Am 28.03.2014 15:29, schrieb Patrick Lessard: > I’m wondering if someone wrote a plugin for email alerting that would include > something like the top 10 (using nfdump output)?
One? Several of them.
Here is one that is triggered if there are unusual
high numbers of ICMP packet rates on our core routers.
Note that the "1;" at the end is mandatory for a plugin.
You have to include it in nfsen.conf and restart nfsen.
The paths to the data in the nfdump statements are hardcoded.
----------------------------------------------------
#
# Alert action function.
# if defined it will be automatically listed as available plugin, when defining
an alert.
# Called when the trigger of an alert fires.
# Return value ignored
# libmail-sender-perl (Debian), perl-Mail-Sender (Fedora)
package alert_plugin_mail_top10_icmp_packets_core;
use strict;
# plugin version
our $VERSION = 130;
# globals -> see ./etc/nfsen.conf
our $email_to;
our $email_from;
our $smtp_server;
############# plugin config #########################
my $module_name = 'alert_plugin_mail_top10_icmp_packets_core';
my $subject = 'Alert triggered - top10 ICMP packets Core';
#####################################################
use NfConf;
use NfSen;
use Mail::Sender;
use Sys::Syslog;
Sys::Syslog::setlogsock('unix');
sub send_mail {
my (@msg) = @_;
eval {
(new Mail::Sender)
->MailMsg({smtp => $smtp_server, from => $email_from, to
=>$email_to, subject => $subject, msg => "@msg"})
}
or syslog('info', "Sending Mail ... $Mail::Sender::Error\n");
}
sub alert_action {
my $argref = shift;
my $alert = $$argref{'alert'};
my $timeslot = $$argref{'timeslot'};
syslog('info', "Alert action function in plugin $module_name called:
alert: $alert, timeslot: $timeslot");
my $year = substr($timeslot,0,4);
my $month = substr($timeslot,4,2);
my $day = substr($timeslot,6,2);
my @output = `/usr/local/bin/nfdump -M
/usr/local/nfsen/profiles-data/live/core-a -r
$year/$month/$day/nfcapd.$timeslot -n 10 -s ip/packets 'proto icmp'`;
my @output = `/usr/local/bin/nfdump -M
/usr/local/nfsen/profiles-data/live/core-b -r
$year/$month/$day/nfcapd.$timeslot -n 10 -s ip/packets 'proto icmp'`;
send_mail(@output);
return 1;
}
sub Cleanup {
syslog("info", "$module_name cleanup");
}
# run function only for profile plugins
#sub run {
# syslog("info", "$module_name run");
# return 1;
#}
sub Init {
syslog("info", "$module_name init");
#Init some vars
$email_from = "$NfConf::MAIL_FROM";
$smtp_server = "$NfConf::SMTP_SERVER";
$email_to = "$NfConf::MAIL_TO";
return 1;
}
1;
----------------------------------------------------
--
Dipl.-Phys. Jens Hektor, Networks
IT Center, RWTH Aachen University
Room 2.04, Wendlingweg 10, 52074 Aachen (Germany)
Phone: +49 241 80 29206 - Fax: +49 241 80 22100
http://www.itc.rwth-aachen.de - hek...@itc.rwth-aachen.de
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
