• State Not Answered
  • Locked Locked
  • Replies 27 replies
  • Subscribers 21 subscribers
  • Views 3107 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Script for monitoring Host Check in times

Aforsythe

The attached scripts will log each unique device that sends a message to Kiwi into a dictionary and then alert you when a device has not sent a message within a specified number of seconds.

- It won't begin checking each device until the device has sent at least one message in.

- Threshold value is configurable by device IP, as well as allowing a default value.

- Interval value to keep nagging to a minimum when a device is out of commission.

- Script is divided in two to provide multiple monitoring options:

     - Monitor via scheduled Run-Script Action.

     - Monitor via Keep-Alive messages Run-Script Action.

     - All-in-One option to monitor status every time a message is received.

There are two scripts in the attached zip, the first script can be used as an all-in-one script if the bottom section is uncommented.

Version 3 fixes another bug in the all-in-one script option. The script was not pulling the last report age out of the dictionary to compare against interval causing an overflow so if you un-commented that section, the script would just error out and never successfully run.

In version 1.1 I've corrected the e-mail blast when using the all-in-one script option. There is now an interval setting, so if you have a threshold of 600 seconds and an interval setting of 300 seconds, the delinquent device would send an alert after 10 minutes of no activity and then alert every 5 minutes thereafter until the device responds again.

Also, be sure to read the comments in the script, as some basic editing for the alerts is necessary. You'll need to specify your alert settings, it defaults to 10 minutes. You also need to specify the e-mail settings within the script or it will not be able to alert you.

Don't forget to rate/like/share, etc... if you find the scripts useful.


Thanks,

Acy

Script_CheckIn_Reporting3.1.zip
  • 0

    Well, apparently the site doesn't allow minor versioning, so 1.1 is officially 2.0 or vice versa.

    Let me know if you have any suggestions on improving the script. I thought about allowing interval settings per device, but I want to keep script editing to a minimum for those unfamiliar with scripting.

  • 0

    Great script Acy!  For those who do not want to email IP addresses, you can use the Fields.VarPeerName as long as the IP resolves to a hostname in DNS. If not, you can change the CASE statement and add your own HostName variable and then add it to the PIPE delimited set of values in the Dictionary Item.  For example...

    With Dictionaries

      .StoreItem "CheckIn", Fields.VarPeerAddress, Cstr(ChkIn) & "|" & Now() & "|" & Now() & "|" & HName

    End With

    Then you can get it using the split command in the Reporting Script.

    Cheers!

    Rickey

  • 0

    Hi guys,

    I was in littel bit , I have attached what's the setup i made. Now will i get the email alert any of one rules got failure or logs are not getting?

    I was in littlesys3.jpgsys4.jpgsys5.jpg bit in confuse what are you guys said, here with I attached the setup what i made,kindly suggestSys1.jpgsys2.jpg

  • 0

    I think I might be misunderstanding what you are looking for. That script does essentially what mine does only it's not as configurable.

    These scripts alert you when a device is not sending messages and need to be run in a rule that doesn't filter any messages out. Not scheduled.

    If you want to know when a specific rule is or isn't getting triggered, that's a different story and a little more complicated. But let me know if that's what you want and I can try to come up with something. How often do you want to check and how often do you want to alert on each rule?

    Actually... If that's what you want, let's take this conversation to your other post and not here.

  • 0

    Hi Acy,

    Thanks for  your concerns!!!

    I have some of the rules in the rules I already created some filter which was helping me to get the syslog(IP address base Filter) & log was storing in some disk where I mentioned in the action(log it).Now My point is when the logs are getting stop that time I want to get alarm through mailsys.jpgsys1.jpg.

  • 0


    Ok, so I think we are talking about the same thing. You want to know when 182.48.249.34 - 182.48.249.35 stop sending logs to kiwi right?

    How often do they send logs? Do they send logs every second? At least every minute? Once or twice an hour? This answer will be your minimum poll rate.

    How quickly do you want to know? This has to be higher than your minum poll rate.

  • 0

    Hi,

    Log setting in the device it's 2 minutes interval. It means every 2 min the device will send the logs to this server.  Now My concerns is when it's getting stop or not receiving from the devices I should get the alarm from the kiwi log. The alarm should be designed for every one hour. It means every one hour it has to check it's not getting log it should give an alarm.

    System Report Log Interval (minutes)
  • 0

    Ok, then this script will work for what you want but you'll need both scripts in my download. You'll need to put the Script_HostCheckIn.txt either in the rules you want to check, or if you want to check every device put the script in a rule for all logs.

    You'll want to either specify each device by IP address (or hostname if make the change Rick suggested) or use the default CASE ELSE checkin value.

    So instead of "3.3.3.3" put your IP address. And instead of 600, put 120. That's the number of seconds we're expecting between logs. So after an hour, it will let you know if the device has responded in the last 2 minutes and if not, it will let you know how many seconds it's been silent.

    Next, put your e-mail information in the Script_CheckIn_Reporting.txt file and schedule this script to run every hour. I think that should do it for you.

  • 0

    rule 1.jpgrule.jpgSchedule.jpgHi,

    Here with i attached what made the setting? could you please confirm whether it's right or not?

    I tested that also As per the attachment 1.186.33.197 - sending logs, I have stopped for more than one hour. but it didn't give any alarm.

    Script_HostCheckInv1_1 - i made it in the action

    Script_CheckIn_Reporting - I made it in the schedule.

  • 0

    By default without script editing, this should set a 10 minute polling rate for each device...

    1 - Make sure you put your e-mail information in the script.

    2 - Make sure you have Kiwi setup to send e-mails and that that is working properly.

    3 - Make sure the device you are monitoring sends at least one message after you have this setup. Each device has to register itself in the table in order to begin polling.

    If you are still having problems and you are not getting any script errors, please post your changes to the scripts here so I can test. It looks like your rules are fine.

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.