1 | Network Management & Monitoring |
---|
2 | |
---|
3 | Log management, part II : Using Tenshi |
---|
4 | ---------------------------------------- |
---|
5 | |
---|
6 | Notes: |
---|
7 | ------ |
---|
8 | * Commands preceded with "$" imply that you should execute the command as |
---|
9 | a general user - not as root. |
---|
10 | * Commands preceded with "#" imply that you should be working as root. |
---|
11 | * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") |
---|
12 | imply that you are executing commands on remote equipment, or within |
---|
13 | another program. |
---|
14 | |
---|
15 | Exercises |
---|
16 | --------- |
---|
17 | |
---|
18 | 1. Make sure that your routers are configured to send logs to your PC |
---|
19 | |
---|
20 | 2. Configure rsyslog to save all router logs in one file for monitoring purposes: |
---|
21 | |
---|
22 | # vi /etc/rsyslog.d/99-routerlogs.conf |
---|
23 | |
---|
24 | - Find the line |
---|
25 | |
---|
26 | local5.* -?RouterLogs |
---|
27 | |
---|
28 | ... and add a new line below: |
---|
29 | |
---|
30 | local5.* /var/log/network/everything |
---|
31 | |
---|
32 | ... this will enable logging of ALL messages matching the local5 facility to a single file, |
---|
33 | so that we can run a monitoring script on the messages. |
---|
34 | |
---|
35 | - Now restart rsyslog: |
---|
36 | |
---|
37 | # service rsyslog restart |
---|
38 | |
---|
39 | 2. Enable a daily automated script to truncate the log file so it doesn't |
---|
40 | grow too big: |
---|
41 | |
---|
42 | # vi /etc/logrotate.d/everything |
---|
43 | |
---|
44 | - In the file add the following: |
---|
45 | |
---|
46 | /var/log/network/everything { |
---|
47 | daily |
---|
48 | copytruncate |
---|
49 | rotate 1 |
---|
50 | postrotate |
---|
51 | /etc/init.d/tenshi restart |
---|
52 | endscript |
---|
53 | } |
---|
54 | |
---|
55 | |
---|
56 | 7. Check if Tenshi is already installed in your PC. If not, you can install it with: |
---|
57 | |
---|
58 | # apt-get install tenshi |
---|
59 | |
---|
60 | 8. Configure Tenshi to send you alarms when the routers are configured |
---|
61 | |
---|
62 | # vi /etc/tenshi/includes-available/network |
---|
63 | |
---|
64 | set logfile /var/log/network/everything |
---|
65 | set queue network_alarms tenshi@localhost sysadm@localhost [*/1 * * * *] Tenshi Network Alarms |
---|
66 | |
---|
67 | group_host rtr |
---|
68 | network_alarms SYS-5-CONFIG_I |
---|
69 | network_alarms PRIV_AUTH_PASS |
---|
70 | network_alarms LINK |
---|
71 | group_end |
---|
72 | |
---|
73 | 9. Create a symlink so that Tenshi loads your new file: |
---|
74 | |
---|
75 | # ln -s /etc/tenshi/includes-available/network /etc/tenshi/includes-active |
---|
76 | |
---|
77 | 10. Restart Tenshi: |
---|
78 | |
---|
79 | # service tenshi restart |
---|
80 | |
---|
81 | 11. Log in to your router, and run some "config" commands (example below): |
---|
82 | |
---|
83 | # telnet 10.10.X.254 [where "X" is your router number] |
---|
84 | rtrX.ws.nsrc.org> enable |
---|
85 | Password: <password> |
---|
86 | rtrX.ws.nsrc.org# config terminal |
---|
87 | rtrX.ws.nsrc.org(config)# int FastEthernet0/0 |
---|
88 | rtrX.ws.nsrc.org(config-if)# description Description Change for FastEthernet0/0 for Tenshi |
---|
89 | rtrX.ws.nsrc.org(config-if)# ctrl-z |
---|
90 | rtrX.ws.nsrc.org# write memory |
---|
91 | rtrX.ws.nsrc.org# exit |
---|
92 | |
---|
93 | Just as in the previous exercise, attempt to shutdown / no shutdown |
---|
94 | a loopback interface |
---|
95 | |
---|
96 | 12. Verify that you are receiving emails to the sysadmin user from Tenshi |
---|
97 | |
---|
98 | $ su - sysadmn |
---|
99 | $ mutt -f /var/mail/sysadm |
---|
100 | |
---|