Start with wiring up some fancy beacon lights, in our case similar to the ones found here: http://underbid.com/product/358-8146/RI%23EL-POL+RED/Red_Plug_in_Rotating_Warning_Police_Siren_Light.html?ref=base
Get a mini PA setup for sound - not sure on details as this was installed by third party - see some viking controls for amplifier, volume control, etc which are connected to the iTach.
Third party also connected the lights and sound to the iTach for us so we just had to configure IP on iTach and write the software interface to activate/deactivate lights and sound for the party.
To get the iTach online we just plugged it into the switch on a VLAN port that had DHCP enabled and then configured from a laptop on same VLAN using the web interface by going to the IP address provided by the iHelp tool downloaded from their site and leaving username/password blank for any logon prompts.
Now that we had an IP it was time to validate and start coding POC. First, to validate all we needed to do was telnet to the iTach IP address on port 4998 and run a couple commands:
telnet discocontrol.sysxperts.com 4998 - done from a linux box in my case
setstate,1:2,1 - this is where lights are connected in our case and this turns them on
setstate,1:2,0 - and this turns them off
setstate,1:1,1 - sound on in our case
setstate,1:1,0 - sound off
Now for the POC we wanted to monitor administrative logons and email alerts(not yet) as triggers to set off the lights and sound for a real party so we first created a directory structure and user to host/own our perl scripts as follows:
User discodan with folder /home/alerts and in that directory we had files, folders and pipes as follows:
discojockey.pl, dj.log, dj.pid
and pipes made with:
mkfifo djpipe logins mail
/home/alerts/djlib containing admin_users.dat - containing list of domain admin accounts to compare against login attempts + files shown below required for AlphaSign.pm
/home/alerts/djlib/Disco/ containing ITach.pm and AlphaSign.pm
The main file copied from here: discojockey.pl to /home/alerts
Then the next most critical file is ITach.pm goes in /home/alerts/djlib/Disco
Then for the sign we have AlphaSign.pm which goes in /home/alerts/djlib/Disco
For the sign to work we need some xml and dtd files in /home/alerts/djlib:
See http://sio.midco.net/dfranklin/bbxml/bbxml/doc/index.html for alphasign.dtd, alpahsign.xsl and put them in that directory.
Then create signinit.xml and standard_schedule.xml as follows:
signinit.xml
<alphasign>
<memoryConfig>
<stringConfig label="t" size="3"/>
<textConfig label="M" size="512"/>
<textConfig label="N" size="512"/>
<textConfig label="O" size="512"/>
<textConfig label="P" size="512"/>
<textConfig label="A" size="512"/>
<textConfig label=”E” size=”512”/>
<!-- <dotsConfig label="A" height="7" width="80" colors="8"/>-->
</memoryConfig>
<sequence labels="MON" mode="ignoreTimeSchedule" locked="true"/>
<text label="P">
<mode display="hold" position="fill"/>
<noHold/>
<speed1/>
<amber/>
<msg><wideOn/>PII Data Event<wideOff/><CR/></msg>
<red/>
<msg>PII data detected in email.<CR/>Transfer of data blocked.</msg>
</text>
<text label="A">
<mode display="hold" position="fill"/>
<speed1/>
<amber/>
<msg>Admin Login: user<CR/><green/>Host: host<CR/>Source: source</msg>
</text>
<text label="M">
<mode display="hold" position="fill"/>
<speed4/>
<green/>
<msg><wideOn/>Health Check<wideOff/><CR/></msg>
<msg>No problems at this time.</msg>
<red/>
</text>
<text label="O">
<mode display="hold" position="fill"/>
<speed2/>
<green/>
<msg>Date : <date format="MM/DD/YY"/> <time/><CR/></msg>
<msg>MSP temp : <callString label="t"/></msg>
</text>
<text label="N"><green/>
<speed4/>
<mode display="hold" position="fill"/>
<msg><wideOn/>Email Alerts<wideOff/><CR/></msg>
<msg><green/>NO Email Alerts at this time</msg>
</text>
<text label=”E”>
<mode display=”hold” position=”fill”/>
<speed1/><amber/>
<msg><wideOn/>TITLE<wideOff/><CR/></msg>
<green/>
<msg>line1<CR/>line2</msg>
</text>
</alphasign>
standard_schedule.xml
<alphasign>
<sequence labels="MON" mode="ignoreTimeSchedule" locked="true"/>
</alphasign>
Then admin_users.dat just contains logon accounts, one per line, of the domain admins which are updated with a separate process that queries the AD via likewise open for that groups members.
Then we just needed a POC server to test against so we picked a windows box and:
source net {
udp(ip("0.0.0.0") port(514));
tcp(ip("0.0.0.0") port(514) keep-alive(yes));
then added at end of file:
# Alerting on admin logins
filter f_winlogin { match('528,Security'); };
destination logins_pipe { pipe("/home/alerts/logins" owner(1502) group(1801)); };
log { source(net); filter(f_winlogin); destination(logins_pipe); };
b. service syslog restart
Now to see the lights and sound in action and do some real disco dancing :)
On the disco server start the discojockey daemon with: ./discojockey.pl -d in /home/alerts
If you want to kill everything do: ./discojockey.pl -r in /home/alerts
View the dj.log file for status
And to make the lights and sounds go live just logon to your windows server setup with snare above using one of the accounts in your admin_users.dat file under /home/alerts/djlib/admin_users.dat.
Voila - you are a dancing fool!!!
Much to be added and improvements made - dotty sign, email, etc.... so to be continued