Alert notifications: Difference between revisions

From YobiWiki
Jump to navigation Jump to search
← Older edit
Content deleted Content added
mNo edit summary
m Reverted edits by JasonAnderson (talk) to last revision by PhilippeTeuwen
 
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
This is a generic page about reporting all kind of misbehaviours from a server.
This is a generic page about reporting all kind of misbehaviours from a server.
<br>This is draft, to be implemented :-)


===Data collection===
===Data collection===
* [[Syslog]]
* [[Syslog]]
* [[Munin]]
* [[Munin]]
* acct
* acct & atop
* procinfo
* exim stats
* exim stats
* apache stats
* apache stats
* netstat -l...


===What to filter for what kind of alert?===
===What to filter for what kind of alert?===
Line 12: Line 15:
* Syslog -> [[Logcheck]]
* Syslog -> [[Logcheck]]
* We should send also at least what we want to report via jabber/SMS
* We should send also at least what we want to report via jabber/SMS
* [[Vserver watchdogs]] -> cron
====Jabber/SMS alerts====
====Jabber/SMS alerts====
You can use sendxmpp

apt-get install sendxmpp
echo "Here is a very cool notification agent"|\
sendxmpp -u <user> -p <passwd> -j <server> -s <subject> <destinataires>

Note that v1.13-1 is [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496823 buggy], apply this patch:
<source lang=diff>
--- /usr/bin/sendxmpp 2008-09-21 00:51:15.000000000 +0200
+++ /usr/bin/sendxmpp 2008-09-21 00:47:32.000000000 +0200
@@ -281,7 +281,7 @@
connectiontype => 'tcpip',
componentname => $comp
};
- $arghash->{port} = $port if (!$port);
+ $arghash->{port} = $port if ($port);
if (!$port) {
@res = $cnx->Connect(%$arghash);
error_exit ("Could not connect to server '$host': $@") unless @res;
</source>
* Hardware damages
* Hardware damages
** temp, fans
** temp, fans
Line 18: Line 42:
* Software damages
* Software damages
** HD capacity
** HD capacity
** CPU load 100% for more than X mins
** CPU load 100% for more than X mins<br>The easiest is to take the third field of /proc/loadavg which is a mean over the last 15 mins, here with 2 CPUs:
awk '$3 > 2 {print "alert"}' /proc/loadavg
** network load > X for more than Y mins
** network load > X for more than Y mins
** exim load > X mails sent per min
** exim load > X mails sent per min

From sendxmpp author:
if test "$cpuload" -gt "$CPULOADMAX"; then
top -b -n 1 | sendxmpp -s "wake up! cpu load $cpuload at `hostname`" someone@jabber.org
fi
To get all logcheck mail and mails with subject starting with JABBER I added this to my procmail:
:0 c
* ^From: .*logcheck|\
^Subject: JABBER
* ^Subject: \/.*
| formail -k -X From:|sendxmpp -u sendxmpp -p xmpp -j <jabber server> -s "$MATCH" <my@jabber.account>

Latest revision as of 15:02, 2 March 2016

This is a generic page about reporting all kind of misbehaviours from a server.
This is draft, to be implemented :-)

Data collection

  • Syslog
  • Munin
  • acct & atop
  • procinfo
  • exim stats
  • apache stats
  • netstat -l...

What to filter for what kind of alert?

Mail alerts

Jabber/SMS alerts

You can use sendxmpp 

apt-get install sendxmpp
echo "Here is a very cool notification agent"|\
   sendxmpp -u <user> -p <passwd> -j <server> -s <subject> <destinataires>

Note that v1.13-1 is buggy, apply this patch: 

--- /usr/bin/sendxmpp    2008-09-21 00:51:15.000000000 +0200
+++ /usr/bin/sendxmpp    2008-09-21 00:47:32.000000000 +0200
@@ -281,7 +281,7 @@
                connectiontype  => 'tcpip',
                componentname   => $comp
        };
-       $arghash->{port} = $port if (!$port);
+       $arghash->{port} = $port if ($port);
        if (!$port) {
                @res = $cnx->Connect(%$arghash);
                error_exit ("Could not connect to server '$host': $@") unless @res;
  • Hardware damages
    • temp, fans
    • raid
  • Software damages
    • HD capacity
    • CPU load 100% for more than X mins
      The easiest is to take the third field of /proc/loadavg which is a mean over the last 15 mins, here with 2 CPUs:
awk '$3 > 2 {print "alert"}' /proc/loadavg
    • network load > X for more than Y mins
    • exim load > X mails sent per min

From sendxmpp author: 

if test "$cpuload" -gt "$CPULOADMAX"; then
 top -b -n 1 | sendxmpp -s "wake up! cpu load $cpuload at `hostname`" someone@jabber.org  
fi

To get all logcheck mail and mails with subject starting with JABBER I added this to my procmail: 

:0 c                                                                                                                                                                      
* ^From: .*logcheck|\                                                                                                                                                     
  ^Subject: JABBER                                                                                                                                                       
* ^Subject: \/.*                                                                                                                                                          
| formail -k -X From:|sendxmpp -u sendxmpp -p xmpp -j <jabber server> -s "$MATCH" <my@jabber.account>
Retrieved from "https://wiki.yobi.be/index.php?title=Alert_notifications&oldid=10024"