Network-monitor-in-10-minutes-with-splunk
From Datateknik
(Difference between revisions)
(→crontab) |
(→crontab) |
||
| Line 33: | Line 33: | ||
# run every 30 minutes, every hour, every day | # run every 30 minutes, every hour, every day | ||
*/30 * * * /var/log/ping-targets/monitor.sh >> /var/log/ping-targets/monitor.log 2>&1 | */30 * * * /var/log/ping-targets/monitor.sh >> /var/log/ping-targets/monitor.log 2>&1 | ||
| + | = SPLUNK = | ||
| + | *install splunk | ||
| + | * login | ||
| + | == Import Data == | ||
| + | Import the directory '''/var/log/ping-.../''' | ||
| + | == Search Data == | ||
| + | Default search does not work, so change to | ||
| + | source="/var/log/ping-targets/*" | ||
| + | You should now see a table of data from the ping command | ||
| + | |||
| + | Now search for srv1 ping results | ||
| + | source="/var/log/ping-targets/srv1-logs.txt" | ||
| + | You should now only see server1 data | ||
| + | |||
| + | Create a time-graph by sending it to the timechart function (using a pipeline) and plot the time-variable that you can see in the data-table | ||
| + | source="/var/log/ping-targets/srv1-logs.txt" | timechart avg(time) | ||
| + | Select the /Visualization\-Tab, and change gte grafix to a bar-plot to your liking | ||
| + | |||
| + | If you see gaps in the plot, change it to | ||
| + | source="/var/log/ping-targets/srv1-logs.txt" | timechart cont=false avg(time) | ||
| + | |||
| + | == | ||
Revision as of 15:07, 5 May 2017
- SNÄLLA*
Logga in med vanliga skill-bokningslösenordet och fixa fel/lägg till det som saknas /Robert
Contents |
Skapa kataloger
su - mkdir /var/log/ping-targets cd /var/log/ping-targets
Skapa skriptet
- nano monitor.sh
#!/bin/bash echo Killing Existing Pings pkill ping echo Pinging #external hosts for testing, run in background # BYT IP-NUMMER NEDAN, ANNARS DÖDAR NI MIN SERVER !!!! ping 193.10.236.123 > /var/log/ping-targets/srv1-logs.txt & ping 8.8.8.8 > /var/log/ping-targets/googledns-logs.txt & echo Process List of PING process ID PIDs pgrep -l ping
ls -l chmod +x monitor.sh ls -l
crontab
edit /etc/crontab and add
# monitor with ping # run every 30 minutes, every hour, every day */30 * * * /var/log/ping-targets/monitor.sh >> /var/log/ping-targets/monitor.log 2>&1
SPLUNK
- install splunk
- login
Import Data
Import the directory /var/log/ping-.../
Search Data
Default search does not work, so change to
source="/var/log/ping-targets/*"
You should now see a table of data from the ping command
Now search for srv1 ping results
source="/var/log/ping-targets/srv1-logs.txt"
You should now only see server1 data
Create a time-graph by sending it to the timechart function (using a pipeline) and plot the time-variable that you can see in the data-table
source="/var/log/ping-targets/srv1-logs.txt" | timechart avg(time)
Select the /Visualization\-Tab, and change gte grafix to a bar-plot to your liking
If you see gaps in the plot, change it to
source="/var/log/ping-targets/srv1-logs.txt" | timechart cont=false avg(time)
==
