Re: snmptrap2mon converter

2006-02-28 Thread Eric Sorenson 
On Tue, 28 Feb 2006, Jim Trocki wrote:

> On Thu, 2 Feb 2006, Eric Sorenson wrote:
> 
> > I had written something like this in the past that got lost, I'm
> > sending out this version to the list for storage in contrib/ or,
> > minimally, in google's archive :-)
> 
> thanks, i added it to the contrib module in the sourceforge cvs, to be
> discovered by future generations just as those prehistoric paintings were
> discovered in the caves of Altamira. Five points to whoever can tell me what
> album I've been listening to recently.

Steely Dan, _The Royal Scam_ , I'm guessing.

> p.s. someone just asked me about making mon do something with snmp traps,
> and i sent him this script.

That SNMPTT program is pretty darn good, it made this thing easy to 
write. Next up I want to hook this S.E.C. thingy into mon, probably 
with the same trap2mon functionality. The routers and servers are 
pointing syslog at a syslog-ng host, which lets you filter log 
messages through a program in addition to writing them out. Nate Campi 
has a good writeup here: http://www.campin.net/newlogcheck.html

-- 
  Eric Sorenson - Unix / Networks / MIS Manager - Transmeta Corporation

___
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon

snmptrap2mon converter

2006-02-02 Thread Eric Sorenson 
Here's a little program to integrate snmp traps into your mon setup.
It's meant to be used as an 'EXEC'ed program from snmptt 
(http://snmptt.sf.net), which does most of the heavy lifting.

I had written something like this in the past that got lost, I'm
sending out this version to the list for storage in contrib/ or, 
minimally, in google's archive :-)

As the comment block says:

# to be used in conjunction with snmptt : it hands us
# the results of an snmp trap and we forward it on in 
# a format mon will understand.
# usage: 
# snmptrap2mon [(--watch|-w) watchname] [(--service|-s) servicename]  
# [(--host|-h) hostname] [(--name|-n) trapname] [(--time|-t) timestamp] 
# "Quoted longform text of alert to send" 
# - 'watchname' and 'servicename' should map to your mon config;
#   leave them off and they will be set to 'default'
# - 'host' is the host sending the trap, as best snmptt can tell
# - 'trapname' is the unique string configured for this trap in snmptt.conf
# - 'timestamp' will be the time alert was received/queued ($x or $X)
#
# Example, from /etc/snmp/snmptt.conf:
#  EVENT communicationLost .1.3.6.1.4.1.318.0.1 "Status Events" CRITICAL
#  FORMAT APC UPS: Communication lost between the agent and the UPS.
#  EXEC snmptrap2mon -w symmetra-ups -s trap -h $A -n $N  \
#-t "$x" "APC UPS: Communication lost between the agent and the UPS."
#
# See README.traps in the mon distribution to setup your mon.cf.

-- 
  Eric Sorenson - Unix / Networks / MIS Manager - Transmeta Corporation#!/usr/bin/perl
#
# to be used in conjunction with snmptt : it hands us
# the results of an snmp trap and we forward it on in 
# a format mon will understand.

# usage: 
# snmptrap2mon [(--watch|-w) watchname] [(--service|-s) servicename]  
# [(--host|-h) hostname] [(--name|-n) trapname] [(--time|-t) timestamp] 
# "Quoted longform text of alert to send" 
# - 'watchname' and 'servicename' should map to your mon config;
#   leave them off and they will be set to 'default'
# - 'host' is the host sending the trap, as best snmptt can tell
# - 'trapname' is the unique string configured for this trap in snmptt.conf
# - 'timestamp' will be the time alert was received/queued ($x or $X)
#
# Example, from /etc/snmp/snmptt.conf:
#  EVENT communicationLost .1.3.6.1.4.1.318.0.1 "Status Events" CRITICAL
#  FORMAT APC UPS: Communication lost between the agent and the UPS.
#  EXEC snmptrap2mon -w symmetra-ups -s trap -h $A -n $N  \
#-t "$x" "APC UPS: Communication lost between the agent and the UPS."
#
# See README.traps in the mon distribution to setup your mon.cf.

use Carp;
use Mon::Client;
use Getopt::Std;

getopts("w:s:h:n:t:u");

my $detail = join(" ",@ARGV);

my $monhost = 'monhost.domain.com';
my $monport = 2583;

my $watch = $opt_w or 'default';
my $service = $opt_s or 'default';

my $status = $opt_u ? 'ok' : 'fail' ;

croak "Need all of -h, -n and -t" unless (defined $opt_h and 
defined $opt_n and defined $opt_t);

my $alerthost = $opt_h;
my $alertname = $opt_n;
my $alerttime = $opt_t;

my $summary = "$alertname trap from $alerthost at $alerttime";

$mon = new Mon::Client( host => $monhost, port => $monport );

croak "Couldn't make a new Mon::Client to $monhost on $monport" 
unless $mon;

$t = $mon->send_trap(group => $watch, 
 service => $service,
 retval => 1, 
 opstatus => $status, 
 summary => $summary, 
 detail => $detail,
 ); 

exit ( $t );
___
mon mailing list
mon@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/mon

rpm for mon - unincorporated patches

2004-07-08 Thread Eric Sorenson 
Porting SUSE's mon RPM to redhat (I'm intending to make it workable on any 
generic RPM-based distro, really), I came across a couple of patches  
of interest:

[EMAIL PROTECTED] /usr/src/redhat/SOURCES]# cat mon-perl-path.diff
diff -ru mon-0.99.2.orig/mon.d/file_change.monitor 
mon-0.99.2.lmb/mon.d/file_change.monitor
--- mon-0.99.2.orig/mon.d/file_change.monitor   Fri Jul 27 17:39:59 2001
+++ mon-0.99.2.lmb/mon.d/file_change.monitorFri Jul 26 12:23:20 2002
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
 #
 # mon monitor to watch for file changes
 #
Only in mon-0.99.2.lmb/mon.d: file_change.monitor~
diff -ru mon-0.99.2.orig/mon.d/up_rtt.monitor mon-0.99.2.lmb/mon.d/up_rtt.monitor
--- mon-0.99.2.orig/mon.d/up_rtt.monitorFri Jul 27 17:39:59 2001
+++ mon-0.99.2.lmb/mon.d/up_rtt.monitor Fri Jul 26 12:23:27 2002
@@ -1,4 +1,4 @@
-#!/usr/local/bin/perl
+#!/usr/bin/perl
 #
 # mon monitor to check for circuit up and measure RTT
 #

The ~ file notwithstanding, the second hunk has been applied but the
file_change.monitor in CVS still points at /usr/local/bin/perl and 
should probably be fixed -- the rest of alert.d and mon.d says /usr/bin

The next one looks harmless and potentially useful, I guess -- if it can't
run the real dialin.monitor setgid, the return code back to mon will be
nonzero, rather than silently failing.

--- mon.d/dialin.monitor.wrap.c
+++ mon.d/dialin.monitor.wrap.c 2004/02/27 08:27:15
@@ -25,5 +25,5 @@
 argv[0] = real_img;

 /* exec */
-execv (real_img, argv);
+return execv (real_img, argv);
 }

Archive-diving shows similar patches from the debian maintainer a while back:
http://marc.theaimsgroup.com/?l=mon&m=100047605305261&w=4

There's one more patch but its just really specific alerts to send stuff
over the Brazilian paging/cell networks.

Spec file to come shortly

-- 
  Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation

___
mon mailing list
[EMAIL PROTECTED]
http://linux.kernel.org/mailman/listinfo/mon

INSTALL updates

2004-07-07 Thread Eric Sorenson 

I got frustrated trying to show someone how to install mon, so I rewrote
chunks of the INSTALL doc to match reality. Apply or ignore as you see fit.

-- 
  Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation
diff -urN mon-1.0.0pre2-orig/INSTALL mon-1.0.0pre2/INSTALL
--- mon-1.0.0pre2-orig/INSTALL  2004-06-18 07:40:10.0 -0700
+++ mon-1.0.0pre2/INSTALL   2004-07-07 11:20:48.0 -0700
@@ -1,79 +1,105 @@
 $Id: INSTALL,v 1.1.1.1.2.2 2004/06/18 14:40:10 trockij Exp $
 
-INSTALLATION
-
+OVERVIEW
+
 
-Several parts:
-
-1. mon, the server
-
-2. Mon::Client, the Perl library used by some clients.
+There are several components you'll need to get working to
+have a fully functional mon installation. 
 
+1. mon, the server 
+2. Mon::Client, the Perl library used by some clients
 3. C programs in mon.d
+4. Optional (but highly useful) monitors
+5. A customized mon.cf to make the server do what you want
 
 
-REQUIREMENTS
-
+1. MON SERVER
+-
 
-The "mon" daemon uses Perl 5.n, where n >= 005_01. Older versions of Perl had
-problems with Sys::Syslog under Linux, and had dated versions of
-Text::ParseWords.  Mon also requires that *.ph be created from the system
-header files. If you're using a pre-packaged Perl (such as from RedHat) then
-this has been done for you already. Otherwise, this is done manually during
-Perl installation by these means:
+The "mon" daemon uses Perl 5.n, where n >= 005_01. 
+
+Mon requires that *.ph be created from the system header files.  If you try to
+run mon and Perl complains with the "did you run h2ph?" message, then chances
+are this step wasn't done, either by your package manager or manually after
+Perl installation. You can fix it by doing the following, as root:
 
cd /usr/include
-   h2ph *.h sys/*.h
+   h2ph -r -l .
 
-However, if you're running Linux you may need to run
+You'll need the following modules for the server to function, all of
+which are available from your nearest CPAN archive. The listed
+CPAN paths relative to /cpan/modules/by-authors/id/ -- versions of 
+modules on CPAN change quickly, so there may be newer versions available,
+but the following are known to work:
 
-   cd /usr/include
-   h2ph *.h sys/*.h asm/*.h
+Time::Period   PRYAN/Period-1.20.tar.gz
+Time::HiResJ/JH/JHI/Time-HiRes-1.59.tar.gz
+Convert::BER   G/GB/GBARR/Convert-BER-1.3101.tar.gz
 
-If you try to run mon and Perl complains with the "did you run h2ph?"
-message, then chances are this step wasn't done.
 
-You'll need the following modules for the server to function, all of
-which are available from your nearest CPAN archive, or the place
-where you got mon:
+2. INSTALLING THE PERL CLIENT MODULE
+
+
+The Perl client module is distributed as a separate package. It is named
+"mon-client-*.tar.gz".  Refer to that for installation instructions. 
+It is available on kernel.org mirrors in the /pub/software/admin/mon directory,
+and in CVS on sourceforge.net.  Be sure to match the version of mon-client with
+the version of mon you are using.  At this time, branch "mon-1-0-0pre1" of the
+mon CVS module matches the "mon-client-1-0-0pre1" branch of the mon-client CVS
+module. See http://sourceforge.net/projects/mon/ for information on CVS access.
+
+
+3. COMPILING THE C CODE (optional)
+--
+
+Some of the monitors included with mon are written in C and need to
+be compiled for your system. If you want to use the RPC monitor or the 
+dialin.monitor wrapper,
+
+cd mon.d
+(edit Makefile)
+make
+make install
+cd ..
+
+Keep in mind that although this is known to work on Linux, Solaris, and AIX,
+it may not compile on your system. It is not required for the operation of mon
+itself.
 
--Time::Period (the one written by Patrick Ryan)
--Time::HiRes
--Convert::BER
--Mon::*
+
+4. MONITORS
+---
 
 All of the monitor and alert scripts that are packaged with mon are
 actually *optional*. However, this is what you'll need for each special
-monitor:
+monitor, with CPAN paths relative to /cpan/modules/by-author/id/
+
+freespace.monitor - requires Filesys::Diskspace from CPAN, 
+   in FTASSIN/Filesys-DiskSpace-0.05.tar.gz
+   
 
-freespace.monitor
-   The disk space monitor requires the "Filesys::DiskSpace" Perl
-   module from CPAN.
-
-fping.monitor
-   Requires the "fping" code, probably available from the same
-   place that you got this package.
-
-telnet.monitor
-   This requires the Net::Telnet Perl module, available from
-   CPAN.
+fping.monitor - requires the 'fping' binary, from http://www.fping.com
+   RPM packages available a

RE: Mon Server Goes Foobar, help!

2004-01-12 Thread Eric Sorenson 
On Mon, 12 Jan 2004, Gary Richardson wrote:

> I'm doing some more research into this. A ran -d:Profile for perl and found
> that 96% of the time is spent in Sys::Syslog::_syslog_send_socket. Is this
> normal?

Maybe the output logfile is set to fsync-on-write. This is the (unfortunate)
default for some syslogs.  Try prepending the filename with a '-' to turn it
off, like:

local1.*-/var/log/mon.log

NB not all syslogs support this, check your local man pages for details.

-- 
  Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation


___
mon mailing list
[EMAIL PROTECTED]
http://linux.kernel.org/mailman/listinfo/mon

Re: FW: mail.alert

2003-02-25 Thread Eric Sorenson 

So to answer the original question -- there isn't a SMTP-speaking alert 
that's distributed with Mon. The parts to change in mail.alert would be
those which invoke '/usr/lib/sendmail' and write the alert out to the
consequent filehandle.  It would be pretty straightforward to use 
Net::SMTP here instead.  That's an external module dependency (libnet)
but it's a pretty common module and has less overhead than the full-fledged
Mail::Internet distribution (part of MailTools)

-- 
  Eric Sorenson - Systems / Network Administrator, MIS - Transmeta Corporation

___
mon mailing list
[EMAIL PROTECTED]
http://linux.kernel.org/mailman/listinfo/mon