Universal Log Analyser: Unterschied zwischen den Versionen

Aus crazylinux.de
Zur Navigation springen Zur Suche springen
K (x)
K (typo)
Zeile 16: Zeile 16:
* [https://www.pitt-pladdy.com/blog/_20150213-225132_0000_opendkim_on_Cacti_via_SNMP/ OpenDKIM]
* [https://www.pitt-pladdy.com/blog/_20150213-225132_0000_opendkim_on_Cacti_via_SNMP/ OpenDKIM]
* [https://www.pitt-pladdy.com/blog/_20130324-154457_0000_fail2ban_on_Cacti_via_SNMP/ Fail2Ban]
* [https://www.pitt-pladdy.com/blog/_20130324-154457_0000_fail2ban_on_Cacti_via_SNMP/ Fail2Ban]
* [[Universal Log Analyser/vxoadm-sa|vboxadm-sa]]
* [[Universal Log Analyser/vboxadm-sa|vboxadm-sa]]
* [[Universal Log Analyser/policyd-spf|policyd-spf]]
* [[Universal Log Analyser/policyd-spf|policyd-spf]]



Version vom 28. September 2015, 23:18 Uhr

How it works

This uses a quick and dirty Perl plugin setup where the plugins you wish to use are simply tacked onto the end of the command line. This allows multiple instances of the script to be used, looking at different logs, with different plugins, and storing the results in a different place, or in the same if you prefer (but ensure the script is not run concurrently with the same results file - it will get messy!)

Plugins are simply Perl modules which return a reference to a function to register the plugin. The register functions are run to collect up the stuff that actually does the work inside the plugin, but we will go into plugin internals later.

The script will handle loading and saving of results as well as tracking where we where in the log file(s) and continuing on from the same place which makes the plugins rather simple - they just need to recognise events in the line they are given and count them.

Secondly, basic shell scripts can be used in the snmpd config to find the relevant data and return it for transmission via SNMP. These can either be universal and you specify the data fields on the command line (great for just a few), or treat them more as config files and hard-code the data fields into the script which is probably more manageable when many fields are returned in one query.

https://www.pitt-pladdy.com/blog/_20110615-093433_0100_Universal_Log_Analyser_and_snmpd_extension_scripts/

Plugins

Cronjobs

dovecot-snmp-cronjob 
#!/bin/sh
/usr/bin/perl /etc/snmp/uloganalyser /var/log/mail.log.1 /var/log/mail.log /var/local/snmp/mail dovecot policyd-spf postfix opendkim

# where to keep the files
STORE=/var/local/snmp

# update smart parameters
for devfull in /dev/sd?; do
      dev=`basename $devfull`
      /usr/sbin/smartctl -n idle -a $devfull >$STORE/smart-$dev.TMP
      mv $STORE/smart-$dev.TMP $STORE/smart-$dev
done

# run fail2ban stats
/etc/snmp/uloganalyser \
    /var/log/fail2ban.log.1 \
    /var/log/fail2ban.log \
    /var/local/snmp/fail2ban \
    fail2ban

#vboxadm spamassissin
/etc/snmp/uloganalyser /var/log/vboxadm/sa.log.1.gz  /var/log/vboxadm/sa.log /var/local/snmp/sa vboxadm-sa

#snmpd needs access
chown snmp /var/local/snmp/*

#cacti (www-data) needs access
chgrp www-data /var/local/snmp/smart*
chmod g+r /var/local/snmp/smart*