Agenda: exercises-log-management-tenshi.txt

File exercises-log-management-tenshi.txt, 2.6 KB (added by admin, 7 years ago)
Line 
1Network Management & Monitoring
2
3Log management, part II : Using Tenshi
4----------------------------------------
5
6Notes:
7------
8* Commands preceded with "$" imply that you should execute the command as
9  a general user - not as root.
10* Commands preceded with "#" imply that you should be working as root.
11* Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>")
12  imply that you are executing commands on remote equipment, or within
13  another program.
14
15Exercises
16---------
17
181. Make sure that your routers are configured to send logs to your PC
19
202. Configure rsyslog to save all router logs in one file for monitoring purposes:
21
22        # vi /etc/rsyslog.d/99-routerlogs.conf
23
24        - Find the line
25       
26        local5.*                        -?RouterLogs
27
28        ... and add a new line below:
29
30        local5.*            /var/log/network/everything
31
32... this will enable logging of ALL messages matching the local5 facility to a single file,
33so that we can run a monitoring script on the messages.
34
35        - Now restart rsyslog:
36
37        # service rsyslog restart
38
392. Enable a daily automated script to truncate the log file so it doesn't
40grow too big:
41
42        # vi /etc/logrotate.d/everything
43       
44        - In the file add the following:
45
46/var/log/network/everything {
47  daily
48  copytruncate
49  rotate 1
50  postrotate
51        /etc/init.d/tenshi restart
52  endscript
53}
54
55
567. Check if Tenshi is already installed in your PC. If not, you can install it with:
57
58        # apt-get install tenshi
59
608. Configure Tenshi to send you alarms when the routers are configured
61
62        # vi /etc/tenshi/includes-available/network
63
64        set logfile /var/log/network/everything
65        set queue network_alarms tenshi@localhost sysadm@localhost [*/1 * * * *] Tenshi Network Alarms
66
67        group_host rtr
68        network_alarms SYS-5-CONFIG_I
69        network_alarms PRIV_AUTH_PASS
70        network_alarms LINK
71        group_end
72
739. Create a symlink so that Tenshi loads your new file:
74       
75        # ln -s /etc/tenshi/includes-available/network /etc/tenshi/includes-active
76
7710. Restart Tenshi:
78
79        # service tenshi restart
80
8111. Log in to your router, and run some "config" commands (example below):
82
83        # telnet 10.10.X.254            [where "X" is your router number]
84        rtrX.ws.nsrc.org> enable
85        Password: <password>
86        rtrX.ws.nsrc.org# config terminal
87        rtrX.ws.nsrc.org(config)# int FastEthernet0/0
88        rtrX.ws.nsrc.org(config-if)# description Description Change for FastEthernet0/0 for Tenshi
89        rtrX.ws.nsrc.org(config-if)# ctrl-z
90        rtrX.ws.nsrc.org# write memory
91        rtrX.ws.nsrc.org# exit
92
93        Just as in the previous exercise, attempt to shutdown / no shutdown
94        a loopback interface
95
9612. Verify that you are receiving emails to the sysadmin user from Tenshi
97
98        $ su - sysadmn
99        $ mutt -f /var/mail/sysadm
100