Linux System Administration Recipes A Problem-Solution Approach

More documents

Recommendations

Info

CHAPTER 11 ■ TRACKING DOWN BUGS11-7. Performing Centralized Logging with syslogIt’s also possible to centralize your system logging, setting up a single log host to receive messages fromall machines. This has the advantage that if the remote machine is attacked, the attacker won’t be able todelete the logs from the central loghost; it can also have security implications, depending on how you setit up. As ever, be aware of the possibilities for attack.It’s wise to carry on logging locally, as well, so that if there’s a problem with a particular machine,you don’t have to wade through all the remote logs to identify it.First, set up syslogd on your log host to receive remote messages. On Debian/Ubuntu, edit the/etc/init.d/sysklogd file so that the SYSLOGD line near the top reads as follows:SYSLOGD="-r"■ Note To also remove the MARK lines from the files, use SYSLOGD="-r -m0".Now restart the syslog daemon (/etc/init.d/sysklogd restart).On the remote (client) machine, edit /etc/syslog.conf to specify which messages you want to sendto the logging host. You probably want just to add this line, rather than replacing the existing lines, asdiscussed earlier:*.err@loghost.example.comRestart syslogd on the client machine (/etc/init.d/sysklogd restart).Log messages from your client machine should now be recorded on the log host. Note that themessages will be filtered twice: once on the client machine (with the setup given here, messages fromany source with a priority of err or above will make it through) and then again on the log host, wherethey’ll be treated as any other incoming syslog message and filtered to a particular log file depending onthe settings in /etc/syslog.conf. So, mail messages would (assuming this was set up as in recipe 11-6)be filtered to the mail log file on the remote host, and so on. Unfortunately, there’s no way of filteringmessages from a particular host at this point; you’ll have to use grep on the log files.■ Note Another option is syslog-ng if you have very complicated logging requirements.11-8. Plotting Log Data to Locate <strong>Problem</strong>s: perl and gnuplotIf you want ongoing visualization of log data, you probably want to look at a tool like Cacti or one of theother tools built on RRDTool, rather than building your own data plot. However, sometimes you’remonitoring something specific and need to get a quick visualization of the output, perhaps to identifywhether there is a real problem.226Download at WoweBook.Com
CHAPTER 11 ■ TRACKING DOWN BUGSAn example is if you’re concerned about the response rate of one of your servers, such as your mainNFS server, which anecdotally appears to be slow to respond from time to time. To check this out, youcan set up a short script to ping it at intervals and get the response rate.■ Note This is only the start of an investigation. You’d also want to check the response to a real NFS request,among other things.01 #!/usr/bin/perl -w02 # JK 10.01.20080304 use strict;05 use Net::Ping;06 use Net::SMTP;07 use Time::HiRes;08 use POSIX qw(stfrtime);0910 my $server = "nfsserver";11 my $file = "/home/jkemp/sysadmin/nfs_response.log";1213 # Ping server and record time and response time14 my $ping = Net::Ping->new();15 $ping->hires();16 my ($ret, $duration, $ip) = $ping->ping($server, 5.5);17 open FILE, ">>$file";18 print FILE ((strftime "%b-%d-%H:%M:%S", localtime), " ");19 printf FILE ("%.3f\n", 1000 * $duration);20 close FILE;This should be fairly self-explanatory. It’s being run on a local network, so there’s no need to specifya domain in line 10. The use of Time::HiRes (and then setting the ping response as hires in line 15—thisis a feature of the Net::Ping module) enables the data to be recorded with millisecond values rather thanjust in seconds. In line 16, $ret is the success flag (1 for reachable, 0 for not), which we don’t use. We alsodiscard $ip, which is the IP address that the pinged host (here nfsserver) resolved to, and keep only$duration, which is the elapsed time of the ping. The 5.5 value in the ping call is the length of time (inseconds) to wait before giving up, if the host doesn’t respond.Lines 17–20 deal with writing the output to file, with the time of the ping and then the ping responseduration printed to three decimal places with printf. Note that this is the time after the ping, not beforeit. In this context, this is unlikely to matter, but it could if you wanted to set a $currenttime value beforethe ping and then use that here. Note that the $duration value is returned in milliseconds, so youmultiply it by 1,000 to get seconds.Run this every minute (or however often you want) with a line in a cron file. This can be your owncron file rather than that of root.* * * * * /home/jkemp/bin/nfsserver_ping.pl227Download at WoweBook.Com
Page 2:
Download at WoweBook.Com
Page 5 and 6:
Download at WoweBook.Comiii
Page 7 and 8:
Contents■About the Author .......
Page 9 and 10:
■ CONTENTS3-7. Writing a Nagios P
Page 11 and 12:
■ CONTENTS■Chapter 8: Using the
Page 13 and 14:
■ CONTENTSAbout the Author■Juli
Page 15 and 16:
■ CONTENTSAcknowledgmentsMany tha
Page 17 and 18:
■ CONTENTSIntroductionThis book i
Page 19 and 20:
■ INTRODUCTIONDownloading the Cod
Page 21 and 22:
C H A P T E R 1■ ■ ■Saving Yo
Page 23 and 24:
CHAPTER 1 ■ SAVING YOURSELF EFFOR
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
C H A P T E R 2■ ■ ■Centraliz
Page 43 and 44:
CHAPTER 2 ■ CENTRALIZING YOUR NET
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
C H A P T E R 3■ ■ ■Monitorin
Page 85 and 86:
CHAPTER 3 ■ MONITORING AND UPDATI
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
Page 111 and 112:
Page 113 and 114:
Page 115 and 116:
C H A P T E R 4■ ■ ■Taking Ba
Page 117 and 118:
CHAPTER 4 ■ TAKING BACKUPS AND MA
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125 and 126:
Page 127 and 128:
Page 129 and 130:
Page 131 and 132:
Page 133 and 134:
Page 135 and 136:
Page 137 and 138:
Page 139 and 140:
C H A P T E R 5■ ■ ■Working w
Page 141 and 142:
CHAPTER 5 ■ WORKING WITH FILESYST
Page 143 and 144:
Page 145 and 146:
Page 147 and 148:
Page 149 and 150:
Page 151 and 152:
Page 153 and 154:
Page 155 and 156:
C H A P T E R 6■ ■ ■Securing
Page 157 and 158:
CHAPTER 6 ■ SECURING YOUR SYSTEMS
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
Page 175 and 176:
Page 177 and 178:
C H A P T E R 7■ ■ ■Working w
Page 179 and 180:
CHAPTER 7 ■ WORKING WITH APACHEOn
Page 181 and 182:
CHAPTER 7 ■ WORKING WITH APACHEdi
Page 183 and 184:
CHAPTER 7 ■ WORKING WITH APACHE4.
Page 185 and 186:
CHAPTER 7 ■ WORKING WITH APACHE
Page 187 and 188:
CHAPTER 7 ■ WORKING WITH APACHEAl
Page 189 and 190:
CHAPTER 7 ■ WORKING WITH APACHE
Page 191 and 192:
C H A P T E R 8■ ■ ■Making Be
Page 193 and 194:
CHAPTER 8 ■ USING THE COMMAND LIN
Page 195 and 196: CHAPTER 8 ■ USING THE COMMAND LIN
Page 205 and 206: C H A P T E R 9■ ■ ■Working w
Page 207 and 208: CHAPTER 9 ■ WORKING WITH TEXT IN
Page 223 and 224: C H A P T E R 10■ ■ ■Things G
Page 225 and 226: CHAPTER 10 ■ THINGS GO IN, THINGS
Page 233 and 234: C H A P T E R 11■ ■ ■Tracking
Page 235 and 236: CHAPTER 11 ■ TRACKING DOWN BUGSTh
Page 237 and 238: CHAPTER 11 ■ TRACKING DOWN BUGS01
Page 239 and 240: CHAPTER 11 ■ TRACKING DOWN BUGS
Page 245: CHAPTER 11 ■ TRACKING DOWN BUGSTh
Page 249 and 250: CHAPTER 11 ■ TRACKING DOWN BUGS#
Page 251 and 252: C H A P T E R 12■ ■ ■Managing
Page 253 and 254: CHAPTER 12 ■ MANAGING TIME AND PE
Page 267 and 268: APPENDIX■ ■ ■Perl TipsSee rec
Page 269 and 270: APPENDIX ■ PERL TIPS• Date::Par
Page 271 and 272: APPENDIX ■ PERL TIPSPerl Syntax N
Page 273 and 274: ■ ■ ■Index■Symbols$CDPATH,
Page 275 and 276: ■ INDEXenscript option (printing)
Page 277 and 278: ■ INDEX■NNagiosadding hosts to,
Page 279 and 280: ■ INDEXsyslogcentralized logging
Page 281 and 282: Download at WoweBook.Com
show all

Linux System Administration Recipes A Problem-Solution Approach

Create successful ePaper yourself

Delete template?

Save as template?