Network-monitor-in-10-minutes-with-splunk

From Datateknik
(Difference between revisions)
Jump to: navigation, search
(crontab)
(Search Data)
Line 46: Line 46:
 
  source="/var/log/ping-targets/srv1-logs.txt"   
 
  source="/var/log/ping-targets/srv1-logs.txt"   
 
You should now only see server1 data
 
You should now only see server1 data
 
+
== plotting ==
 
Create a time-graph by sending it to the timechart function (using a pipeline) and plot the time-variable that you can see in the data-table  
 
Create a time-graph by sending it to the timechart function (using a pipeline) and plot the time-variable that you can see in the data-table  
 
  source="/var/log/ping-targets/srv1-logs.txt"  | timechart avg(time)
 
  source="/var/log/ping-targets/srv1-logs.txt"  | timechart avg(time)
Line 54: Line 54:
 
  source="/var/log/ping-targets/srv1-logs.txt"  | timechart cont=false avg(time)
 
  source="/var/log/ping-targets/srv1-logs.txt"  | timechart cont=false avg(time)
  
==
+
== Plotting it all together ==
 +
source="/var/log/ping-targets/*.txt" | timechart cont=false  avg(time) by source

Revision as of 15:26, 5 May 2017

  • SNÄLLA*

Logga in med vanliga skill-bokningslösenordet och fixa fel/lägg till det som saknas /Robert

Contents

Skapa kataloger

su -
mkdir /var/log/ping-targets
cd /var/log/ping-targets

Skapa skriptet

  • nano monitor.sh
#!/bin/bash

echo Killing Existing Pings
pkill ping
 
echo Pinging
#external hosts for testing, run in background
# BYT IP-NUMMER NEDAN, ANNARS DÖDAR NI MIN SERVER !!!!
ping 193.10.236.123 > /var/log/ping-targets/srv1-logs.txt &
ping 8.8.8.8 > /var/log/ping-targets/googledns-logs.txt &

echo Process List of PING process ID     PIDs
pgrep -l ping
 
ls -l
chmod +x monitor.sh
ls -l

crontab

edit /etc/crontab and add

# monitor with ping
# run every 30 minutes, every hour, every day
*/30 * * *       /var/log/ping-targets/monitor.sh >> /var/log/ping-targets/monitor.log 2>&1

SPLUNK

  • install splunk
  • login

Import Data

 Import the directory /var/log/ping-.../

Search Data

Default search does not work, so change to

 source="/var/log/ping-targets/*" 

You should now see a table of data from the ping command

Now search for srv1 ping results

source="/var/log/ping-targets/srv1-logs.txt"  

You should now only see server1 data

plotting

Create a time-graph by sending it to the timechart function (using a pipeline) and plot the time-variable that you can see in the data-table

source="/var/log/ping-targets/srv1-logs.txt"  | timechart avg(time)

Select the /Visualization\-Tab, and change gte grafix to a bar-plot to your liking

If you see gaps in the plot, change it to

source="/var/log/ping-targets/srv1-logs.txt"  | timechart cont=false avg(time)

Plotting it all together

source="/var/log/ping-targets/*.txt" | timechart cont=false  avg(time) by source
Personal tools
Namespaces

Variants
Actions
Navigation
Tools