From Mark.Wedel@Sun.Com Thu Nov 2 12:00:33 2006 Received: from brmea-mail-4.sun.com (brmea-mail-4.Sun.COM [192.18.98.36]) by underdog.stansell.org (8.13.8/8.13.8) with ESMTP id kA2K0QOn020559 for ; Thu, 2 Nov 2006 12:00:32 -0800 (PST) Received: from sfbaymail2sca.sfbay.sun.com ([129.145.155.42]) by brmea-mail-4.sun.com (8.13.6+Sun/8.12.9) with ESMTP id kA2K0Pop004628; Thu, 2 Nov 2006 13:00:25 -0700 (MST) Received: from domus.sfbay.sun.com (domus.SFBay.Sun.COM [10.6.64.11]) by sfbaymail2sca.sfbay.sun.com (8.13.6+Sun/8.12.10/ENSMAIL,v2.2) with ESMTP id kA2K0Pd8017861; Thu, 2 Nov 2006 12:00:25 -0800 (PST) Received: from [129.146.108.170] (sleipner.SFBay.Sun.COM [129.146.108.170]) by domus.sfbay.sun.com (Trusted Solaris (8.11.7)/8.11.6) with ESMTP id kA2K0OP13326; Thu, 2 Nov 2006 12:00:24 -0800 (PST) Message-ID: <454A4E32.5020700@Sun.Com> Date: Thu, 02 Nov 2006 11:59:46 -0800 From: Mark Wedel User-Agent: Thunderbird 1.5.0.5 (X11/20060925) MIME-Version: 1.0 To: "Hogan, Emmett (LNG-SAC)" Subject: Re: Conserver vs Sun X4100 References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.57 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.8 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Nov 2006 20:00:34 -0000 Hogan, Emmett (LNG-SAC) wrote: > I am finally getting back around to doing this! > > I have one small and one not-so-small problem: > > Small problem: I don't know what was in the "ilom" stanza (you have an > "include ilom" in the "console foo" stanza) That isn't needed - just forgot to remove it when cleaning up my example. > > Not-So-Small Problem: I can connect to the service processor just fine: > ============================================= > Sun(TM) Integrated Lights Out Manager > > Version 1.0.5 > > Copyright 2005 Sun Microsystems, Inc. All rights reserved. > > -> start /SP/console > Are you sure you want to start /SP/console (y/n)? y > > Serial console started. To stop, type ESC ( > ============================================= > > After this I get nothing...key strokes don't wake it up, nada. If I hot > "ESC (" I get the "-> " prompt and can exit just fine. > > Did you run into this at all? I know this sounds stupid, but are you sure the system itself is on? The ILOM itself will be running even if the system itself is not powered on. Go back to the ILOM prompt 'ESC (' and do a 'start /SYS'. By default, the system itself does not power on when first plugged in. From SDUPUIS@bouyguestelecom.fr Wed Nov 8 02:16:17 2006 Received: from bt1sqkne.bouyguestelecom.fr (smtp.bouyguestelecom.fr [62.201.139.150]) by underdog.stansell.org (8.13.8/8.13.8) with ESMTP id kA8AGAYa029796 for ; Wed, 8 Nov 2006 02:16:16 -0800 (PST) Received: from bt1sqk9x.bt0d0000.w2k.bouyguestelecom.fr (unverified) by bt1sqkne.bouyguestelecom.fr (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Wed, 8 Nov 2006 11:18:23 +0100 Received: from bt1sqk4x.bt0d0000.w2k.bouyguestelecom.fr (bt1sqk4xh0.bpa.bouyguestelecom.fr) by bt1sqk9x.bt0d0000.w2k.bouyguestelecom.fr (Content Technologies SMTPRS 4.2.5) with ESMTP id for ; Wed, 8 Nov 2006 11:03:33 +0100 Received: from bt1sqkal.bt0d0000.w2k.bouyguestelecom.fr ([172.19.158.234]) by bt1sqk4x.bt0d0000.w2k.bouyguestelecom.fr with Microsoft SMTPSVC(6.0.3790.0); Wed, 8 Nov 2006 11:03:33 +0100 Received: from BT1FMSGS02.bt0d0000.w2k.bouyguestelecom.fr ([172.23.252.19]) by bt1sqkal.bt0d0000.w2k.bouyguestelecom.fr with Microsoft SMTPSVC(6.0.3790.0); Wed, 8 Nov 2006 11:03:33 +0100 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.181 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Importance: normal Subject: Huge latency usig conserver Priority: normal Date: Wed, 8 Nov 2006 11:03:32 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Huge latency usig conserver thread-index: AccDHSW+Bdg9g4SmTwacclg8x8X1wA== From: To: X-OriginalArrivalTime: 08 Nov 2006 10:03:33.0150 (UTC) FILETIME=[2619ABE0:01C7031D] X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.57 on 209.182.219.30 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by underdog.stansell.org id kA8AGAYa029796 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.8 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Nov 2006 10:16:18 -0000 Hi everybody, We are using a perle CS9000 terminal server, conected to many SUN servers, and conserver in front of the perle, of course :) Conecting to the perle (telnet on all ports) is working great. But using console serveur show lot's of latency, we need to wait many seconds (or more !) between a keystroke and the result on screen. Environment : ----------- # conserver -V conserver: conserver.com version 8.1.14 conserver: default access type `r' conserver: default escape sequence `^Ec' conserver: default configuration in `/etc/conserver/conserver.cf' conserver: default password in `/etc/conserver/conserver.passwd' conserver: default logfile is `/var/log/conserver/server.log' conserver: default pidfile is `/var/run/conserver.pid' conserver: default limit is 16 members per group conserver: default primary port referenced as `3109' conserver: default secondary base port referenced as `0' conserver: options: libwrap, openssl, pam conserver: openssl version: OpenSSL 0.9.7e 25 Oct 2004 conserver: built with `./configure --sysconfdir=/etc/conserver --with-openssl --with-pam --with-libwrap --prefix=/usr --mandir=/share/man --infodir=/share/info --with-logfile=/var/log/conserver/server.log --with-pidfile=/var/run/conserver.pid --with-master=127.0.0.1 --with-port=3109' ----------- # cat /etc/conserver/conserver.cf default full { rw *; } default * { # The '&' character is substituted with the console name logfile /var/log/conserver/consoles/&; # timestamps every hour with activity and break logging timestamp 1hab; # include the 'full' default include full; # master server is localhost master localhost; } ### list of clients we allow access * { allowed 127.0.0.1; } # consoles sur bt1vss15 console bt1sssogc0 { master localhost; type host; host bt1vss15; port 10001; } console bt1sssogc1 { master localhost; type host; host bt1vss15; port 10002; } console bt1ws250 { master localhost; type host; host bt1vss15; port 10003; } console bt1sssh1 { master localhost; type host; host bt1vss15; port 10004; } console bt1sssh2 { master localhost; type host; host bt1vss15; port 10005; } console bt1sss6n { master localhost; type host; host bt1vss15; port 10006; } console bt1sss72 { master localhost; type host; host bt1vss15; port 10007; } console bt1sss8g { master localhost; type host; host bt1vss15; port 10008; } console bt1sss8h { master localhost; type host; host bt1vss15; port 10009; } console bt1sss8i { master localhost; type host; host bt1vss15; port 10010; } console bt1sss8j { master localhost; type host; host bt1vss15; port 10011; } console bt1sss8k { master localhost; type host; host bt1vss15; port 10012; } console bt1sss8m { master localhost; type host; host bt1vss15; port 10014; } console bt1sss8n { master localhost; type host; host bt1vss15; port 10015; } console bt1sss8l { master localhost; type host; host bt1vss15; port 10013; } ----------------- Any idea ? Stephane Dupuis Bouygues Telecom -- () ascii ribbon campaign /\ - against html e-mail - against microsoft attachments ____________________________________________________________ L'integrité de ce message n'étant pas assurée sur Internet, Bouygues Telecom ne peut être tenue responsable du contenu de ce message ainsi que des pièces jointes à ce message. Toute utilisation ou diffusion non autorisée est interdite. Si vous n'êtes pas destinataire de ce message, merci de le détruire et d'avertir l'expéditeur. The integrity of this message cannot be guaranteed on the Internet. Bouygues Telecom cannot therefore be considered liable for the contents including its attachments. Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender. ____________________________________________________________ From fwernli@ccfw.in2p3.fr Fri Nov 10 06:27:20 2006 Received: from ccimap.in2p3.fr (ccimap.in2p3.fr [134.158.69.6]) by underdog.stansell.org (8.13.8/8.13.8) with ESMTP id kAAERDrM010705 for ; Fri, 10 Nov 2006 06:27:19 -0800 (PST) Received: from ccfw.in2p3.fr ([134.158.71.67]) by ccimap.in2p3.fr (Netscape Messaging Server 4.15) with ESMTP id J8IQT900.3F7 for ; Fri, 10 Nov 2006 15:27:09 +0100 Received: by ccfw.in2p3.fr (Postfix, from userid 1000) id 5490724359; Fri, 10 Nov 2006 15:27:05 +0100 (CET) Date: Fri, 10 Nov 2006 15:27:05 +0100 From: Fabien Wernli To: users@conserver.com Subject: Certificates (again) Message-ID: <20061110142705.GC3068@ccfw.in2p3.fr> Mail-Followup-To: users@conserver.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Organization: CC-IN2P3 (CNRS) User-Agent: Mutt/1.5.13 (2006-08-11) X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.57 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.8 Precedence: list Reply-To: wernli@in2p3.fr List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Nov 2006 14:27:21 -0000 Hi, Can anyone give a simple example on how to use certificates please? Basically what I did is: 1) run make inside of /usr/share/ssl/certs after adding the root certificate 2) run conserver with the following command line element: -c /opt/conserver/certs/conserver.pem 3) conserver starts fine, but I am unable to connect without using my certificate, which should be ok: | $ console -vx | console: interface address 127.0.0.1 (lo) | console: interface address w.x.y.z (eth1) | console: SSLVerifyCallback(): error with certificate at depth: 0 | console: SSLVerifyCallback(): issuer = /C=FR/O=WXYZ/CN=ABCD | console: SSLVerifyCallback(): subject = /C=FR/O=WXYZ/OU=USR6402/CN=conserver.my.domain/emailAddress=email@my.domain | console: SSLVerifyCallback(): error #20: unable to get local issuer certificate | console: SSL negotiation failed | 21520:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate | verify failed:s3_clnt.c:843: 3) using a certificate, it doesn't work either: | $ console -vxc /var/tmp/my-user-cert.crt | console: interface address 127.0.0.1 (lo) | console: interface address w.x.y.z (eth1) | Enter PEM pass phrase: | console: Could not SSL private key from '/var/tmp/my-user-cert.crt' It may just be a trivial "wrong format" issue of my x509 certificate, but as the documentation on these issues is quite lacking I am posting to the list. What's unclear to me for instance is how do you handle permissions? Where does one define whose cert can have access, and whose can't? Thanks for help From bryan@stansell.org Fri Nov 10 22:02:47 2006 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.8/8.13.8) with ESMTP id kAB62lqn018522 for ; Fri, 10 Nov 2006 22:02:47 -0800 (PST) Received: (from bryan@localhost) by underdog.stansell.org (8.13.8/8.13.8/Submit) id kAB62llN018521 for users@conserver.com; Fri, 10 Nov 2006 22:02:47 -0800 (PST) Date: Fri, 10 Nov 2006 22:02:47 -0800 From: Bryan Stansell To: users@conserver.com Subject: Re: Certificates (again) Message-ID: <20061111060247.GG11183@underdog.stansell.org> References: <20061110142705.GC3068@ccfw.in2p3.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20061110142705.GC3068@ccfw.in2p3.fr> User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.57 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.8 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Nov 2006 06:02:48 -0000 well, it seems close enough. i'm thinking the wrong files are being used. which ones are the right ones? well, i'm not 100% sure, but perhaps the example that i got to work will help you figure that out. On Fri, Nov 10, 2006 at 03:27:05PM +0100, Fabien Wernli wrote: > 1) run make inside of /usr/share/ssl/certs > after adding the root certificate i used contrib/maketestcerts to create a bunch of self-signed certs. check that script to see what was done to make all these things. file list sorted by time... -rw-r--r-- 1 bryan stansell 676 Nov 10 21:39 rootreq.pem -rw-r--r-- 1 bryan stansell 963 Nov 10 21:39 rootkey.pem -rw-r--r-- 1 bryan stansell 899 Nov 10 21:39 rootcert.pem -rw-r--r-- 1 bryan stansell 1862 Nov 10 21:39 root.pem -rw-r--r-- 1 bryan stansell 668 Nov 10 21:39 serverreq.pem -rw-r--r-- 1 bryan stansell 963 Nov 10 21:39 serverkey.pem -rw-r--r-- 1 bryan stansell 891 Nov 10 21:39 servercert.pem -rw-r--r-- 1 bryan stansell 2753 Nov 10 21:39 server.pem -rw-r--r-- 1 bryan stansell 660 Nov 10 21:39 clientreq.pem -rw-r--r-- 1 bryan stansell 963 Nov 10 21:39 clientkey.pem -rw-r--r-- 1 bryan stansell 883 Nov 10 21:39 clientcert.pem -rw-r--r-- 1 bryan stansell 2745 Nov 10 21:39 client.pem i copied the rootcert.pem to my ssl/certs directory and ran c_rehash (which is probably what the makefile does). did you put the right root pem file there? > 2) run conserver with the following command line element: > -c /opt/conserver/certs/conserver.pem yep...that should be all you need (assuming your conserver.pem is the equivalent of my server.pem). > 3) conserver starts fine, but I am unable to connect without using > my certificate, which should be ok: > | $ console -vx > | console: interface address 127.0.0.1 (lo) > | console: interface address w.x.y.z (eth1) > | console: SSLVerifyCallback(): error with certificate at depth: 0 > | console: SSLVerifyCallback(): issuer = /C=FR/O=WXYZ/CN=ABCD > | console: SSLVerifyCallback(): subject = /C=FR/O=WXYZ/OU=USR6402/CN=conserver.my.domain/emailAddress=email@my.domain > | console: SSLVerifyCallback(): error #20: unable to get local issuer certificate > | console: SSL negotiation failed > | 21520:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate > | verify failed:s3_clnt.c:843: to make things fail, i removed the rootcert.pem file and got the following: console: SSLVerifyCallback(): error with certificate at depth: 1 console: SSLVerifyCallback(): issuer = /C=US/ST=California/L=Folsom/O=conserver.com/OU=Conserver CA/CN=conserver.com console: SSLVerifyCallback(): subject = /C=US/ST=California/L=Folsom/O=conserver.com/OU=Conserver CA/CN=conserver.com console: SSLVerifyCallback(): error #19: self signed certificate in certificate chain console: SSL negotiation failed 18491:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:844: notice i got error #19 and you got error #20. that makes me think you've got one of the other root cert files in ssl/certs...but it's just a guess. > It may just be a trivial "wrong format" issue of my x509 certificate, but as > the documentation on these issues is quite lacking I am posting to the list. yeah, it is lacking. if you're creating your own certs, you should be able to modify the maketestcerts script...(and if anyone knows how to make it work without passphrases, please let me know). > What's unclear to me for instance is how do you handle permissions? Where > does one define whose cert can have access, and whose can't? there is no restriction in conserver for checking certs. they're only used to make sure the ssl channel is not being hijacked. clients need to validate the cert before they are allowed to send any data and the server will validate the client's cert (if it prevents one - doesn't happen unless -c is used and isn't required). if those conditions are met, then you're back to your standard restrictions (tcp_wrappers, passwords, ro/rw lists, etc). hopefully that gives you at least something to try... Bryan From ppacheco@genesyslab.com Mon Nov 20 16:58:00 2006 Received: from g2.genesyslab.com (g2.genesyslab.com [198.49.180.210]) by underdog.stansell.org (8.13.8/8.13.8) with ESMTP id kAL0vsqb010071 for ; Mon, 20 Nov 2006 16:57:59 -0800 (PST) Received: from SARUMAN.us.int.genesyslab.com ([192.168.20.93]) by g2.genesyslab.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 20 Nov 2006 16:57:51 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C70D08.11C6D4E2" Subject: syslog facility and conserver Date: Mon, 20 Nov 2006 16:57:50 -0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: syslog facility and conserver Thread-Index: AccNCBFz/IagpO+BTWymj8GHcFVFyQ== From: "Phillip Pacheco" To: X-OriginalArrivalTime: 21 Nov 2006 00:57:51.0420 (UTC) FILETIME=[11E0E7C0:01C70D08] X-Spam-Score: -0.965 () BAYES_05,HTML_70_80,HTML_MESSAGE X-Scanned-By: MIMEDefang 2.57 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.8 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2006 00:58:01 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01C70D08.11C6D4E2 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Conserver users, =20 I am about to configure Conserver 8.1.14 on Solaris. I will be using it to control the ports on several Cyclades TS2000's. Currently we are using conserver 7.x on FreeBSD, which I did not setup.=20 =20 I am interested in configuring conserver to log messages from console clients which write to the console. As I understand it, conserver holds open the port of any device in the configuration file. Does it also listen on these ports, and can it write output to syslog? If so, what are the configuration parameters? =20 =20 I hate to ask questions to which the answers are easily available in the MAN pages, but I could not easily find these answers and the boss awaits results. I even looked over my accumulation of email from users@conserver.com with no luck. =20 Thanks for your help. =20 Phillip Pacheco WIS-UNIX Genesys ------_=_NextPart_001_01C70D08.11C6D4E2 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Conserver users,

 

I am about to configure Conserver 8.1.14 on = Solaris.  I will be using it to control the ports on several Cyclades = TS2000’s.  Currently we are using conserver 7.x on FreeBSD, which I did not setup. =

 

I am interested in configuring conserver to log = messages from console clients which write to the console.  As I understand it, = conserver holds open the port of any device in the configuration file.  Does = it also listen on these ports, and can it write output to syslog?  If so, = what are the configuration parameters? 

 

I hate to ask questions to which the answers are = easily available in the MAN pages, but I could not easily find these answers = and the boss awaits results.  I even looked over my accumulation of email = from users@conserver.com with no = luck.

 

Thanks for your help.

 

Phillip Pacheco

WIS-UNIX

Genesys

------_=_NextPart_001_01C70D08.11C6D4E2-- From ppacheco@genesyslab.com Mon Nov 20 17:10:37 2006 Received: from g2.genesyslab.com (g2.genesyslab.com [198.49.180.210]) by underdog.stansell.org (8.13.8/8.13.8) with ESMTP id kAL1ATsY010220 for ; Mon, 20 Nov 2006 17:10:34 -0800 (PST) Received: from SARUMAN.us.int.genesyslab.com ([192.168.20.93]) by g2.genesyslab.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 20 Nov 2006 17:10:28 -0800 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C70D09.D5444B8A" Subject: RE: syslog facility and conserver Date: Mon, 20 Nov 2006 17:10:28 -0800 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: syslog facility and conserver Thread-Index: AccNCBFz/IagpO+BTWymj8GHcFVFyQAAVbeQ From: "Phillip Pacheco" To: "Phillip Pacheco" , X-OriginalArrivalTime: 21 Nov 2006 01:10:28.0890 (UTC) FILETIME=[D55DA7A0:01C70D09] X-Spam-Score: -2.167 () BAYES_00,HTML_70_80,HTML_MESSAGE X-Scanned-By: MIMEDefang 2.57 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.8 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Nov 2006 01:10:38 -0000 This is a multi-part message in MIME format. ------_=_NextPart_001_01C70D09.D5444B8A Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Ok, so I acted in haste. Just after sending this message I found what I = think is the answer. I searched for /syslog in the man page without = result. But if I searched for log, I would have found this: =20 # man conserver Reformatting page. Please Wait... done =20 conserver CONSERVER(8) =20 NAME conserver - console server daemon ... -u Send unloved console output to conserver's stdout (which, in daemon mode, is redirected to the logfile). This applies to all consoles to which no user is attached, independent of whether logging of individual consoles is enabled via conserver.cf entries. =20 -Ulogfile Copy all console data to the ``unified'' log- file. The output is the same as the -u output, but all consoles, not just those without a user, are logged. Each line of output is prefixed with the console name. If a user is attached read/write, a `*' is appended to the console name, to allow log watching utilites to ignore potential user-introduced alarms. ... =20 Phil ________________________________ From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] = On Behalf Of Phillip Pacheco Sent: Monday, November 20, 2006 4:58 PM To: users@conserver.com Subject: syslog facility and conserver =20 Conserver users, =20 I am about to configure Conserver 8.1.14 on Solaris. I will be using it = to control the ports on several Cyclades TS2000's. Currently we are = using conserver 7.x on FreeBSD, which I did not setup.=20 =20 I am interested in configuring conserver to log messages from console = clients which write to the console. As I understand it, conserver holds = open the port of any device in the configuration file. Does it also = listen on these ports, and can it write output to syslog? If so, what = are the configuration parameters? =20 =20 I hate to ask questions to which the answers are easily available in the = MAN pages, but I could not easily find these answers and the boss awaits = results. I even looked over my accumulation of email from = users@conserver.com with no luck. =20 Thanks for your help. =20 Phillip Pacheco WIS-UNIX Genesys ------_=_NextPart_001_01C70D09.D5444B8A Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

Ok, so I acted in haste.=A0 Just = after sending this message I found what I think is the answer.=A0 I searched = for /syslog in the man page without result.=A0 But if I searched for log, I = would have found this:

 

# man = conserver

Reformatting page.=A0 Please = Wait... done

 

conserver=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0 CONSERVER(8)

 

NAME

=A0=A0=A0=A0 conserver - console = server daemon

=

=A0=A0=A0=A0 = -u=A0=A0=A0=A0=A0=A0=A0=A0=A0 Send=A0 unloved=A0 console=A0 output=A0 to=A0=A0 conserver's

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 stdout=A0 (which, in daemon mode, is redirected to

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 the logfile).=A0 This applies to all=A0 consoles=A0 to

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 which=A0=A0 no=A0 user=A0 is=A0 attached,=A0 independent=A0 of

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 whether=A0 logging=A0 of=A0 individual=A0=A0 consoles=A0=A0 is

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 enabled via conserver.cf entries.

 

=A0=A0=A0=A0 -Ulogfile=A0=A0 Copy = all console data to=A0 the=A0 ``unified''=A0 log-

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 file.=A0=A0 The output is the same as the -u output,

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 but all consoles, not just those without a user,

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 are=A0 logged.=A0=A0 Each=A0 line=A0 of output is prefixed

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 with the console name.=A0 If a=A0 user=A0 is=A0 attached

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 read/write,=A0 a=A0 `*'=A0 is=A0 appended to the console

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 name, to allow log watching utilites=A0 to=A0 ignore

=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0 potential user-introduced alarms.

=

 

Phil


From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] = On Behalf Of Phillip Pacheco
Sent: Monday, November = 20, 2006 4:58 PM
To: = users@conserver.com
Subject: syslog facility = and conserver

 

Conserver users,

 

I am about to configure Conserver 8.1.14 on = Solaris.  I will be using it to control the ports on several Cyclades = TS2000’s.  Currently we are using conserver 7.x on FreeBSD, which I did not setup. =

 

I am interested in configuring conserver to log = messages from console clients which write to the console.  As I understand = it, conserver holds open the port of any device in the configuration = file.  Does it also listen on these ports, and can it write output to = syslog?  If so, what are the configuration parameters?  =

 

I hate to ask questions to which the answers are = easily available in the MAN pages, but I could not easily find these answers = and the boss awaits results.  I even looked over my accumulation of email = from users@conserver.com with no = luck.

 

Thanks for your help.

 

Phillip Pacheco

WIS-UNIX

Genesys

------_=_NextPart_001_01C70D09.D5444B8A-- From woods@whats.weird.com Wed Nov 29 16:14:40 2006 Received: from most.weird.com (mail.weird.com [204.92.254.2]) by underdog.stansell.org (8.13.8/8.13.8) with ESMTP id kAU0ETx6013319 for ; Wed, 29 Nov 2006 16:14:34 -0800 (PST) Received: from whats.weird.com ([204.92.254.9] port=65413) by most.weird.com([204.92.254.2] port=25) via TCP with esmtp (8279 bytes) (sender: ) (ident <[bjjbV+0HDDywHIgxcJl06teW+26En3XyBm66fb/vx6grbdbfIyaLhLQ2K05ERGFyS/wjMyfcAsdyl+TGJtzcYw==]> using rfc1413) id for ; Wed, 29 Nov 2006 19:14:28 -0500 (EST) (Smail-3.2.0.122-Pre 2005-Nov-17 #1 built 2006-Nov-3) Message-Id: Date: Wed, 29 Nov 2006 19:14:25 -0500 From: "Greg A. Woods" To: Phillip Pacheco Subject: Re: syslog facility and conserver In-Reply-To: References: User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 Emacs/21.4 (alpha--netbsd) MULE/5.0 (SAKAKI) X-Face: ; j3Eth2XV8h1Yfu*uL{<:dQ$#E[DB0gemGZJ"J#4fH*][ lz; @-iwMv_u\6uIEKR0KY"=MzoQH#CrqBN`nG_5B@rrM8,f~Gr&h5a\= X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.8 Precedence: list Reply-To: Conserver User's List List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Nov 2006 00:14:41 -0000 --Multipart_Wed_Nov_29_19:14:24_2006-1 Content-Type: text/plain; charset=US-ASCII At Mon, 20 Nov 2006 16:57:50 -0800, Phillip Pacheco wrote: > > I am about to configure Conserver 8.1.14 on Solaris. I will be using it > to control the ports on several Cyclades TS2000's. Currently we are > using conserver 7.x on FreeBSD, which I did not setup. I've finally recently converted to conserver-8 on my home network too. I use some DECserver units to provide the serial ports. In conserver-8.x the logging can be set by default for each console port with a "default" block in the conserver.cf file: # # The character '&' in logfile names are substituted with the console # name. Any logfile name that doesn't begin with a '/' has LOGDIR # prepended to it. So, most consoles will just have a '&' as the logfile # name which causes /var/consoles/ to be used. # default * { logfile /var/log/consoles/&; timestamp 1lab; } Previously in older versions that was done in the 4'th field of the conserver.cf file, with perhaps a default LOGDIR and TIMESTAMP entry to set some common parameters for logging. I'll paste a copy of my whole new conserver.cf file here just for general reference. I had some difficulty getting the new chat feature working so that I could have conserver automatically login to my terminal servers, plus some of the other features were not well enough documented for me to figure out in my haste and with my conserver-7 mindset and there weren't any good comprehensive examples easily found with google to accomplish all of what I wanted. (And the undocumented conserverconvert program was pretty much useless to me.) I must say I'm quite pleased with the new release, except for the fact that it is WAY too anal about requiring SSL links (and maybe for the fact it wouldn't ignore the trailing colon in my old conserver.passwd files :-)). I'm considering hacking the SSL code back out of it (with a compile-time option, of course, if that's not already possible). I can't think of any situation where I would ever use conserver and could ever even conceive of needing encryption within it. It's just a terrible waste of CPU (that I don't have enough of on some older clients) and doesn't buy me any security whatsoever, and never can. I think I already have all the security I need directly at the network layer wherever it is needed. (And I need network layer security anyway for the telnet connections to the terminal servers -- protecting conserver connections is pointless if the terminal server connections are wide open to attack.) -- Greg A. Woods H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack Planix, Inc. Secrets of the Weird --Multipart_Wed_Nov_29_19:14:24_2006-1 Content-Type: text/plain; charset=US-ASCII Content-Disposition: attachment; filename="conserver-stuff.shar" Content-Transfer-Encoding: 7bit # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # conserver.cf # conserver.chat-constantly # conserver.passwd # console.cf # echo x - conserver.cf sed 's/^X//' >conserver.cf << 'END-of-conserver.cf' X# X# /etc/conserver.cf - conserver(8) configuration X# Xconfig * { X setproctitle yes; X sslrequired no; X} X# X# The character '&' in logfile names are substituted with the console X# name. Any logfile name that doesn't begin with a '/' has LOGDIR X# prepended to it. So, most consoles will just have a '&' as the logfile X# name which causes /var/consoles/ to be used. X# Xdefault * { X logfile /var/log/consoles/&; X timestamp 1lab; X} Xdefault decserver { X type host; X # X # start one down from reality so that we can use the the physical port X # numbers in the console blocks and they will work as expected X # X portbase 1999; X portinc 1; X} Xdefault tserv { X include decserver; X host tserv.weird.com; X initcmd "/usr/sbin/chat -I -f /etc/conserver.chat-tserv"; X} Xdefault constantly { X include decserver; X host constantly.weird.com; X initcmd "/usr/sbin/chat -I -f /etc/conserver.chat-constantly"; X} X# X# for the DEC AlphaServer 4x00 with remote console monitor: X#BREAK3=^]^]rcm X# for the DEC AlphaServer 4x00 with custom hw.cnmagic setting for DDB: X#BREAK4=^]^]ddb X# Xgroup sysadmins { X users root,woods,andreas,peter; X} X# Xconsole callerid { X master very.weird.com; X type device; X device remote; X baud 1200; X parity none; X rw woods; X ro sysadmins; X} X## Xconsole becoming { X master localhost; X port 2; X include tserv; X rw sysadmins; X} Xconsole omniswitch { X master localhost; X port 3; X include tserv; X rw sysadmins; X} Xconsole sometimes { X master localhost; X port 4; X include tserv; X rw sysadmins; X} Xconsole raid-00 { X master localhost; X logfile /dev/null; X port 5; X include tserv; X rw sysadmins; X} X#raid-01:!tserv:2005:/dev/null: Xconsole proven { X master localhost; X port 7; X include tserv; X rw sysadmins; X} Xconsole isit { X master localhost; X port 8; X include tserv; X rw sysadmins; X} X#becoming:!tserv:2008:&: X#almost:!tserv:2009:&: X#most:!tserv:2010:&: Xconsole starting-out { X master localhost; X port 12; X include tserv; X rw sysadmins; X} Xconsole building { X master localhost; X port 13; X include tserv; X rw sysadmins; X} Xconsole best-3.1-0 { X master localhost; X port 14; X include tserv; X rw cricket, sysadmins; X} Xconsole best-3.1-1 { X master localhost; X port 15; X include tserv; X rw cricket, sysadmins; X} Xconsole whats { X master localhost; X port 16; X include tserv; X rw sysadmins; X} Xconsole always { X master localhost; X port 17; X include tserv; X rw sysadmins; X} Xconsole always-mgmt { X master localhost; X port 18; X include tserv; X rw sysadmins; X} X## Xconsole hubly { X master localhost; X port 2; X include constantly; X rw sysadmins; X} X# X# X# list of clients we allow X# {trusted|allowed|rejected} : machines X# X# machines may be an IP ddress or a domain name X# X# we firewall ports 2000-2064, but just to be sure.... X# Xaccess * { X allowed 127.0.0.1 204.92.254.0/24; X} END-of-conserver.cf echo x - conserver.chat-constantly sed 's/^X//' >conserver.chat-constantly << 'END-of-conserver.chat-constantly' X'' '\n' '\043-\n-\043' 'BellSux\n' END-of-conserver.chat-constantly echo x - conserver.passwd sed 's/^X//' >conserver.passwd << 'END-of-conserver.passwd' Xroot: Xwoods: Xwoods-l: Xcricket: Xandy:*passwd* Xandreas:*passwd* Xpeter:*passwd* Xgrant:*passwd* END-of-conserver.passwd echo x - console.cf sed 's/^X//' >console.cf << 'END-of-console.cf' X# X# /etc/console.cf - console(1) configuration X# Xconfig * { X sslenabled no; X sslrequired no; X} END-of-console.cf exit --Multipart_Wed_Nov_29_19:14:24_2006-1-- From bryan@stansell.org Wed Nov 29 17:41:45 2006 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.13.8/8.13.8) with ESMTP id kAU1fj0u014498 for ; Wed, 29 Nov 2006 17:41:45 -0800 (PST) Received: (from bryan@localhost) by underdog.stansell.org (8.13.8/8.13.8/Submit) id kAU1fiFF014497 for users@conserver.com; Wed, 29 Nov 2006 17:41:44 -0800 (PST) Date: Wed, 29 Nov 2006 17:41:44 -0800 From: Bryan Stansell To: "Conserver User's List" Subject: Re: syslog facility and conserver Message-ID: <20061130014144.GH25273@underdog.stansell.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.1i X-Scanned-By: MIMEDefang 2.57 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.8 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Nov 2006 01:41:46 -0000 On Wed, Nov 29, 2006 at 07:14:25PM -0500, Greg A. Woods wrote: > files :-)). I'm considering hacking the SSL code back out of it (with a > compile-time option, of course, if that's not already possible). I 'configure --without-openssl' should prevent the SSL bits from getting inserted (since it try's to auto-detect it and use it)... Bryan