Last active
August 29, 2015 14:00
-
-
Save aleks-mariusz/00cee869c51a21f4e41b to your computer and use it in GitHub Desktop.
Aug 9 2001 - Back before there was any sophisticated monitoring/log analysis software suites, we had to roll our own. Here's an example of early some shell scripting work i did at an internet hosting company that alerted when folks were using 'too much traffic' (that was defined by management of course)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/local/bin/bash | |
CONFDIR="/home/cricket/mrtg/threshold/conf" | |
LOGDIR="/home/cricket/mrtg/threshold/logs" | |
MRTG_HOME="/home/cricket/mrtg/devices" | |
EMAILLIM=1 | |
EMAIL="thold@nyi.net" | |
#EMAIL="cynikal@cynikal.net" | |
#EMAIL="none" | |
TMP="/tmp/.$(basename $0).$$" | |
for FILE in $(ls -ld ${CONFDIR}/*|awk '$1 ~ /^-/ {print $9}') ; do | |
CIRCUIT=$(basename ${FILE}) | |
DEVICE="Router" | |
if [ "$(echo $CIRCUIT|egrep "^cs")" ]; then | |
DEVICE="Switch $(echo $CIRCUIT|cut -d_ -f1|cut -ds -f2)" | |
PORT=$(printf "%03d" $[$(echo $CIRCUIT|cut -d_ -f2|sed -e 's/^0//')-1]) | |
fi | |
PORT=$(printf "%03d" $[$(echo $CIRCUIT|cut -d_ -f2|sed -e 's/^0//')]) | |
IN_THRESH=$(tail -1 $FILE |awk '{print $1}') | |
OUT_THRESH=$(tail -1 $FILE|awk '{print $2}') | |
REP_THRESH=$(tail -1 $FILE|awk '{print $3}') | |
if [ ! "$REP_THRESH" ] ; then REP_THRESH=1 ; fi | |
SRCFILE=$(/bin/echo ${MRTG_HOME}/$(cat $FILE|head -1|cut -d_ -f1)/$PORT/$(cat $FILE|head -1|cut -d" " -f1).log); | |
DESCR=$(cat $FILE|head -1|cut -d" " -f2-) | |
RESULT=$(/bin/cat ${SRCFILE}|head -2| tail -1| awk '{print $2, $3}') | |
# RESULT=$(/usr/local/bin/lynx -dump -source $(head -1 $FILE)|\ | |
# head -2| tail -1| awk '{print $2, $3}'|\ | |
# sed -e 's/Not Found<\/TITLE>/0 0/') | |
echo $RESULT > ${LOGDIR}/${CIRCUIT} | |
# echo $RESULT >> ${LOGDIR}/${CIRCUIT} | |
# tail -$REP_THRESH ${LOGDIR}/${CIRCUIT} > ${LOGDIR}/${CIRCUIT}.tmp | |
# mv -f ${LOGDIR}/${CIRCUIT}{.tmp,} | |
IN_ACTUAL=$(echo $RESULT |awk '{print $1}') | |
OUT_ACTUAL=$(echo $RESULT|awk '{print $2}') | |
if [ $IN_ACTUAL -ge $IN_THRESH ]; then | |
if [ ! -f ${LOGDIR}/${CIRCUIT}_in ]; then | |
echo 1 > ${LOGDIR}/${CIRCUIT}_in | |
else | |
REALLIM=$(cat ${LOGDIR}/${CIRCUIT}_in) | |
echo $[REALLIM + 1] > ${LOGDIR}/${CIRCUIT}_in | |
fi | |
IN_ACTUAL=$[$IN_ACTUAL/1024]; | |
IN_THRESH=$[$IN_THRESH/1024]; | |
if [ $(head -1 ${LOGDIR}/${CIRCUIT}_in) -le $[${EMAILLIM}+${REP_THRESH}-1] -a\ | |
$(head -1 ${LOGDIR}/${CIRCUIT}_in) -ge ${REP_THRESH} ]; then | |
echo "$DEVICE Port #$PORT ($DESCR) above threshold-in of"\ | |
"$IN_THRESH KBPS by $[$IN_ACTUAL-$IN_THRESH] KBPS"\ | |
>> $TMP | |
fi | |
elif [ -f ${LOGDIR}/${CIRCUIT}_in ]; then | |
echo "$DEVICE Port #$PORT ($DESCR) below threshold-in"\ | |
"(previously exceeded $(cat ${LOGDIR}/${CIRCUIT}_in) time(s))" \ | |
>> $TMP | |
rm -f ${LOGDIR}/${CIRCUIT}_in | |
fi | |
if [ $OUT_ACTUAL -ge $OUT_THRESH ]; then | |
if [ ! -f ${LOGDIR}/${CIRCUIT}_out ]; then | |
echo 1 > ${LOGDIR}/${CIRCUIT}_out | |
else | |
REALLIM=$(cat ${LOGDIR}/${CIRCUIT}_out) | |
echo $[REALLIM + 1] > ${LOGDIR}/${CIRCUIT}_out | |
fi | |
OUT_ACTUAL=$[$OUT_ACTUAL/1024]; | |
OUT_THRESH=$[$OUT_THRESH/1024]; | |
if [ $(head -1 ${LOGDIR}/${CIRCUIT}_out) -le $[${EMAILLIM}+${REP_THRESH}-1] \ | |
-a $(head -1 ${LOGDIR}/${CIRCUIT}_out) -ge ${REP_THRESH} ]; then | |
echo "$DEVICE Port #$PORT ($DESCR) above threshold-out of"\ | |
"$OUT_THRESH KBPS by $[$OUT_ACTUAL-$OUT_THRESH] KBPS"\ | |
>> $TMP | |
fi | |
elif [ -f ${LOGDIR}/${CIRCUIT}_out ]; then | |
echo $DEVICE Port #$PORT ($DESCR) below threshold-out"\ | |
"(previously exceeded $(cat ${LOGDIR}/${CIRCUIT}_out) time(s))" \ | |
>> $TMP | |
rm -f ${LOGDIR}/${CIRCUIT}_out | |
fi | |
done | |
if [ -f $TMP ]; then | |
SIZE="$(ls -l $TMP|awk '{print $5}')" | |
if [ $SIZE -ne 0 ]; then | |
if [ ${EMAIL} == "none" ]; then | |
cat $TMP | |
else | |
for ADDY in ${EMAIL} ; do | |
cat $TMP|mail -s 'Threshold Alert' ${EMAIL} | |
done | |
fi | |
fi | |
rm -f $TMP | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment