hi there
i have this kinda working - the following info should help you...
i monitor a server running qmail with qmail scanner (qscan),
spamassassin and clamd antivirus (- not my choice of mail server, but
hey ho)
On 31 May 2009, at 15:10, mwcotton wrote:
> I would approach something like this by using the extend
> functionality of net-snmp, calling a perl script that would parse a
> log file.
>
no need to call out to a script to regex your logfiles - that
functionality is actually built-in to snmpd! :)
i have the following lines in my /etc/snmp/snmpd.conf
# qmailscanner stats
logmatch qsClean /var/spool/qscan/qmail-queue.log 120 p_s: finished scan
logmatch qsSpam /var/spool/qscan/qmail-queue.log 120 SA: yup, this
smells like SPAM
logmatch qsVirus /var/spool/qscan/qmail-queue.log 120 clamdscan: there
be a virus
that 's what i do on the snmpd side - doing 'man snmpd.conf' will help
you sort something out to match your exact requirements.
quote from man snmpd.conf :-
logmatch NAME PATH CYCLETIME REGEX
don't forget to restart snmpd after changing your snmpd.conf file.
now, on the zenoss side of things, i have created a template i /
Devices/Server/Linux/ and called it Qscan - in the 'units' field i
have put the word 'messages' -- i'd've liked to've put 'messages/hour'
or similar - but we'll come back to this point later! [*]
on my template i have set up the following datasources:-
qsClean 1.3.6.1.4.1.2021.16.2.1.5.1
qsSpam 1.3.6.1.4.1.2021.16.2.1.5.2
qsVirus 1.3.6.1.4.1.2021.16.2.1.5.3
each of those has a datapoint with the same name, having type
'DERIVE', with the rrd min, max and create commands all left empty.
i then have a graph called 'Qmail Scanner' and i have datapoints in
the following sequence:-
0 qsSpam
1 qsVirus
2 qsClean
you might want to do yours differently [shrug]
i define these as follows:-
name: qsSpam
datapoint: qsSpam_qsSpam
consolidation: AVERAGE
rpn: [left blank]
limit: -1
line type: AREA
line width: 1
stacked: false
color: #f534ff
format: %5.2lf%s
legend: Spam
name: qsVirus
datapoint: qsVirus_qsVirus
consolidation: AVERAGE
rpn: [left blank]
limit: -1
line type: AREA
line width: 1
stacked: true
color: #b80000
format: %5.2lf%s
legend: Viruses
name: qsClean
datapoint: qsClean_qsClean
consolidation: AVERAGE
rpn: [left blank]
limit: -1
line type: AREA
line width: 1
stacked: true
color: #82ff34
format: %5.2lf%s
legend: Accepted
again, you may want to do yours differently if you want lines instead
of areas, etc.
[*] now, to return to an earlier point -- although this is enough to
get some pretty charts, i think it's not perfect because i don't
really know what the 'scale' of this chart is as such, ie. i don't
know how many messages per hour/minute this is showing exactly? but
it's enough to get a visual indication of what's going on inside the
mailscanner, so having got that far i wasn't too fussed about exact
numbers.
(but if you want to tweak the scale of these figures, you'd want to
apply a multiplication/division in the rpn fields for each graphpoint
- eg. to multiply by 1000 you'd set the graphpoint's rpn field to
contain: 1000,* to half it you'd want to put: 0.5,* )
oh - almost forgot! -- finally, don't forget to bind your template to
the device you wish to monitor / that you have set up the logmatch
snmpd stuff on!!
i can't credit my original sources for all this, as i believe i
arrived at the above through a process of trial and error while
grokking lots of different docs on this subject from all over the net
-- so apologies if some of the above is simply ripped from someone
else's docs out there on the net!
hope is helpful and works for you - should save you a bit of time at
least! :)
cheers
--/Jim
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
