Re: snmptrap2mon converter
On Tue, 28 Feb 2006, Jim Trocki wrote: > On Thu, 2 Feb 2006, Eric Sorenson wrote: > > > I had written something like this in the past that got lost, I'm > > sending out this version to the list for storage in contrib/ or, > > minimally, in google's archive :-) > > thanks, i added it to the contrib module in the sourceforge cvs, to be > discovered by future generations just as those prehistoric paintings were > discovered in the caves of Altamira. Five points to whoever can tell me what > album I've been listening to recently. Steely Dan, _The Royal Scam_ , I'm guessing. > p.s. someone just asked me about making mon do something with snmp traps, > and i sent him this script. That SNMPTT program is pretty darn good, it made this thing easy to write. Next up I want to hook this S.E.C. thingy into mon, probably with the same trap2mon functionality. The routers and servers are pointing syslog at a syslog-ng host, which lets you filter log messages through a program in addition to writing them out. Nate Campi has a good writeup here: http://www.campin.net/newlogcheck.html -- Eric Sorenson - Unix / Networks / MIS Manager - Transmeta Corporation ___ mon mailing list mon@linux.kernel.org http://linux.kernel.org/mailman/listinfo/mon
snmptrap2mon converter
Here's a little program to integrate snmp traps into your mon setup. It's meant to be used as an 'EXEC'ed program from snmptt (http://snmptt.sf.net), which does most of the heavy lifting. I had written something like this in the past that got lost, I'm sending out this version to the list for storage in contrib/ or, minimally, in google's archive :-) As the comment block says: # to be used in conjunction with snmptt : it hands us # the results of an snmp trap and we forward it on in # a format mon will understand. # usage: # snmptrap2mon [(--watch|-w) watchname] [(--service|-s) servicename] # [(--host|-h) hostname] [(--name|-n) trapname] [(--time|-t) timestamp] # "Quoted longform text of alert to send" # - 'watchname' and 'servicename' should map to your mon config; # leave them off and they will be set to 'default' # - 'host' is the host sending the trap, as best snmptt can tell # - 'trapname' is the unique string configured for this trap in snmptt.conf # - 'timestamp' will be the time alert was received/queued ($x or $X) # # Example, from /etc/snmp/snmptt.conf: # EVENT communicationLost .1.3.6.1.4.1.318.0.1 "Status Events" CRITICAL # FORMAT APC UPS: Communication lost between the agent and the UPS. # EXEC snmptrap2mon -w symmetra-ups -s trap -h $A -n $N \ #-t "$x" "APC UPS: Communication lost between the agent and the UPS." # # See README.traps in the mon distribution to setup your mon.cf. -- Eric Sorenson - Unix / Networks / MIS Manager - Transmeta Corporation#!/usr/bin/perl # # to be used in conjunction with snmptt : it hands us # the results of an snmp trap and we forward it on in # a format mon will understand. # usage: # snmptrap2mon [(--watch|-w) watchname] [(--service|-s) servicename] # [(--host|-h) hostname] [(--name|-n) trapname] [(--time|-t) timestamp] # "Quoted longform text of alert to send" # - 'watchname' and 'servicename' should map to your mon config; # leave them off and they will be set to 'default' # - 'host' is the host sending the trap, as best snmptt can tell # - 'trapname' is the unique string configured for this trap in snmptt.conf # - 'timestamp' will be the time alert was received/queued ($x or $X) # # Example, from /etc/snmp/snmptt.conf: # EVENT communicationLost .1.3.6.1.4.1.318.0.1 "Status Events" CRITICAL # FORMAT APC UPS: Communication lost between the agent and the UPS. # EXEC snmptrap2mon -w symmetra-ups -s trap -h $A -n $N \ #-t "$x" "APC UPS: Communication lost between the agent and the UPS." # # See README.traps in the mon distribution to setup your mon.cf. use Carp; use Mon::Client; use Getopt::Std; getopts("w:s:h:n:t:u"); my $detail = join(" ",@ARGV); my $monhost = 'monhost.domain.com'; my $monport = 2583; my $watch = $opt_w or 'default'; my $service = $opt_s or 'default'; my $status = $opt_u ? 'ok' : 'fail' ; croak "Need all of -h, -n and -t" unless (defined $opt_h and defined $opt_n and defined $opt_t); my $alerthost = $opt_h; my $alertname = $opt_n; my $alerttime = $opt_t; my $summary = "$alertname trap from $alerthost at $alerttime"; $mon = new Mon::Client( host => $monhost, port => $monport ); croak "Couldn't make a new Mon::Client to $monhost on $monport" unless $mon; $t = $mon->send_trap(group => $watch, service => $service, retval => 1, opstatus => $status, summary => $summary, detail => $detail, ); exit ( $t ); ___ mon mailing list mon@linux.kernel.org http://linux.kernel.org/mailman/listinfo/mon
rpm for mon - unincorporated patches
Porting SUSE's mon RPM to redhat (I'm intending to make it workable on any generic RPM-based distro, really), I came across a couple of patches of interest: [EMAIL PROTECTED] /usr/src/redhat/SOURCES]# cat mon-perl-path.diff diff -ru mon-0.99.2.orig/mon.d/file_change.monitor mon-0.99.2.lmb/mon.d/file_change.monitor --- mon-0.99.2.orig/mon.d/file_change.monitor Fri Jul 27 17:39:59 2001 +++ mon-0.99.2.lmb/mon.d/file_change.monitorFri Jul 26 12:23:20 2002 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl # # mon monitor to watch for file changes # Only in mon-0.99.2.lmb/mon.d: file_change.monitor~ diff -ru mon-0.99.2.orig/mon.d/up_rtt.monitor mon-0.99.2.lmb/mon.d/up_rtt.monitor --- mon-0.99.2.orig/mon.d/up_rtt.monitorFri Jul 27 17:39:59 2001 +++ mon-0.99.2.lmb/mon.d/up_rtt.monitor Fri Jul 26 12:23:27 2002 @@ -1,4 +1,4 @@ -#!/usr/local/bin/perl +#!/usr/bin/perl # # mon monitor to check for circuit up and measure RTT # The ~ file notwithstanding, the second hunk has been applied but the file_change.monitor in CVS still points at /usr/local/bin/perl and should probably be fixed -- the rest of alert.d and mon.d says /usr/bin The next one looks harmless and potentially useful, I guess -- if it can't run the real dialin.monitor setgid, the return code back to mon will be nonzero, rather than silently failing. --- mon.d/dialin.monitor.wrap.c +++ mon.d/dialin.monitor.wrap.c 2004/02/27 08:27:15 @@ -25,5 +25,5 @@ argv[0] = real_img; /* exec */ -execv (real_img, argv); +return execv (real_img, argv); } Archive-diving shows similar patches from the debian maintainer a while back: http://marc.theaimsgroup.com/?l=mon&m=100047605305261&w=4 There's one more patch but its just really specific alerts to send stuff over the Brazilian paging/cell networks. Spec file to come shortly -- Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation ___ mon mailing list [EMAIL PROTECTED] http://linux.kernel.org/mailman/listinfo/mon
INSTALL updates
I got frustrated trying to show someone how to install mon, so I rewrote chunks of the INSTALL doc to match reality. Apply or ignore as you see fit. -- Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation diff -urN mon-1.0.0pre2-orig/INSTALL mon-1.0.0pre2/INSTALL --- mon-1.0.0pre2-orig/INSTALL 2004-06-18 07:40:10.0 -0700 +++ mon-1.0.0pre2/INSTALL 2004-07-07 11:20:48.0 -0700 @@ -1,79 +1,105 @@ $Id: INSTALL,v 1.1.1.1.2.2 2004/06/18 14:40:10 trockij Exp $ -INSTALLATION - +OVERVIEW + -Several parts: - -1. mon, the server - -2. Mon::Client, the Perl library used by some clients. +There are several components you'll need to get working to +have a fully functional mon installation. +1. mon, the server +2. Mon::Client, the Perl library used by some clients 3. C programs in mon.d +4. Optional (but highly useful) monitors +5. A customized mon.cf to make the server do what you want -REQUIREMENTS - +1. MON SERVER +- -The "mon" daemon uses Perl 5.n, where n >= 005_01. Older versions of Perl had -problems with Sys::Syslog under Linux, and had dated versions of -Text::ParseWords. Mon also requires that *.ph be created from the system -header files. If you're using a pre-packaged Perl (such as from RedHat) then -this has been done for you already. Otherwise, this is done manually during -Perl installation by these means: +The "mon" daemon uses Perl 5.n, where n >= 005_01. + +Mon requires that *.ph be created from the system header files. If you try to +run mon and Perl complains with the "did you run h2ph?" message, then chances +are this step wasn't done, either by your package manager or manually after +Perl installation. You can fix it by doing the following, as root: cd /usr/include - h2ph *.h sys/*.h + h2ph -r -l . -However, if you're running Linux you may need to run +You'll need the following modules for the server to function, all of +which are available from your nearest CPAN archive. The listed +CPAN paths relative to /cpan/modules/by-authors/id/ -- versions of +modules on CPAN change quickly, so there may be newer versions available, +but the following are known to work: - cd /usr/include - h2ph *.h sys/*.h asm/*.h +Time::Period PRYAN/Period-1.20.tar.gz +Time::HiResJ/JH/JHI/Time-HiRes-1.59.tar.gz +Convert::BER G/GB/GBARR/Convert-BER-1.3101.tar.gz -If you try to run mon and Perl complains with the "did you run h2ph?" -message, then chances are this step wasn't done. -You'll need the following modules for the server to function, all of -which are available from your nearest CPAN archive, or the place -where you got mon: +2. INSTALLING THE PERL CLIENT MODULE + + +The Perl client module is distributed as a separate package. It is named +"mon-client-*.tar.gz". Refer to that for installation instructions. +It is available on kernel.org mirrors in the /pub/software/admin/mon directory, +and in CVS on sourceforge.net. Be sure to match the version of mon-client with +the version of mon you are using. At this time, branch "mon-1-0-0pre1" of the +mon CVS module matches the "mon-client-1-0-0pre1" branch of the mon-client CVS +module. See http://sourceforge.net/projects/mon/ for information on CVS access. + + +3. COMPILING THE C CODE (optional) +-- + +Some of the monitors included with mon are written in C and need to +be compiled for your system. If you want to use the RPC monitor or the +dialin.monitor wrapper, + +cd mon.d +(edit Makefile) +make +make install +cd .. + +Keep in mind that although this is known to work on Linux, Solaris, and AIX, +it may not compile on your system. It is not required for the operation of mon +itself. --Time::Period (the one written by Patrick Ryan) --Time::HiRes --Convert::BER --Mon::* + +4. MONITORS +--- All of the monitor and alert scripts that are packaged with mon are actually *optional*. However, this is what you'll need for each special -monitor: +monitor, with CPAN paths relative to /cpan/modules/by-author/id/ + +freespace.monitor - requires Filesys::Diskspace from CPAN, + in FTASSIN/Filesys-DiskSpace-0.05.tar.gz + -freespace.monitor - The disk space monitor requires the "Filesys::DiskSpace" Perl - module from CPAN. - -fping.monitor - Requires the "fping" code, probably available from the same - place that you got this package. - -telnet.monitor - This requires the Net::Telnet Perl module, available from - CPAN. +fping.monitor - requires the 'fping' binary, from http://www.fping.com + RPM packages available a
RE: Mon Server Goes Foobar, help!
On Mon, 12 Jan 2004, Gary Richardson wrote: > I'm doing some more research into this. A ran -d:Profile for perl and found > that 96% of the time is spent in Sys::Syslog::_syslog_send_socket. Is this > normal? Maybe the output logfile is set to fsync-on-write. This is the (unfortunate) default for some syslogs. Try prepending the filename with a '-' to turn it off, like: local1.*-/var/log/mon.log NB not all syslogs support this, check your local man pages for details. -- Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation ___ mon mailing list [EMAIL PROTECTED] http://linux.kernel.org/mailman/listinfo/mon
Re: FW: mail.alert
So to answer the original question -- there isn't a SMTP-speaking alert that's distributed with Mon. The parts to change in mail.alert would be those which invoke '/usr/lib/sendmail' and write the alert out to the consequent filehandle. It would be pretty straightforward to use Net::SMTP here instead. That's an external module dependency (libnet) but it's a pretty common module and has less overhead than the full-fledged Mail::Internet distribution (part of MailTools) -- Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation ___ mon mailing list [EMAIL PROTECTED] http://linux.kernel.org/mailman/listinfo/mon