HPE Community
Operating System - HP-UX
1753449 Members
6067 Online
108794 Solutions
New Discussion юеВ

route syslogs HW events via sendmail

 
Muhammad Asghar_1
Advisor

тАО01-02-2009 03:24 AM

тАО01-02-2009 03:24 AM

route syslogs HW events via sendmail

Hi,
Happy new year to everyone.

i have a problem regarding hardware monitoring.
i want every hardware related event (like over temperature, card failures etc.etc.) to be routed to a mailing list. and i dont have option to install some software for this purpose except sendmail that is already there.

your reply will be much appreciated in this regard.

--Asghar
0 Kudos
Reply
5 REPLIES 5
Rita C Workman
Honored Contributor

тАО01-02-2009 05:31 AM

тАО01-02-2009 05:31 AM

Re: route syslogs HW events via sendmail

First
You might have all your alerts go to one central server by modifying your syslog.conf file. For the alerts you want emailed just add a line like this:

*.alert /var/adm/syslog/syslog.log
*.alert @
*.lbolt /var/adm/syslog/syslog.log
*.lbolt @
...and so on...

Second
Create a file UNIXMAIL.lis that has the email accts where you want it to go:
your.name@theircomany.com
his.name@theircomany.com

Third
I like to add this to the root account .profile. That's up to you, but you will need to add this line to the top of everything you want an email alert from:
UNIXADMIN=`cat /root/UNIXMAIL.lis | awk '{print $2}'`
export UNIXADMIN
Note in my file the email addr is $2, check how you did your file and adjust accordingly.

Fourth
Write a script on that central server to check your now centralized syslog and extract all the things you want emailed. I put mine off into a file, that I move the file & log for historical reasons. You might just delete it after it sends. In that script near the top put that UNIXADMIN & export line and then just use it as a variable in a simple loop stmt.
if [[ -s /var/adm/syslog/alert.mail ]]
then
elm -s "ALERT" $UNIXADMIN < alert.mail
fi

Last Step...

OK...you got your syslog emailing only what you want. Now whenever a UNIX person comes or goes you can edit one file and copy it to your other servers & your done.
You can use the same method and set it into anything you want alerts on. Once you have it everywhere you want it - upkeep is just fixing that one file....and copying it to the rest of your boxes.

Just a thought,
Rita
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО01-02-2009 05:39 AM

тАО01-02-2009 05:39 AM

Re: route syslogs HW events via sendmail

Well, you will need *some* system you can configure more extensively, to make it consolidate multiple sources into compact reports, filter out nuisance messages (something you already know is harmless but cannot block the message at the source) and possibly detect "negative events" (i.e. detecting that something that should have happened *didn't* happen).

Without adding *any* extra software, including scripts, you'll have to rely on system's internal emails to the root account and the syslog messages.

Use /etc/mail/aliases to forward emails sent to root@localhost to some central user account (maybe even directly to your mailing list, but some server with advanced email filtering features would be preferred).

Use /etc/syslog.conf to configure the syslog daemon to send the log messages to some central log server for filtering and emailing. If syslog-ng can be installed to the central log server, that is good: a standard syslog daemon offers very limited facilities for classifying messages.

One machine can handle the log collection and email filtering for a large group of machines: the processing power requirement is minimal. Any old machine you can spare should be more than powerful enough for these purposes, but you might want something with mirrored disks for better reliability.

MK
MK
0 Kudos
Reply
Muhammad Asghar_1
Advisor

тАО01-02-2009 01:54 PM

тАО01-02-2009 01:54 PM

Re: route syslogs HW events via sendmail

Thanks for Patience.
its obvious that i'll have to use sendmail. can have one email forwarded to email gateway that can in turn route to a mailing list.

Actual thing lies with the precision of "choosing" required event from a log file.

any precise help in this regard will be much appreciated. also i feel someone out there, like me, may have the same issue implemented?

or how you people manage to get alerts about hardware failures from server to a mail account? i mean think away from the specifications of my problem, in general what could be the other ways to monitor hardware from system/MP using alerts in emails? SNMP? id,,pg etc.etc ?

i hope i have reshaped my question. at first it will feel like annoying but i feel it will help me to get to a conclusion.

Regards,
Asghar
0 Kudos
Reply
Andres_13
Respected Contributor

тАО01-02-2009 03:12 PM

тАО01-02-2009 03:12 PM

Re: route syslogs HW events via sendmail

Hi, first I think you should assign some points as a way to say "thanks for your help".

As I understand you want to define kind of filter between relevant messages and those which are not and I think Rita's answer was a good one.
0 Kudos
Reply
Muhammad Asghar_1
Advisor

тАО01-04-2009 07:44 AM

тАО01-04-2009 07:44 AM

Re: route syslogs HW events via sendmail

Dear, you see, saying thanks by giving points makes your thread un-usable. no more inputs while i was serious looking to have a very precise (precise means a sample script or something)elaboration of my problem. :(

Thanks anyways!

Regards,
Asghar
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.