Network-monitor-in-10-minutes-with-splunk
From Datateknik
(Difference between revisions)
(→asd) |
(→SPLUNK) |
||
| (10 intermediate revisions by 2 users not shown) | |||
| Line 17: | Line 17: | ||
#external hosts for testing, run in background | #external hosts for testing, run in background | ||
# BYT IP-NUMMER NEDAN, ANNARS DÖDAR NI MIN SERVER !!!! | # BYT IP-NUMMER NEDAN, ANNARS DÖDAR NI MIN SERVER !!!! | ||
| − | ping 193.10.236.123 > /var/log/ping-targets/srv1-logs.txt & | + | ping -i 60 193.10.236.123 > /var/log/ping-targets/srv1-logs.txt & |
| − | ping 8.8.8.8 > /var/log/ping-targets/googledns-logs.txt & | + | ping -i 60 8.8.8.8 > /var/log/ping-targets/googledns-logs.txt & |
| − | + | #Max en ping i minuten annars dör google. | |
| + | |||
echo Process List of PING process ID PIDs | echo Process List of PING process ID PIDs | ||
pgrep -l ping | pgrep -l ping | ||
| Line 29: | Line 30: | ||
= crontab = | = crontab = | ||
| − | # run | + | edit /etc/crontab and add |
| + | # monitor with ping | ||
| + | # run every 30 minutes, every hour, every day | ||
| + | */30 * * * * /var/log/ping-targets/monitor.sh >> /var/log/ping-targets/monitor.log 2>&1 | ||
| + | |||
| + | = SPLUNK = | ||
| + | *install splunk <font color=red>do NOT install splunk if you alreade have installed it</font> | ||
| + | wget -O splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.5.3&product=splunk&filename=splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm&wget=true' | ||
| + | echo "--------------------------" | ||
| + | yum localinstall splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm | ||
| + | rpm -ql splunk | grep splunk$ | ||
| + | echo "--------------------------" | ||
| + | # firewall-cmd --add-rich-rule='rule family="ipv4" port port="8000" protocol="tcp" accept' | ||
| + | |||
| + | * login | ||
| + | == Import Data == | ||
| + | Import the directory '''/var/log/ping-.../''' | ||
| + | == Search Data == | ||
| + | Default search does not work, so change to | ||
| + | source="/var/log/ping-targets/*" | ||
| + | You should now see a table of data from the ping command | ||
| + | |||
| + | Now search for srv1 ping results | ||
| + | source="/var/log/ping-targets/srv1-logs.txt" | ||
| + | You should now only see server1 data | ||
| + | == plotting == | ||
| + | Create a time-graph by sending it to the timechart function (using a pipeline) and plot the time-variable that you can see in the data-table | ||
| + | source="/var/log/ping-targets/srv1-logs.txt" | timechart avg(time) | ||
| + | Select the /Visualization\-Tab, and change gte grafix to a bar-plot to your liking | ||
| + | |||
| + | If you see gaps in the plot, change it to | ||
| + | source="/var/log/ping-targets/srv1-logs.txt" | timechart cont=false avg(time) | ||
| + | |||
| + | == Plotting it all together == | ||
| + | source="/var/log/ping-targets/*.txt" | timechart cont=false avg(time) by source | ||
| + | Change the plot type bly clicking | ||
| + | * /Visualization\ | ||
| + | * Bar plot (text) | ||
| + | * line plot (square image) | ||
| + | |||
| + | == Create / Modify DASHBOARD == | ||
| − | + | Click "Save As ..." to create a new (or add to existing) dashboard | |
Latest revision as of 11:28, 18 May 2017
- SNÄLLA*
Logga in med vanliga skill-bokningslösenordet och fixa fel/lägg till det som saknas /Robert
Contents |
[edit] Skapa kataloger
su - mkdir /var/log/ping-targets cd /var/log/ping-targets
[edit] Skapa skriptet
- nano monitor.sh
#!/bin/bash echo Killing Existing Pings pkill ping echo Pinging #external hosts for testing, run in background # BYT IP-NUMMER NEDAN, ANNARS DÖDAR NI MIN SERVER !!!! ping -i 60 193.10.236.123 > /var/log/ping-targets/srv1-logs.txt & ping -i 60 8.8.8.8 > /var/log/ping-targets/googledns-logs.txt & #Max en ping i minuten annars dör google.
echo Process List of PING process ID PIDs pgrep -l ping
ls -l chmod +x monitor.sh ls -l
[edit] crontab
edit /etc/crontab and add
# monitor with ping # run every 30 minutes, every hour, every day */30 * * * * /var/log/ping-targets/monitor.sh >> /var/log/ping-targets/monitor.log 2>&1
[edit] SPLUNK
- install splunk do NOT install splunk if you alreade have installed it
wget -O splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=6.5.3&product=splunk&filename=splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm&wget=true' echo "--------------------------" yum localinstall splunk-6.5.3-36937ad027d4-linux-2.6-x86_64.rpm rpm -ql splunk | grep splunk$ echo "--------------------------" # firewall-cmd --add-rich-rule='rule family="ipv4" port port="8000" protocol="tcp" accept'
- login
[edit] Import Data
Import the directory /var/log/ping-.../
[edit] Search Data
Default search does not work, so change to
source="/var/log/ping-targets/*"
You should now see a table of data from the ping command
Now search for srv1 ping results
source="/var/log/ping-targets/srv1-logs.txt"
You should now only see server1 data
[edit] plotting
Create a time-graph by sending it to the timechart function (using a pipeline) and plot the time-variable that you can see in the data-table
source="/var/log/ping-targets/srv1-logs.txt" | timechart avg(time)
Select the /Visualization\-Tab, and change gte grafix to a bar-plot to your liking
If you see gaps in the plot, change it to
source="/var/log/ping-targets/srv1-logs.txt" | timechart cont=false avg(time)
[edit] Plotting it all together
source="/var/log/ping-targets/*.txt" | timechart cont=false avg(time) by source
Change the plot type bly clicking
- /Visualization\
- Bar plot (text)
- line plot (square image)
[edit] Create / Modify DASHBOARD
Click "Save As ..." to create a new (or add to existing) dashboard
