Author Archives: Ruben

Graylog Syslog Input Failed to start on port 514

Probably you are having the same issue as me, so let me clarify. You can use lower ports when you run Graylog as root, since this is not the case how can we fix this? The catch is redirecting traffic from a different port 1514 to port 514 UDP/TCP.

Assuming that you are using Two Input Streams

[email protected]:~$ sudo iptables -t nat -A PREROUTING -p tcp –dport 514 -j REDIRECT –to 1514
[email protected]:~$ sudo iptables -t nat -A PREROUTING -p udp –dport 514 -j REDIRECT –to 1514

[email protected]:~$ netstat -nutlp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN –
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN –
tcp 0 0 127.0.0.1:27017 0.0.0.0:* LISTEN –
tcp6 0 0 :::22 :::* LISTEN –
tcp6 0 0 10.4.252.246:9000 :::* LISTEN –
udp 0 0 127.0.0.53:53 0.0.0.0:* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –
udp6 0 0 :::1514 :::* –

[email protected]:~$ sudo iptables-save
# Generated by iptables-save v1.6.1 on Tue Jul 23 13:04:56 2019
*nat
:PREROUTING ACCEPT [33:2312]
:INPUT ACCEPT [84:11215]
:OUTPUT ACCEPT [33:2344]
:POSTROUTING ACCEPT [33:2344]
-A PREROUTING -p udp -m udp –dport 514 -j REDIRECT –to-ports 1514
-A PREROUTING -p tcp -m tcp –dport 514 -j REDIRECT –to-ports 1514
COMMIT
# Completed on Tue Jul 23 13:04:56 2019
# Generated by iptables-save v1.6.1 on Tue Jul 23 13:04:56 2019
*filter
:INPUT ACCEPT [111065:37834236]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [106771:36862434]
COMMIT
# Completed on Tue Jul 23 13:04:56 2019

Below you can confirm if the Policy is working, in this case the Chain OUTPUT.

[email protected]:~$ sudo iptables -L -v -n
Chain INPUT (policy ACCEPT 124K packets, 42M bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 119K packets, 41M bytes)
pkts bytes target prot opt in out source destination

Juniper Open Learning: JNCIE-ENT Certification Exam Preparation

Tuesday, June 11, 2019 7:00 AM PST If you are considering taking or actively preparing for the Enterprise Routing and Switching, Expert (JNCIE-ENT) exam (and joining the #JNCIEClub2019), then join us for a free certification prep session. This session will address many of the common questions candidates have prior to taking a JNCIE exam and it will give you an opportunity to ask your own questions. As a BONUS, registrants will also receive a 25% discount voucher for the purchase of a JNCIE-ENT Self-Study Bundle. You will receive your discount voucher via email within 1-2 days after the event has run. Hurry up, seats re filling fast.

To register for the webcast follow this ink https://learningportal.juniper.net/juniper/user_activity_schedule_info.aspx?id=153691&activity=11121


No tags for this post.

CLEUR Barcelona 2019 Day 1

A very exciting first day with swags, Cisco Champion giffs, and do networking with really nice people about new trends and challenges in the industry. Why Cisco Live? it’s the opportunity to talk with your peers, explore, connect, and be inspired by Cisco’s top experts, partners, and customers. It’s an event you don’t want to miss.

CCIE Security Techtorial – TECCCIE-3202

I was really interested on this session, but it turns out that it was just a lecture instead of a hands-on session like in other tracks. The session went smooth with some questions about ISE, ESA and WSA. A few videos were provided as well on how to configure certain tasks on some of the platforms mentioned before, not a big deal.

It was awesome to meet all the team and have some chat. I would like to say thank you to Yusuf Bhaiji, Ziaul Hussain, Vivek Santuka, Ana Peric

If you are looking to start your CCIE Security journey find here CCIE Security Study Material  the most relevant materials for study.

How to upgrade Arista switches

This is a quick guide on how to upgrade Arista switches, you need to have a support contract with Arista to donwload their latest version of software.

Confirm the actual version

ARISTA-7504-02(s1)(config)#show version
Arista DCS-7504N
Hardware version: 12.00
Serial number: HSH18100113
System MAC address: 2899.3a61.db81Software image version: 4.19.8M
Architecture: i386
Internal build version: 4.19.8M-8840164.4198M
Internal build ID: c419af27-06da-4a41-b1c3-567309a30adeUptime: 19 hours and 46 minutes
Total memory: 31583780 kB
Free memory: 28199196 kB

Entering in bash mode

ARISTA-7504-01(s1)#bash

Arista Networks EOS shell

[[email protected] ~]$ scp [email protected]:EOS-4.20.8M.swi /mnt/flash/EOS-4 .20.8M.swiEOS-4.20.8M.swi
Warning: Permanently added ‘10.4.252.246’ (RSA) to the list of known hosts.
[email protected]’s password:
EOS-4.20.8M.swi 100% 596MB 85.1MB/s 00:07

Copying the firmware required, it’s possible to copy it using different methods

[[email protected] ~]$ exit
logout
ARISTA-7504-01(s1)#conf t
ARISTA-7504-01(s1)(config)#install source ?
certificate: Source path
extension: Source path
file: Source path
flash: Source path
ftp: Source path
http: Source path
https: Source path
scp: Source path
sftp: Source path
sslkey: Source path
terminal: Source path
tftp: Source path

After copy the firmware over, it’s time to install and reboot it

ARISTA-7504-01(s1)(config)#install source flash:EOS-4.20.8M.swiEOS-4.20.8M.swi reload now
Preparing new boot-config… done.
Committing changes… done.
Reloading…Broadcast message from [email protected] (Thu Sep 13 13:28:29 2018):The system is going down for reboot NOW!

Once rebooted, the new version is ready!

ARISTA-7504-01(s1)#show version
Arista DCS-7504N
Hardware version: 12.00
Serial number: HSH18100137
System MAC address: 2899.3a61.db99

Software image version: 4.20.8M
Architecture: i386
Internal build version: 4.20.8M-9384033.4208M
Internal build ID: 5c08e74b-ab2b-49fa-bde3-ef7238e2e1ca

Uptime: 3 weeks, 4 days, 3 hours and 52 minutes
Total memory: 31579144 kB
Free memory: 28315128 kB

Magic Quadrant for Enterprise Network Firewalls 2018

Security landscape is evolving fast, so fast detection and mitigation is important for customers.   Many enterprises are looking to firewall vendors to provide cloud-based malware detection instances to aid them in their advanced threat detection efforts, as a cost-effective alternative to stand-alone sandboxing appliances.
SSL Decryption is one of the key topics, since TLS 1.2 to the TLS 1.3 standard will undoubtedly force changes in how enterprise firewall vendors process the traffic.
Policy Orchestration and Automation Become Critical on SDN deployments, some vendors haven’t provide much attention om this topic. Firewall Services Within IaaS Environments Become an Area of Differentiation.

Magic Quadrant for Enterprise Network Firewalls

Full Report on Report Magic Quadrant for Enterprise Network Firewalls 2018

Cisco Firepower Forbidden- you don’t have permission to access

After re-image FPR2110 from FTD to ASA9.8.2, the chassis (FXOS) mgmt interface UI become unaccesible giving the following error “Forbidden- you don’t have permission to access / on this server”.

In a nutshell, i could access FXOS via SSH and ASA (SSH & HTTPS) but the FXOS Chassis Management was broken. After spend some time, the only way to get this sorted was upgrade for the version 9.9.x

After upgrade, everything was working again.

 

Be a Cisco Champion 2019

Cisco Champion program is looking for the best and the brightes tech enthusiasts who are also active members of the community.

If this sounds like you, then submit your application for the 2019 Cisco Champion Program. Cisco Champions are an elite group of technical experts who are passionate about IT and enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The program has been running for 5 years and is just getting started!

If you still not believing give a look on Cisco Champions discussing the benefits of the program at CLUS this year.

The application form will be open from October 30th  – November 12th, 2018. 

Fill out the application to be a 2019 Cisco Champion.

 

References:

https://blogs.cisco.com/perspectives/cisco-champions-2019-applications-now-open

Juniper Cross-Track Recertification for Associate-Level Exams

Do you have an associate-level exam that is coming up for renewal? Rather than retaking the same exam, you can now recertify your certification by passing another associate-level exam.

On September 21, the Juniper Networks Certification Program (JNCP) updated the recertification policies to allow for cross-track recertification for all associate-level exams. If, for example, your JNCIA-Junos certification is coming up for renewal, consider attempting the JNCDA, the JNCIA-Cloud, or the new JNCIA-DevOps certification exam instead. If you pass, not only will you have earned a new certification, but you will have also recertified an existing one.

Plus, you’ll be on your way to earning our new JNCIAx3 or JNCIAx4 multi-certification badges.

Learn more on the JNCP Recertification webpage.

Dell Networking OS10 using GNS3

Dell EMC Networking OS10 combines the best of Linux, open computing, and networking to advance open networking disaggregation. OS10 is a transformational software platform which provides networking hardware abstraction through a common set of APIs.
You can enable consistency across compute and network resources for your system operator (sysops) groups that require server-like manageability, as well as leverage your existing network con€guration.
You can simulate OS10 devices using OS10 VM appliances. The OS10 VM appliances execute the same software deployed on OS10-enabled hardware devices, with the exception of the hardware abstraction layer. The OS10 VM hardware abstraction layer simulates hardware devices in a VM environment.

All CLI commands as well as RESTCONF and SNMP interfaces are available in the OS10 simulation environment. You can build sandbox environments to learn open networking concepts, and prototype network operations and scripts risk-free.

Dell OS10

OS10 simulation features

All OS10 CLI commands and north-bound interfaces (RESTCONF, SNMP) are available including:

  • System management (SSH, AAA, DHCP, and so on)
  • Management port

L3 data plane and control plane (using Linux functionality)

Partial support for L2 data plane and control plane (using Linux functionality):

  • LACP
  • VLAN
  • LLDP
  • VLT

OS10 feature limitations

  • No ACL or QoS support (NPU is not available) — ACL and QoS CLI commands are available (but have no effect on trafc)
  • Limited L2 functionality (NPU is not available on simulator) — no spanning-tree control plane functionality
  • No breakout mode for simulated ports
  • Defaults to S6000-ON hardware platform simulation

Requirements

  • Workstation or laptop with 16 GB RAM or larger recommended
  • 64-bit x86 CPU with 2 GHz or faster core speed (dual-core or larger recommended)
  • SDD with 64 GB available space
  • Virtualization environment — you can use either Windows, Linux, or VMware ESXi as a host system for the GNS3 Server VM environment
  • VMware ESXi server recommended for large network simulation

Download

https://cld.pt/dl/download/fff9c764-59cb-4521-8bd9-e9eeb38519c8/os10_virtualization_10.4.1.0v.zip

https://cld.pt/dl/download/2f61626b-f1fe-4415-8825-4357823e5ed8/os10_virtualization_guide.pdf