Difference between revisions of "Alert notifications"

From YobiWiki
Jump to navigation Jump to search
m
m (Reverted edits by JasonAnderson (talk) to last revision by PhilippeTeuwen)
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
This is a generic page about reporting all kind of misbehaviours from a server.
  
This is a generic page about reporting all kind of misbehaviours from a server.
  +
<br>This is draft, to be implemented :-)
   
 
===Data collection===
  
===Data collection===
 
* [[Syslog]]
  
* [[Syslog]]
 
* [[Munin]]
  
* [[Munin]]
* acct
 +
* acct & atop
  +
* procinfo
 
* exim stats
  
* exim stats
 
* apache stats
  
* apache stats
  +
* netstat -l...
   
 
===What to filter for what kind of alert?===
  
===What to filter for what kind of alert?===
Line 12: Line 15:
 
* Syslog -> [[Logcheck]]
  
* Syslog -> [[Logcheck]]
 
* We should send also at least what we want to report via jabber/SMS
  
* We should send also at least what we want to report via jabber/SMS
  +
* [[Vserver watchdogs]] -> cron
 
====Jabber/SMS alerts====
  
====Jabber/SMS alerts====
  +
You can use sendxmpp
  +
  +
apt-get install sendxmpp
  +
echo "Here is a very cool notification agent"|\
  +
sendxmpp -u <user> -p <passwd> -j <server> -s <subject> <destinataires>
  +
  +
Note that v1.13-1 is [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496823 buggy], apply this patch:
  +
<source lang=diff>
  +
--- /usr/bin/sendxmpp 2008-09-21 00:51:15.000000000 +0200
  +
+++ /usr/bin/sendxmpp 2008-09-21 00:47:32.000000000 +0200
  +
@@ -281,7 +281,7 @@
  +
connectiontype => 'tcpip',
  +
componentname => $comp
  +
};
  +
- $arghash->{port} = $port if (!$port);
  +
+ $arghash->{port} = $port if ($port);
  +
if (!$port) {
  +
@res = $cnx->Connect(%$arghash);
  +
error_exit ("Could not connect to server '$host': $@") unless @res;
  +
</source>
 
* Hardware damages
  
* Hardware damages
 
** temp, fans
  
** temp, fans
Line 18: Line 42:
 
* Software damages
  
* Software damages
 
** HD capacity
  
** HD capacity
** CPU load 100% for more than X mins
 +
** CPU load 100% for more than X mins<br>The easiest is to take the third field of /proc/loadavg which is a mean over the last 15 mins, here with 2 CPUs:
  +
awk '$3 > 2 {print "alert"}' /proc/loadavg
 
** network load > X for more than Y mins
  
** network load > X for more than Y mins
 
** exim load > X mails sent per min
  
** exim load > X mails sent per min
  +
  +
From sendxmpp author:
  +
if test "$cpuload" -gt "$CPULOADMAX"; then
  +
top -b -n 1 | sendxmpp -s "wake up! cpu load $cpuload at `hostname`" someone@jabber.org
  +
fi
  +
To get all logcheck mail and mails with subject starting with JABBER I added this to my procmail:
  +
:0 c
  +
* ^From: .*logcheck|\
  +
^Subject: JABBER
  +
* ^Subject: \/.*
  +
| formail -k -X From:|sendxmpp -u sendxmpp -p xmpp -j <jabber server> -s "$MATCH" <my@jabber.account>

Latest revision as of 16:02, 2 March 2016

This is a generic page about reporting all kind of misbehaviours from a server.
This is draft, to be implemented :-)

Data collection

  • Syslog
  • Munin
  • acct & atop
  • procinfo
  • exim stats
  • apache stats
  • netstat -l...

What to filter for what kind of alert?

Mail alerts

Jabber/SMS alerts

You can use sendxmpp 

apt-get install sendxmpp
echo "Here is a very cool notification agent"|\
   sendxmpp -u <user> -p <passwd> -j <server> -s <subject> <destinataires>

Note that v1.13-1 is buggy, apply this patch: 

--- /usr/bin/sendxmpp    2008-09-21 00:51:15.000000000 +0200
+++ /usr/bin/sendxmpp    2008-09-21 00:47:32.000000000 +0200
@@ -281,7 +281,7 @@
                connectiontype  => 'tcpip',
                componentname   => $comp
        };
-       $arghash->{port} = $port if (!$port);
+       $arghash->{port} = $port if ($port);
        if (!$port) {
                @res = $cnx->Connect(%$arghash);
                error_exit ("Could not connect to server '$host': $@") unless @res;
  • Hardware damages
    • temp, fans
    • raid
  • Software damages
    • HD capacity
    • CPU load 100% for more than X mins
      The easiest is to take the third field of /proc/loadavg which is a mean over the last 15 mins, here with 2 CPUs:
awk '$3 > 2 {print "alert"}' /proc/loadavg
    • network load > X for more than Y mins
    • exim load > X mails sent per min

From sendxmpp author: 

if test "$cpuload" -gt "$CPULOADMAX"; then
 top -b -n 1 | sendxmpp -s "wake up! cpu load $cpuload at `hostname`" someone@jabber.org  
fi

To get all logcheck mail and mails with subject starting with JABBER I added this to my procmail: 

:0 c                                                                                                                                                                      
* ^From: .*logcheck|\                                                                                                                                                     
  ^Subject: JABBER                                                                                                                                                       
* ^Subject: \/.*                                                                                                                                                          
| formail -k -X From:|sendxmpp -u sendxmpp -p xmpp -j <jabber server> -s "$MATCH" <my@jabber.account>
Retrieved from "https://wiki.yobi.be/index.php?title=Alert_notifications&oldid=10024"