swatch可以實時監(jiān)控系統(tǒng)日志文件,在匹配到特定的事件時執(zhí)行指定的動作�。swatch所監(jiān)控的事件以及對應事件的動作都存放在swatch的配置文件中。預設(shè)的配置文件為用戶根目錄下的.swatchrc�����。
三��、配置
我的配置文件/usr/local/etc/netdevicerc�,主要用于監(jiān)控監(jiān)控路由器和交換機的端口狀態(tài)��,一旦發(fā)生變化會發(fā)郵件報警:
watchfor = /changed state|STATUS CHANGE\(l\)/
mail = user@yourdomain.com, from = "notify \<notify\@yourdomain.com\>"
watchfor指定需要在日志中通過tail配置的關(guān)鍵字�����,是正則表達式�。
注意第二行���,我加入了from的指令,即定義swatch發(fā)郵件時的發(fā)件人�,這需要修改swatch的Actions.pm文件,這個這個文件位于:/usr/lib64/perl5/site_perl/5.8.8/Swatch/Actions.pm���,在send_email子程序 print MAIL_PIPE <<"EOF";前加入以下行:
(my $from_line = $args{'FROM'}) =~ s/:/,/g;
my @mail_body;
my $s_body;
my $temp_mess = $args{'MESSAGE'};
$temp_mess =~ s/administratively//;
if ($temp_mess =~ /Line protocol/) {
@mail_body = (split " ",$temp_mess);
$mail_body[13] =~ s/,//;
$s_body = "$mail_body[3]'s $mail_body[13] is $mail_body[17]!";
} elsif ($temp_mess =~ /h3c/) {
@mail_body = (split " ",$temp_mess);
$mail_body[11] =~ s/://;
$s_body = "$mail_body[3]'s $mail_body[11] is $mail_body[13]!";
} else {
@mail_body = (split " ",$temp_mess);
$mail_body[10] =~ s/,//;
$s_body = "$mail_body[3]'s $mail_body[10] is $mail_body[14]!";
}
對照原始文件修改以下行
print MAIL_PIPE <<"EOF";
From: $from_line
To: $to_line
Subject: $s_body
$args{'MESSAGE'}
EOF
close(MAIL_PIPE);
}
其中藍色會我修改的地方����。
CISCO日志例子(匹配changed state):
Sep 6 16:58:29 Cisco2821 988: Sep 6 16:58:31.052: %LINK-3-UPDOWN: Interface Serial0/0/0, changed state to down
Sep 6 16:58:33 Cisco2821 989: Sep 6 16:58:34.656: %LINK-5-CHANGED: Interface Serial0/0/0, changed state to administratively down
H3C日志例子(匹配STATUS CHANGE(l))
Sep 6 22:50:13 h3c-3 h3c-03 %%10L2INF/5/PORT LINK STATUS CHANGE(l):- 1 - Ethernet1/0/23: is DOWN
相關(guān)推薦:
小技巧:機房管理常見三大難題的解決方法 支招:防火墻加Web交換機實施完美組網(wǎng)方案 軟考網(wǎng)管:識別三層交換機設(shè)備優(yōu)劣精華寶典
