'[f-nsp] bouncing interfaces script'

[prev in list] [next in list] [prev in thread] [next in thread] 

List: foundry-nsp
Subject: [f-nsp] bouncing interfaces script
From: Nick Morrison <nick () nick ! on ! net>
Date: 2009-07-15 16:31:12
Message-ID: f084149c0907150931h1ee69ccfpd4bf98bc46ad003b () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

Hello,

Thought I'd share a small script I run from cron each day - it's a quick and
dirty way of listing interfaces on your switches that are bouncing a lot ..
something that's often missed in the busy day of a network administrator.

It works by reading through ironview's syslog file, so expects ironview's
slightly ugly syslog format (and also copes with its strange behaviour of
starting a uniquely named file each day.)  You can hack it to match for
syslog-ng systems.

You will need: perl.

Apologies if gmail screws up the formatting!  And run at your own risk etc -
no responsibility taken if it eats your network.

#!/usr/bin/perl -w

#
# bouncing-interfaces.pl, Nick Morrison, 11/5/2009
#
# Simple script to look for a high number (where "high" is defined below) of
# interface state changes, and report on them.
#
# Good for alerting the network team to misconfigured server NICs or switch
ports.
#

use strict;
use POSIX qw (strftime);
use Getopt::Std;

our ( $opt_h, $opt_t, $opt_d, $opt_l );
getopts ('hdl:s:t:');

####################################################
# Configurable settings
####################################################

my $today = strftime "%m%d%y", localtime;
my $logfile = "/ironview/logs/syslog$today.log";
my $switch;

# bounce_threshhold tells the script how many bounces it's worth alerting
for
my $bounce_threshhold = 15;

####################################################
# End of configurable settings
####################################################

$logfile = $opt_l if defined $opt_l;
$bounce_threshhold = $opt_t if defined $opt_t;

if (defined $opt_h) {
 print <<EOM
Looks for repetitious interface up/down messages in the logfile
specified with -l (or today's ironview syslog, by default) and
prints its findings.

Options:

-h             this help text
-l filename    specify a log file to look through
-t n           set the number-of-bounces threshhold to report on
 -s switch      look only for the named switch (not implemented! use grep.)

EOM
  ;exit;
}

# Open our file for reading
open FILE, "<$logfile" or die $!;

# We need a hash to store the bounce counts in
my %boing;

# Read each line of the logfile
while (<FILE>) {

  # Look for lines that look like an interface state change
  if (/Sender:(\S+).+Message:System: Interface ethernet (\S+), state (\S+)/)
{
    $boing{$1}{$2}{$3}++;

    # $1 should be the hostname
    # $2 should be the interface number
    # $3 should be the state (up or down)
  }
}

# Produce some output
foreach my $switch (sort keys %boing) {
  foreach my $int (sort keys %{$boing{$switch}}) {
    if (defined ($boing{$switch}{$int}{"down"}) ) { # this might not be
defined,
                                                    # if an interface came
UP but didn't go down
      if ( $boing{$switch}{$int}{"down"} > $bounce_threshhold ) {
        print "$switch ethernet $int has bounced " .
$boing{$switch}{$int}{"down"} . " times today.\n";
      }
    }
  }
}

# Be polite and explicitly close the log file
close FILE;

Cheers!
Nick
-- 
Nick Morrison <nick@nick.on.net>

[Attachment #5 (text/html)]

Hello, Thought I&#39;d share a small script I run from cron each day - \
it&#39;s a quick and dirty way of listing interfaces on your switches that are \
bouncing a lot .. something that&#39;s often missed in the busy day of a network \
administrator. It works by reading through ironview&#39;s syslog file, so \
expects ironview&#39;s slightly ugly syslog format (and also copes with its strange \
behaviour of starting a uniquely named file each day.) You can hack it to match for \
syslog-ng systems. You will need: perl. Apologies if gmail screws up \
the formatting! And run at your own risk etc - no responsibility taken if it eats \
your network. #!/usr/bin/perl -w # # \
bouncing-interfaces.pl, Nick Morrison, 11/5/2009 # # Simple script to look for a high number \
(where &quot;high&quot; is defined below) of # interface state \
changes, and report on them. # # Good for alerting the network team to misconfigured server NICs or \
switch ports. # use strict; use POSIX \
qw (strftime); use Getopt::Std; our ( $opt_h, \
$opt_t, $opt_d, $opt_l ); \
getopts \
(&#39;hdl:s:t:&#39;); #################################################### # Configurable settings #################################################### my $today = strftime &quot;%m%d%y&quot;, \
localtime; my $logfile = \
&quot;/ironview/logs/syslog$today.log&quot;; my \
$switch; # bounce_threshhold tells the script how many bounces it&#39;s worth \
alerting for my $bounce_threshhold = 15; #################################################### # End of configurable settings #################################################### $logfile = $opt_l if defined \
$opt_l; $bounce_threshhold = $opt_t if defined \
$opt_t; if (defined \
$opt_h) { print &lt;&lt;EOM Looks for repetitious interface up/down messages in the \
logfile specified with -l (or today&#39;s \
ironview syslog, by default) and prints its \
findings. Options: -h this help text -l \
filename specify a log file to look through -t n \
set the number-of-bounces threshhold to report on \
 -s switch look only \
for the named switch (not implemented! use grep.) EOM ;exit; } # Open our \
file for reading open FILE, &quot;&lt;$logfile&quot; or \
die $!; # We need a \
hash to store the bounce counts in my \
%boing; # Read each \
line of the logfile while (&lt;FILE&gt;) { 	# Look for lines \
that look like an interface state change if \
(/Sender:(\S+).+Message:System: Interface ethernet (\S+), state (\S+)/) { $boing{$1}{$2}{$3}++; # $1 should be the \
hostname # $2 should be the interface \
number # $3 should be the state (up or \
down) } \
} # Produce some output foreach my $switch (sort keys %boing) { foreach \
my $int (sort keys %{$boing{$switch}}) { if (defined \
($boing{$switch}{$int}{&quot;down&quot;}) ) { # this might not be defined, \
# if an interface came UP but didn&#39;t go down \
if ( $boing{$switch}{$int}{&quot;down&quot;} &gt; $bounce_threshhold ) { print &quot;$switch ethernet $int has bounced &quot; . \
$boing{$switch}{$int}{&quot;down&quot;} . &quot; times today.\n&quot;; } } } } # Be polite and explicitly close the log \
file close FILE; Cheers! Nick -- Nick \
Morrison &lt;<a href="mailto:nick@nick.on.net">nick@nick.on.net</a>&gt;

_______________________________________________
foundry-nsp mailing list
foundry-nsp@puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp

[prev in list] [next in list] [prev in thread] [next in thread] 