Is there a way to find the maximum number of promotes by a user in a stream , in Accurev?
Some information like
User - Count# Of Promotes
accurev hist -s <stream> -u <user> -k promote -a | grep transaction | wc -l
Related
info keyspace
Its currently incremental and purged at end of month . But i want to have per day between mentioned time for some kpi analysis .
Set up a cron job of:
redis-cli -h host -p port info keyspace | grep db0 | sed 's/.*keys=\([0-9]*\).*/\1/' | xargs redis-cli -h host -p port set metric:keys:$(date "+%y-%m-%d-%H")
This will get you a set of keys in Redis with metrics at specific hour.
~$ redis-cli -h host -p port get metric:keys:18-06-15-12
"25"
This one-liner will get keyspace info, filter info for db0 (change for any other you interested in), extract the number, send back to Redis as a metric. You also can change that to a hash so metric itself won't change your number. But for 1m+ instances a couple of keys won't matter. Or you can store them in another db if you want.
is there any way to use .ssh/authorized_keys to get the corresponding login user's email when the linux system is connected through id_rsa.pub?
I try to use the content in /var/log/auth.log while I can't find the direct relationship between the records and .ssh/authorized_keys.
Thanks in advance.
May be someone needs it. Next command prints information about the ssh key that was used for a current session. The key is taken from a standard comment block from ~/.ssh/authorized_keys.
For instance, somebody#test.com will be printed for a key that looks this way: cyb5OrLRv0VR6gZev8...KdECf7Q== somebody#test.com
Command:
export CURRENT_SSH_USER=$(grep $(grep $(grep '#'$(who -m | awk '{print $2}') <(ps -ef) | head -1 | awk '{print $3}')']: Accepted publickey for' /var/log/auth.log | head -1 | awk '{print $16}') <(cat ~/.ssh/authorized_keys | xargs -n1 -I% bash -c 'ssh-keygen -l -f /dev/stdin <<<"%"') | tail -1 | awk '{print $3}')
The command above does these steps:
who -m Only hostname and user associated with stdin.
Taking pseudo terminal slave e.g. pts/2 for a current user from the prev. command.
Searching for pts/2 in a list of processes ps -ef and extracting its pid.
Looking for the pid, e.g. 21996 in /var/log/auth.log in lines like this one:
Jul 22 01:50:39 whatever-i-12345 sshd[21996]: Accepted publickey for ubuntu from 10.10.10.10 port 40411 ssh2: RSA SHA256:V4DD10NklAAAAAHNgxaurm1qaq/TOTejNjXMQABABAB. Be sure you have proper logging enabled.
Once fingerprint SHA256:V4DD10NklAAAAAHNgxaurm1qaq/TOTejNjXMQABABAB is found, it matches it with the line from /.ssh/authorized_keys retrieves info about a name from a comment block.
Notes:
Tested only on Ubuntu 16.04.2 LTS (GNU/Linux 4.4.0-62-generic x86_64)
The last column of ssh public key is just a comment field and it is not present in the private key used to log in nor in the public key send to the server during the authentication attempt.
The comment in the server authorized keys can be completely different than the comment in the clients public key.
You can find the connection between the keys in authorized_keys and in the logs, but you need to convert the keys to fingerprints first using
ssh-keygen -lf ~/.ssh/authorized_keys
The following Picture indicates that many applications could use PF_RING clusters.
I have tested this by the following commands.
./zount -i eth0 -c 55 ---- ok
./zcount1 -i eth0 -c 99 ----- ok
Suppose i want to use pf_ring zc. As far as i know If you open a device using a PF_RING-aware driver in zero copy (e.g. pfcount -i zc:eth1) the device becomes unavailable to standard networking as it is accessed in zero-copy through kernel bypass, as happened with the predecessor DNA. Once the application accessing the device is closed, standard networking activities can take place again.
I have 2 questions:
Question 1- as long as the application connected to the NIC via ZC (e.g. pfcount -i zc:eth1), the NIC is inaccessible to other applications .in such a situations no one could use zero copy.
$pfcount2 -i zc:eth1 -------- error .
if i am wrong ,is it possible to use PF_RING ZC like PF_RING? the following pic show what i am trying to say.
Question 2: is it possible to use PFRing_zc as follow? if the answer is YES, how ? is there any API?
Thanks in Advance
cardigliano, a ntop member ,answered my question:
yes you can do both with zbalance:
zbalance_ipc -i zc:ethX -c 99 -m 0 -n
zbalance_ipc -i zc:ethX -c 99 -m 0 -n ,
Please take a look at zbalance_ipc -h for more options and at the zbalance_ipc output to see how to attach consumers to the cluster. There is also a
README.examples with a few examples.
My friend turned on remote login and I disabled it, but since he was already logged in, it didn't terminate the session(I knew he did it and we we're having a race).
He created a user account and I deleted the user account which terminated the session. In the future how can I terminate the ssh session?
I was trying to use these to no avail
w
~
ssh
ps -C ssh
ps. grep ssh
ps | grep ssh
pkill 1020
kill -9 1020
netstat -lnpt | awk '$4 ~ /:1234$/ {sub(/\/.*/, "", $7); print $7}'
sudo pkill loginwindow
Figured it out.
w //for established connections, get user name
ps -u <username> //for process id process name is sshd, get process id
sudo kill <process id>
enter password
Currently, I'm making curl calls, check the response and some times do a "ssh HOSTNAME "tail -f LOGFILE" | grep PATTERN. Is there a tool out there that streamline/generalize this process of making some request, checking both the response and server logs for certain patterns? (Oh, and getting statistics like response time would be plus)
I've only got an answer to part of your question. To get good stats out of cURL, try something like this:
curl -w '\nLookup time:\t%{time_namelookup}\nConnect time:\t%{time_connect}\nPreXfer time:\t%{time_pretransfer}\nStartXfer time:\t%{time_starttransfer}\n\nTotal time:\t%{time_total}\n' -o /dev/null -s http://www.google.com/