ELK Stack – Upgrade from 2.x to 5.x

Elasticsearch Snapshot and Restore

https://www.elastic.co/guide/en/elasticsearch/reference/current/modules-snapshots.html

 

Elasticsearch Migration Helper Plugin

cd /usr/share/elasticsearch/

./bin/plugin install https://github.com/elastic/elasticsearch-migration/releases/download/v2.0.4/elasticsearch-migration-2.0.4.zip

you may get updated command from here -> Elasticsearch Migration Plugin Install

You may download plugin from here -> Elasticsearch Migration Plugin

After plugin install, access plugin using URL

http://elasticsearch_ip:9200/_plugin/elasticsearch-migration/

netstat -na | egrep ‘9200|9300’

vi /etc/elasticsearch/elasticsearch.yml

network.host: localhost      to       network.host: “0”

 


If we have error for file descriptors.

Elasticsearch uses a lot of file descriptors or file handles. Running out of file descriptors can be disastrous and will most probably lead to data loss. Make sure to increase the limit on the number of open files descriptors for the user running Elasticsearch to 65,536 or higher.

Set ulimit -n 65536 as root before starting Elasticsearch, or set nofile to 65536 in /etc/security/limits.conf.

you may check current settings using command  ->    ulimit -a

To set it permanently, set this value in /etc/security/limits.conf file for user with which elasticsearch is running, its in most of cases elasticsearch

for more details check this link – Elasticsearch – Configuring System Settings

curl -X GET “localhost:9200/_nodes/stats/process?filter_path=**.max_file_descriptors”

cat /proc/sys/fs/file-max

vi /usr/lib/systemd/system/elasticsearch.service

/etc/init.d/elasticsearch restart

systemctl daemon-reload

/etc/init.d/elasticsearch restart


warning: /etc/elasticsearch/elasticsearch.yml created as /etc/elasticsearch/elasticsearch.yml.rpmnew
warning: /etc/sysconfig/elasticsearch created as /etc/sysconfig/elasticsearch.rpmnew
warning: /usr/lib/systemd/system/elasticsearch.service created as /usr/lib/systemd/system/elasticsearch.service.rpmnew


cd /usr/share/elasticsearch/

./bin/elasticsearch-plugin list

./bin/elasticsearch-plugin remove elasticsearch-migration

 

tail -f /path_to_logs/logs/elasticsearch.log

 


Kibana Upgrade

 

yum update kibana

 

if you get some error like “Login is currently disabled because the license could not be determined. Please check that Elasticsearch has the X-Pack plugin installed and is reachable, then refresh this page.”

update x-pack license using following command.

curl -XPUT 'http://<host>:<port>/_xpack/license' -H "Content-Type: application/json" -d @license.json
curl -XPUT 'localhost:9200/_xpack/security/user/elastic/_password' -H "Content-Type: application/json" -d '{
  "password" : "elasticpassword"
}'

Ref: Elastic ,

Solaris OK prompt commands

OK show-disks  ——> To show the disks
OK probe-scsi  ——> To search the scsi devices attached to the primary scsi controller
OK probe-scsi-all —> To search all the scsi devices
OK devalias   —-> to list device alias names
OK devalias <alias> <path> —>To temporarily create a device alias
OK printenv            —->To view the current NVRAM settings
OK setenv <env> <value> —–> To set the envirement variables
OK set-defaults                 —–> To set the open boot prompt settings to the factory default
OK nvalias <alias> <path>  —>To set the device alias permanently to NVRAM
OK nvunalias cdrom1  —-> To remove the nvalias ‘cdrom1’ from NVRAMRC
OK .version   ——> To find out the Open boot prompt version
OK .ent_addr —–> To find out the ethernet MAC address
OK .speed    —–> To find out the CPU and PCI bus speeds
OK banner    —–> To display the Model,Architecture,processor,openboot version,ethernet address,hostid and etc
OK set-defaults —-> To reset variable values to the factory defaults
OK reset-all —–> To reboot the system from OK Prompt
OK show-devs  —–>To show the PCI devices
OK boot   —> boot the system from the default boot devices
OK boot cdrom —-> to boot from cdrom
OK boot disk —-> boots the system from device as specified by the disk device alias
OK boot device-path —->boot from the full device mentioned
OK boot net —-> network boot .boots from a TFTP boot server or Jumpstart server
OK boot net -install  —–> Jumpstart boot.
OK boot tape —–> Tape boot.boots off a SCSI tape if available
OK boot -h —-> boot halted .boot into a halted state(ok prompt) intersting for troubleshooting boot at the lowest level
OK boot -r —-> Reconfiguration boot.Boot and search for all attached device.useful when new device attached to the system
OK boot -s —-> Single user.boots the system to run level 1
OK boot -v —-> verbose boot.show good debugging information.
OK boot -F failsafe   —> to boot the server to failsafe mode

————————————————————————————————————
Displaying System Information
Commands to display additional system related information .Not all commands work on all Platforms
OK .idprom  ——–> Display ID PROM contents
OK .traps  ——–> Display a list of processor-dependent trap types
OK show-devs —–>display list of installed and probed devices
OK eject floppy —-> Eject the floppy
OK eject cdrom ——>eject the cdrom
OK sync —–> call the operating system to write information to hard disk

———————————————————————————————–
Emergency Keyboard Commands
These are key sequences recognized by the system to perform predetermined
actions at boot time or during normal operation.

Stop     —> Bypass POST .(This command does not depend on security-mode)
Stop-A —> Abort.(This will also stop a running system. You can
resume normal operations if you enter go at the prompt.
Enter anything else and you will stay halted)
Stop-D  —> Enter diagnostic mode(set diag-switch?to true)
Stop-N  —> Reset NVRAM contents to default values.

 

Ref: Suresh-Solaris

App Store Optimization Checklist – ASO Tips

App Store Optimization is a way of ensuring your app meets app store ranking criteria and rises to the top of a search results page. But how does a marketer optimize for better discover-ability in an app store?

To help you boost your app marketing strategy and app store ranking, We have put together a list of 10 best App Store Optimization tips.

1. Understand your customer and your competition

How well do you know your customers and your competition? A well-formed App Store Optimization (ASO) strategy hinges on understanding how your customers use your app, along with a deep view of your competitive landscape.

To start, ask yourself the following:

  • What language do my customers naturally use?
  • How would they describe my app?
  • What are their top reasons for downloading and using my app?
  • What is my competitive advantage?
  • What keywords do my competitors target?
  • How easily can I compete against these apps on the same keywords?
  • Should I target the obvious keywords or the less obvious and less trafficked keywords that better speak to my unique offering and points of differentiation?

Your ASO strategy begins with putting yourself in your customer’s shoes. Your goal is to improve discovery in app store searches and target those keywords that drive the most traffic. The best way to identify these optimal keywords is consumer research — finding out exactly what search queries brought your customers to your app and the natural language they use to describe it.

It’s equally important to survey your competition to identify which keywords are being targeted by apps similar to yours. You can then determine whether or not it makes sense to target these same keywords or a separate set of keywords unique to your individual value proposition. Similarly, you’ll have to decide if it makes more sense to rank in the top 10 for a few highly competitive keywords or to rank in the top spot for keywords with a lesser search volume. Kick off your research process with a tool like Keyword Explorer.

2. Choose the right app name

Coming up with a unique name for your app isn’t just a matter of branding. For best results with ASO, include relevant keywords within your title, as this text heavily factors into app store search results. In fact, our friends at TUNE recently conducted a study of the top 25 ranking positions and found that apps with a relevant keyword in their title ranked, on average, 10.3% higher than apps without a title keyword.

 

Titles in the App Store can be up to 255 characters, allowing for plenty of keywords or keyword phrases. However, don’t take this as an opportunity to stuff every keyword you can think of into your title; after all, your app’s name is, first and foremost, your first impression to a potential mobile customer. Longer titles, however, will be truncated on a search results or top chart page. Titles are typically truncated after the 23rd character (including spaces) in the App Store and the 30th character in Google Play. App titles for installed apps in a device’s navigation menu or home screen are truncated after 11 and 14 characters, respectively.

To ensure that your app can be clearly identified, keep the actual name short and sweet. You can augment this short title with nonessential keywords after the name, typically preceded by a dash or vertical bar, to associate your app with select keywords.

It’s also important to use only URL-friendly characters in your title, particularly in the App Store. Special characters or symbols will detract from your ASO strategy and cause iTunes to refer to your app’s numeric ID, rather than its name, to scan for relevant keywords.

3. Maximize your keywords

While many of these strategies apply across the board when it comes to the different app stores, the App Store and the Google Play Store have two very different approaches when it comes to ASO keywords.

The App Store

The App Store has a 100-character keyword field. It exclusively uses title and whatever keywords or keyword phrases you include in these 100 characters to determine which search strings your app will show up for. With this in mind, it’s important to use all of the allotted characters and carefully research your keywords to maximize your organic traffic.

Google Play

On the other hand, the Google Play Store takes an approach more similar to modern SEO. Google does away with the specified tags and scans your app’s description to extract relevant keywords. In this scenario, you’re given 4,000 characters to describe it in natural, customer-facing language. Without trying to jam as many keywords into this text as possible at the expense of your messaging strategy, try to sprinkle relevant keywords where they logically make sense. A recent Sensor Tower study showed that the optimal number of times to repeat a keyword in an app store product page is five, at which point you will maximize the likelihood of ranking prominently for that keyword. Additional mentions have little to no effect on ASO and may even turn off potential customers if your description appears intentionally repetitive.

With this in mind, everything consumer-facing in your app’s product page should be designed not for an algorithm but for the customer. If its description is a hodgepodge of contextually irrelevant keywords, that coveted rank will become meaningless, as your wordy description will struggle to entice customers to take the next step and download it. For best results, write for the customer first, and make small edits for keywords next — remember that the ranking algorithms take both keywords and conversion metrics into account.

4. Create a compelling description

With the exception of a few of the aforementioned strategically placed keywords, your app’s description should be targeted toward your customer base, rather than a search engine index. Your description should be viewed as a call-to-action for potential customers. Describe what it does in simple and concise language, list the unique benefits it offers, and compel the reader to download it. You’ve already convinced the app store that your app is relevant to a specific list of keywords, and now it’s time to convince your potential customers that it meets their needs.

We recommend focusing the bulk of your energy on the first three lines of your description to immediately grab your reader’s attention. Given the ever-growing number of apps in the marketplace, customers are sure to have a few — if not several — alternatives to consider when evaluating yours. Make their decision easy by immediately communicating what it does and why they should use it.

Your app’s description, as well as the rest of your product page, should be treated as a living document. As it changes with each new update, so should your description. Each time you submit an update, take the time to reflect the changes in your product page’s description and screenshots to call out new features and accurately portray it.

5. Stand out with a unique icon

As your potential customers browse a nearly endless list of apps, your visual icon is the first impression they’ll have of yours. It’s important to make it count!

When approaching your icon design, it’s important to note that the App Store and Google Play vary in their approach to, and rendering of, app icons. Both stores have preset standards for the ideal size, geometry, and color scheme of app icons, designed to match the rest of the OS.

For iOS icons, the most important thing to note is that icons should be sized to at least 1024×1024 pixels, the dimensions required by the App Store. From here, the Apple OS will resize your icon for any other applications, including app icons (180×180), navigation icons (66×66), and tab bar icons (75×75). Your image must therefore be designed with the meticulous detail of a 1024×1024 icon and the simplicity necessary to still look good scaled down to the smallest size.

Additional resources: iOS 9 Design Guidelines and iOS Icon Sizing Reference Chart

When designing an Android icon, the only difference is that Google Play requires a 512×512 icon, rather than 1024×1024. While not required, Google recommends designing app icons in accordance with its material design guidelines, which details everything from icon anatomy to lighting and shading.

Additional resources: Android Material Design Guidelines and Android Icon Sizing Reference Chart

Regardless of which OS you’re designing for, you need an icon capable of breaking through the clutter. Icons should be clear enough that they immediately convey what your app does, even in its scaled-down form within the apps menu. As such, don’t overcomplicate your icon with unnecessary words or logos that demand extra time from your customers.

To get an idea of what works historically, simply browse the top-rated apps in your category or Google/Apple’s top picks. Across the board, you’ll see a trend toward bright colors, unique shapes, and simple imagery. Few icons use words, and some will incorporate a border or drop shadow to make them pop, regardless of their background. And once again, it’s important to do a little competitive research to ensure that your icon is different enough to avoid having your app confused with a competitor’s.

6. Include screenshots and videos

Like icons, screenshots in your description may not have a direct effect on search rankings, but they do drive downloads. Images convey more about what it actually is and bring your descriptive text to life, allowing potential customers to visualize using your app before they make the download.

While you can upload up to five screenshots for an iOS app and up to eight for an Android app, only your first 2–3 screenshots will show in the gallery on page load. Take special care in ensuring that these screenshots speak to your biggest customer benefits and are strong enough to convince the reader to browse your additional screenshots or download it.

While the app stores prefer images that are representative of the customer’s experience in your app, you can technically upload any graphic into the screenshot field — including concept or character art. Commonly, publishers will blend graphic design with their screenshots to incorporate a text overlay describing key elements or new features. For example, Candy Crush Saga adds a graphic overlay to its screenshots to promote its new update.

Whatever your approach, your screenshots should show off your app’s most pivotal features, latest updates, and the pages on which your customers will spend most of their time. Skip the pretty splash pages and show the customer what they can expect during everyday use. For best results, A/B test different screenshot sets to determine which screenshots drive the most downloads.

7. Localize your app listing

When it comes to global marketing, a “one-size-fits-all” approach simply won’t cut it. Today, only 31% of app revenue is generated by North American consumers. And of those consumers outside the English-speaking world, 72% prefer to use their native language when shopping, even if they’re fluent in English. These two statistics speak to the massive opportunity available to app publishers. That is, those app publishers who are able to tap into this market by catering to the unique preferences of its customer segments.

In other words, if your audience goes beyond the English-speaking world, consider adapting your brand communication and language to the wants and needs of each audience segment.

At the most basic level, speak to your customers in the language they use at home. There are myriad solutions for low-cost translation or localization services that can translate your app’s title, keywords, description, and screenshots to the languages of your largest segments.

Both the iTunes App Store and the Google Play Store allow you to localize your listing to make both discoverability and readability easier for customers in different countries. By doing so, you can increase both adoption and conversion, as more customers find your app using keywords in their language and as more customer download it after seeing a welcoming product page in their language. Together, these two effects can add up to as much as a 767% increase in downloads.

For example, Clash of Clans publisher Supercell translated its app description and screenshots to capture the Chinese market:

8. Increase traffic with outside promotion

At the end of the day, it’s important to remember that on-page optimization is just one tool in your mobile marketing kit. And this is where your SEO knowledge really comes in. It is widely believed that both Google and Apple factor in your app’s total page visits and product page backlinks when determining your search and overall ranks.

Simply put, the more traffic you drive to your listing, the higher it will rank in search results. To drive traffic, build an online presence around your app with social media and content, soliciting press and reviews, and investing in online advertising.

For many publishers, app indexing has proven the most effective strategy for driving traffic to an app’s product page. A relatively new concept, app indexing is the process of making Android or iOS app content searchable and linkable from a web or mobile web search. Customers who see you indexed in a search result can click on your link and be deep-linked to either it’s product page (if they don’t have it installed) or to the page in your app from which that content is indexed (if they have it installed). Indexing, therefore, helps with both re-engagement and acquisition by promoting your content in new channels.

App indexing allows you to drive downloads and app store traffic directly from a search engine results page.

App indexing has quickly shaken up the world of search, with 40% of searches now returning app indexed results. The world is going mobile, and those apps ahead of the curve in ASO and app indexing trends will be those that nab market share from traditionally web-dominated search results. (For more ways to move beyond the app store with your marketing strategy, check out our guide The 2016 Guide to App Marketing Channels.)

Additional resources: How to Get Your App Content Indexed by Google

9. Update frequently

Mobile customers are looking for apps that are constantly improving, with regular updates based on customer feedback. Apps that are frequently updated are seen, by both the app store and the customer, to be of a higher value and more customer-centric. Consequently, app updates highly correspond to better reviews as each new and improved version of the app should naturally receive higher ratings than the version before.

Of course, releasing the update is only half the battle. The next step is to encourage existing customers to download the update. To help sell your next update, try these three strategies:

  1. Entice customers within your app (such as a note prompted at login, a push notification, or an update link prominently displayed in the main navigation) notifying them of the new update and what improvements they have to look forward to.
  2. Update the app description and the “What’s New” field in your app store product page to outline new/improved features with a compelling call-to-action.
  3. Maintain a large volume of five-star reviews for your app, and especially its latest version. Our 2015 Consumer Survey revealed that one-third of existing customers check an app’s ratings before downloading an update. Maintain a positive rating for an easy win.

To come up with a general recommendation for update frequency, we scoured the 500 top-ranked apps and found that the average update frequency was between 30 and 40 days. Keep in mind, however, that each time you update an iOS app, your ratings reset — and with that, your rank temporarily plummets. As a result, frequently updated iOS apps experience slightly higher app store rank volatility, while frequently updated Android apps experience reduced volatility.

10. Encourage ratings and feedback

Last but certainly not least, a consistent flow of positive reviews serves as the highest possible validation of your app’s quality and one of the highest determinants of rank. In our analysis of the 500 top-ranked apps posted last year on the Moz blog, we found the highest correlation between ratings (both average rating and rating count) and ranks than any of the other factors we tested. Across the board, apps with a large volume of positive ratings dominate the top charts.

We also found that rating volume almost always trumps rating sentiment when it comes to determining rank. The app stores are looking to recognize apps that have the largest fan community — and the best proxy for determining that is the rating count.

The apps with the highest rating counts are those that keep their customers engaged and proactively solicit customer feedback to shape their product roadmap and future updates. It’s important to keep in mind, however, that app store ratings provide just a myopic view of customer satisfaction. Typically, only your vocal minority — those who either love or hate your app — will take the time to write a review. In reality, most of your customers lie somewhere between these two extremes and require that extra engagement or prompt to give their feedback. With intelligent rating prompts, you can boost your rating — and ultimately, your rank — by prompting only those customers most likely to give you a 5-star review.

Wrapping it up

Backed by an understanding of the data and science behind app store ranking algorithms and these top tips for App Store Optimization, you’re well on your way to a bullet-proof ASO strategy. With careful measurement and a little trial and error, you’ll soon catapult past your competitors in the app store top charts.

Of course, App Store Optimization is an ongoing process, thanks both to the continually evolving ranking algorithms and to the competitive nature of the app stores. A successful ASO strategy requires a keen eye, a penchant for analytics, and regular check-ins. Manage this, and your investment will pay off many times over.

See you on the top charts!

Ref: Moz

Asterisk Server Security – SIP security

If your SIP server is exposed to internet. Then you need to take some measure even if you have fail2ban installed. Fail2Ban keep track of the logs while blocking the attacks and some of the attacks might occur while fail2ban start jump into it.

Following are the Tools used for that;

  1. sipsak
  2. sipvicious
  3. iWar
  4. sip-scan
  5. sipcli
  6. friendly-scanner
  7. VaxSIPUserAgent
  8. sundayddr

you can block these attacks by using IP Tables. Following is the example for one the attack to block;

iptables -I INPUT -j DROP -p udp –dport 5060 -m stringstring "sip-scan" –algo bm


Ref: Haroon Javed

netstat – Find number of active connections in Linux using netstat

The “netstat” command is quite useful for checking connections to your machine. If we wanted to see ALL of the connections (which i really recommend you don’t do unless you’re trying to debug something and then you should probably pipe it to a file) we could use the “netstat -a” command.

Using “netstat -a” will give you something like this:

 

tcp	 0	 0 app.mydomain.com:http	 93.184.216.119:16494	 SYN_RECV
tcp	 0	 0 app.mydomain.com:http	 93.184.216.119:18733	 SYN_RECV
tcp	 0	 0 app.mydomain.com:http	 93.184.216.119.dsl.mwe:64775 SYN_RECV
tcp	 0	 0 app.mydomain.com:http	 93.184.216.119.threembb.:16490 SYN_RECV
tcp	 0	 0 app.mydomain.com:http	 93.184.216.119:video-activmail SYN_RECV
tcp	 0	 0 app.mydomain.com:http	 93.184.216.119:45025	 SYN_RECV
tcp	 0	 0 app.mydomain.com:http	 93.184.216.119:dvl-activemail SYN_RECV
tcp	 0	 0 app.mydomain.com:http	 41-135-22-100.dsl.mwe:64774 SYN_RECV

As you can see it does name resolving for us and all that good stuff. Sometimes very hand but that’s not what this is about.

Total connections Count

We want to get some solid numbers so we can take a broader perspective. To do this we can use the following command:

netstat -an | wc -l

This will show us a count of all connections that we presently have to our machine.

Connections on specific port

We can take this one step further even. Lets say you only wanted to see traffic coming across port 80 (standard HTTP). We can grep our netstat then count it like so:

netstat -an | grep :80 | wc -l

Connections Count based on Connection state

Finally, lets take a look at the big picture in a category form. It is often extremely useful to see what those connections are doing, especially when you think you might just have tons of open connections that are idle and are trying to tweak your settings. It’s been known to happen where you have a really busy web server for instance, and maybe it’s running a lot of database connections to the same box, then stopping. That often causes things like the TIME_WAIT to pile up and a large number for any of these may be an indication that you need to adjust your tcp timeout settings.

netstat -ant | awk '{print $6}' | sort | uniq -c | sort -n
      1 CLOSING
      1 established
      1 FIN_WAIT2
      1 Foreign
      2 CLOSE_WAIT
      6 FIN_WAIT1
      7 LAST_ACK
      7 SYN_RECV
     37 ESTABLISHED
     44 LISTEN
    297 TIME_WAIT

So there you have it. A quick way to return counts on your connections in your linux environment.

Check opened ports on server

Occasionally, when using netstat you may only care about ports that you are listening on. This is especially important if you are running a server that isn’t behind a firewall because it helps you determine what you may be vulnerable to that you aren’t aware of. using the netstat -l provides us with an excellent way to view this information.

root@nox [~]# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:mysql                     *:*                         LISTEN
tcp        0      0 *:submission                *:*                         LISTEN
tcp        0      0 *:pop3                      *:*                         LISTEN
tcp        0      0 localhost:783               *:*                         LISTEN

 

Statistics by Protocol

Another very common thing and powerful tool that netstat has built in is to show you network statistics in an overview fashion. If you’re just trying to get a good idea about packet statistics then the netstat -s command may be what you’re looking for. Here is some sample output. Keep in mind that netstat -s will show statistics broken down by protocol, so the fewer protocol stacks you are running the more compacted this summary will be.

netstat -s
Ip:
139502653 total packets received
28 with invalid addresses
0 forwarded
0 incoming packets discarded
133312468 incoming packets delivered
84570989 requests sent out
366 outgoing packets dropped
50 reassemblies required
25 packets reassembled ok
110 fragments received ok
220 fragments created
Icmp:
180285 ICMP messages received
1586 input ICMP message failed.
ICMP input histogram:
destination unreachable: 9516
timeout in transit: 331
echo requests: 170151
echo replies: 284
172009 ICMP messages sent
0 ICMP messages failed
ICMP output histogram:
destination unreachable: 1818
echo request: 40
echo replies: 170151
IcmpMsg:
InType0: 284
InType3: 9516
InType8: 170151
InType11: 331
OutType0: 170151
OutType3: 1818
OutType8: 40
Tcp:
1104118 active connections openings
2918161 passive connection openings
26607 failed connection attempts
256788 connection resets received
10 connections established
128535136 segments received
78146054 segments send out
1645036 segments retransmited
0 bad segments received.
185776 resets sent
Udp:
5125395 packets received
1867 packets to unknown port received.
0 packet receive errors
5158639 packets sent
TcpExt:
511 SYN cookies sent
511 SYN cookies received
12748 invalid SYN cookies received
14894 resets received for embryonic SYN_RECV sockets
159972 packets pruned from receive queue because of socket buffer overrun
2 packets pruned from receive queue
73 ICMP packets dropped because they were out-of-window
1965839 TCP sockets finished time wait in fast timer
78 time wait sockets recycled by time stamp
36503 packets rejects in established connections because of timestamp
2487605 delayed acks sent
33477 delayed acks further delayed because of locked socket
Quick ack mode was activated 45146 times
233 times the listen queue of a socket overflowed
233 SYNs to LISTEN sockets ignored
9643039 packets directly queued to recvmsg prequeue.
7969358 packets directly received from backlog
3291115817 packets directly received from prequeue
24087199 packets header predicted
5532135 packets header predicted and directly queued to user
30481401 acknowledgments not containing data received
42935286 predicted acknowledgments
814 times recovered from packet loss due to fast retransmit
339835 times recovered from packet loss due to SACK data
336 bad SACKs received
Detected reordering 2070 times using FACK
Detected reordering 854 times using SACK
Detected reordering 10 times using reno fast retransmit
Detected reordering 1840 times using time stamp
3234 congestion windows fully recovered
20175 congestion windows partially recovered using Hoe heuristic
TCPDSACKUndo: 11509
14757 congestion windows recovered after partial ack
1004274 TCP data loss events
TCPLostRetransmit: 54568
129 timeouts after reno fast retransmit
33120 timeouts after SACK recovery
31346 timeouts in loss state
885023 fast retransmits
93299 forward retransmits
337378 retransmits in slow start
128472 other TCP timeouts
TCPRenoRecoveryFail: 356
35936 sack retransmits failed
9 times receiver scheduled too late for direct processing
57242284 packets collapsed in receive queue due to low socket buffer
49286 DSACKs sent for old packets
157 DSACKs sent for out of order packets
95033 DSACKs received
2091 DSACKs for out of order packets received
39363 connections reset due to unexpected data
35517 connections reset due to early user close
12861 connections aborted due to timeout
6 times unable to send RST due to no memory
TCPSACKDiscard: 60
TCPDSACKIgnoredOld: 2937
TCPDSACKIgnoredNoUndo: 38596
TCPSpuriousRTOs: 2925
TCPSackShifted: 1905464
TCPSackMerged: 2048679
TCPSackShiftFallback: 995770
TCPBacklogDrop: 41842
IpExt:
InBcastPkts: 20
InOctets: 60455654365
OutOctets: 154094094438
InBcastOctets: 6560

Process Information

Another extremely useful tool for server administrators who are trying to track down processes that have run amuck is the netstat -p command. This returns the PID of the process that has the connection. It’s also quite useful if you’ve got someone abusing a PID and you need to find out what IP it is so that you can get in touch with that individual or to block connections from that IP in the future. Here’s some sample output from netstat -p.

netstat -p
tcp        0      0 localhost:56423  example.domain.com:https ESTABLISHED 27911/java
tcp        0     52 localhost:ssh    oh-76-76-76-76.dhcp.e:51653 ESTABLISHED 3344/sshd
tcp        0      0 localhost:imaps  76.sub-76-76-76.myvz:9258 ESTABLISHED 14501/dovecot/imap-
Ref: Exchange Core

DNS firewall – Its time to try DNS firewall

[vsw id=”1xWSU4DCNZ4″ source=”youtube” width=”425″ height=”344″ autoplay=”no”]

 

https://www.isc.org/wp-content/uploads/2017/12/RPZ-webinar7.ppt.pdf

Webinars and other Presentations given by ISC

http://www.securityzones.net/images/downloads/Rackspace-RPZ-Case-Study.pdf

https://kb.isc.org/article/AA-00525/110/%20Building-DNS-Firewalls-with-Response-Policy-Zones-RPZ.html

http://www.securityzones.net/images/downloads/BIND_RPZ_Installation_Guide.pdf

 

Web Server Performance Tuning

First off, Apache, nginx, or LightSpeed aside – if you’re running a server with 1000-2000 requests/second it’s time to start thinking about dual servers and load balancing. Depending on what you’re serving you can easily get more out of any of those servers, but at those rates you’re serving something important (or at least high-traffic), so you want redundancy in addition to the ability to handle momentary load spikes.
Start seriously considering a load balancing infrastructure i.e. HAProxy and NGINX.

You can certainly consider other high-performance web servers (nginx is very popular), or you can consider tuning your Apache configuration for better performance.

Some Apache suggestions.

Before doing anything else, read the Apache performance tuning documentation.

  1. MaxRequestsPerChild is really only useful for containing resource leaks.
    100 (your current value) is absolutely insane. You’re churning processes which kills performance.
    0 (Never kill a child) is certainly viable if all you’re serving are static resources.
    10000 (ten thousand, the default) is fine in almost all circumstances. 50000 (fifty thousand) is what I use for pure static HTML sites.
  2. StartServersMinSpareServers and MaxSpareServers can be tuned.
    I generally set StartServers and MinSpareServers to the same value.
    If there is a specific minimum number of spare servers you want to keep around, that is the number you should start with. A good value for this is your low-water-mark of simultaneous active connections.
    MaxSpareServers should be set to 75-80% of your high-water-mark of simultaneous active connections.
  3. ServerLimit and MaxClients can possibly be increased.
    If you have lots of free RAM and lots of free CPU, increase these numbers.
    If you’re running close to resource saturation, leave them as-is.
  4. Use graceful restarts
    You say you are seeing “momentary extreme peaks” in your load when Apache restarts.
    This tells me you’re probably not using graceful restarts.
    Whatever is causing Apache to restart, have it send SIGUSR1 to Apache rather than SIGHUP(or heaven forbid, actually stopping and starting the entire server). This is far less abusive and disruptive to the system than a regular restart of a full stop/start.
  5. Consider other MPMs
    You are almost certainly using the prefork MPM if you’re on a Unix system.
    Consider the Worker MPM instead.
    Tuning for the Worker MPM is a little different
  6. Spend some cache
    Apache has caching modules which can be used to hold frequently accessed data in RAM. This avoids a round-trip to the disk (or at least the filesystem layer) for frequently accessed data.
    Configuring memory backed caching can give you a pretty big performance boost for a relatively small amount of memory.

5 Tips to Boost the Performance of Your Apache Web Server

Install Mod_Pagespeed to Speed Up Apache and Nginx Performance Upto 10x

13 Apache Web Server Security and Hardening Tips

5 Ways to Optimize Apache Performance

Improving Linux System Performance with I/O Scheduler Tuning

http://www.lognormal.com/blog/2012/09/27/linux-tcpip-tuning/

https://cromwell-intl.com/open-source/performance-tuning/disks.html

http://www.brendangregg.com/linuxperf.html

https://hpbn.co/

 

top command on multi core processor

top command shows CPU usage as a percentage of a single CPU by default. That’s why you can have percentages that are >100. On a system with 4 physical or virtual cores, you can see up to 400% CPU usage.

You can change this behavior by pressing I (that’s Shift + i and toggles “Irix mode”) while top is running. That will cause it to show the percentage of available CPU power being used. As explained in man top:

    1. %CPU  --  CPU Usage
The task's share of the elapsed CPU time since the last screen
update, expressed as a percentage of total  CPU  time.   In  a
true  SMP environment, if 'Irix mode' is Off, top will operate
in 'Solaris mode' where a task's cpu usage will be divided  by
the  total  number  of  CPUs.  You toggle 'Irix/Solaris' modes
with the 'I' interactive command.

Alternatively, you can press 1 which will show you a breakdown of CPU usage per CPU:

top - 13:12:58 up 21:11, 17 users,  load average: 0.69, 0.50, 0.43
Tasks: 248 total,   3 running, 244 sleeping,   0 stopped,   1 zombie
%Cpu0  : 33.3 us, 33.3 sy,  0.0 ni, 33.3 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu1  : 16.7 us,  0.0 sy,  0.0 ni, 83.3 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu2  : 60.0 us,  0.0 sy,  0.0 ni, 40.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
%Cpu3  :  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem:   8186416 total,  6267232 used,  1919184 free,   298832 buffers
KiB Swap:  8191996 total,        0 used,  8191996 free,  2833308 cached

Windows – How to Kill hung service – Windows Service Which is Stuck

Sometimes as an administrator you may need to kill a service which is stuck in a ‘starting’ or ‘stopping’ state, in order to avoid having to reboot a server in the middle of the day.

These are the simple steps you need to do:

Find out the Service Name:

To do this, go in to services and double click on the service which has stuck.  Make a note of the “Service Name”.

Find out the PID of the service

To kill the service you have to know its PID or Process ID.

Open an elevated command prompt and type in:

sc queryex servicename

(where servicename is the name of the service you obtained from Step 1.)

Replace ‘servicename’ with the services registry name. For example: Print Spooler is spooler. (See Picture)

After running the query you will by presented with a list of details. You will want to locate the PID. (Highlighted)

Kill the PID

Now that you have the PID, you can run the following command to kill the hung process.

From the same command prompt type in:

taskkill /f /pid [PID]

Where [PID] is the service number.

This will force kill the hung service. (See Picture)

If it is successful you should receive the following message:

SUCCESS: The process with PID XXXX has been terminated.

Be careful of what you are killing though.  If you kill a critical windows service you may end up forcing the machine to reboot on it own.

Note: By forcing a service to stop you can also use these instructions to Kill a Windows Service which is stuck at starting as well.  This will allow you to restart the service.

Ref: SpiceWorks  Support4IT

Cisco – Trainings and Certifications

Cisco Trainings and Certifications overview

Cloud CCNA Cloud CCNP Cloud
Collaboration CCNA Collaboration CCNP Collaboration CCIE Collaboration
Cybersecurity Operations CCNA Cyber Ops
Data Center CCNA Data Center CCNP Data Center CCIE Data Center
Design CCENT CCDA CCDP CCDE CCAr
Industrial CCNA Industrial
Routing and Switching CCENT CCNA Routing and Switching CCNP Routing and Switching CCIE Routing and Switching
Security CCENT CCNA Security CCNP Security CCIE Security
Service Provider CCNA Service Provider CCNP Service Provider CCIE Service Provider
Wireless CCENT CCNA Wireless CCNP Wireless CCIE Wireless