Differences

This shows you the differences between two versions of the page.

--- tools:ipdr_watchdog [2024/05/10 11:42] – vignesh
+++ tools:ipdr_watchdog [2024/05/24 13:06] (current) – vignesh
@@ Line 1: / Line 1: @@
 ====== IPDR Watchdog ======
+{{ :tools:ipdr_watchdog_1_.png?200 |}}\\
 **What is the use of this tool ?**
   Real time IPDR monitoring system that alerts when IPDR is down by sending email and syslog.
 **How it works ?** \\
-  * First it checks the last log timestamp with current system timestamp and check the difference is below  1min.
+  * First it checks the Hub-config file present or not
-  * Then it check for the latest flush log and compares the timestamp with system timestamp and the difference should be in less than 1min.
+  * Then it get the location of the log file from Hub-config.xml file
-  * It also check flush is not equal to 0.
+  * After getting the location of the file it checks it can open a log file without any permisssion error
-  * If the above condition fails then it send the syslog
+  * Also it get the timestamp of latest log entry and compares with the system time to know the log file is latest
-  * And trisul-hub will send mail if email server is configured and enabled
+  * Then it checks the current log file is new or not.If new then it not checks because the log entries will not be completed yet
+  * You can run this script for netflow as well as tap mode. You have to provide this in argument
+  * It checks each engine is flushing or not by fetching each engine log entries and checks the flush is not empty
+  * If the system is down you receive an alert , likewise if the system is up from down status you will receive an alert
+  * The script deliver the alert log to the syslog . You have to configure the email to receive mail.
@@ Line 20: / Line 24: @@
   * Go to profile0 -> All groups alert -> and click edit option -> change Send to Syslog/Email to Alert
   * Log into trisul server and assign a cronjob to run ipdr_watchdog script or you can run manually.
+<note important>Run cronjob as root user</note>
 **Options**
@@ Line 27: / Line 31: @@
 | -c         |   context0                 |  Context Name  |
 | -s         |   Hostname of your system  |  Sytem Name    |
-| -k         |            0               |  verbose       |
+| -k         |            0               |  Verbose       |
+| -t         |           70               |  Fixed seconds |
+| -r         |           0                |  Router        |
+| -f         |           1                |  Flow          |
+If the trisul is running in netflow mode then run the script with -f option or -r option if it is running with tap mode
 <note>The verbose argument will send syslog if the system is running . But doesn't send mail </note>
@@ Line 45: / Line 55: @@
 ** When your system is started after the down stauts you will get this syslog ** \\
   May  9 05:55:01 IPDR-TESTING trisul_flushd: Alert:probe0:context0:1715234100:0,0,0,0,0,IPDRUP:mailsubject:Trisul IPDR Alert System UP IPDR TESTING:mailsubjectUser ,Last flush time : (Thu May  9 05:55:00 AM UTC 2024)
-<note>When you start the IPDR system after the IPDR-DOWN then you will be notified about the incident through mail</note>
+<note>When you start the IPDR system after the IPDR-DOWN then you will be notified through mail that IPDR is up</note>
 **Examples without using cronjob**  \\