Am 28.03.2014 15:29, schrieb Patrick Lessard: > I’m wondering if someone wrote a plugin for email alerting that would include > something like the top 10 (using nfdump output)?
One? Several of them. Here is one that is triggered if there are unusual high numbers of ICMP packet rates on our core routers. Note that the "1;" at the end is mandatory for a plugin. You have to include it in nfsen.conf and restart nfsen. The paths to the data in the nfdump statements are hardcoded. ---------------------------------------------------- # # Alert action function. # if defined it will be automatically listed as available plugin, when defining an alert. # Called when the trigger of an alert fires. # Return value ignored # libmail-sender-perl (Debian), perl-Mail-Sender (Fedora) package alert_plugin_mail_top10_icmp_packets_core; use strict; # plugin version our $VERSION = 130; # globals -> see ./etc/nfsen.conf our $email_to; our $email_from; our $smtp_server; ############# plugin config ######################### my $module_name = 'alert_plugin_mail_top10_icmp_packets_core'; my $subject = 'Alert triggered - top10 ICMP packets Core'; ##################################################### use NfConf; use NfSen; use Mail::Sender; use Sys::Syslog; Sys::Syslog::setlogsock('unix'); sub send_mail { my (@msg) = @_; eval { (new Mail::Sender) ->MailMsg({smtp => $smtp_server, from => $email_from, to =>$email_to, subject => $subject, msg => "@msg"}) } or syslog('info', "Sending Mail ... $Mail::Sender::Error\n"); } sub alert_action { my $argref = shift; my $alert = $$argref{'alert'}; my $timeslot = $$argref{'timeslot'}; syslog('info', "Alert action function in plugin $module_name called: alert: $alert, timeslot: $timeslot"); my $year = substr($timeslot,0,4); my $month = substr($timeslot,4,2); my $day = substr($timeslot,6,2); my @output = `/usr/local/bin/nfdump -M /usr/local/nfsen/profiles-data/live/core-a -r $year/$month/$day/nfcapd.$timeslot -n 10 -s ip/packets 'proto icmp'`; my @output = `/usr/local/bin/nfdump -M /usr/local/nfsen/profiles-data/live/core-b -r $year/$month/$day/nfcapd.$timeslot -n 10 -s ip/packets 'proto icmp'`; send_mail(@output); return 1; } sub Cleanup { syslog("info", "$module_name cleanup"); } # run function only for profile plugins #sub run { # syslog("info", "$module_name run"); # return 1; #} sub Init { syslog("info", "$module_name init"); #Init some vars $email_from = "$NfConf::MAIL_FROM"; $smtp_server = "$NfConf::SMTP_SERVER"; $email_to = "$NfConf::MAIL_TO"; return 1; } 1; ---------------------------------------------------- -- Dipl.-Phys. Jens Hektor, Networks IT Center, RWTH Aachen University Room 2.04, Wendlingweg 10, 52074 Aachen (Germany) Phone: +49 241 80 29206 - Fax: +49 241 80 22100 http://www.itc.rwth-aachen.de - hek...@itc.rwth-aachen.de
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------
_______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss