====== IPDR Watchdog ======

{{ :tools:ipdr_watchdog_1_.png?200 |}}\\
**What is the use of this tool ?**
  Real time IPDR monitoring system that alerts when IPDR is down by sending email and syslog.
  
**How it works ?** \\
  * First it checks the Hub-config file present or not 
  * Then it get the location of the log file from Hub-config.xml file
  * After getting the location of the file it checks it can open a log file without any permisssion error
  * Also it get the timestamp of latest log entry and compares with the system time to know the log file is latest
  * Then it checks the current log file is new or not.If new then it not checks because the log entries will not be completed yet
  * You can run this script for netflow as well as tap mode. You have to provide this in argument
  * It checks each engine is flushing or not by fetching each engine log entries and checks the flush is not empty 
  * If the system is down you receive an alert , likewise if the system is up from down status you will receive an alert 
  * The script deliver the alert log to the syslog . You have to configure the email to receive mail.


**Procedure before running the script**
  * Login as admin and go to (profile0 --> email config)
  * [[https://www.trisul.org/docs/ug/reports/emailsettings.html|Configure]] email on trisul server
  * Start the email notification 
  * Configure alert whom you want to send mail 
  * Go to profile0 -> All groups alert -> and click edit option -> change Send to Syslog/Email to Alert 
  * Log into trisul server and assign a cronjob to run ipdr_watchdog script or you can run manually.
<note important>Run cronjob as root user</note>

**Options**
^ Option     ^   Default value                ^ Info ^
| -n         |      2                     |  No of Engines |
| -c         |   context0                 |  Context Name  |
| -s         |   Hostname of your system  |  Sytem Name    |   
| -k         |            0               |  Verbose       |
| -t         |           70               |  Fixed seconds |
| -r         |           0                |  Router        |
| -f         |           1                |  Flow          |
If the trisul is running in netflow mode then run the script with -f option or -r option if it is running with tap mode 



<note>The verbose argument will send syslog if the system is running . But doesn't send mail </note>


**Examples Using cronjob**  \\

 * /10* * * * /usr/local/share/trisul-hub/ipdr_watchdog.sh \\

** When the IPDR down you get this type of syslog **

  May  9 05:55:01 IPDR-TESTING trisul_flushd: Alert:probe0:context0:1715234100:0,0,0,0,0,IPDRUP:mailsubject:Trisul IPDR Alert System DOWN IPDR TESTING:mailsubjectUser ,Last flush time : (Thu May  9 05:55:00 AM UTC 2024)

** When you assign a cronjob with -k argument you will get this syslog if the system is running** \\
  May  9 07:12:01 IPDR-TESTING infod: IPDR-TESTING  RUNNING

** When your system is started after the down stauts you will get this syslog ** \\
  May  9 05:55:01 IPDR-TESTING trisul_flushd: Alert:probe0:context0:1715234100:0,0,0,0,0,IPDRUP:mailsubject:Trisul IPDR Alert System UP IPDR TESTING:mailsubjectUser ,Last flush time : (Thu May  9 05:55:00 AM UTC 2024)
<note>When you start the IPDR system after the IPDR-DOWN then you will be notified through mail that IPDR is up</note>

**Examples without using cronjob**  \\
/usr/local/share/trisul-hub/ipdr_watchdog.sh /ipdr_watchdog.sh \\
{{:tools:output1.png?400|}}