Re: Logging interface state changes
For anyone following this for their own purposes, the ifstated solution does not work. I was able to get it to log a few times in a VM environment, but on a live system neither manually bringing an interface up/down nor plugging/unplugging the ethernet cable is even noticed by ifstated (running -dvv). If I'm doing something wrong, please point it out to me. Next, I'll be toying with Stuart's suggestion of using ospfd with all interfaces set to passive. -HKS On Fri, Nov 21, 2008 at 5:26 PM, (private) HKS <[EMAIL PROTECTED]> wrote: > On Fri, Nov 21, 2008 at 5:18 PM, (private) HKS <[EMAIL PROTECTED]> wrote: >>> "route monitor" ? >>> >>> -- >>> WBR, >>>Pereresus ne Vlezaet Buggy >> >> That's an interesting tool, but it's not what I'm looking for. >> >> My current solution is an incredibly awkward ifstated.conf (pasted below). >> >> Is this really the best way to do it? I have no idea what's involved >> with logging interface state changes, but it's something that any >> router, firewall, or server needs. PCs are debatable, but I prefer >> that mine log it. I'd like to file a feature request but before I do, >> is there something I'm missing here? Is there a specific reason it was >> decided to keep this functionality out of the OS? >> >> -HKS >> >> - >> ifstated.conf: >> - >> >> # global config >> init-state main >> vr0_up = "vr0.link.up" >> >> state main { >> init { >>run "" >> } >> >> if $vr0_up || ! $vr0_up { >>logger "ifstatus change. vr0 `ifconfig vr0 | grep status: | sed >> 's/^[[:space:]]//'`, vr1 `ifconfig vr1 | grep status: | sed >> 's/^[[:space:]]//'`, vr2 `ifconfig vr2 | grep status: | sed >> 's/^[[:space:]]//'`, vr1 `ifconfig vr3 | grep status: | sed >> 's/^[[:space:]]//'`" >> } >> } >> > > Whoops, posted an ifstated.conf writeup that had incorrect syntax. > Here's the correct version: > > init-state main > vr0_up = "vr0.link.up" > > state main { >init { >run "" >} >if $vr0_up || ! $vr0_up { >run "logger \"ifstatus change. vr0 `ifconfig vr0 | > grep status: | sed 's/^[[:space:]]//'`, vr1 `ifconfig vr1 | grep > status: | sed 's/^[[:space:]]//'`, vr2 `ifconfig vr2 | grep status: | > sed 's/^[[:space:]]//'`, vr3 `ifconfig vr3 | grep status: | sed > 's/^[[:space:]]//'`\"" >} > }
Re: Logging interface state changes
On Fri, Nov 21, 2008 at 7:28 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2008-11-21, (private) HKS <[EMAIL PROTECTED]> wrote: >> My current solution is an incredibly awkward ifstated.conf (pasted below). > > it's still a hack, but a little less awkward to run ospfd > with all the interfaces set as passive which just happens to > log this information.. > > Thanks for the recommendation, I'll look into that. -HKS
Re: Logging interface state changes
On 2008-11-21, (private) HKS <[EMAIL PROTECTED]> wrote: > My current solution is an incredibly awkward ifstated.conf (pasted below). it's still a hack, but a little less awkward to run ospfd with all the interfaces set as passive which just happens to log this information..
Re: Logging interface state changes
On Fri, Nov 21, 2008 at 5:18 PM, (private) HKS <[EMAIL PROTECTED]> wrote: >> "route monitor" ? >> >> -- >> WBR, >>Pereresus ne Vlezaet Buggy > > That's an interesting tool, but it's not what I'm looking for. > > My current solution is an incredibly awkward ifstated.conf (pasted below). > > Is this really the best way to do it? I have no idea what's involved > with logging interface state changes, but it's something that any > router, firewall, or server needs. PCs are debatable, but I prefer > that mine log it. I'd like to file a feature request but before I do, > is there something I'm missing here? Is there a specific reason it was > decided to keep this functionality out of the OS? > > -HKS > > - > ifstated.conf: > - > > # global config > init-state main > vr0_up = "vr0.link.up" > > state main { > init { >run "" > } > > if $vr0_up || ! $vr0_up { >logger "ifstatus change. vr0 `ifconfig vr0 | grep status: | sed > 's/^[[:space:]]//'`, vr1 `ifconfig vr1 | grep status: | sed > 's/^[[:space:]]//'`, vr2 `ifconfig vr2 | grep status: | sed > 's/^[[:space:]]//'`, vr1 `ifconfig vr3 | grep status: | sed > 's/^[[:space:]]//'`" > } > } > Whoops, posted an ifstated.conf writeup that had incorrect syntax. Here's the correct version: init-state main vr0_up = "vr0.link.up" state main { init { run "" } if $vr0_up || ! $vr0_up { run "logger \"ifstatus change. vr0 `ifconfig vr0 | grep status: | sed 's/^[[:space:]]//'`, vr1 `ifconfig vr1 | grep status: | sed 's/^[[:space:]]//'`, vr2 `ifconfig vr2 | grep status: | sed 's/^[[:space:]]//'`, vr3 `ifconfig vr3 | grep status: | sed 's/^[[:space:]]//'`\"" } }
Re: Logging interface state changes
> "route monitor" ? > > -- > WBR, >Pereresus ne Vlezaet Buggy That's an interesting tool, but it's not what I'm looking for. My current solution is an incredibly awkward ifstated.conf (pasted below). Is this really the best way to do it? I have no idea what's involved with logging interface state changes, but it's something that any router, firewall, or server needs. PCs are debatable, but I prefer that mine log it. I'd like to file a feature request but before I do, is there something I'm missing here? Is there a specific reason it was decided to keep this functionality out of the OS? -HKS - ifstated.conf: - # global config init-state main vr0_up = "vr0.link.up" state main { init { run "" } if $vr0_up || ! $vr0_up { logger "ifstatus change. vr0 `ifconfig vr0 | grep status: | sed 's/^[[:space:]]//'`, vr1 `ifconfig vr1 | grep status: | sed 's/^[[:space:]]//'`, vr2 `ifconfig vr2 | grep status: | sed 's/^[[:space:]]//'`, vr1 `ifconfig vr3 | grep status: | sed 's/^[[:space:]]//'`" } }
Re: Logging interface state changes
On 17 November 2008 c. 20:35:33 (private) HKS wrote: > My apologies if this has already been addressed, but I couldn't find > it in the man pages or mailing list archives. > > Is there a way to enable logging of network interface state changes on > OpenBSD 4.3 or 4.4? This is mostly for forensic purposes - obviously > I'll know if my firewall loses its ethernet connection, but if > something starts flapping I'd like to be able to see it in my logs > rather than trying to catch it in the act. > > My hosts are using mostly vic and vr drivers, and neither seems to > care whether the debug option is enabled. > > Thanks for the help. dmesg for one of my Soekris (vr) boxes below. > > -HKS > > > > OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 > [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" > 586-class) 500 MHz > cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX > real mem = 536440832 (511MB) > avail mem = 510664704 (487MB) > mainbus0 at root > bios0 at mainbus0: AT/286+ BIOS, date 20/70/03, BIOS32 rev. 0 @ > 0xfac40 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 > pcibios0: pcibios_get_intr_routing - function not supported > pcibios0: PCI IRQ Routing information unavailable. > pcibios0: PCI bus #0 is the last bus > bios0: ROM list: 0xc8000/0xa800 > cpu0 at mainbus0 > pci0 at mainbus0 bus 0: configuration mode 1 (bios) > pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31 > glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG > AES vr0 at pci0 dev 6 function 0 "VIA VT6105M RhineIII" rev 0x96: irq > 11, address 00:00:24:ca:3f:58 > ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI > 0x004063, model 0x0034 > vr1 at pci0 dev 7 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 5, > address 00:00:24:ca:3f:59 > ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI > 0x004063, model 0x0034 > vr2 at pci0 dev 8 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 9, > address 00:00:24:ca:3f:5a > ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI > 0x004063, model 0x0034 > vr3 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, > address 00:00:24:ca:3f:5b > ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI > 0x004063, model 0x0034 > glxpcib0 at pci0 dev 20 function 0 "AMD CS5536 ISA" rev 0x03: rev 0, > 32-bit 3579545Hz timer, watchdog, gpio > gpio0 at glxpcib0: 32 pins > pciide0 at pci0 dev 20 function 2 "AMD CS5536 IDE" rev 0x01: DMA, > channel 0 wired to compatibility, channel 1 wired to compatibility > wd0 at pciide0 channel 0 drive 0: > wd0: 4-sector PIO, LBA, 1953MB, 4001760 sectors > wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 > pciide0: channel 1 ignored (disabled) > ohci0 at pci0 dev 21 function 0 "AMD CS5536 USB" rev 0x02: irq 15, > version 1.0, legacy support > ehci0 at pci0 dev 21 function 1 "AMD CS5536 USB" rev 0x02: irq 15 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1 > isa0 at glxpcib0 > isadma0 at isa0 > pckbc0 at isa0 port 0x60/5 > pckbd0 at pckbc0 (kbd slot) > pckbc0: using irq 1 for kbd slot > wskbd0 at pckbd0: console keyboard > pcppi0 at isa0 port 0x61 > midi0 at pcppi0: > spkr0 at pcppi0 > nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS > gpio1 at nsclpcsio0: 29 pins > npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 > pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > pccom0: console > pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo > usb1 at ohci0: USB revision 1.0 > uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1 > biomask e5c5 netmask ffe5 ttymask ffe7 > mtrr: K6-family MTRR support (2 registers) > softraid0 at root > root on wd0a swap on wd0b dump on wd0b "route monitor" ? -- WBR, Pereresus ne Vlezaet Buggy
Re: Logging interface state changes
On Mon, Nov 17, 2008 at 12:49 PM, Daniel Melameth <[EMAIL PROTECTED]> wrote: > On Mon, Nov 17, 2008 at 10:35 AM, (private) HKS <[EMAIL PROTECTED]> wrote: >> My apologies if this has already been addressed, but I couldn't find >> it in the man pages or mailing list archives. >> >> Is there a way to enable logging of network interface state changes on >> OpenBSD 4.3 or 4.4? This is mostly for forensic purposes - obviously >> I'll know if my firewall loses its ethernet connection, but if >> something starts flapping I'd like to be able to see it in my logs >> rather than trying to catch it in the act. > > man ifstated Thanks for the reference, that is definitely capable of doing what I want. Is there any way that I'm missing to enable logging with a generic statement, rather than configuring each interface individually? That will work, of course, but it's much less maintainable. -HKS
Re: Logging interface state changes
On Mon, Nov 17, 2008 at 10:35 AM, (private) HKS <[EMAIL PROTECTED]> wrote: > My apologies if this has already been addressed, but I couldn't find > it in the man pages or mailing list archives. > > Is there a way to enable logging of network interface state changes on > OpenBSD 4.3 or 4.4? This is mostly for forensic purposes - obviously > I'll know if my firewall loses its ethernet connection, but if > something starts flapping I'd like to be able to see it in my logs > rather than trying to catch it in the act. man ifstated
Logging interface state changes
My apologies if this has already been addressed, but I couldn't find it in the man pages or mailing list archives. Is there a way to enable logging of network interface state changes on OpenBSD 4.3 or 4.4? This is mostly for forensic purposes - obviously I'll know if my firewall loses its ethernet connection, but if something starts flapping I'd like to be able to see it in my logs rather than trying to catch it in the act. My hosts are using mostly vic and vr drivers, and neither seems to care whether the debug option is enabled. Thanks for the help. dmesg for one of my Soekris (vr) boxes below. -HKS OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 500 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 536440832 (511MB) avail mem = 510664704 (487MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 20/70/03, BIOS32 rev. 0 @ 0xfac40 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc8000/0xa800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31 glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES vr0 at pci0 dev 6 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, address 00:00:24:ca:3f:58 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 7 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 5, address 00:00:24:ca:3f:59 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr2 at pci0 dev 8 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 9, address 00:00:24:ca:3f:5a ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr3 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, address 00:00:24:ca:3f:5b ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 glxpcib0 at pci0 dev 20 function 0 "AMD CS5536 ISA" rev 0x03: rev 0, 32-bit 3579545Hz timer, watchdog, gpio gpio0 at glxpcib0: 32 pins pciide0 at pci0 dev 20 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 4-sector PIO, LBA, 1953MB, 4001760 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 21 function 0 "AMD CS5536 USB" rev 0x02: irq 15, version 1.0, legacy support ehci0 at pci0 dev 21 function 1 "AMD CS5536 USB" rev 0x02: irq 15 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "AMD EHCI root hub" rev 2.00/1.00 addr 1 isa0 at glxpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS gpio1 at nsclpcsio0: 29 pins npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo usb1 at ohci0: USB revision 1.0 uhub1 at usb1 "AMD OHCI root hub" rev 1.00/1.00 addr 1 biomask e5c5 netmask ffe5 ttymask ffe7 mtrr: K6-family MTRR support (2 registers) softraid0 at root root on wd0a swap on wd0b dump on wd0b