Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » Tools » IPDR Watchdog
Trace: IPDR Watchdog
tools:ipdr_watchdog

IPDR Watchdog


What is the use of this tool ? 

Real time IPDR monitoring system that alerts when IPDR is down by sending email and syslog.

How it works ?

  • First it checks the Hub-config file present or not
  • Then it get the location of the log file from Hub-config.xml file
  • After getting the location of the file it checks it can open a log file without any permisssion error
  • Also it get the timestamp of latest log entry and compares with the system time to know the log file is latest
  • Then it checks the current log file is new or not.If new then it not checks because the log entries will not be completed yet
  • You can run this script for netflow as well as tap mode. You have to provide this in argument
  • It checks each engine is flushing or not by fetching each engine log entries and checks the flush is not empty
  • If the system is down you receive an alert , likewise if the system is up from down status you will receive an alert
  • The script deliver the alert log to the syslog . You have to configure the email to receive mail.

Procedure before running the script

  • Login as admin and go to (profile0 –> email config)
  • Configure email on trisul server
  • Start the email notification
  • Configure alert whom you want to send mail
  • Go to profile0 → All groups alert → and click edit option → change Send to Syslog/Email to Alert
  • Log into trisul server and assign a cronjob to run ipdr_watchdog script or you can run manually.
Run cronjob as root user

Options

Option Default value Info
-n 2 No of Engines
-c context0 Context Name
-s Hostname of your system Sytem Name
-k 0 Verbose
-t 70 Fixed seconds
-r 0 Router
-f 1 Flow

If the trisul is running in netflow mode then run the script with -f option or -r option if it is running with tap mode

The verbose argument will send syslog if the system is running . But doesn't send mail

Examples Using cronjob

* /10* * * * /usr/local/share/trisul-hub/ipdr_watchdog.sh

When the IPDR down you get this type of syslog 

May  9 05:55:01 IPDR-TESTING trisul_flushd: Alert:probe0:context0:1715234100:0,0,0,0,0,IPDRUP:mailsubject:Trisul IPDR Alert System DOWN IPDR TESTING:mailsubjectUser ,Last flush time : (Thu May  9 05:55:00 AM UTC 2024)

When you assign a cronjob with -k argument you will get this syslog if the system is running 

May  9 07:12:01 IPDR-TESTING infod: IPDR-TESTING  RUNNING

When your system is started after the down stauts you will get this syslog 

May  9 05:55:01 IPDR-TESTING trisul_flushd: Alert:probe0:context0:1715234100:0,0,0,0,0,IPDRUP:mailsubject:Trisul IPDR Alert System UP IPDR TESTING:mailsubjectUser ,Last flush time : (Thu May  9 05:55:00 AM UTC 2024)
When you start the IPDR system after the IPDR-DOWN then you will be notified through mail that IPDR is up

Examples without using cronjob
/usr/local/share/trisul-hub/ipdr_watchdog.sh /ipdr_watchdog.sh

tools/ipdr_watchdog.txt · Last modified: 2024/05/24 13:06 by vignesh