Files: log-management-swatch.txt

File log-management-swatch.txt, 1.3 KB (added by hervey, 9 years ago)

Swatch logging exercises in Text

Line 
1Network Management Workshop
2
3Using Swatch
4
51. Let's enable logging of everything to a single file:
6
7- Edit /etc/syslog-ng/syslog-ng.conf, and add this at the end:
8
9destination everything {
10  file("/var/log/everything"
11    template("$DATE <$FACILITY.$PRIORITY> $HOST $MSG\n") template_escape(no)
12  );
13};
14log { source(s_all); destination(everything); };
15
16
17... this will enable logging of ALL messages to a single file, so that we
18can run a monitoring script on the messages.
19
202. Enable a daily automated script to truncate the log file so it doesn't
21grow too big:
22
23Create the file /etc/logrotate.d/everything
24
25/var/log/everything {
26  daily
27  copytruncate
28  rotate 1
29  postrotate
30        /etc/init.d/swatch restart
31  endscript
32}
33
34
352. Install swatch
36
37        # apt-get install swatch
38
393. Create the file /etc/swatch.conf, and put this in it:
40
41watchfor /PRIV_AUTH_PASS/
42        mail=mgmt,subject=Enable mode entered
43        threshold type=limit,count=1,seconds=3600
44
45watchfor /CONFIG_I/
46        mail=mgmt,subject=Router config
47        threshold type=limit,count=1,seconds=3600
48
49watchfor /LINK-3-UPDOWN/
50        mail=mgmt,subject=Link state change
51        threshold type=limit,count=1,seconds=3600
52
534. Start swatch:
54
55        # swatch -c /etc/swatch.conf --daemon
56
57        Check that it is running:
58
59        # ps ax | grep swatch
60
615. Log in to your router, and run some "config" commands
62
636. Check that mails are coming in:
64
65        # mutt -f /var/mail/mgmt
66
67