zoukankan      html  css  js  c++  java

  • Smokeping配置调整

     smokeping两种邮件报警方式

    一 、自带sendmail报警

    修改这两句话
    to = 收件邮箱,多个逗号分隔
    from = smokealert@本机IP

    /usr/local/smokeping/bin/smokeping --reload --logfile=/usr/local/smokeping/smokeping.log
    重新加载配置文件


    二、通过修改模块文件用QQ等邮箱发件

    需要perl的Authen::SASL模块

    cpan Authen::SASL

    vi /usr/local/smokeping/lib/Smokeping.pm

    #头上加

    use Authen::SASL;

    #定位到sendmail函数,默认新版本sendmail函数的定义的已经是下面这样了,如果不是改成下面这样

    sub sendmail ($$$){
    my $from = shift;
    my $to = shift;
    $to = $1 if $to =~ /<(.*?)>/;
    my $body = shift;
    if ($cfg->{General}{mailhost} and
    my $smtp = Net::SMTP->new([split /s*,s*/, $cfg->{General}{mailhost}],Timeout=>5) ){
    $smtp->auth(split(/s*,s*/, $cfg->{General}{mailusr}),split(/s*,s*/, $cfg->{General}{mailpwd}));
    $smtp->mail($from);
    $smtp->to(split(/s*,s*/, $to));
    $smtp->data();
    $smtp->datasend($body);
    $smtp->dataend();
    $smtp->quit;
    } elsif ($cfg->{General}{sendmail} or -x "/usr/lib/sendmail"){
    open (M, "|-") || exec (($cfg->{General}{sendmail} || "/usr/lib/sendmail"),"-f",$from,$to);
    print M $body;
    close M;
    } else {
    warn "ERROR: not sending mail to $to, as all methodes failed ";
    }
    }

    #找到 '_vars =>' ,把 mailusr mailpwd 加进去。不然不能启动哦!General configuration values valid for the whole SmokePing setup.
    DOC
    _vars =>
    [ qw(owner imgcache imgurl datadir dyndir pagedir piddir sendmail offset
    smokemail cgiurl mailhost mailusr mailpwd snpphost contact display_name
    syslogfacility syslogpriority concurrentprobes changeprocessnames tmail
    changecgiprogramname linkstyle precreateperms ) ],

    配置完成后修改配置文件/opt/smokeping/etc/config ,增加邮件服务器的配置:

    mailhost = smtp.361way.com
    mailusr = monitor@361way.com
    mailpwd = xxxxxxxxx

    自定义alerts告警策略

    如下定义了几种告警策略,bigloss 、someloss等

    *** Alerts ***
    to = admin@361way.com
    from = monitor@361way.com
    +bigloss
    type = loss
    # in percent
    pattern = ==0%,==0%,==0%,==0%,>0%,>0%,>0% 突然三次丢包
    comment = suddenly there is packet loss
    +someloss
    type = loss
    # in percent
    pattern = >0%,*12*,>0%,*12*,>0%
    comment = loss 3 times in a row
    +startloss
    type = loss
    # in percent
    pattern = ==S,>0%,>0%,>0%
    comment = loss at startup
    +rttdetect
    type = rtt
    # in milli seconds
    pattern = <10,<10,<10,<10,<10,<100,>100,>100,>100
    comment = routing messed up again ?
    +hostdown
    type = loss
    # in percent
    pattern = ==0%,==0%,==0%, ==U
    comment = no reply
    +lossdetect
    type = loss
    # in percent
    pattern = ==0%,==0%,==0%,==0%,>20%,>20%,>20%
    comment = suddenly there is packet loss

    以上几种告警,这里选取三种说明如下:

    someloss: 如果在12次检查中出现了3次丢包的情况(不论丢多少个包),就进行alert;
    rttbad:
    如果连续出现两次50毫秒以上的延时,就进行alert;
    rrtdetect:
    之前5次检查延时都少于10毫秒,前6次检查延时都少于100毫秒,第7次开始连续3次检查延时都大于100毫秒的话,就进行alert。

    2、策略应用

    在target里面加上相应的策略配置即可,如下:

    ++ 361way
    menu = 361way_host
    title =361way.com
    host = www.361way.com
    alerts = someloss,hostdown

    主机一旦出现告警,就会通过邮件发送到我们事先配置的邮箱中,类似下图:

    smokeping-alert

    上图中的邮件告警内容也可以进行自定义格式输出和修改,这个还是修改Smokeping.pm文件,修改其中如下部分即可:

    my $default_mail = <<DOC;
    Subject: [SmokeAlert] <##ALERT##> <##WHAT##> on <##LINE##>
    <##STAMP##>
    Alert "<##ALERT##>" <##WHAT##> for <##URL##>
    Pattern
    -------
    <##PAT##>
    Data (old --> now)
    ------------------
    <##LOSS##>
    <##RTT##>
    Comment
    -------
    <##COMMENT##>
    DOC


    *** Alerts ***

    to = zouyunhao@aspire-tech.com,minliang@aspire-tech.com,

    from = smokealert@192.168.2.14

    +someloss

    type = loss

    pattern = &gt;0%,*30*,&gt;0%,*30*,&gt;0% # in percent

    comment = loss 1 packages in 30 continuous 3 times.

    +manyloss type = loss

    pattern = &gt;15%,*30*,&gt;15%,*30*,&gt;15% # in percent

    comment = loss 5 packages in 30 continuous 3 times.

    +rttbad type = rtt

    pattern = ==S,&gt;50,&gt;50 # in milliseconds

    comment = For more than two consecutive 50-millisecond delay.

    (1)to 表示接受所有报警的邮箱,如果需要在特定的节点报警发送到特定的邮箱

    则在该节点上增加alertee = 13828466531@139.com即可。

    (2)manyloss 表示30个包丢15%的情况 连续出现3次就发报警。

    (3)someloss 表示30个包丢1个,连续出现3次就发送报警;rttbad表示连续两个包延迟超过50ms就发送报警。
  • 相关阅读:
    04-修改域控的操作主机(主备切换)
    03-域控上删除组织单位的错误
    02-搭建域控的从节点
    01-域控服务器的搭建
    06-"Login failed for user 'NT AUTHORITYSYSTEM'. 原因: 无法打开明确指定的数据库。[客户端:<local machine>]"异常处理
    04-数据库范式
    9-系统交互式登录无需按Ctrl+Alt+Del的策略启用
    05-拒绝了对对象'server'的VIEW SERVER STATE权限
    37-SQLServer的审核/审计功能介绍
    微信小程序 设置计时器(setInterval)、清除计时器(clearInterval)
  • 原文地址:https://www.cnblogs.com/wazy/p/7717408.html
Copyright © 2011-2022 走看看