| 1 | Network Management & Monitoring |
|---|
| 2 | |
|---|
| 3 | Log management, part II : Using Tenshi |
|---|
| 4 | ---------------------------------------- |
|---|
| 5 | |
|---|
| 6 | Notes: |
|---|
| 7 | ------ |
|---|
| 8 | * Commands preceded with "$" imply that you should execute the command as |
|---|
| 9 | a general user - not as root. |
|---|
| 10 | * Commands preceded with "#" imply that you should be working as root. |
|---|
| 11 | * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") |
|---|
| 12 | imply that you are executing commands on remote equipment, or within |
|---|
| 13 | another program. |
|---|
| 14 | |
|---|
| 15 | Exercises |
|---|
| 16 | --------- |
|---|
| 17 | |
|---|
| 18 | 1. Make sure that your routers are configured to send logs to your PC |
|---|
| 19 | |
|---|
| 20 | 2. Configure rsyslog to save all router logs in one file for monitoring purposes: |
|---|
| 21 | |
|---|
| 22 | # vi /etc/rsyslog.d/99-routerlogs.conf |
|---|
| 23 | |
|---|
| 24 | - Find the line |
|---|
| 25 | |
|---|
| 26 | local5.* -?RouterLogs |
|---|
| 27 | |
|---|
| 28 | ... and add a new line below: |
|---|
| 29 | |
|---|
| 30 | local5.* /var/log/network/everything |
|---|
| 31 | |
|---|
| 32 | ... this will enable logging of ALL messages matching the local5 facility to a single file, |
|---|
| 33 | so that we can run a monitoring script on the messages. |
|---|
| 34 | |
|---|
| 35 | - Now restart rsyslog: |
|---|
| 36 | |
|---|
| 37 | # service rsyslog restart |
|---|
| 38 | |
|---|
| 39 | 2. Enable a daily automated script to truncate the log file so it doesn't |
|---|
| 40 | grow too big: |
|---|
| 41 | |
|---|
| 42 | # vi /etc/logrotate.d/everything |
|---|
| 43 | |
|---|
| 44 | - In the file add the following: |
|---|
| 45 | |
|---|
| 46 | /var/log/network/everything { |
|---|
| 47 | daily |
|---|
| 48 | copytruncate |
|---|
| 49 | rotate 1 |
|---|
| 50 | postrotate |
|---|
| 51 | /etc/init.d/tenshi restart |
|---|
| 52 | endscript |
|---|
| 53 | } |
|---|
| 54 | |
|---|
| 55 | |
|---|
| 56 | 7. Check if Tenshi is already installed in your PC. If not, you can install it with: |
|---|
| 57 | |
|---|
| 58 | # apt-get install tenshi |
|---|
| 59 | |
|---|
| 60 | 8. Configure Tenshi to send you alarms when the routers are configured |
|---|
| 61 | |
|---|
| 62 | # vi /etc/tenshi/includes-available/network |
|---|
| 63 | |
|---|
| 64 | set logfile /var/log/network/everything |
|---|
| 65 | set queue network_alarms tenshi@localhost sysadm@localhost [*/1 * * * *] Tenshi Network Alarms |
|---|
| 66 | |
|---|
| 67 | group_host rtr |
|---|
| 68 | network_alarms SYS-5-CONFIG_I |
|---|
| 69 | network_alarms PRIV_AUTH_PASS |
|---|
| 70 | network_alarms LINK |
|---|
| 71 | group_end |
|---|
| 72 | |
|---|
| 73 | 9. Create a symlink so that Tenshi loads your new file: |
|---|
| 74 | |
|---|
| 75 | # ln -s /etc/tenshi/includes-available/network /etc/tenshi/includes-active |
|---|
| 76 | |
|---|
| 77 | 10. Restart Tenshi: |
|---|
| 78 | |
|---|
| 79 | # service tenshi restart |
|---|
| 80 | |
|---|
| 81 | 11. Log in to your router, and run some "config" commands (example below): |
|---|
| 82 | |
|---|
| 83 | # telnet 10.10.X.254 [where "X" is your router number] |
|---|
| 84 | rtrX.ws.nsrc.org> enable |
|---|
| 85 | Password: <password> |
|---|
| 86 | rtrX.ws.nsrc.org# config terminal |
|---|
| 87 | rtrX.ws.nsrc.org(config)# int FastEthernet0/0 |
|---|
| 88 | rtrX.ws.nsrc.org(config-if)# description Description Change for FastEthernet0/0 for Tenshi |
|---|
| 89 | rtrX.ws.nsrc.org(config-if)# ctrl-z |
|---|
| 90 | rtrX.ws.nsrc.org# write memory |
|---|
| 91 | rtrX.ws.nsrc.org# exit |
|---|
| 92 | |
|---|
| 93 | Just as in the previous exercise, attempt to shutdown / no shutdown |
|---|
| 94 | a loopback interface |
|---|
| 95 | |
|---|
| 96 | 12. Verify that you are receiving emails to the sysadmin user from Tenshi |
|---|
| 97 | |
|---|
| 98 | $ su - sysadmn |
|---|
| 99 | $ mutt -f /var/mail/sysadm |
|---|
| 100 | |
|---|