Hi folks,
I have a user with a rule that is trying to use perl gethostbyaddr but it
doesn’t seem to be returning anything.
Can someone point out what’s wrong here?
I added the `write` statement at the end and the file just writes the IP, not
the reverse lookup hostname.
# Tracks BGP tunnel downtime
type=pair
ptype=regexp
continue=dontcont
pattern=neighbor \*?(\d+\.\d+\.\d+\.\d+) Down
desc=BGP Neighbor $1 Down
action=eval %hostname ( $line = `perl -MSocket -E "say scalar
gethostbyaddr(inet_aton(\"$1\"), AF_INET)"`; \
if ($line !~ //) { "$$1"; } else { "$1"; } ); \
eval %storenumber ( if ("%hostname" =~ /lo/) { "$$1"; } else { "NA"; } ); \
eval %tunnel ( if ("%hostname" =~ /lo(\d+)/) { "$$1"; } else { "NA"; } ); \
eval %TS (time()); \
tcpsock 10.1.0.85:514 SEC BGP Neighbor status="Down" hostname="%hostname"
store="%storenumber" tunnel="%tunnel" ECRule="01-bgp-flap-detection"
ECRulenum="1"%{.nl}; \
write /var/log/debug.sec.log %hostname
ptype2=regexp
pattern2=neighbor \*?($1) Up
desc2=BGP Neighbor $1 Up
action2=eval %TT ( time() - %TS ); \
tcpsock 10.1.0.85:514 SEC BGP Neighbor status="Up" hostname="%hostname"
store="%storenumber" tunnel="%tunnel" downtime="%TT"
ECRule="01-bgp-flap-detection" ECRulenum="2"%{.nl}
_______________________________________________
Simple-evcorr-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
