That's what I was looking for. Thank you very much!
This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate,distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -----Message d'origine----- De : Jens Hektor [mailto:hek...@itc.rwth-aachen.de] Envoyé : 31 mars 2014 07:57 À : nfsen-discuss@lists.sourceforge.net; Patrick Lessard Objet : Re: [Nfsen-discuss] Plugin for alert email Am 28.03.2014 15:29, schrieb Patrick Lessard: > I'm wondering if someone wrote a plugin for email alerting that would include > something like the top 10 (using nfdump output)? One? Several of them. Here is one that is triggered if there are unusual high numbers of ICMP packet rates on our core routers. Note that the "1;" at the end is mandatory for a plugin. You have to include it in nfsen.conf and restart nfsen. The paths to the data in the nfdump statements are hardcoded. ---------------------------------------------------- # # Alert action function. # if defined it will be automatically listed as available plugin, when defining an alert. # Called when the trigger of an alert fires. # Return value ignored # libmail-sender-perl (Debian), perl-Mail-Sender (Fedora) package alert_plugin_mail_top10_icmp_packets_core; use strict; # plugin version our $VERSION = 130; # globals -> see ./etc/nfsen.conf our $email_to; our $email_from; our $smtp_server; ############# plugin config ######################### my $module_name = 'alert_plugin_mail_top10_icmp_packets_core'; my $subject = 'Alert triggered - top10 ICMP packets Core'; ##################################################### use NfConf; use NfSen; use Mail::Sender; use Sys::Syslog; Sys::Syslog::setlogsock('unix'); sub send_mail { my (@msg) = @_; eval { (new Mail::Sender) ->MailMsg({smtp => $smtp_server, from => $email_from, to =>$email_to, subject => $subject, msg => "@msg"}) } or syslog('info', "Sending Mail ... $Mail::Sender::Error\n"); } sub alert_action { my $argref = shift; my $alert = $$argref{'alert'}; my $timeslot = $$argref{'timeslot'}; syslog('info', "Alert action function in plugin $module_name called: alert: $alert, timeslot: $timeslot"); my $year = substr($timeslot,0,4); my $month = substr($timeslot,4,2); my $day = substr($timeslot,6,2); my @output = `/usr/local/bin/nfdump -M /usr/local/nfsen/profiles-data/live/core-a -r $year/$month/$day/nfcapd.$timeslot -n 10 -s ip/packets 'proto icmp'`; my @output = `/usr/local/bin/nfdump -M /usr/local/nfsen/profiles-data/live/core-b -r $year/$month/$day/nfcapd.$timeslot -n 10 -s ip/packets 'proto icmp'`; send_mail(@output); return 1; } sub Cleanup { syslog("info", "$module_name cleanup"); } # run function only for profile plugins #sub run { # syslog("info", "$module_name run"); # return 1; #} sub Init { syslog("info", "$module_name init"); #Init some vars $email_from = "$NfConf::MAIL_FROM"; $smtp_server = "$NfConf::SMTP_SERVER"; $email_to = "$NfConf::MAIL_TO"; return 1; } 1; ---------------------------------------------------- -- Dipl.-Phys. Jens Hektor, Networks IT Center, RWTH Aachen University Room 2.04, Wendlingweg 10, 52074 Aachen (Germany) Phone: +49 241 80 29206 - Fax: +49 241 80 22100 http://www.itc.rwth-aachen.de - hek...@itc.rwth-aachen.de ------------------------------------------------------------------------------ _______________________________________________ Nfsen-discuss mailing list Nfsen-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
