Netflow Collector on Splunk – Interesting Bug

The Splunk Add-on for Netflow appears to have a bug.  If you run through the configure.sh script accept all the defaults, it refuses to ingest any Netflow data.

This is because its script deletes all ASCII netflow data that’s older than -1 day old.

You can easily fix this by either rerunning configure.sh again and typing in every value, or edit /opt/splunk/etc/apps/Splunk_TA_flowfix/bin/flowfix.sh and change the following line;

# Cleanup files older than -1
find /opt/splunk/etc/apps/Splunk_TA_flowfix/nfdump-ascii -type f -mtime +-1 -exec rm -f {} \;

Change the +-1 to +1.  This tells the script to clean up all ASCII netflow data older than 1 day (ie, not everything older than some time in the future).

How to convert an MP4 to a DVD and burn it on Linux

If you’re using Vagrant with VirtualBox on Windows, create a new directory, throw the source mp4 in it, then create a Vagrantfile like this;

Vagrant.configure("2") do |config|
  config.vm.box = "bento/ubuntu-16.04"

  config.vm.provider "virtualbox" do |vb|
  vb.customize ["storageattach", :id, "--storagectl", "IDE Controller", "--port", 0, "--device", 0, "--type", "dvddrive", "--passthrough", "on", "--medium", "host:X:"]
  end
end

Edit the host:X: to be the drive letter of your physical DVD drive.

Then bring up the VM with;

vagrant up
vagrant ssh
sudo -s -H

Now that’s done, do this.  You can start from here if you’re already on Linux or have some other means of getting a VM ready.  I assume you’re going to want to make a PAL DVD, and that your DVD is in /dev/sg0 (check with wodim --devices);

apt-get install dvdauthor mkisofs ffmpeg wodim
ffmpeg -i input.mp4 -target pal-dvd video.mpg
export VIDEO_FORMAT=PAL
dvdauthor -o dvd/ -t video.mpg
dvdauthor -o dvd/ -T
mkisofs -dvd-video -o dvd.iso dvd/
wodim -v dev=/dev/sg0 speed=8 -eject dvd.iso

All done.  Assuming everything went well, you have a freshly burned DVD, all using open source Linux software, with no horrible adware that tends to come with Windows DVD burning software.

You can then get rid of the VM with vagrant destroy.

SSH Configuration on OpenWRT

If you’ve configured Dropbear (the SSH server) for OpenWRT so that it has a secondary listener for your WAN port (you may want to do this if you want the WAN SSH listener on a different port from the default), then you’ve probably noticed that it doesn’t come up on its own after your WAN link drops.

There’s a really easy solution to this.  Configure hotplug.d so that when your WAN interface bounces, dropbear gets restarted!  Put this into /etc/hotplug.d/iface/40-dropbear ;

#!/bin/sh

if [ "$INTERFACE" = "wan" ] && [ "$ACTION" = "ifup" ]
then
 /etc/init.d/dropbear restart
fi

This tip was found at the bottom of the documentation for Dropbear listed above.

Static MAC Generator for KVM

The following line will generate (pseudo-randomly) a static MAC address, suitable for use with a KVM virtual machine;

date +%s | md5sum | head -c 6 | sed -e 's/\([0-9A-Fa-f]\{2\}\)/\1:/g' -e 's/\(.*\):$/\1/' | sed -e 's/^/52:54:00:/'

Similar nonsense can be done with Hyper-V and VMware.

If you’re using MythTV 0.28 on Ubuntu 16.04 …

… you’ll want to know about this bug.  Put the following string in the end of your /etc/mysql/conf.d/mythtv.cnf ;

sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION

You may also want to try;

sql_mode=NO_ENGINE_SUBSTITUTION

Fixed?

Raspian with Ralink 7601 Wifi Adapter

Recently picked up a Ralink 7601 Wifi Adapter (a no-name clone wifi stub from Ebay), for the princely sum of about $2 delivered.  It’s identifable easily because in lsusb it shows up as;

Bus 001 Device 005: ID 148f:7601 Ralink Technology, Corp.

Unfortunately, it turns out these things aren’t natively supported by Raspian without a firmware module.  But there’s hope!

This guide shows how to get it running, which essentially just boils down to this command;

wget https://github.com/porjo/mt7601/raw/master/src/mcu/bin/MT7601.bin -O /lib/firmware/mt7601u.bin

And then configuring it like you normally would in wpa_supplicant.  Pretty easy stuff in the end.

Ubuntu VM AutoResize with 15.10

Installed Ubuntu in a VMware Workstation 12 VM, and can’t get desktop autosize working with open-vm-tools?  Here’s how to fix it.

Make sure you have the open-vm-tools-desktop package installed;

sudo apt-get install open-vm-tools-desktop

Edit /etc/xdg/autostart/vmware-user.desktop and add the following line at the bottom;

X-Gnome-autostart-enabled=1

Restart, and then make sure that under the View tab you have Autofit Guest enabled.  Should do the trick.

Fenix 3 Man Overboard Now Useful!

The Garmin Fenix 3 watch is a sports/fitness/navigation watch with a lot of features.  A firmware update that came out a few months ago included a new Man Overboard feature, ostensibly intended so that the owner can hit a button on the watch and have it record the location so you can navigate back to it at sea.

However, the original implementation had a number of problems which made it, well, completely useless;

  • Pressing the button required waiting until GPS had finished acquiring and then confirming you want to navigate.  Failing to confirm results in (after 15 minutes) the location being irrevocably discarded.  If you accidentally hit the back button before confirming, the location is discarded with no warning.
  • During navigation, cancelling out of the navigation causes the location to be discarded with no option to resume navigation and no save of the location.

These issues made the feature useless – especially for me, who wants a way to quickly tag a location for return navigation when I’ve got my hands full.  I can’t wait and press the nav button again to confirm after a delay, and having the location discarded would be really bad.  I’m talking lost in the woods, miles from anything, in the pitch black kind of bad.

However, a new firmware update has corrected this!  Now, it’s actually sensible.

  • The last triggered MOB location is saved in the Navigation menu (only the last one, unfortunately, no history).
  • Hitting the MOB hotkey results in immediate navigation to that point without requiring a second keypress.
  • Cancelling navigation requires three keypresses, and the location is still stored in the Navigation menu for recovery.

So, nearly perfect.  What would really make the grade is for the MOB hotkey to automatically save it in Saved Locations so if you accidentally hit it a second time the first location is not lost.

9/10 for Garmin, some more polish required for higher marks.

Quick aside – concatenating PDFs with Ghostscript

A useful little snippet.  This will concatenate multiple PDFs together into one;

gs -dNOPAUSE -sDEVICE=pdfwrite -sOUTPUTFILE=firstANDsecond.pdf -dBATCH first.pdf second.pdf

 

TP-Link TL-POE10R PoE Splitter Ground Loop Issues!

A warning for those who are setting up PoE gear (like I’m researching).  The TP-Link TL-POE10R (a low-cost voltage switchable PoE splitter) has a fairly major issue.  It’s not galvanically isolated.

This means that if you power a device using the splitter, and that device has a non-isolated electrical connection to something that’s independently powered, you may get a ground loop.  This will usually manifest itself as the PoE injector shutting down, but may manifest itself as anything from shorting out components to starting a fire (extremely unlikely).

NOTE – This is not an issue if you have no non-isolated electrical connections going from the device attached to the splitter.  So if you have a Raspberry Pi attached to the Ethernet cable on the splitter and being powered by the splitter you’re cool.  But if you plug an HDMI cable from the RPi going into a TV while it’s being powered by the splitter, sparks may fly.

The solution is to either be careful, buy a proper isolated splitter, or use a DC-DC isolating converter.

Reference article here.