I am not using real-time asterisk , But still astdb.sqlite3 contains entries of online peers with Reg.Contact information in SIP/registry/peer. key . I would like to store contact information of all peers as they come online in a separate persistent database. I need this for sending push notifications by fetching deviceID etc information in registration contact .
I tried to pull this information from astdb.sqlite3 but the entries are clearing off as soon as devices go offline .Though I am able to fetch the information with "sip show peer XXXX" in asterisk CLI , It is overburdened to fetch every time like this . Instead I want to save only Regcontact information for all the devices in a database ( without realtime) as the devices come online. The other way I tried to pull the information is using AMI event listener. But with AMI I don't see complete information like contact information It displays only below information
Event: PeerStatus
Privilege: system,all
SequenceNumber: 75
File: manager.c
Line: 1856
Func: manager_default_msg_cb
ChannelType: SIP
Peer: SIP/2030
PeerStatus: Reachable
Can someone suggest a better way to push Only Regcontact information to a database as the devices come online .
There are no mechanism like that in asterisk.
You can use kamailio or write patch similar to this one https://reviewboard.asterisk.org/r/4490/
It sounds like you have dynamic IPs for your endpoints, and you want a way to update a separate DB as soon as a device registers with an IP/port pair.
If you enable the security log, you will see all auth events, including the "SuccessfulAuth" event, which includes the RemoteAddress of the endpoint (including port and protocol).
Here is an example line:
[Jul 21 19:53:45] SECURITY[1342] res_security_log.c: SecurityEvent="SuccessfulAuth",EventTV="2020-07-21T19:53:45.182+0000",Severity="Informational",Service="SIP",EventVersion="1",AccountID="102",SessionID="0x7f41040132c0",LocalAddress="IPV4/UDP/10.0.0.200/5060",RemoteAddress="IPV4/UDP/10.0.0.75/5062",UsingPassword="1"
If all you're looking for is AccountID="102" and RemoteAddress="IPV4/UDP/10.0.0.75/5062", a very fast/cheap way to get it is to enable the security log, and use a script to tail it and update your DB as soon as the event occurs. I like to keep the security log on anyways for utilities like fail2ban. Just make sure your script is able to reopen the file each time it is rotated.
Edit:
By default the log is in /var/log/asterisk. To enable it, edit /etc/asterisk/logger.conf and un-comment (or create) the line under [logfiles] that says security => security.
Related
My place of business currently uses Reflection for Unix and OpenVMS to handle a database of customers. I access this database directly through the Reflection emulation. The only way to get data out of Reflection is to navigate to a single customer via keyboard input and print the information to a .txt.
Is there anyway I can access the VM other than through Reflection with the end goal of automating retrieval of customer information from a Java script executed outside of the Reflection environment? This is the information I can gather via the Reflection interface about what I am connecting to:
At the bottom of the Reflection interface - VT500-7 -- HOST_NAME via SECURE SHELL
Via the Connection Setup drop-down:
Host name: HOST_NAME
SSH config scheme: AutoKeyLogin
User name: username
Via the Security... button:
General tab:
Port number: 22
User Authentication: [x] Public Key
[x] Password
User Keys tab:
Use Name Type Location
[x] username1user DSA C:\Documents\PathToSSHKey\.ssh
Host Keys tab:
Host Type Fingerprint
HOST_NAME, 111.1.111.11, 22 DSA 39:14:f3:123:fds:restOfFingerprint
There is more information available if the solution is possible but I have just not provided enough to solve it, so please ask.
Given that I have the host name, port, .ssh, and host key, is it possible to connect to and read from the VM that I am otherwise connecting to normally via the Reflection emulator?
NO. Reflection (other example is PuTTY) is just a dumb-terminal emulator, here using the (secure) SSH protocol to connect to some Operating System. From the information provided we cannot even tell which OS. Maybe OpenVMS maybe some Unix. Most certainly not a 'VM', but a physical box. Maybe a Alpha, Integrity, Sun, IBM or Intel server.
IF, big if, it is OpenVMS you would possibly see something like this flash by on entry:
XXX - HP rx2600 (1.50GHz/6.0MB) OpenVMS IA64 V8.3-1H1
Last interactive login on Thursday, 7-DEC-2017 13:23:19.83
Last non-interactive login on Wednesday, 6-DEC-2017 12:35:45.80
Most likely username uses is set up to always start a (shell) script which starts a menu from which a program is activated, which knows how to access data record. IF is it OpenVMS then the actual data is likely stored in RMS (indexed) files, but it could in a proper (Oracle RDB or RDBMS) database.
If bulk access to the data is needed then you need to talk to the system/application manager for the system 'HOST_NAME' and ask them about the application and its database.
You may find that there is FTP, ODBC or JDBC or natice DB (OCI?) access to the data avaiable already, or that this can be requested. Likely tools in this space are ConnX, Attunity Connect, and such.
First you'll need to find out which OS/Platform/Version, which application (3rd party? home grown? 4GL? Cobol? Basic? and ultimately, which database/storage method.
That's not to say that some terminal emulator cannot be 'tricked' (google -
screen scraping) to be programmed to fetch a series of data on command, but that will always be error prone and laboriously for limited volumes.
You are better of trying to get proper data access.
Good luck! You'll need some.
Hein
We have Sterling file gateway with UI and everything and we also have control center where we see the file transfers from SFG. Trying to find out how i can subscribe to the events from Filegateway[SFG] programmaticaly. The documentation is not clear on if there is a way to do this.
The Database tables FG_EVENT and FG_EVENTATTR contain the details about Filegateway events.
Example of SQL query:
select * from fg_event t1,fg_eventattr t2 where t1.event_key=t2.event_key and
event_code='FG_0422'
You can add different criteria to the SQL query to filter on filename, type of delivery, date , etc ...
Then you can use SQL queries with any client to query the Database.
Sterling Control Center can monitor the following events:
•Arrived File events - every Sterling File Gateway Arrived File status code is recorded as a successful (FG_0411 - Arrived File Routed) or a failed (FG_0455 - Arrived File Failed) file transfer
•Route events
•Delivery events
More information about IBM Control Center.
There is also another way to invoke business processes by certain events:
Edit the listenerStartup.properties and listenerStartup.properties.in files to include the line:
Listener.Class.xx=com.sterlingcommerce.server1.
dmi.visibility.event.XpathBPLauncherEventListener
Where xx is the next available number according to how many listeners are already enabled in the file.
Edit the visibility.properties and visibility.properties.in files to add the necessary information to configure the listener to launch the proper business processes based on the correct events. The pattern for registering the events with the listener is:
bp_event_trigger.X=eventPreFilter,xPathExpression,bpname,userId
There is an example in this page:
https://www.ibm.com/support/knowledgecenter/SS3JSW_5.2.0/com.ibm.help.aft.doc/SI_AFT_InternalEvent.html
I would like to host my webapp on Firebase, since I'm using their services and functionalities since a long time (before Firebase was inside Google and since its static hosting service was named Divshot... ).
But I've got a demo domain from Freenom (.tk domain) and I was wondering how to connect this with firebase:
I can set only this paramater relative to TXT record:
dns management
so where should I define the parameters needed
google-site-verification=...
?
Thank You to all!
PS: I've already seen
Firebase hosting custom domain error
and related
firebase-talk Dqmz9Iuio54
and
and the question: how-can-i-verify-my-custom-domain-using-domains-google-com/39020649#39020649
but none of them seems to respond to my problem...
PS: I've come here from firebase support page where StackOverflow is the first choice.
Thank you!
Leave the "Name" field blank and fill "Target" with the google-site-verification=... value. Once you've done so, things should go through. One way to check is to run:
dig yourdomain.tk TXT
If you've done it correctly, you should receive back the google-site-verification=... value. It may take some time to propagate before it starts showing up.
DNS registrar / records host: delete TXT records pointing to
firebase.
firebase console: delete the custom domain.
firebase console: add custom domain.
copy the two TXT records from firebase to DNS host
DNS record host should include two entries with one yourdomain.tk and www.yourdomain.tk
Once the yourdomain.tk is added it'll show as empty and other entry will be shown as www.
The copy the two given A records to Freenom DNS records.
There will be 4 A records two for yourdomain.tk and two for www.yourdomain.tk.
Wait 24-48 hours to see if the changes work.
If it doesn't work, contact firebase support from the console; be sure to take screen shots of the DNS records and the firebase console. These will help the firebase support team to troubleshoot the problem.
Mean while you can check for the dns propagation by using below tutorial
The Firebase Hosting servers run what is essentially this command for verifying the TXT records for your domain:
dig -t txt +noall +answer yourdomain.tk
If you immediately run this command right now, you might not get results. If the Firebase servers are seeing the same in their DNS query, they will not be able to continue.
That means that either you didn't save/apply your changes yet, or they haven't propagated everywhere yet. The longer it takes for the changes to show up, the more likely it becomes that you still need to take some action at your DNS provider
I am getting this error while connecting to IBM MQ. I know that this is because of privileges, but is there any way just to check the connection with IBM MQ?
Please suggest.
The 2035 suggests that your connection is getting to the QMgr. If you had the wrong channel name, host or port you would get back a 2059. The 2035 means that the connection made it to the listener, found a channel of the name that was requested and attempted a connection.
If you want to test past this point it will be necessary to either authorize the ID that you are using to connect or to put an authorized ID in the MCAUSER attribute of the channel.
For a detailed explanation of how the WMQ security works on client channels, see the WMQ Base Hardening presentation at http://t-rob.net/links.
If you enable authorization messages then the 2035 will show up in the event queue. Then you can look at the message and see what ID was used to connect and what options were used too. The 2035 might be because you asked for set authority on the queue manager or something else you aren't supposed to have. The authorization messages wil show you that.
You can also resolve this By setting mcauser('mqm') .. i was able to overcome 2035 error.
Define channel (channel1) chltype (svrconn) trptype (tcp) mcauser(‘mqm’)
Esp thanx to my SENIOR Bilal Ahmad (PSE)
You have to check the privileges with an MQ administrator.
You can use dspmqaut to check the grant.
Below is the sample to give user poc access to Queue Manager QM1 and Queue LQ1
# check the access right of user POC to QM1
dspmqaut -m QM1 -n LQ1 -t q -p poc
# if you want to give access, you should use
setmqaut -m QM1 -n LQ1 -t q -p poc <access Types>
# eg (put everything - in the real live scenario, choose only what you want to grant) :
setmqaut -m QM1 -n LQ1 -t q -p poc +put +get +browse +inq +set +crt +dlt +chg +dsp +passid +setid +setall +clr
Then dont forget to restart QM1 with
endmqm -i QM1
strmqm QM1
Finally, you should be able to proceed without error 2035.
I have been struggling with this for ages too. Eventually I found this solution. (If you can call turning off authentication a solution.)
I am using version
- IBM Websphere 9.1.0.201807091223
From IBM's website they advise turning connection authentication off!!!
Resolving the problem Disable channel authentication
You will need to disable connection authentication, at least
temporarily. There are known issues in FTM for Check with regard to
using MQ connection authorization. These problems are actively being
addressed and fixes will appear in a future fix pack. The target is
fixpack 3.0.0.8.
Steps to disable connection authentication: Open MQ command console
and type runmqsc ALTER
AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS) AUTHTYPE(IDPWOS)
CHCKCLNT(NONE) CHCKLOCL(NONE) Restart the queue manager for this
change to take effect.
Source http://www-01.ibm.com/support/docview.wss?uid=swg21962081
On this topic if you are using MQSeries 9.1 in a test or development environment you can disable channel authentication with the following approach :
. Launch MQ command line utility with the following :
runmqsc (for example runmqsc QM1)
. Disable authentication for all channels with the following command
ALTER QMGR CHLAUTH (DISABLED)
For a Q/Q-manager running on Windows, you may have to create the user on the Q/Q-manager machine [i.e. create a user on the Q-machine to match the user on the Q-client machine], and then add that user to the 'mqm' group on that machine.
Steps:
Ensure that the domain user that is being used to create the Q CLIENT [i.e. the user that the Q-client app is running under] also exists on the box with the Q/Q-manager. You may be able to just create a local user on the Q/Q-manager box [, or you may have to do some more complicated creation of an Active Directory user - I can't help you there].
On the Q/Q-manager box, add the user you have just created [or the existing one, if it already exists] to the mqm group. [On a Windows server box you will need to use the Microsoft Management Console (1. 'mmc' from the command line, 2. File > Add/Remove SnapOn > Local Users & Groups, 3. add user to group)]. The 'mqm' group should already exist on the Q/Q-manager machine.
Error MQRC 2035 basically means that your application has been able to connect to the queue manager, however due to certain absence of permissions/authorizations, it was unable to put/get/publish/subscribe messages.
To resolve this, at first, try these steps in order to disable the authorizations from queue manager and channel. Use this only if it isn't a production queue manager.
Always check the queue manager logs. It tells you exactly where you need to look into, and resolve the issue.
In this case, generally, you can issue the following commands after doing a runmqsc on the queue manager :
ALTER QMGR CHLAUTH(DISABLED)
Then set the chckclnt object(under authinfo) to optional
DISPLAY QMGR CONNAUTH
DISPLAY AUTHINFO(name-from-above) ALL //name from the first commands
ALTER AUTHINFO(name-from-above) AUTHTYPE(IDPWOS) ADOPTCTX(YES)
ALTER AUTHINFO(name-from-above) AUTHTYPE(IDPWOS) CHCKCLNT(OPTIONAL)
REFRESH SECURITY TYPE(CONNAUTH)
SET CHLAUTH('*') TYPE(BLOCKUSER) ACTION(REMOVEALL)
This helps remove any blocks that the channel is creating against any user.
SET CHLAUTH(your channel name) TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL)
This should resolve your issue, since we have disabled every authorization that an application has to pass in order to do anything on a queue manager.
Now, in case you are using a production queue manager, NEVER remove authorizations.
Go, and right click on any QM that you have configured in your MQ explorer. Go to the QM authority, and authority records. Click on create new user, and give the same name as the username your application is using. Select all the checkboxes, then copy from the space below all the commands that are given. Namely, setmqaut. Edit with your queue manager name, and issue them!
----Never give up, the answer is where you have not looked yet--------
I am writing an web-application which needs to receive e-mail messages to users' internal email addresses, let administrators approve them, and then forward to corresponding user's external mailbox.
I have installed and configured postfix for message receiving task. It uses virtual e-mail addresses, and my existing database where user email addresses are stored. Local email storage is maildir and I use postfix's virtual MDA.
Basically, I would like to execute a script every time a new message is received, and for which user (maildir message id would be very helpful too). Then I could read the message from python code (python had a module for maildir messageboxes) and insert it in database.
I can think of three ways to do this:
iterate user maildirs and check
if there are any new messages, but it would be ineffective for large number of users.
use dbmail and then check if there are any new messages in database (this would be quicker, but I'd have to configure everything from scratch). Besides, existing user data tables cannot be used.
write a wrapper around maildrop/virtual to save message in db and in maildir as well, but I'd need a way to check if received message is valid and successfully saved by the real MDA.
Any suggestions appreciated!
In the /etc/aliases file you can specifiy a program which gets executed everytime a user recieves a mail. This program gets the mail on stdin. So you dont have to poll and your program gets run instantly.
In response to my own question, I used postfix content_filter with X flag set in pipe and process receiving address and message manually. Since I didn't need to access messages in maildir, this approach works fine for me.