Search Posts on Binpipe Blog

Notes on Legato Networker Recovery - 2

Recovering files that have dropped out of the browse period.

Why ? Legato Networker has a concept of browse policy and retention policy. When you do backups with Networker, a client index is created, which allows easy file recovery at a future date. However, many sites want to keep tapes for a long time before re-using them. This varies from three months to two years from site to site. However, the size of the browsable index would become huge on a large system. Whilst it may well be possible to keep a years worth of on-line index for a small system, for a large sites' main UNIX fileserver it would be ridiculous, as maybe fifty gigabytes of disk area would be required just to store the index. So, the retention period is how long the tapes are kept after the last saveset was written to the tape, and the browse policy is how long the entries for recovering are kept in the Legato server's on-line index.

The usual policy is to have a browse policy of a month. This satisfies the large majority of file restore requests that are received, and gives an index overhead of about 2% or so.

If someone then comes in and wants a file recovered that was deleted two months ago, the recovery operation is more complicated than recovering a file deleted two weeks ago.

There are two approaches to recovering these files that are not in the file index any more.

    Recovering the browsable index
    Recovering without an index

Also, scanner with no options gives no feedback unless it is recovering. On slow tape devices like DATs, this can mean hours without any indication of things in progress. To get more information on what's happening, see getting feedback on scanner progress
Recovering the browsable index.
One is to rebuild the online index using the scanner command on the Legato server.

First of all, you need to know when the file was created, and when it was last in a satisfactory state. Given this information, you can then find out what tape it's on using the  mminfo command.  It's normally easier to get the file from a full backup, especially if  the owner is unsure of it's creation date.
The easiest way to get the index back is with

scanner -i -S SaveSetID  /dev/rmt/non-rewind

However, the entries added into the index will never be automatically purged,  you must pull them out by hand with nsrmm -d -P  -S SaveSetID  You MUST put in the -P option, otherwise you delete the entries from the media index as well as the browsable file index. This is disastrous, as it means you cannot repeat the exercise without running scanner -m on the deleted volumes. This isn't a problem if you realise straight away. However, when all you know is that one of the 200 tapes was purged from the media index, you have a lot of work ahead of you.

As an example, here is an entry for a scanned-in saveset.

wlfiles# mminfo -v -q 'ssid=46095'
 volume        client       date     time      size       ssid fl  lvl name
wl.incr.031.DLT wlntsv1   04/22/98 21:20:28  283 MB      46095 cS incr E:\

The cS filed at the right in the fl field means the complete saveset is on this tape, and it is manually scanned in.
Once the recover is complete, we want to remove the index entry.
So, given the info above,

wlfiles# nsrmm -d -P  -S 46095
Purge file index entries for save set `46095'? y

This deletes the entry from the  file index, but leaves the media index entries alone. So, when we run  a query again, we get:

wlfiles# mminfo -v -q 'ssid=46095'
 volume        client       date     time      size       ssid fl  lvl name
wl.incr.031.DLT wlntsv1   04/22/98 21:20:28  283 MB      46095 cr incr E:\

The S in the fl field has now changed to an r. Where S stands for Scanned-in, r means recoverable, or can be got back from the tape.
The other options in the second character are b for browsable, i.e. still in the file index, and E, for eligible for recycling.

If you have different SSID numbers that follow on as they are part of the same filesystem, just delete the first in the series

dfe@nsrhost> mminfo -v -q volume=wl.full.091.DLT,volume=wl.full.092.DLT | grep 'E:'

wl.full.091.DLT wlntsv1   04/02/99 01:08:00 2000 MB     172818 cS full E:\
wl.full.091.DLT wlntsv1   04/02/99 01:08:01 2000 MB     172820 cS full <1>E:\
wl.full.091.DLT wlntsv1   04/02/99 01:08:02  893 MB     172824 hS full <2>E:\
wl.full.092.DLT wlntsv1   04/02/99 01:08:02 1107 MB     172824 tS full <2>E:\
wl.full.092.DLT wlntsv1   04/02/99 01:08:03 2000 MB     172825 cS full <3>E:\
wl.full.092.DLT wlntsv1   04/02/99 01:08:04 2000 MB     172828 cS full <4>E:\
wl.full.092.DLT wlntsv1   04/02/99 01:08:05  250 MB     172829 cS full <5>E:\

dfe@nsrhost> nsrmm -d -P -S 172818
dfe@nsrhost> mminfo -v -q volume=wl.full.091.DLT,volume=wl.full.092.DLT | grep 'E:'

wl.full.091.DLT wlntsv1   04/02/99 01:08:00 2000 MB     172818 cr full E:\
wl.full.091.DLT wlntsv1   04/02/99 01:08:01 2000 MB     172820 cr full <1>E:\
wl.full.091.DLT wlntsv1   04/02/99 01:08:02  893 MB     172824 hr full <2>E:\
wl.full.092.DLT wlntsv1   04/02/99 01:08:02 1107 MB     172824 tr full <2>E:\
wl.full.092.DLT wlntsv1   04/02/99 01:08:03 2000 MB     172825 cr full <3>E:\
wl.full.092.DLT wlntsv1   04/02/99 01:08:04 2000 MB     172828 cr full <4>E:\
wl.full.092.DLT wlntsv1   04/02/99 01:08:05  250 MB     172829 cr full <5>E:\

Deleting the first part of the series deleted all the parts of the series.

    Back to the top

Recovering files without the browsable index.
You don't need the browsable index to do file recovers.

The easiest way is to use the nwadmin program, and to select the "Save Set" then "Recover" option from the menu. Select the client you wish to recover for, then select the save set you wish to recover, and select the date you wish to recover from. Next, click the recover button.  You MUST give a filter on the "Paths to recover" window in the Save Set Recover window, otherwise you will attempt to recover all the files in the save set, which will add least fill up your disks and could result in you over-writing later data with the data from the backup tapes.

This does rely on you knowing accurately  the date that the file was last modified, and the full pathname of the file. If you do not have this, you can relocate the data to a new disk area, and then the file owner can browse this filesystem to find the file they want.

It is also possible to use command-line tools to recover the files, but this is harder.

For example, I want to recover a file that I created at the end of August, deleted in the middle of September. I'm unsure of the exact dates. You work out that the file is in my home directory, under projects/plans/mail-upgrade.text  You can work out that my home directory is wlfiles:/local34.

Next, find out which tapes this will be on.

mminfo -q 'level=full, savetime >= 09/01/97, client=wlfiles, name=/local34' -v

 volume        client       date     time      size       ssid fl  lvl name
wl.full.024.DLT wlfiles   09/06/97 01:17:57 2000 MB      87800 cr full /local34
wl.full.029.DLT wlfiles   09/20/97 01:28:17  595 MB      90659 hr full /local34
wl.full.030.DLT wlfiles   09/20/97 01:28:17 1405 MB      90659 tr full /local34
wl.full.034.DLT wlfiles   10/04/97 01:22:25  842 MB      93611 hr full /local34
wl.full.035.DLT wlfiles   10/04/97 01:22:25 1158 MB      93611 tr full /local34
wl.full.041.DLT wlfiles   10/18/97 03:49:44 2000 MB      96735 cr full /local34
wl.full.044.DLT wlfiles   10/24/97 01:31:49 2000 MB      98263 cb full /local34
wl.full.047.DLT wlfiles   11/06/97 22:00:31 2000 MB     101439 cb full /local34
wl.full.051.DLT wlfiles   11/20/97 22:01:46 2000 MB     104043 cb full /local34

the tapes that are cr or cb are the easiest to work from, as only one tape is needed. ( it's c for complete, i.e. stored on one tape. ) This means that the backup dated  09/06/97 on tape wl.full.024.DLT is the one we want.  Unfortunately, you cannot have a <= for savetime, so we get everything since October 1st 1997 until the present date..

Some disks have more data than Legato can fit into a single save set. In these cases,  the save set is split up into multiple save set IDs, but if each save set is on one tape, it will be marked as complete. The following parts of the save set have a different SSID number, and following the save name /savearea, the following saves have a save name of <1>/savearea, <2>/savearea, and so on.

Below is a save set listing for a 9 gig disk.

wl.full.021.DLT wlfiles   08/30/97 02:31:24 2000 MB      86393 cr full /local15
wl.full.021.DLT wlfiles   08/30/97 02:31:25 2000 MB      86396 cr full <1>/local15
wl.full.021.DLT wlfiles   08/30/97 02:31:26 2000 MB      86401 cr full <2>/local15
wl.full.021.DLT wlfiles   08/30/97 02:31:27  544 MB      86409 hr full <3>/local15
wl.full.022.DLT wlfiles   08/30/97 02:31:27  750 MB      86409 tr full <3>/local15

Back to the top  save set list. Next, to speed up the recover operation, we want very verbose reporting on ssid 87800

To get these, we run:

mminfo -q 'ssid=87800' -V

Which produces a lot of output. To make life easier, use

mminfo -q 'ssid=87800' -V -o t | head

which will return the details with the starting point at the top of the list, and the first entry will be the one of interest.

mminfo -q 'ssid=87800' -V -o t | head -4
 volume        client       date     time      size   level  name
  save time       ssid      first       last file  rec      volid      total fl
wl.full.024.DLT wlfiles   09/06/97 01:17:57  4.4 MB    full  /local34
  873505077      87800          0    4548907   97 5839        662 2048003016 hr

So, we place the tape  wl.full.024.DLT  into the tape device, mount the tape and run:

scanner -S 87800 -f 97 /dev/rmt/non-rewind-dev | uasm -rv /local34/users/itss/dfe/projects/plans/mail-upgrade.text

Some Legato servers do not prefix the directory info as part of the save set information. In these cases, the directory specified in the client setup save set options is treated as the root file system for the backup.

scanner -S 87800 -f 97 /dev/rmt/non-rewind-dev | uasm -rv /users/itss/dfe/projects/plans/mail-upgrade.text

The /users/itss/dfe/projects/plans/mail-upgrade.text entry  is a prefix, so if you had the entry as /users/itss/dfe/projects/plans You would recover all files below the plans subdirectory.

This will recover  the file mail-upgrade.text as long as it doesn't exist.

uasm -rv -iY will overwrite the existing file
uasm -rv -iR will rename the recover file from filename through filename.R  to filename.R.R and prompt for intervention if the file already ends in a .R ( default response is add another .R but this cannot be made automatic from the documented uasm options )

In the example above for the save sets plit up into 2 gig chunks, scanner will automatically roll forward onto the next save set, as long as it is on the same tape. When SSID 86409 for name <3>/local15  runs out, you will be prompted for the location of the next tape, and then for the optional file and record numbers. Use mminfo -V -q 'ssid=nnnn' again to work out the file number, Just press return for the record number.

If you do not know the path names, you can use

 scanner -S ssid /dev/rmt/0bn | uasm -rvn

This will perform a dry run, consuming the input stream and doing basic health checks on it, but not creating any of the files or directories in the scanner stream ( or the uasm -s stream )

If you wish to recover the files into a new location, you can use the -m/src=/dest option to uasm. This replaces the start of the save set files that begin with /src to start with /dest.

For example,

scanner -S 87800 -f 97 /dev/rmt/non-rewind-dev | uasm -rv /users/itss/dfe/projects/plans/mail-upgrade.text -m/users/itss=/var/tmp

would place all the files into /var/tmp/dfe with appropriate subdirectory structures.
Back to the top

Getting feedback on scanner progress.
The scanner commands work quietly, only producing output when they are actually working on the desired articles. To increase the detail of what is being down, use the -p option, which will print out information save set notes as they are processed, even if they are nothing to do with the current request. -v turns on more verbose reporting, with a tag every hundred records.

These messages are printed to the standard error output, so you can safely use them in a pipe. The -S returns go to standard output, so in the examples above end up being fed into uasm, the -pv returns go to your display without affecting the uasm input.


Notes on Legato Networker Restore Operation - 1

Performing Recoveries from Command Line


Networker recover command


The recover command runs in two modes:


  • Interactive mode � Interactive mode is the default mode for the recover command. This mode places you in a shell-like environment that allows you to use subcommands. These commands let you navigate the client file index to select and recover files and directories.


  • Non-interactive mode (-a option) � In non-interactive mode, the files specified on the command line are recovered automatically without browsing. To activate non-interactive mode, use the �a option.


Using recover in Interactive Mode:


Login to the server you need to recover the file for and then type recover.  This will place you in the recover shell environment.  You can also type recover  [pathname] to set your initial working directory (recover /etc), the default is the current working directory.


[root@legatounixmst /]$recover

recover: Current working directory is /



[root@legatounixmst /]$recover /etc

recover: Current working directory is /etc/



*Note: If you do not get a recover prompted when you type recover, add a �s servername option.


[root@legatounixmst /]$recover  -s



The following commands let you navigate and client file index to select and recover files and directories.





Lists information about the given files and directories. When no name argument is provided, ls lists the contents of the current directory. When you specify a directory as name, the directory�s contents are displayed.


Changes the current working directory to directory. The default is the directory in which you executed recover.


Prints the full pathname of the current working directory.

add [name.. ]

Adds the current directory or the named files or directories to the recover list. If a directory is specified, it is added with all of the subordinate files to the recover list.

delete [name..]

Deletes the current directory or the named files or directories from the recover list. If a directory is specified, that directory and all of the subordinate files are deleted from the recover list.

versions [name..]

List all available versions for a file or directory. If no name is given the current working directory is used.


Change the backup browse time to recover files before the last backup. You will be prompted for new time. Time can be entered as December 15, 2004 or 12/15/2004.


Displays the files on the recover list.


Recovers all files on the recover list from the Networker server. Upon completion, the recover list is empty.


Exits immediately from the recovery


Exits immediately from the recover. Files on the recover list are not recovered.




Using recover in Non-interactive mode:


In non-interactive mode, the files specified on the command line are recovered automatically without browsing. To activate non-interactive mode, use the option.




Recover the /etc/hosts file from the most recent backup


recover  > /etc/hosts



Using the recover Command in Directed Recoveries:


To relocate recovered files use the �d destination option with the recover command. 




To direct recovered files to /restore directory in interactive mode


               recover  -d /restore


To direct the recovery of /etc/hosts file to /restore directory in non-interactive mode


               recover  -a -d /restore /etc/hosts



[root@legatounixmst /]$recover -a -d /restore /etc/hosts


Recovering 1 file from /etc/ into /restore

Requesting 1 file(s), this may take a while...


Received 1 file(s) from NSR server `'

Recover completion time: Thu Nov 18 14:39:15 2004


Using the recover Command to recover a file from a specific date:


Enter the recover shell by typing recover.

Locate the file you need to restore using the ls and cd commands.

List the versions for the file using the versions command,

Use the changetime command to change to the day the file was backed up

Add the file to the recovery list using the add command.



[root@legatounixmst /]$recover

recover: Current working directory is /

recover> versions /etc


Versions of `/etc/':


   4 drwxr-xr-x root     sys          4096 Jan 13 17:48  etc/

     save time:  Thu Jan 13 18:10:27 2005       

      location:  ACW057S2 at PX720


   4 drwxr-xr-x root     sys          4096 Jan 12 17:48  etc/

     save time:  Wed Jan 12 18:07:05 2005       

      location:  ACW059S2 at PX720


   4 drwxr-xr-x root     sys          4096 Jan 11 17:48  etc/

     save time:  Tue Jan 11 18:09:28 2005       

      location:  ACW062S2 at PX720


   4 drwxr-xr-x root     sys          4096 Jan 10 19:48  etc/

     save time:  Mon Jan 10 20:18:09 2005       

      location:  ACW062S2 at PX720


recover> changetime 1/9/2005

time changed to Sun Jan  9 23:59:59 2005

recover> add /etc

recover> recover


PFSense Firewall with Squid Proxy and Filtering

Here, we will see how to set up pfSense 2.0.1 up as an Internet Gateway with Squid Proxy / Squidguard Filtering. I will also show that you have to configure some extra features of pfSense like traffic shapping with squid. This type of configuration would be useful for people who want to set up wireless hot spots or Internet cafe's etc.

This tutorial assumes that you already have a pfsense (version 2.0.1 Minimum) installation running with your network interfaces configured and basic firewall rules configured.



Installing Packages to pfsense

First of all lets start by installing the extra packages that we are going to requires

Login to your pfsense's Web Administrator, and click on "Server -> Packages", scroll down the list and find squid and click on "+" button to install, wait for the process to finish then return to the packages section and look for squidguard and install that package as well.




To confirm that the packages have been installed, refresh the web interface and goto "Services" menu and look for Proxy Server & Proxy Filter, if they both appear in the menu they have been installed correctly, reboot the pfSense Box.


NOTE: There have been a couple of instances where We have had to reinstall the squid package right after We have installed the squidguard package, the reason behind this is after We install the squidguard package We are unable to access the Proxy Server Configuration, if this happens go back to the packages menu, click on installed packages tab, then select reinstall on the squid server entry (this has only happened in versions prior to 2.0.1).


Configuring Proxy Server Package

Once pfsense has been rebooted we want to configure the proxy server settings, (in this tutorial we are going to setup the proxy server as a transparent proxy, if you want to set this part up differently please do you research into squid configuration, the pfsense web site has configuration guides for squid aswell), click on Services -> Proxy Server.

On the General Tab, you want to set the following settings, the Proxy Interface Option should be set to "LAN", and because We are setting this up as a transparent proxy server, tick the "Transparent Proxy" check box.


We recommend logging to be enabled on your proxy server, as it will come in handy should you need to trouble shoot a issue or just see what people are doing on the Internet etc. Tick the "Enabled Logging" Checkbox, set the log store to the default location " /var/squid/logs " rotate your logs every 7 days, set your proxy port to port number 3128 ( remember this port number as we will need it when we set the firewall rules up), add a visible hostname and an administrator e-mail address, and set your required language, then click on the Save button.


Next click on the "Cache Mgmt" tab, by default the Hard Disk Cache Size is set to 100mb, We strongly recommend that you increase this, now it will depend on how big your HDD is that will determine how big you make it, but also keep in mind the more people using this proxy the more space you need to allocate, after that is set leave the rest of the page at default settings and click on Save.


Click on the Access Control Tab next, in the allowed subnets field type in your required subnets, (eg:; keep in mind that if you have more then one subnet accessing this proxy you need to specify each subnet on its own line.


Scroll down until you see "ACL Safeports and ACL SSLPorts" in these fields you will have to type in what ports you want open threw your proxy server, you will need to do some research on this, find out what applications are being used on this network, and specifiy your required porst effectlive. For this howto I am just going to use port 80 and 443 as these are the only too ports that I need to see if you have web pages and for some basic Internet applications to work, if you want other applications to have access to the Internet, do some reading on what ports are required and then update the pfsense box, once set click on Save.


Now for the people who wish to throttle the speed of which users get access to the Internet, click on the Trafic Mgmt tab, and set (in kilobytes) what speed you want to restrict users too, click on Save once done.


Configuring SquidGuard Filtering

Now thats is the proxy server configured, next we are going to configure SquidGuard, click on the Services menu and select the Proxy Filter button, tick the following 3 check boxes "Enable", "Enable GUI Log" and "Enable Log" then click the Save button, once the page has reloaded click on apply and then confirm that the Squidguard service is running by making sure the Squidguard status is set to STARTED.




Stay on the General Settings Tab and scroll down to the blacklist area and tick the box that says Enable Blacklist, and in the blacklist URL type the following, and click Save; this is so we can download the blacklist data. Click on the Black list tab and add the save the same URL as before to the Update Address and click on Download. Wait for the process to complete.





Next click on the common ACL tab, and the click on Target Rules List, and select every rule that you want block or allow, then add a message to the Proxy Denied Error Field, I am currently just using the default one they suggest (look at sceenshot for example), leave redirect mode at Int Error page so it will use the message you type in, tick the Log Check box then click on Save.




Once that is set up test your proxy and make sure everything is working.


Credits to the author of this tutorial on HowtoForge Kyle Hartigan

Red5 Media Server Installation on CentOS 6

Red5 Media Server is a powerful media streaming server. I am still probing the possibilities of using this server and RTMP in various applications. You can follow these steps to install it on your own server and test it out.
Step 1: Installing  Java

You may skip this steps if you have already installed java on your system else use below link to install latest java version.

Step A: Download Archive File

Download java from

# cd /opt/  # wget  

Extract downloaded archive using following command.

# tar xzf jdk-7u25-linux-i586.tar.gz  
Step B: Install JAVA using Alternatives

After extracting java archive file, we just need to setup to use newer version of java using alternatives. Use the following commands to do it.

# cd /opt/jdk1.7.0_25  # alternatives --install /usr/bin/java java /opt/jdk1.7.0_25/bin/java 2  # alternatives --config java    There is 1 program that provides 'java'.      Selection    Command  -----------------------------------------------  *+ 1           /opt/jdk1.7.0_25/bin/java    Enter to keep the current selection[+], or type selection number: 1  

Now you have successfully configured java in your system. Go to next step to check current installed version.

Step C: Check Version of JAVA .

Use following command to check which version of java is currently being used by system.

# java -version  
java version "1.7.0_25"  Java(TM) SE Runtime Environment (build 1.7.0_25-b15)  Java HotSpot(TM) Client VM (build 23.25-b01, mixed mode)  
Step D: Setup Environment Variables

Most of java based application’s uses environment variables to work. Use following commands to setup it.

  • Setup JAVA_HOME Variable
  • # export JAVA_HOME=/opt/jdk1.7.0_25  
  • Setup JRE_HOME Variable
  • # export JRE_HOME=/opt/jdk1.7.0_25/jre  
  • Setup PATH Variable
  • # export PATH=$PATH:/opt/jdk1.7.0_25/bin:/opt/jdk1.7.0_25/jre/bin

Step 2: Install the Apache Ant Binary

Apache ant is a tool similar to make. It is implemented using the java language. It is used for automating software build processes and is best suited to building Java projects. Download the latest apache ant archive and install it.

# cd /opt/  # wget  # tar xzf apache-ant-1.9.0-bin.tar.gz  # mv apache-ant-1.9.0 /usr/local/apache-ant
Step 3: Setup Environment Variables

Its necessory to set environment variables to make it working.

# echo 'export ANT_HOME=/usr/local/apache-ant' >> /etc/bashrc  # echo 'export JAVA_HOME=/opt/jdk1.7.0_25' >> /etc/bashrc  # echo 'export PATH=$PATH:/usr/local/apache-ant/bin' >> /etc/bashrc  # echo 'export CLASSPATH=.:$JAVA_HOME/lib/' >> /etc/bashrc    # source /etc/bashrc
Step 4: Checkout Red5 using Subversion

Red5 source code is available under subversion repository also. So its easier to download code using subversion.

# cd /usr/local/  # svn co  red5
Step 5: Build Red5 using Ant

After finishing downloading code, lets build Red5 using ant libraries using following commands.

# cd /usr/local/red5  # ant prepare  # ant dist
Step 6: Start Red5 Media Server

Red5 media server uses 5080 tcp port for provide web interface.

# cd /usr/local/red5/dist  # ./ &
Step 7: Access Red5 Media Server

Red5 demo pages and application can be accessed at http://servername_or_IP:5080/

URL:   http://192.168.x.y:5080

Nmap Command Usage in Linux Server

If you don't have NMAP yet in your server, use this link to get it installed in your server. The following Nmap commands always come handy, so check them out:

Scan For Unused IP Address

# nmap -T4 -sP && egrep "00:00:00:00:00:00" /proc/net/arp


Get Info About Remote Host Ports And OS Detection

# nmap -sS -P0 -sV -O targetIP


Get List of Servers With A Specific Port Open

# nmap -sT -p 80 -oG - 192.168.0.* | grep open

Change the -p argument for the port number.

Scan Network for Rogue APs

# nmap -A -p1-85,113,443,8080-8100 -T4 --min-hostgroup 50 --max-rtt-timeout 2000 --initial-rtt-timeout 300 --max-retries 3 --host-timeout 20m --max-scan-delay 1000 -oA wapscan


Find All Active IP Addresses In A Network

# nmap -sP 192.168.0.*


Use A Decoy IP While Scanning Ports

# sudo nmap -sS targetIP -D fakeIP


How Many Linux And Windows Devices Are On Your Network?

# sudo nmap -F -O | grep "Running: " > /tmp/os; echo "$(cat /tmp/os | grep Linux | wc -l) Linux device(s)"; echo "$(cat /tmp/os | grep Windows | wc -l) Window(s) devices"  


UDP Scanning

# sudo nmap -sU -P0 -T Aggressive -F targetIP

Disable unwanted services in CentOS

You can use the following shell script in centos to disable inwanted services which may consume RAM. Please make sure you check which services you need to disable according to your requirement. My list of services in the below script is just indicative.

#!/bin/bash -x

# Disable unwanted services in Linux

services="rpcbind portreserve qpidd kdump abrt-ccpp abrt-oops abrtd ktune matahari-broker matahari-host matahari-network matahari-rpc matahari-service matahari-sysconfig quota_nld rngd tuned ntpdate iscsi iscsid tcsd saslauthd rawdevices isdn dnsmasq capi avahi-dnsconfd avahi-daemon NetworkManager NetworkManagerDispatcher acpid anacron apmd atd auditd autofs bluetooth conman cups cpuspeed dhcdbd dund firstboot gpm haldaemon messagebus mdmonitor mdmpd netplugd restorecond hidd ibmasm ip6tables irda irqbalance kudzu lvm2-monitor mcstrans microcode_ctl multipathd netconsole netfs nfs nfslock nscd oddjobd pand pcscd portmap psacct rdisc readahead_early readahead_later rpcgssd rpcsvcgssd rpcidmapd sendmail smartd wpa_supplicant ypbind yum-updatesd"

for service in $services; do

  /sbin/chkconfig --del $service


Take mysqldump without increasing server load

If you have a very high traffic website and you need to take the dump
the database without affecting the load of the sever then use the
following code snippet:

# mysqldump -u root -p --single-transaction --quick DATABASENAME > DATABASENAME.sql

Install Asterisk in CentOS and build your own VOIP Server

Recently, I was asked to integrate Asterisk to VTiger CRM's PBX Manager module, so that all the Leads appeared as a 'click-to-call' link and the calls are placed via an internal VOIP Server. There were other features like call-recording and click-to-play recorded calls from the CRM as well as 'call-forwarding' and 'call-conference'. We will discuss these in some future posts. In this one, I would like to just jot down I steps I followed to build the VOIP Server. We will discuss the V-Tiger part later on.

Download Asterisk from their Official website

 # tar -xzf asterisk-1.8-current.tar.gz
 # cd asterisk-

NOTE: Make sure you have gcc compiler pre installed in your system before moving towards next step

 # ./configure

             .$7$7..          .7$$7:.
           .$$:.                 ,$7.7
         .$7.     7$$$$           .$$77
      ..$$.       $$$$$            .$$$7
     ..7$   .?.   $$$$$   .?.       7$$$.
    $.$.   .$$$7. $$$$7 .7$$$.      .$$$.
  .777.   .$$$$$$77$$$77$$$$$7.      $$$,
  $$$~      .7$$$$$$$$$$$$$7.       .$$$.
 .$$7          .7$$$$$$$7:          ?$$$.
 $$$          ?7$$$$$$$$$$I        .$$$7
 $$$       .7$$$$$$$$$$$$$$$$      :$$$.
 $$$       $$$$$$7$$$$$$$$$$$$    .$$$.
 $$$        $$$   7$$$7  .$$$    .$$$.
 $$$$             $$$$7         .$$$.
 7$$$7            7$$$$        7$$$
  $$$$$                        $$$
   $$$$7.                       $$  (TM)
    $$$$$$$.           .7$$$$$$  $$
 configure: Package configured for:
 configure: OS type  : linux-gnu
 configure: Host CPU : i686
 configure: build-cpu:vendor:os: i686 : pc : linux-gnu :
 configure: host-cpu:vendor:os: i686 : pc : linux-gnu :

Once the configure step is completed successfully you will see the above output on the screen

 # make
 # make install 
 # make samples

Once all the above steps are completed successfully it is time to start the asterisk services

 # asterisk -vvvc
 Asterisk Ready.

Now let us configure some local extensions to verify extension-extension calling

 *CLI> !

Using ! (exclamation mark) will take you out of the asterisk CLI prompt but the service will be running in the background)


Installing a binary distribution of Asterisk makes it easier to maintain your system. Using the package management tools that are included with your Linux distribution, you can install and update software without manually managing dependencies (libraries and utilities on which applications rely). Currently Asterisk is available for automated binary installation using the 'yum' utility on CentOS 5 Linux and for RedHat Enterprise Linux 5.

The first step is to add the Asterisk yum repositories to your CentOS or RedHat system. This is done by creating an entry in the yum configuration directory (/etc/yum.repos.d by default).

Use the text editor of your choice to create a new file named "centos-asterisk.repo" in the "/etc/yum.repos.d" folder. Add the following text to the file:

[asterisk-tested]    name=CentOS-$releasever - Asterisk - Tested    baseurl=$releasever/tested/$basearch/    enabled=0    gpgcheck=0    #gpgkey=        [asterisk-current]    name=CentOS-$releasever - Asterisk - Current    baseurl=$releasever/current/$basearch/    enabled=1    gpgcheck=0    #gpgkey=    
Save the new file and create another named "centos-digium.repo" and insert the following text:
[digium-tested]    name=CentOS-$releasever - Digium - Tested    baseurl=$releasever/tested/$basearch/    enabled=0    gpgcheck=0    #gpgkey=        [digium-current]    name=CentOS-$releasever - Digium - Current    baseurl=$releasever/current/$basearch/    enabled=1    gpgcheck=0    #gpgkey=  

At this point your system has been updated to use the Asterisk and Digium repositories in addition to the base CentOS repositories. You are now ready to install Asterisk. To star the installation, execute the following at the Linux command line:

[root@localhost~]# yum install asterisk16 asterisk16-configs asterisk16-voicemail    dahdi-linux dahdi-tools libpri

The system will respond with something like:

[root@localhost yum.repos.d]# yum install asterisk16  Loaded plugins: fastestmirror    Loading mirror speeds from cached hostfile...

Type "y" for "Yes," press the Enter key and relax for a few minutes

Congratulations, you now have a CentOS or RedHat system with a complete version of Asterisk installed. Test out your new install by starting Asterisk:

[root@localhost yum.repos.d]# asterisk -vvvgci


 # cd /etc/asterisk

Take a backup of the original sip sile and create a new one with the followng details

 # mv sip.conf  sip.conf.orig

 # vi sip.conf



Now let me explain you the above used syntax
port - This is the port number which Asterisk uses to communicate
bindaddr - All the client IP range the server will listen to
type - type of connection (peer — outcoming calls only, user — incoming calls, friend — both incoming and outcoming calls)
host - Hostname of the phone (Dynamic Host name)
secret - Passsword used for authentication user

Configuring Extension Dial Plan

 # mv extensions.conf extesnions.conf.orig

 # vi extensions.conf

 exten => 1000,1,Dial(SIP/1000,10)
 exten => 1001,1,Dial(SIP/1001,10)

The above shown dial plan is one of the most basic which means that is a user dials 1000 from his extension using SIP Phone it will go to 1000 Extension and if the phone is not picked up till 10 seconds then the call will hangup. The same will happen for extension 1001

Now we are done with the initial configuration of Asterisk to verify internal calls. Restart the asterisk services
To connect to asterisk CLI

 # asterisk -r

This will reload all the configuration files of asterisk

Let us configure two softphones for verifying the calls
For this demo purpose I will be using X-Lite and QuteCom
You can download the same from the following locations



Once the softwares are downloaded and installed follow the below screenshots to configure your softphones

Configuring Extension 1000 on QueteCom

Use your server IP at the place for SIP Domain For example: 192.168.0.xx

Configuring Extension 1001 on X-Lite

Now when both the Softphones are configure try to make calls between each other

Calling from 1001 to 1000

So you can pick the call on the other side and start talking. 
Now this was the most basic configuration of Asterisk but it can get very vast and complex moving more and more ahead.