Jump to content

Automation Theory

Members
  • Content Count

    38
  • Joined

  • Last visited

  • Days Won

    3

Automation Theory last won the day on June 9

Automation Theory had the most liked content!

Community Reputation

10 Good

My Information

  • Agent Count
    > 6000 Agents

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Sorry I haven't replied earlier -- you might be having MySQL issues, but buffer and size aren't among them. Automate servers are write-heavy into MySQL since they update inventory from all the agents. It's normal that you're seeing that behavior. As a DBA I'm going to disagree with some of the above advice; check out my post here: https://automationtheory.org/top-5-myths-about-the-automate-database/ Chopping out data from your DB won't do a lot (especially since yours is so small; my prod with ~10k agents is ~55GB). I'd move to SSD's, and start with a buffer pool that's at least 80% of your DATA size. However, holding 100% of your DB in the buffer pool isn't going to help (see blog post). I have a plugin (link) that does dynamic tuning of MySQL for Automate -- I'd be happy to setup a trial if you'd like to try it; especially if it would be difficult to move off of mechanical disks.
  2. Update: We've posted the above information with some additional details to our website: https://automationtheory.org/reverse-proxy-for-connectwise-automate/ We've also added header modifications to the beta appliances; it will add the search engine de-list header as described here, add best practice security headers, and remove headers that reveal the server/framework version that the Automate server is running. You can check your current production server headers here: https://observatory.mozilla.org/
  3. @tlphipps If you'd like to test it you can use the Chrome developer tools; go to the network tab and reload a page in the webUI. Then click an item and look at the headers section:
  4. Hi Everyone, In light of recent events, I'm rushing a product to beta. I've created a hosted appliance for Automate-stack network security that does the following: Reverse proxies web traffic (Automate and Control) Uses an IPS to scan incoming traffic and drop malicious content (including certain forms of SQL injection) Implements IP blocking based on GeoIP, Tor node status, and other reputation technologies Obfuscates your server with a jibberish FQDN Let's talk technical brass tacks. This solution works for all TCP and UDP traffic (UDP is VPNed back to the servers). This is a dedicated virtual appliance hosted in one of 10 data centers in 8 locations (including the US, Canada, Germany, and the UK). This appliance would sit in "outer space" and once configured your server address for your agents would be modified to pass through it. Once traffic is working normally the firewall in front of your Automate stack would be configured to only accept traffic from the proxy. The service would include all maintenance of the actual appliance, certificates, proxy, and IDS rules. Since this is a dedicated appliance per customer we can facilitate custom requests (more restrictive filtering, etc.). Since a secure Automate server is a necessity we plan to price this very competitively (current estimate would be ~50% of what an Azure-based solution would be). We're looking for a small number of partners with a traditional setup to participate in a beta group for this product. Please contact us if you are interested and we will be in touch.
  5. @jhand Others have reported the email going to spam; seems to depend how aggressive the filter is. It should come from support@auto...theory.org and it normally sends immediately after you confirm. I can definitely resend it if it hasn't arrived.
  6. Thanks @BlueToast ! It was definitely an interesting balance keeping the UI clean -- and it resulted in a lot of keyboard shortcuts. The documentation page (linked in the download email) lists them all. We hope that this plugin gives a best-in-class user experience for MySQL access, especially for hosted Automate partners.
  7. Hi Everyone, Here at Automation Theory we think access to the Automate database is very import for every Automate admin, along with some basic statistics for monitoring database load and what the app is doing with the DB (and that you shouldn't have to pay for it!). We're excited to announce the launch of a FREE plugin we call Database Commander. It shows important MySQL load/performance demographics and has a query editor, complete with table name autocomplete and syntax highlighting. Features: Live MySQL load and performance data Syntax highlighting query editor Autocomplete for all default application tables Text editor functions (find/replace, word wrap, zoom, etc.) CSV export of query results Double-safety filter to prevent accidental data changes Auditing of plugin access and use You can get the plugin here: https://automationtheory.org/database-commander You'll get an email with links to the plugin download, the documents, and a blog series we created "MySQL for Automate 101".
  8. @J_anon1234 As far as I know SQL Spy is 100% read-only, and it is designed for read-only monitoring. I wouldn't worry about it. However, even if it were read/write the query would simply fail if it was improper SQL syntax.
  9. @TonyPags Empirical results are always good, especially when they are the ones we want. I'm glad to hear that all is well with your server! On the topic of signup: In my production stack I err on the side of getting an agent installed -- I don't use the blacklist for software MACs; I let the trigger take care of inventory data and I send a script out to scrape the physical MAC and update the DB with that value (I don't want to have a tech on the phone trying to fight an agent install that will never work). However, this is a matter of preference, and what is appropriate will depend a lot upon the environment. Others have shared good solutions in the past, and those are worth using with the trigger if they apply.
  10. @hambandit 5.6 support ends early next year, but the latest application patches will work with 5.6. As @SteveYates mentioned the documented CW logical rebuild process takes hours. I offer this as a professional service, and I can do an in-place upgrade in ~30 minutes for an average system -- but you don't need to upgrade MySQL for what you want to do. I'd review the patch upgrade thread plus a few of the release videos on the CW release notes page to hit the high points. As long as you're on the new patch manager/report center and aren't using any of the legacy items that are being deprecated you should be good.
  11. You could probably build a pure-MySQL solution, but the quick-and-dirty way to do it would be to use an Automate script to read the blacklisted MACs from the lt_web_servers_config, split them, and insert into the custom table (either if missing or using a "on duplicate key update" clause).
  12. @TonyPags that is a very nice solution! My only thought/concern is that this trigger runs every time the computers table is updated (check in, signup, etc.). Having lots of operations in triggers on busy tables could impact performance, but it depends on a lot of particulars. However, adding a custom table and adding a clause like ... and NEW.mac not in (select customColumnName from customTable) ... would be a simple way to optimize. You could probably find a programmatic way to update your custom table off your blacklist if you wanted.
  13. @hambandit Do you know what database flavor you're using? If you're on Maria you'll need to jump to MySQL (and I'd recommend upgrading to MySQL 5.7 if you're not on it already; 5.6 loses support next year).
  14. Hi @TonyPags, The trigger lives blissfully below the application layer, Automate is unaware of it's existence. I've been running it on my 10k agent prod server for about a year now without issue. There's no maintenance apart from adding additional MACs, and I've only needed to do that once. To test if it's working you can try the command: update computers set mac = '00-00-00-00-00-00' where computerid = x; If you follow that with a select statement it should still show the old MAC. At that point you could update the bad MACs to a dummy value, find them in the advanced search, and resend the inventory. That ought to fix your source data. I'm not entirely sure about the inv table secnario. I don't have any triggers setup on mine and I've never had issues.
  15. @WernerB Since your destination is MySQL I'd jump to it first, then jump up. Maria is a diverging fork, and the higher up you go the more likely you are to see issues.
×
×
  • Create New...