Rotating event Log files in Windows Server 2003. Shouldn't this be done automatically?

First off let me say yes, we still use Windows Server 2003 SP2 here. It serves the purpose we need it for and as of right now those needs may be small but are still very relevant. I would love to wipe the server and install RHEL6 but that's further down the line.

Alright, back to the task at hand. When I first started working here, about a year ago, the server performance was abysmal at best. That led me to start looking at what was dragging the server down, besides being a Windows box that is. One of many, many, findings was the Event log files were not set to be rotated out, ever! With my background in Linux administration I was completely baffled as to why this would not be a standard on any server.. Bueller?

So, I went about looking into this and found many solutions. There were two options that stuck out as viable alternatives one was an .adm template and the other was simple bash script... I mean batch script (:

I wanted a quick solution that I could possibly modify for other uses on the fly with minimal fuss, that obviously left out an adm template. So, off to work on a batch script I went. After shaking off the rust of batch scripting, it was an easy solution.

I utilized Sysinternals Psloglist.exe in the below example. A later addition also adds 7zip by Igor Pavlov into the mix so the weeks log files can be zipped and stored for later viewing if necessary.

Below is the code that I used to accomplish this task, please feel free to adjust this code to fit your systems if you are in a similar situation.

REM This is to rotate the logs:
REM Created by Dan M.
REM This work is released un the Creative Commons Non-commercial Share A-like license
REM http://creativecommons.org/licenses/by-nc-sa/3.0/legalcode

:: Get date in useful format
For /f "tokens=2-4 delims=/ " %%a in ('date /t') do (set newdate=%%c-%%a-%%b)

:: Echo
ECHO "This is a log of the purge/rotation of the event logs" > f:\logs\file.txt
ECHO "-----------------------------------------------------" >> f:\logs\file.txt

:: Run Sysinternals PslogList.exe
:: Echo out times to file.txt for emailing
%SYSTEMDRIVE%\SysinternalsSuite\psloglist.exe Applications -c -g f:\Logs\%newdate%_APP_EVTS.evt
ECHO "Application events were rotated %newdate% at %time%" >> f:\logs\file.txt
%SYSTEMDRIVE%\SysinternalsSuite\psloglist.exe Security -c -g f:\Logs\%newdate%_SEC_EVTS.evt
ECHO "Security events were rotated %newdate% at %time%" >> f:\logs\file.txt
%SYSTEMDRIVE%\SysinternalsSuite\psloglist.exe System -c -g f:\Logs\%newdate%_SYS_EVTS.evt
ECHO "System events were rotated %newdate% at %time%" >> f:\logs\file.txt

:: Call email_me.cmd
CALL g:\scripts\Email_me.cmd

Remember adjust your variables and destinations accordingly and as always happy admin-ing!


Back to posting

Time to get back to posting to this little gem of a blog I have here. What to blog about is the only question...


Gmail: Forwarding only actual email to your Blackberry

If you are like me and setup your primary Gmail account with your Blackberry, or other smartphone, you more than likely get tired of all the "junk" email that goes to your device and startrs it blinking at 230am. This junk for me was mainly mailing lists as I am on a few in the Linux world. Well let's see if we can clean up this little issue.

Some people say why don't you just use the Gmail app for Blackberry devices?
A. Because for me it freezes constantly and breaks my data connection, I'm not the only one. But if you want to use it keep that in mind and also that it hasn't been updated in around 2 years.

What you will need:
1. A computer to access your Gmail account
2. A Blackberry email address(optional, you can setup a new gmail acct too)

Ok lets log into our gmail account and click on Settings, click Filters, Create a new Filter. Now here is where we need to put in some information in regard to what we WANT forwarded. I have a list of email domains that I have compiled that is in no way exhaustive but a start, I add to it all the time.

In the FROM field:
This covers a majority of the providers, in order to add more use the pipe(|)and a star(*) - Important NO SPACES or the rule will fail. So if I wanted to add ACME corporations email I would simplty append |*@acme.com to the end of the string.

In the TO field:

I leave HAS THE WORDS and SUBJECT empty because I want almost all email to come through.

In the DOESN'T HAVE feild:
cdlug-general OR chat OR LTP

Put the key words you DON'T want forwarded, seperated by OR. You can use other boolean phrases also, but I will not cover them in this article.
**I highly suggest you put "chat" in the feild. If you don't every gchat you have will be forwarded to your phone and that can get annoying.

Once you are done with that hit "Next Step"
Now place a check in the box next to "Forward it To:" select your forwarding address. if you have not set one up yet simply click "Manage your forwarding address", select "add new", put in your blackberry.net address and await the verification code. Once the code comes type it into the box and click "Save changes" at the bottom of the page, you will be returned to the Filters page.

Now you can hit "Create filter", I do not suggest checking the apply to XX number of conversations below or you may clog up your blackberry.

Done. Now all email from the email domains we setup in the begining will be forwarded to your blackberry and all the ones you don't want will stay in the cloud.

Hope that helps! If you have any questions/comments please feel free to post them!



Exchange Server 2003 fun

Well with my new job in NY being very Microsoft centric I have run into the normal bevy of MS related issues. Namely random crashes, corruption and crap, I like to call it C3. The latest has been a blast to deal with.

How to add yourself as an Exchange Full Administrator without using ESM Delegation in my case this was because I couldn't use the ESM Delegation Wizard

Original issue: An Exchange mailbox had been corrupted and I needed to restore it from a backup. So I thought this should be easy(wrong).

Actions: I setup a Recovery Group just like I was supposed to and mounted the store recovered the mailbox etc.

Problem created: When trying to add a new user the new user's mailbox is created in the recovery group. This has to be one of the dumbest designs ever but, fine I will just delete the recovery group that I created and then recreate the user. Halt! Microsoft decided that is not a good idea and even though I created the RG I can't delete it, mind you I am logged in as a Local/Domain/Enterprise Admin so I should have super powers right? Nope.

Microsoft restricted that aspect to only Exchange Full Administrators(EFA). Fine, I looked around and figured out how to add an account as an EFA, this should be easy right? Wrong.
You cannot add an account to be a EFA unless you have an account and login credentials for an EFA. Now what? Off to Google I go.

A solution finally!
1. Log into the Exchange server with local/domain/ad admin rights
2. Run regedit and navigate to HKEY_CURRENT_USER\Software\Microsoft\Exchange\ExAdmin
3. Create a new dword called ShowSecurityPage
4. Set the value from 0 to 1
5. Close the ESM if open
6. (re)Open the ESM
7. Right click on your Exchange Organization, select properties, Add the desired account with FULL access.
8. Go to your recovery group and delete the database then the recovery group itself

Now you are able to add your desired users and they will be added to the correct database

What a mess...


Run updates from crontab

Simple safe-upgrade script to be run from root's crontab -

Reasoning - I was tired of the way the updater was in Ubuntu recently, that whole pop-under thing is annoying and counter productive. So I wrote a script that safe-update's the system and doesn't need a sudo user to install the updates.

Now, I would not advise using this on a server or mission critical desktop. Who knows what could happen even with only safe-update called...

Setup is near the bottom, read this first.

What update.sh does:

$now is the current date in unix time
$check_date is the current date minus one week
(actually 6 days 23 hours 59 minutes and 45 seconds)

Fist step is:
It checks to see if this script has been run before via a if file exists in bash

if yes then:
It checks to see if current date minus one week is greater than or equal to the last update. So if this was last run over a week ago it will start.
If not it was last updated withing a week it will exit. This _should_ not happen, but is a built in 'failsafe'.

If the file does not exist:
It creates the .update_log and goes on its merry way updating.

What is doens't do:
This script does NOT reboot the machine when done, this was done on purpose for the user(s). This way when they are done for the day they and shutdown the computer will be up to date the next time it is turned on.

Firefox will act crazy if not restarted after updating! This may be covered in the next revision.

1. Copy between the CUTs to /root/update.sh via vim/vi/nano/gedit etc. (Yes you need to be root)
2. chmod +x /root/update.sh
3. su root (if you sudo'd in)
4. #crontab -e
5. Setup the crontab the way you like it
5a. Here's mine 30 16 * * 2 /root/update.sh
6. :wq <-- to save the crontab

You may also want crontab to shutdown or reboot the machine after, but that is up to you.

# update.sh - DTM
# Get root's paths (as root 'grep bin /root/*')
# this will give the correct shell also

# Check last update time
# Check if file exists get information on last modify time or just create one

# Define vars using Unix time - makes it easier
now=`date +%s`

# See if file exists
if [ -f /root/.update_log ];
last_update=`cat /root/.update_log`
if [ $check_date -ge $last_update ];
echo $now > /root/.update_log && aptitude update && aptitude -y safe-upgrade
echo $now > /root/.update_log && aptitude update && aptitude -y safe-upgrade
fi # //END MAIN IF


Another run-in with Windows Vista

Where to begin? Well, I am moving back to New York after nine years of living no closer then 9.5 hours by car. With this move comes the oh so fun job hunting. As many of you know, unless you live under a rock, the job market flat out stinks at this point in time. I have applied for 27 jobs and have heard back from one! Anyhow, this whole resume thing and it having to be in the lovely proprietary Microsoft Word format 97% of the time, has gotten a little unruly in OpenOffice. Don't get me wrong OpenOffice is great, when it is not deleting embedded tables in doc files as it is in 3.1, I use it every day for normal document, PDF, spreadsheet application. But, the table dropping was killing me, so I said screw it and installed my copy of Windows Vista Business x32 that came with my Thinkpad.

First off the install was quick, on the 20GB partition I allowed it, but the updates took over 2 hours to download and install! Mind you I do have a 6MB pipe and they were downloaded in less than 10 minutes. Installing should not have taken over an hour and a half on a dual core T7100 1.8Ghz intel with 4GB of ram. After my wait was over sometime around midnight I installed the much needed Antivirus and went to bed, finally.

This morning I installed my Copy of Office 2007, applied service pack one and was on my way to my normal tasks. Checking email, looking at job boards, etc. I soon realized my four legged friend needed to take a little trip outside. So, I closed the lid on my Thinkpad, like I did last night, and took him for a walk. Needless to say I was distracted for a good 3 hours, I happened to be walking into the kitchen when I noticed my amber battery light was on and the little green moon was not! I panicked a little because I have my good battery(7 cell) in and not the little 4 cell that came with it, these are not cheap and I try not to run them below 25% unless it is an absolute necessity.

So now that you are up to date on the on the happenings, I suppose I can show you the picture of what the desktop looked like when I opened the lid.

Lovely heh? Less than 14 hours installed and I get my first BSOD. Someone again tell me why I don't use Microsoft products? As of right now I am only at 31% of my battery, thank you Windows Vista Experience you have made my day and busy weekend for that matter, even better.

I am off to install Ubuntu Linux on the other 60GBs of my hard drive, guess I should have just dealt with VirtualBox OSE's lack of USB support in the free version, thanks a lot Sun! I blame you too.

And by the way I did click the "Find a Solution" button, you know what I got? Nothing....

Thanks again....


Centos - Mounting NTFS drives

I was brushing up on my CentOS 5.3 skills and needed access to an older NTFS formatted usb drive. I forgot that CentOS doesn't include NTFS-3g support natively, doh!
So here are the few simple commands needed to get it installed:
1. Open a terminal window
2. Su - (or Sudo -s)
3. yum install fuse fuse-ntfs-3g dkms dkms-fuse
4. mkdir /media/win
5. /sbin/fdisk -l <-- to find your drive
6. mount -t ntfs-3g /dev/sdb1 /media/win

Bam you are done!