    Alias /nagiosql /var/www/nagiosql/

    <Directory /var/www/nagiosql/>
    Options None
    Order allow,deny
    allow from all
    </Directory>

    Load this config above and restart apache

    - a2ensite nagiosql
    - service apache2 reload

  27. Edit apache envvars to change apache from its default www-user to nagios, this will be useful for nagiosql to write stuff into nagios directories and control the nagios process.

    - nano /etc/apache2/envvars

    Change www: data to nagios for both user and group

    image

    - chown -R nagios:nagios /var/lock/apache2/
    - chown -R nagios:nagios /var/www/
    - chown -R nagios:nagios /var/lib/php5
    - service apache2 restart
  28. Get mysql and related files to for NagiosQL, at this point you will get prompted for the root password of mysql , please enter a valid password and remember it for later use during NagiosQL installation.

    - apt-get install mysql-server php5-mysql libmysqlclient15-dev
  29. Now, go to http://<yourIP>/nagiosql, it is important to note on these settings below
    - Click on START INSTALLATION (there should not be errors which will stop you from clicking next, if you see, “REFRESH” that means you’ve missed something above or its in error)
    - Click next
    - Modify accordingly and as show in the image below
    - DBserver type=mysql
    - dbserver=localhost
    - hostname=127.0.0.1
    - DBName=<leave default>
    - dbuser=<leave default>
    - dbpass=<leave default>
    - Admin user=root
    - Admin db pass = <password created during mysql installation>
    - Nagiosql user=admin
    - NagiosQL pass=<any password> & repeat
    - Import nagios sample = CHECKED
    - Create config paths = CHECKED
    - NagiosQL Config path = /usr/local/nagios/etc/nagiosql/
    - Nagios config path= /usr/local/nagios/etc/objects/


    Click on next and finish, you should not get any errors and it should land you to the login page. Important, please follow next guide before proceeding.
  30. Ensure we set the right permissions for NagiosQL

    - chgrp nagios /usr/local/nagios/etc/
    - chgrp nagios /usr/local/nagios/etc/nagios.cfg
    - chgrp nagios /usr/local/nagios/etc/cgi.cfg
    - chmod 775 /usr/local/nagios/etc/
    - chmod 664 /usr/local/nagios/etc/nagios.cfg
    - chmod 664 /usr/local/nagios/etc/cgi.cfg
    - chown nagios:nagios /usr/local/nagios/bin/nagios
    - chmod 660 /usr/local/nagios/var/rw/nagios.cmd
    - chown nagios:nagios /usr/local/nagios/var/rw/nagios.cmd

  31. Now, login to the NagiosQL page and edit the following

    Click on Administration, click on Config Target, click on modify for localhost (the wrench icon).
    Set the following;
    Method = Change to SSH, then enter your nagios user and password created at the beginning of this document.
    Nagios Command File=  /usr/local/nagios/var/rw/nagios.cmd
    Nagios Binary= /usr/local/nagios/bin/nagios
    Nagios Process file= /usr/local/nagios/var/nagios.lock
    Nagios config file/usr/local/nagios/etc/nagios.cfg

  32. Now,let’s modify Nagios core main config file to enable NagiosQL folders and disable the default one.

    Click on Tools, Nagios Config

    Disable / comment out the default ones by adding a # infront of them, like below
    #cfg_file=/usr/local/nagios/etc/objects/commands.cfg
    #cfg_file=/usr/local/nagios/etc/objects/contacts.cfg
    #cfg_file=/usr/local/nagios/etc/objects/timeperiods.cfg
    #cfg_file=/usr/local/nagios/etc/objects/templates.cfg

    #cfg_file=/usr/local/nagios/etc/objects/localhost.cfg

    image

    Add the following under config directories
    cfg_dir=/usr/local/nagios/etc/nagiosql/

    image

    Once done, click on Save.

    Now, click on Tools, Nagios Control.
    In the following order, click Write Monitoring Data, Click Write Additional Data, Click on Check Configuration Files (you should NOT have errors btw), and finally, click on Restart Nagios.

    For some reason, the import doesn’t really import the process-host-perfdata-file and process-service-perfdata-file commands definitions. Let’s add them otherwise, after the import, you may not get perf graphs working.

    Click on Commands, click on definitions. Click on Add, add like below
    Command: process-host-perfdata-file
    Command line: /bin/mv /usr/local/pnp4nagios/var/host-perfdata /usr/local/pnp4nagios/var/spool/host-perfdata.$TIMET$
    Rest leave as default. Click on Save.

    Click on Add, again.
    Command: process-service-perfdata-file
    Command line: /bin/mv /usr/local/pnp4nagios/var/service-perfdata /usr/local/pnp4nagios/var/spool/service-perfdata.$TIMET$
    Rest leave as default. Click on Save.

    Now, click on Write Config File.

    Click on tools, click on Nagios control, in the following order, click Write Monitoring Data, Click Write Additional Data, Click on Check Configuration Files (you should NOT have errors btw), and finally, click on Restart Nagios.
  33. Also, the action URLs go missing in the host and service we defined earlier. You can add it yourself in NagiosQL. Follow this to do bring it back into Nagios. Like shown above as an example, we will be adding the host=localhost and service=current users back into Nagios perf data.

    To add for a sample host.
    Click on Supervision, click on Host. Click to edit localhost (wrench icon). Click on Addon Settings, add the following line in Action URL:
    /pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=_HOST_' class='tips' rel='/pnp4nagios/index.php/popup?host=$HOSTNAME$&srv=_HOST_

    Click on Save.

    Now, to add for a sample service.
    Click on Supervision, click on Service, search for “Current Users”. Click to edit (wrench icon). Click on Addon Settings, add the following line in Action URL:
    /pnp4nagios/index.php/graph?host=$HOSTNAME$&srv=$SERVICEDESC$' class='tips' rel='/pnp4nagios/index.php/popup?host=$HOSTNAME$&srv=$SERVICEDESC$

    Click on Save.

    Now, click on Write Config File.
    Click on tools, click on Nagios control, in the following order, click Write Monitoring Data, Click Write Additional Data, Click on Check Configuration Files (you should NOT have errors btw), and finally, click on Restart Nagios.
  34. You might also want to delete the sample hosts and definitions created by NagiosQL, use NagiosQL to delete them in the order of deleting services, followed by the sample hosts. You can do bulk deletion for hosts or services like shown in the image below. Warning, do not delete localhost and localhost related services.

    image

    Now, click on Write Config File.
    Click on tools, click on Nagios control, in the following order, click Write Monitoring Data, Click Write Additional Data, Click on Check Configuration Files (you should NOT have errors btw), and finally, click on Restart Nagios.

    This should leave you with the samples created by Nagios core installation monitoring Nagios itself.
  35. Let’s create some nice HTTP links to access a few tools we just created

    - nano /usr/local/nagios/share/side.php

    Locate the “General” section, add the following lines after the final </div> of that section. Paste these texts below, literally below that.

    <div class="navsection">
            <div class="navsectiontitle">Add-ons</div>
            <div class="navsectionlinks">
                    <ul class="navsectionlinks">
                            <li><a href="/nagios/stats" target="<?php echo $link_target;?>">Nagiostats</a></li>
                            <li><a href="/pnp4nagios" target="<?php echo $link_target;?>">Nagiosgraph</a></li>
                            <li><a href="/nagiosql" target="<?php echo $link_target;?>">Nagios Configurator</a></li>
                            <li><a href=http://www.astiostech.com target="<?php echo $link_target;?>">Nagios Support</a></li>
                            <li><a href=highsecurity.blogspot.com target="<?php echo $link_target;?>">Nagios Core 4.1.1 Install Guide</a></li>
                    </ul>
            </div>
    </div>



    Example like below;
    image

  36. Finally, refresh your /nagios page in your browser [F5] and see those links like below

    image
  37. Other stuff (And addons for future blog posts)
    - Be sure to configure periodic timesync
    - Install adminer to manage DB if required
    - Install MK livestatus to replace NDO
    - Install mod_gearman to replace Nagios default broker modules
    - Install Nagvis for visualization (and Install ndo2db for it or MK livestatus)

We hope this guide has helped you get your Nagios awesome monitoring tool up and running. Thank you and as usual, we’d appreciate feedbacks.

Friday, April 29, 2016

Increasing the maximum number of selectable fields in vTiger 6.0 report module

Image source: open4businessonline.com

Just wanted to share this out for those who may have run into this problem where you couldn’t add more than 25 fields in the built-in report module of vTiger.

  • My configuration:
  • CentOS 6
  • vTiger community 6.X

Simply edit the file

vtigercrm/layouts/vlayout/modules/Reports/resources/Edit2.js

Locate the text maximumSelectionSize and change from 25 to whatever you need, this particular config below was from a client that needed more than 200 fields in their reports.

image

That should be it, just reload the reports page and voila! more than 25 (ignore the text that says max 25 or change it if you want)

Shoutout to our client that found the solution, Mr. Benjamin Lim and Mr Au Yong from CustomerConnect Malaysia, with their R&D deep into Google, we added this hack, thanks guys!

Tuesday, April 12, 2016

Decoding Oreka’s MCF file extensions for generic playback software (e.g. vlc)

Here’s a quick howto guide to extract .mcf files that are the created by Oreka’s open source recording platform.

 

Parts of software and guides are taken off various sources from the internet. The decoder was written in c++

and is available here if you want to compile it yourself: https://www.dropbox.com/s/09eo986gc3sons8/orekadecoder.rar
Thanks to Juan Ramirez for writing the code.

 
Since i’ve compiled the cpp file, i will just expose the .exe for 64bit systems. If you need the 32bit platform, 
you need to compile it yourself. So, for you get started, you will need the following tools and software:
1) The orekadecoder.exe here http://www.orencloud.com/public/orekadecoder.zip, download and extract the file 
into anywhere, e.g. C:\tmp
2) Download and Install Audacity  http://www.audacityteam.org/download/ so we can combine, pitch change etc the files
3) If your the files you are converting is encoded into g729, you need an extra step and software, get it from 
here: http://www.codecpro.com/LicenseG729.php and extract the files (g729 steps and use here is for education
purposes only, you should normally buy a proper license) 
 

Steps

Step 1

1) Place the mcf file into C:/tmp, now we shall extract the .mcf file using orekadecoder.exe, here’s how
In this example, i have two files, file1.mcf and file2.mcf. Let’s split out file1.mcf first:
 
File 1 – Splitout – a g729 encoded file
image
and this created two files, like below
image
 
File 2 – Splitout – a ulaw encoded file, this file doesn’t need step 2, just go to step 3
image
The above files out1 and out2 basically mean the left and right channels. 
If you notice the above sample, the file is actually decoded as g729, 
so we need to decode that, as below
 

Step 2

Decode the file1.mcf.out1 and file1.mcf.out2 into 

Copy out the file cp_g729_decoder.exe downloaded from codecpro.com, if its another directory into
c:\tmp so its easier to work. Now, convert out1 and out2 like this

 

Out1

image

Out2

image

Now in that folder, you will end up with file1.out1.wav and file1.out2.wav, proceed to step 3.
For those not needed to decode using g729 decoder, you can simply use the .out1 and .out2

files to import into audacity.

 

Step 3

Import into audacity and combine left and right audio

First example, we will use the .wav files instead of the .out1 or out2 files (we start with the g729 files)

 

g729 encoded file

Open Audacity, click on file, click on Import, then click on Raw Data, when prompted open the first file,
i.e. in this example file1.out1.wav, set the import parameters like shown below;

image

Repeat this step for file1.out2.wav

Now, you should get two channels shown in Audacity, like below

image

 

Now, since the conversion happened, the seem to be off, reduce the speed by 50%. Here’s how, click on Effect,

Change Speed Use the following setting

image

Note on the percentage, change it to –50 (minus 50) and that should be it, now save the file to any format you like.

 

Non-g729 file

Now, for the ulaw file, we just need to import it directly into audacity with the same steps above except you

do not need to change the speed,  it should work straight away.Remember, import as raw.

Remember, we set the Encoding according to the output as seen in step 1

image

 

Then import the 2nd file as the other channel.

Note, you may not have audio in the 2nd file or the first file depending if its a mono recorded or stereo recorded channel.
Save the file to whatever format and you’re done.

 

Cheers.

My first ever Webminar On Windows 10 Security

Check it out if you’ve got some time to kill.

SRC: https://channel9.msdn.com/Events/Windows-10-Webinar-Series/Webinar-4-Windows-10-security

Snippet

We live in a new era of cyber threats. As employees work across multiple devices, data has never been more vulnerable. Windows 10 responds to the new ways people work: it helps you secure devices and data with sophisticated new tools.

We will introduce you to Microsoft Passport, which replaces passwords with strong, two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN. And we will show you Device Guard, which prevents unauthorized applications from installing on your devices.

Another highlight is the latest version of BitLocker. Available with Windows Enterprise Software Assurance, BitLocker enables you to stop data being extracted from devices that are lost or stolen.

Speaker: Sanjay Stephen (Malaysia)
MVP in Security since 2009. He runs his own solutions implementation business.

Saturday, March 5, 2016

Check script for FreePBX-Asterisk realtime and CDR for suspicious calls (Nagios compatible)


image source:: http://www.chanakyadetective.com/software-investigation.html

Here’s a simple script we wrote to check real-time calls and historical data of n minutes in CDR for suspicious activities based on a number pattern and length. We find this utmost useful especially when your servers are exposed to public to check against hack attempts, abuses or checking matching numbers to “catch” and report. The current action sends email, of course, you can build more functions as you please and run them at each EXIT code in the script appropriately doing stuff like seen in the script for sending email. You need the local mailer program, called mail to be able to send emails from CLI already for the email function to work, otherwise, it may just output via CLI.

This  script has been tested on Debian, FreePBX 2.11 and Asterisk 11. It should work on most regular platforms as well as distros.  I’ve tested on Nagios Core, NagiosXI, Icinga, Icinga2.0.

This script basically does the following;

  • Its all bash, so should be quite compatible with many systems
  • It checks the CDR for n minutes of past records also set by flags
  • It checks asterisk current channels for external numbers only
  • It combines both results as a “total” value to evaluate with the given parameters
  • Uses filters based on the dst column on your CDR to match that you specify during execution (the parameters), this can be prefixes or whole numbers, and as many patterns as you want to check on a single run.
  • You can set the flag to check the prefix and the number of digits which is same or greater so that you won’t catch local calls, normally international calls have higher number of called digits, I.e. > 10
  • To automatically check or do it almost real-time, you can use cron on your server locally (It can also work with Nagios too, however, this guide does not cover configuring on Nagios,you need to set the flag NAGIOSMODE=YES). If you set Nagiosmode, it will not independently send out email and instead your Nagios server will decide what to do according to what you’ve set it to.
  • Be sure to change NAGIOSMODE, SYSADMINEMAIL,EMAILSUBJECT,USER,PASS and if needed, db port,db database name,db table name, and db server & also location of your binaries (find them by typing whereis asterisk and whereis mysql and whereis curl)
  • In some distro (FreePBX distro) the MySQL has no password (yeah, i know!), so in this case, leave the PASS=”” will suffice.

Setup:

  • cd /usr/local/bin/
  • wget http://www.orencloud.com/public/checkintl.sh
  • Modify the parameters as described below and/or in the script
  • Make the script executable and test  (chmod +x /usr/local/bin/checkintl.sh) Test : /usr/local/bin/checkintl.sh --help
  • You can run it like example below and/or put it up as a cronjob if you wish to automate checking (crontab –e), e.g. like this     */15 * * * * /usr/local/bin/checkintl.sh -w 3 -c 10 -i 60 -p 00:6,900:6
  • When adding complex scripts that call many functions be sure to test your cron output, here’s an easy way to see the output of cronjob in syslog (/var/log/syslog) by simply adding adding  2>&1 | /usr/bin/logger  -i  -t ASTIOSALERTS at the end of the script, like shown below
    • */15 * * * * /usr/local/bin/checkintl.sh -w 3 -c 10 -i 60 -p 00:6,900:6 2>&1 | /usr/bin/logger –i -t ASTIOSALERTS
  • Then tailf your syslog to see the output, it should not throw errors but should show you outputs.
  • Above cronjob does the checks for every 15 minutes, 60 minutes of records from bottom of the CDR table and warns on 3, critical on 10 for pattern matching front digits 00, with length greater than or equals 6 numbers and for pattern 900 with length greater than or equals 6 numbers
  • Always test manually. You surely can run this manually and try to invoke the trigger by making n number of calls and you should get an email alert based on the email address you specified
  • This script requires a MySQL CDR for Asterisk (therefore making it perfect for use with FreePBX, out of the box)
  • Set these below before running the script
      • Be sure to set the following inside the script (edit it)

        NAGIOSMODE="NO"
        SYSADMINEMAIL=SOMEONE@SOMEWHERE.COM,SOMEONE2@SOMEWHERE2.COM
        EMAILSUBJECT="HOST $MYHOST INTERNATIONAL CALLS ALERT"
        user="DBUSERNAME"
        pass="DBPASSWORD"

        MYCURL=/usr/bin/curl
        MYSQLBIN=/usr/bin/MySQL
        MYAST=/usr/sbin/asterisk

      • If using Nagios, just set the flag NAGIOSMODE=YES

    Run examples:

    /usr/local/bin/checkintl.sh -w 3 -c 10 -i 60 -p 00:10,900:10

    In the above example, it will

    -w 3 – Warn when both CDR and running channel defined patters is equal to or greater than 3

    -c 10 – Throw critical alert when both CDR and running channel defined patters is equal to or greater than 10

    -i 60 – Check CDR for a total time of 60 minutes (note, time on server needs to be accurate for this to work properly)

    -p 00:6,900:6 – This means, check for pattern 00 and 900 in the dst fields. If it exist, check length of >= 6 digits at minimum on both cases, in this example

    Sample outputs

    image

    No calls/threshold not hit like above

     

    image

    With a warning out which sends email when NAGISOMODE=NO. Also, if critical , it will send out emails like above.

     

    image

    image

    In Nagios mode, it will show up just like this above in CLI and in Nagios itself, it will look like this

    image

  • Email

    image

     

    As usual, do give us feedback if find bugs and/or improvements/suggestions. Do give it a try and comment please if you found something helpful for others to note on your findings.  Thanks and happy weekend.

  • Sunday, February 28, 2016

    Asterisk/FreePBX Call Duration Alerter – with Nagios compatibility


    image source: www.iconarchive.com

     

    Hi all, hope 2016 has been good to you so far ..

    Here’s a little script that I did to list out and do any kinds of actions to  calls (right now, echo output and email with a kill switch to kill offending calls) that exceed certain number of seconds and gathers all (or just one) of the calls and output in pretty Nagios output or sends you an email. It will also show some important information about that CHANNEL (call) so you can take necessary action.

    Purpose of this script is to perhaps check on your PBX call action, ensure there aren’t dead channels running around, track billing usage (you can program it to check against a pre-set DB against each channel to calculate rates vs balance in realtime) and many other things you can imagine.

    You can download it here  www.orencloud.com/public/checkduration.sh

    It supports Nagios return codes (NAGIOSMODE=YES) or sends email otherwise

    • Set warning vs critical values
    • Runs in native Asterisk CLI, so it should be tech independent and fast as it uses pure channel variables
    • Put up in cron to check periodically
      • Something like this */2 * * * * /usr/local/bin/checkdur.sh -w 1800 -c 2400 2>&1 | /usr/bin/logger -i -t ASTIOSALERTS
      • This above example will check every 2 minutes and output the result to /var/log/syslog (or similar) the result of the script in the tag ASTIOSALERT
    • Place as Nagios script to be executed by Nagios 
    • Tested on CentOS/Debian6/7, Asterisk 11 and FreePBX 2.11 , FreePBX Distro
      • I believe it should work on almost all systems and variations
    • If you do have an improvement, do suggest.
    • There’s a kill channel switch, –k 1 where it will kill the “critical” time exceeding channel.

    NOTE:

    1. The output may produce duplicates as a full leg call can contain 2 or more channels. Look for the the first part of the UNIQUEID to identify dupes.
    2. This script may not run in some OS-es or environment so test it out first before going into production

    Place the script anywhere and ensure its executable, here’s how..

    # cd /usr/local/bin

    #wget www.orencloud.com/public/checkduration.sh

    #chmod +x /usr/local/bin/checkduration.sh

    Be sure to change bold highlighted values, edit the script

    # nano /usr/local/bin/checkduration.sh

    NAGIOSMODE="NO"     
    SYSADMINEMAIL=”your@email.com,yoursecond@email.com
    EMAILSUBJECT="DURATION OF CALLS ALERT"

    MYAST=/usr/sbin/asterisk #change this if its not there.

    Test like this, also be sure you can send emails already using “mail”. Setup your local relay, etc..

    #/usr/local/bin/checkduration.sh -w 60 -c 90 [-k 1]

    Where, 60,90 are seconds for alert warning and critical respectively. Make some test calls and check the script output in action. –k 1 switch kills that channel when time exceeds  “critical” only.

    Output looks like this on a typical Asterisk system

    CRITICAL: DURATION:00:03:00,UID:1456644553.8923051,LEG_A:0123456789,LEG_B:6054,APP:Dial
    CRITICAL: DURATION:00:03:50,UID:1456644503.8923013,LEG_A:0123456689,LEG_B:11000,APP:Queue
    CRITICAL: DURATION:00:02:43,UID:1456644570.8923060,LEG_A:1004,LEG_B:s,APP:AppDial
    CRITICAL: DURATION:00:02:01,UID:1456644612.8923082,LEG_A:035554442,LEG_B:11000,APP:Queue
    CRITICAL: DURATION:00:03:02,UID:1456644551.8923049,LEG_A:3546,LEG_B:s,APP:AppDial
    CRITICAL: DURATION:00:02:04,UID:1456644609.8923076,LEG_A:78787988,LEG_B:6002,APP:AppQueue
    CRITICAL: DURATION:00:02:04,UID:1456644609.8923077,LEG_A:0123456780,LEG_B:6001,APP:Dial

    In Nagios

    image

    In Email

    image

    Friday, December 4, 2015

    Opening multiple ports on Microsoft Azure (e.g. for an Asterisk deployment)


    http://azurespeaks.azurewebsites.net/
     

    If you publish an Asterisk servers on Azure, you might find it a daunting task to open multiple ports (called endpoints) on Azure, the task is simply slow if you use the web (portal or the old one). And we RTP folks, need a lot of ports to get a single call going (at least 3 ports required)

    So, let's say you're gonna create a default Asterisk installation and open the usual ports such as;

    IAX2- UDP4569
    SIP - UDP5060
    RTP-UDP10000 to UDP20000 (in this article, i only needed 100 ports)

    Here's how you can open all those ports in under 10 minutes.

    1) Download and install the Azure Powershell extensions.
    https://github.com/Azure/azure-powershell/releases/download/v1.0.1-November2015/azure-powershell.1.0.1.msi

    2) Start it up - it should be called Windows Azure Powershell (this is not the usual powershell, it must read Azure Powershell). You may need to run this as admin.

    3) Once in there, copy paste the following (modify where applicable)

    Task inside powershell (copy paste will do)
    1) Add an azure account (this will launch the authentication windows, do your thing and authenticate)

    Add-AzureAccount

    2) Now, declare which subscription this VM is tied to (My subscription is called Visual Studio Premium with MSDN)

    Select-AzureSubscription -SubscriptionName "Visual Studio Premium with MSDN"

    3) Declare the name of the VM you wish to setup
    $vm = Get-AzureVM -ServiceName myazurebox -Name myazurebox;

    NOTE: ServiceName is the cloud service, if it is not part of a cloud service, just enter the actual VM name, repeat that in NAME variable like above. If you get certificates errors at this point run this;

    $vm | Update-AzureVM

    You would need to rerun from step 1. This command also clears everything incase you messed up and want to restart.

    4) Add for IAX2
    $VM | Add-AzureEndpoint -Name IAX2 UDP -LocalPort 4569 -PublicPort 4569

    5) Add for SIP (UDP)
    $VM | Add-AzureEndpoint -Name SIPUDP UDP -LocalPort 5060 -PublicPort 5060

    Add for SIP TCP (if using)
    $VM | Add-AzureEndpoint -Name SIPTCP TCP -LocalPort 5060 -PublicPort 5060

    6) Add for RTP
    Now, since RTP is a bunch of ports that needed to be opened, in a default setup would be 10000 to 20000, you can do a loop and add them like this; Note, you can only open up to 150 ports at a time, apparently. So add more into the loop if needed.

    10000..10100| ForEach { $VM | Add-AzureEndpoint -Name RTP$_ -Protocol UDP -LocalPort $_ -PublicPort $_} ; $vm | Update-AzureVM

    This will add ports 10000 to 10100, name them RTP10000...and so on with UDP as the protocol. You don't really need that many RTP ports opened on Asterisk unless you have a ridiculous amount of concurrency on SIP. Otherwise, you don't really need that many ports opened.

    Guides: http://www.asteriskdocs.org/en/2nd_Edition/asterisk-book-html-chunk/asterisk-APP-D-SECT-37.html

    Freepbx: Use the GUI, look under Settings | Asterisk Sip Settings, look for RTP port range. *You might need to restart Asterisk.

    7) Finally, update the VM (this is when you will see the changes on Azure's web management portals)

    $vm | Update-AzureVM

    And you're done!

    Sunday, November 15, 2015

    Apple MacBook 2015 Bootcamp/Drivers

    Image from www.apple.com

    If you were in my position that you had to have some drivers and couldn't find them cause you wiped out the OSX partition etc and there's literally nothing on Apple's website to point you to a way to independently download drivers, well, here they are;

    Download Apple Bootcamp 6.0 for MacBook Pro 2015 here:
    https://goo.gl/yZjHvp (approximately 1.44GB)

    Until Apple makes their bootcamp software and drivers public, here's all of it.

    This particular set is for the MBP Retina early 2015 edition. (Mine had the AMD Radeon graphics card).

    I do not have any rights to these, nor claiming any rights, its from Apple and is only posted here for people's convenience.

    All files scanned with Norton Internet Security 2015 edition with latest signatures as of 15Nov2015.

    Have fun and all credit for drivers/software to Apple Inc.

    Thanks