The Village Blacksmith

Under a spreading chestnut-tree
The village smithy stands;
The smith, a mighty man is he,
With large and sinewy hands;
And the muscles of his brawny arms
Are strong as iron bands.

His hair is crisp, and black, and long,
His face is like the tan;
His brow is wet with honest sweat,
He earns whate’er he can,
And looks the whole world in the face,
For he owes not any man.

Week in, week out, from morn till night,
You can hear his bellows blow;
You can hear him swing his heavy sledge,
With measured beat and slow,
Like a sexton ringing the village bell,
When the evening sun is low.

And children coming home from school
Look in at the open door;
They love to see the flaming forge,
And hear the bellows roar,
And catch the burning sparks that fly
Like chaff from a threshing-floor.

He goes on Sunday to the church,
And sits among his boys;
He hears the parson pray and preach,
He hears his daughter’s voice,
Singing in the village choir,
And it makes his heart rejoice.

It sounds to him like her mother’s voice,
Singing in Paradise!
He needs must think of her once more,
How in the grave she lies;
And with his haul, rough hand he wipes
A tear out of his eyes.

Onward through life he goes;
Each morning sees some task begin,
Each evening sees it close
Something attempted, something done,
Has earned a night’s repose.

Thanks, thanks to thee, my worthy friend,
For the lesson thou hast taught!
Thus at the flaming forge of life
Our fortunes must be wrought;
Thus on its sounding anvil shaped
Each burning deed and thought.

-Henry Wadsworth Longfellow

Geist Watchdog 15, SNMP, and Splunk

I have a few of the Geist Watchdog 15 devices in my data center.  They do a good job monitoring, but getting data out of them isn’t as easy as it could be.  Their latest firmware does introduce JSON over XML.  Unfortunately, there is no way to do API calls to return certain time frames.  You have to download the whole log file.  Geist heavily uses the SNMP method to pull the information.  While this is normally ok, but you do need the custom MIB file for the device which makes it a pain.  I tried multiple ways to have Splunk grab the values from the device, but failed each time.  With a deadline to produce a dashboard (it was 11pm and we had people visiting the office at 8am), I put my Google, Linux, and Splunk skills to a test.

First, let’s install the SNMP tools.

# yum install net-snmp net-snmp-devel net-snmp-utils

Let’s check where the default location of the MIBs are.

# net-snmp-config --default-mibdirs

We will want to copy the MIBs to the second location.

# cp /tmp/geist_bb_mib.mib /usr/share/snmp/mibs/geist_bb_mib.mib
(Source location will differ.  The location /tmp/ was where I copied the file to)

Referencing the MIB Worksheet, we can find the OID for the items we want.  In this script I selected: internalName, internalTemp, internalDewPoint, internalHumidity, tempSensorName, tempSensorTemp

Geist does not put the first period for the OID.  In the worksheet they list internalName as where the SNMP call would be to .  We also need to reference the device ID for the OID at the end of the OID.  The base for the Remote Temperature Sensor is .  To call the first Remote Temperature Sensor I would reference . and the second Sensor is .

To make the call to the device using SNMP, we will be using the snmpget command.

# /usr/bin/snmpget -m all -Ov -v 2c -c public .

-m all = Use all of the MIB files
-Ov = Print values only
-v 2c = Use version 2c
-c  public = Use the public snmp string = IP address of the Watchdog 15
. = tempSensorName for Device 1

STRING: ExternalTempSensor1

We are almost there.  Now to clear up the return to only give us the second part of the response.

 # /usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'

Great, now we are getting just the value.  Time to tie the field and value together.  Since the internal name is going to be the same but we are gathering multiple values, I am also adding the _temp so I am able to tell which field I am getting.

InternalName01=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 InternalTemp01=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 echo $Section01

Almost there, now let’s add a date/time stamp.

InternalName01=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 InternalTemp01=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 echo -e `date --rfc-3339=seconds`","$Section01
 2016-05-16 22:07:57-05:00,ExternalTempSensor1_temp,871

I repeated the section for the different pieces of sensor data I wanted and ended up with a small script.


InternalName01=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 InternalTemp01=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 echo -e `date --rfc-3339=seconds`","$Section01

InternalDewPoint01=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 echo -e `date --rfc-3339=seconds`","$Section02

InternalHumidity01=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 echo -e `date --rfc-3339=seconds`","$Section03

RemoteName01=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 RemoteTemp01=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 echo -e `date --rfc-3339=seconds`","$Section04

RemoteName02=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 RemoteTemp02=`/usr/bin/snmpget -m all -Ov -v 2c -c public . | awk '{print $2}'`
 echo -e `date --rfc-3339=seconds`","$Section05

2016-05-16 22:12:57-05:00,Base_temp,873
 2016-05-16 22:12:57-05:00,Base_dewpoint,620
 2016-05-16 22:12:57-05:00,Base_humidity,43
 2016-05-16 22:12:57-05:00,ExternalSensor1_temp,688
 2016-05-16 22:12:57-05:00,ExternalSensor2_temp,717

I created a folder /opt/scripts/ and /opt/scripts/logs/.  I placed the script in /opt/scripts/ and named it  I set the script to be able to run with:

# chmod +x /opt/scripts/

I then add it to the crontab.

# crontab -e

*/1 * * * * /opt/scripts/ >> /opt/scripts/logs/`date +”%Y%d%m”`_geist.log

You can verify that the script is set to run with:

# crontab -l

*/1 * * * * /opt/scripts/ >> /opt/scripts/logs/`date +"%Y%d%m"`_geist.log

Now we can log in to Splunk and add the log in to Splunk.  After you log in, go to Settings and then Data inputs.


Under the Files & directories, click the Add new link.


Under the Full path to your data, enter the path to the log file you are writing in the crontab.  Check the box for the More settings option.


You can set the Host that will be indexed with your data.  In the source type, select From list and then select csv.  You then can select an index for the log files.


Now we will set up the field extractions.  You will need to edit the props.conf and transforms.conf files.  If you want to keep this in a certain application, change the file path to $SPLUNK_HOME/etc/apps/{appname}/local/props.conf.

# vi $SPLUNK_HOME/etc/system/local/props.conf
 REPORT-Geist = REPORT-Geist

# vi $SPLUNK_HOME/etc/system/local/transforms.conf

 DELIMS = ","
 FIELDS = "DateTime","SensorName","SensorValue"

Restart Splunk and you should be able to search you SNMP values.

# $SPLUNK_HOME/bin/splunk restart

The Hacker Manifesto turn 30

The Hacker Manifesto turns 30 today. I remember the first time reading this. I still get goosebumps. I lived the era of the BBS. I was the kid tying up the phone line. I remember the rush of connecting to systems and exploring. Talking to people I didn’t know but I did know them.  We shared knowledge and experience.
We were the Keyboard Cowboys, the System’s Samurai, and the Phone Phreaks.

\/\The Conscience of a Hacker/\/

Hacking In Paradise 2013 – Why I want to go

Joseph McCray (@j0emccray) is someone who I have been listening to and watching videos of for a while now.  I first saw him at Defcon.  He is “The only black guy at security conferences”.  With the growth of the security industry, there are “experts” coming out of the wood work.  I had to put experts in quotes because it seems like everyone has an opinion.  There are more certification tags floating around tacked on to peoples names than I can believe.  In this world where everyone has gone through “training”, training to pass a test, it is hard to find the people that truly have a passion and dedication to true security.

So this comes to why I want to go.  For a while part of my job has been in security.  I have written policies to tell people what to do and what not to do.  I have help guide companies in “best practices”.  I have helped people gain access in to systems that they got locked out of.  And I have done more of the old school hacking.  This type of hacking involves taking things a part to see how they work and how they can be made better or defeated.  This is a lot of my daily job as a systems engineer.  Working in the corporate world has taught me that everyone sets things up differently and sometimes you need to reverse engineer how they configured things to know how to make it work.  So why would I want to go?  Because I don’t know enough.  There is so much out there that I don’t know.  Going over the list of topics that are covered strikes a little fear in me.  Topics like Metasploit, Maltego, Nmap, Nikto, IDS, HIDDS, NIDS, SIEM.  I will need a translator just for the names and acronyms.

This type of training is the type I truly enjoy.  You are completely immersed in to the training.  With you being away from work and in an environment with your peers and instructors.  You end of living the training and bouncing the ideas off each other.  While doing some activity, a conversation will strike up about a topic and you send the next hour working through ideas.  In the CyberWar class, you get to attack fully patched newer OS (Windows 7, Server 2008R2, and Linux) with all the intrusion detection tools turned on.  You get to see the logs and alerts that are generated.  You don’t just go and learn about tools, you learn why these tools work and what effect these tools have on the systems.  This is how training should be run!

Hacking In Paradise 2013

DEFCON 17: Advanced SQL Injection

DEFCON 18: Joseph McCray – You Spent All That Money and You Still Got Own

Omaha/Lincoln Splunk User Group – Update

I have stated on two different posts ( about starting a Splunk User Group in the Omaha/Lincoln area.  The first meeting will be on March 12th from 6pm to 9pm at Charlies on the Lake in Omaha.  Register for the event at

VENUECharlies on the Lake
4150 South 144th Street
Omaha, NE 68137
Website | DirectionsWHENTuesday, March 12th
6:00pm – 9:00pmAGENDA

  • What’s New in Splunk 5.0? Presentations by Splunk SEs
  • Open Forum

Splunk RSS Splunk Facebook Splunk Twitter Splunk LinkedIn

Hi There,Don’t forget to register for the Splunk User Group in Omaha on March 12th! We’ll get together to share ideas and learn from one other.Whether you are getting started, creating intelligent searches and alerts or building complex dashboards, this group is for you. Meet other Splunk users and get tips you need to be more successful.Click here to register. There is limited availability, so register today to secure your spot. Expect lots of discussion, snacks, drinks and, of course, t-shirts!

For any questions about this meeting, feel free to contact:
Mike Mizener

We look forward to seeing you!

The Splunk Team and Continuum


Splunk and the engine for machine data are registered trademarks or trademarks of Splunk Inc., and/or its subsidiaries and/or affiliates in the United States and/or other jurisdictions. All other brand names, product names or trademarks belong to their respective holders.  © 2013 Splunk Inc. All rights reserved.

To unsubscribe from future emails or to update your e-mail preferences click here.
To forward this email to a friend, click here.

Splunk Inc. | 250 Brannan St. | San Francisco, CA 94107


My first non tutorial Arduino project

I have been playing with the Arduino Uno board and after going through a bunch of tutorials, I wanted to branch out and do my own.  I have the Ultrasonic Module HC-SR04 and a standard piezoelectric buzzer.  On the ultrasonic module, VCC goes to digital pin 2.  Trig goes to digital pin 3.  Echo goes to digital pin 4.  GND goes to the ground rail which connects to GND pin on the arduino.  On the buzzer, the positive lead goes to pin 11 and the negitive pin goes to the ground rail which is connected to the GND pin on the arduino.    Below is the code:


void setup() {
 pinMode (122,OUTPUT);//attach pin 2 to vcc
 pinMode (5,OUTPUT);//attach pin 5 to GND
 // initialize serial communication:
 pinMode(11, OUTPUT); // sets the pin of the buzzer as output
void loop()
digitalWrite(122, HIGH);
 // establish variables for duration of the ping,
 // and the distance result in inches and centimeters:
 long duration, inches, cm;
// The PING))) is triggered by a HIGH pulse of 2 or more microseconds.
 // Give a short LOW pulse beforehand to ensure a clean HIGH pulse:
 pinMode(3, OUTPUT);// attach pin 3 to Trig
 digitalWrite(3, LOW);
 digitalWrite(3, HIGH);
 digitalWrite(3, LOW);
// The same pin is used to read the signal from the PING))): a HIGH
 // pulse whose duration is the time (in microseconds) from the sending
 // of the ping to the reception of its echo off of an object.
 pinMode (4, INPUT);//attach pin 4 to Echo
 duration = pulseIn(4, HIGH);
// convert the time into a distance
 inches = microsecondsToInches(duration);
 cm = microsecondsToCentimeters(duration);

 Serial.print("in, ");

 if (cm < 50) {
 else {
 digitalWrite(11, LOW);

long microsecondsToInches(long microseconds)
 // According to Parallax's datasheet for the PING))), there are
 // 73.746 microseconds per inch (i.e. sound travels at 1130 feet per
 // second). This gives the distance travelled by the ping, outbound
 // and return, so we divide by 2 to get the distance of the obstacle.
 // See:
 return microseconds / 74 / 2;
long microsecondsToCentimeters(long microseconds)
 // The speed of sound is 340 m/s or 29 microseconds per centimeter.
 // The ping travels out and back, so to find the distance of the
 // object we take half of the distance travelled.
 return microseconds / 29 / 2;

The World Between

I sit here in an odd place.  I have been in to computers since the DOS age.  I was one of the little brats on the BBS (Bulletin Board Systems).  I found this world of computers fascinating.  My dad had computers at his office and the times I was able to tag along with my dad in to the office I did with an odd since of wonderment.  Here are these magical boxes that you gain knowledge and communicate with other people.  While I could be contempt to just play the games that were already there for me, I found that you could pull the game up in a hex editor and “look around” inside the programs.  While you didn’t get to see all of the code, you did get glimpses.  In my dad’s office, they started to secure their machines.  At each roadblock I found myself compelled to find a way to defeat the roadblock that was stopping me from access the information.  I would spend hours with my dad at his office trying to defeat the evil person blocking me.  I would always find a way around.  My president of the division my dad worked for was in the office late at night when we would go in.  He would “check in” on me every once in a while.  He would see me come in and he would smugly say they implemented a new layer of protection.  That is when I knew it was time to go to work.  I would bang on the system until I found a solution.  This is what was originally defined as a hacker.  I never caused damage to the system.  I knew that if I did cause damage that I wouldn’t be allowed to come back.  The president would check on me during the night.  As he would check on me I would be open and honest on my progress.  Once I would gain access, I would get to play on the internet.  He would check in and I would explain how I defeated their protection.  Unknowingly providing a service that back then really wasn’t done and if it was done wasn’t cheap.

Let me forward 20+ years.  I am working with people in their mid-20’s that have never known the world without the modern internet.  Virtualization is the preferred way of building servers.  They don’t know about shared time slices on big iron which is the first virtualization in computer systems.  I am 34 year old and a dinosaur of the times.  I am working with people that have never written a DOS Batch scripts, used a system without a mouse, or used a server that doesn’t have a GUI interface.  I recently installed a Windows Server 2008 R2 Core server and was flying around in the command line.  I have to say command line as the screen is a DOS emulator as it no longer truly exists.  All of the younger guys are in wonder why you would have a server with no GUI screen and they started debating the savings of memory.  While they talked about how they would manage the system, I fired up the VM and started installing.  I am setting up the server fiercely entering command after command.  While I do this I am documenting what I am doing on a notepad with a pen.  One of the people I am working with looks at me and asks “what are you going to do with that notepad?”  I looked at him and said that I was going to add that in to my notes for the build of the machine.  He looked puzzled.  While they looked for a tool to help configure the server, I turned to my old school methods and I am happy to say they still worked.

Items like this put me in a spot of contention.  While there are some people like me that like to say in the weeds with the technology, most people my age and older are forced to sit on the sidelines and manage.  If you are lucky enough to say working as an engineer or administrator, you typically are there to keep those old machines going.  You are in the endless maintenance routine.  You don’t get to innovate anymore.  So the question is, how to keep up with the technology curve, stay relative enough to have a meaningful work relationship with the all the generations, build yourself as a valued resource, and keep those career goal moving forward.

The easiest of those items was the first one, how to keep up with the technology curve.  This is something that should be in the basic fiber of being in IT.  We are the curious ones.  We aren’t just satisfied by given an answer.  We need to know the how and why something works and after we figure out how it works we think of ten different ways to improve it.  What I think the question we need to answer is do we still have the drive to follow the technology curve and ask the how questions or are we at the point where we are following the curve?  If we are just following the curve, maybe it is time to think about stepping to the side and giving that new people a front row seat as pushing the curve and you moving to the management or architect role guiding the newer person.  We were all there at some point or maybe we are still there.  Someone took the time to keep us focused on the task at hand.  They had to have a leach.  You need to be able to roam but pulled back when things needed done.  Giving that guidance is a critical role to helping shape how our departments and company work.  The tricky part is doing it in the right amounts.  Giving too much guidance tends to stifle the work atmosphere and is normally called micro-managing.  Being to lacks on guidance is seen as a lack of management and projects spin up and then get left by the side of the road because people felt like doing something else.  Giving the little nudges here and there and cracking the whip when things need to get done is a tough role to play.  This plays in to the building yourself as a valued resource.  With your experience you have learned some life lessons.  With those life experiences you have incite in to how the company works or how a particular industry is.  If you are the boss, a senior, or a lead, part or all of your job is to take the newer workers under your wing.  Notice how I say newer and not younger?  Your company might have hired someone that has been in the industry for a while to fill a need.  This could be for a senior level position or it could be for a specialized position.  An example of the specialized position is a developer with a skill set in an older program.  You two might be working together to convert that legacy application to a new platform.  Or you might be the person hired for their legacy knowledge of a system.  You will have to listen to a 26 year old who has been with the company since she was 18 tell you about the inner workings of the company.  In either role, you need to be a good team player and show why you still belong on the team.

As a manager of mine once said, “You all need to play nice in the sandbox.  I will provide the sand and the toys and you all can figure out who is playing in what area and with what toys.  Just keep this in mind, it is my sandbox and you all will follow my rules.  I expect you all to figure out how to solve your problems because if I need to step in the ruling will be quick and final.”  That leads in to one of the trickier areas, stay relative enough to have a meaningful work relationship with the all the generations.  For me, at 34 years old, I am not a party all night person either.  But on the other hand I am not in bed by 9pm and reading the obituary section of the paper.  While thinking about this I got to see a good reflection of who I was.  Coming in to the corporate IT work I was a very cocky know it all.  How my coworker didn’t smack me up side my skull I am not sure.  I know see the guidance piece of what I was talking about as they were constantly correcting my course to keep me on the right track.  I would start to spin off on something new and they would gently remind me of work we had to do.  Interfacing with younger coworkers in the father like figure is very understandable, but how to still learn from those old people in the office.  I mean, come on, they just need to retire.  The generation of worker above you always seem to be taking their time and they just sit there in the meetings.  They rarely speak and when they do I am not sure how much they really contribute.  They just seem to not get it.  They are asking a lot of dumb questions.  I was hoping for a Yoda or at least a Silent Bob type person that when they did speak these nuggets of knowledge would come flowing from them.  Stop for a second and listen to yourself.  Most likely that is what the younger generation always things.  Take that second to stop and listen to what they ask really asking and why they are asking those questions.  You might find that nugget of knowledge you are looking for.  Being submissive is not really a common trait of an inquisitive person.  Why tend to fight the mainstream and the authorities.  Make time to just talk and more importantly listen to those old guys and you might find yourself a Buddha  master that might happen to know the ways of the force.

Now the section I tend to find the most difficulty in, keeping those career goal moving forward.  Where do you see yourself in the next year, in 5 years, in 10 years?  I have enough trouble with what do you think you will be doing this afternoon?  You ask me that and I need to check my calendar, my ticket log, and my projects.  What I tend to do is to make a T chart.  I list out everything I like and dislike about my job as of that very minute.  For each of the dislikes I make myself explain why I don’t like it and what would need to happen to correct that.  After I have completed my T chart, I put it away for a couple day or a week.  When I come back to it I first examine the dislikes.  I see if those are still valid or was I just having a bad day or week.  Next I go over the like column and I explain to myself why I like that.  Now is the tough part of the process, look at the dislike column and ask myself if there is something I am doing that causes this.  You have to be honest with yourself.  You really don’t like calling yourself out on things and having to ownership of a bad thing, but it is needed.  At that point you can say I like this job because of X,Y, and Z but this job would be great if I didn’t have to do A, B, and C.  At this point you can take this list to your boss.  Again, you need to be willing to accept the truth from your manager.  Some of the A, B, and C could be what your job is and there is no way around it but this is a great opportunity to talk about the positions that contain all of most of X, Y, and Z but limit A, B, and C.  While it doesn’t answer the where do you see yourself in a time period directly, it gives you a chance to road map some ideas with your manager.

So while I still see myself caught between two different worlds, I don’t see it as a bad place.  There will be time to teach and times to be taught.  Maybe it is a time to talk less and listen more.  While I am not ready to have that big mug of black coffee sitting on my desk all day, a few red bulls doesn’t hurt.

Update on Splunk User Group

Recently I shared that I was working with Continuum ( to start a Splunk User Group in the Lincoln/Omaha area (  Since then Mike Mizener ( has found us a location and we agreed upon a first meeting day.  We will be meeting on Tuesday February 26th from 6pm to 9pm at Charlie’s on the Lake (  For this first meeting our topic will be: What’s new in Splunk 5.0.  More details coming but if you have ideas for topics or any other questions, please let me know.

Splunk User Group in Lincoln/Omaha Nebraska

I am currently working with Continuum ( to bring the Lincoln/Omaha area of Nebraska a Splunk user group. I am a big believer in the sharing of knowledge. With that I love to go on to the Splunk Answers site and review issues or questions people have and try to help them. When I was learning IT, someone took the time to answer my questions. I want to give back to the community that has taught me so much. This is where my sports life meets my geek life. I want to be that coach to help others get the most of IT. Look for more information shortly.