Getting Started with tkined
by Mark Newnham
+-----------------------------------------------------------------------------+
Getting Started with tkined/scotty
+-----------------------------------------------------------------------------+
draft draft draft draft draft draft draft draft draft draft draft draft draft
draft draft draft draft draft draft draft draft draft draft draft draft draft
draft draft draft draft draft draft draft draft draft draft draft draft draft
draft draft draft draft draft draft draft draft draft draft draft draft draft
draft draft draft draft draft draft draft draft draft draft draft draft draft
draft draft draft draft draft draft draft draft draft draft draft draft draft
draft draft draft draft draft draft draft draft draft draft draft draft draft
draft draft draft draft draft draft draft draft draft draft draft draft draft
draft draft draft draft draft draft draft draft draft draft draft draft draft
draft draft draft draft draft draft draft draft draft draft draft draft draft
+-----------------------------------------------------------------------------+
Document Definition
-------------------
This document is defined as:
A primer in the creation of a network and systems administration tool using
the graphical interface of tkined as a front end to scotty.
There are no references in this document to:
a) Programming using scotty,wish,scwish,tcl/tk.
b) The underlying mechanisms with which scotty performs its role.
c) The structure and rules of the definitions of SNMP
There are references to:
a) Basic network administration tasks
b) Basic Unix administration tasks
The primer is aimed at administrators who have recently acquired and
successfully compiled the tkined/scotty application suite. It assumes no
ability in programming and no understanding of the way in which the underlying
software performs monitoring tasks.
Acknowledgements
---------------
This document was written by KM Newnham . Any
opinions, wild inaccuracies etc in this document are my own and do not reflect
those of my employer.
Tkined/Scotty were written principally by Juergen Schoenwaelder
plus others. See the tkined README and ChangeLog for a
list of contributors.
You may distribute this document in any way you please. If you include it with
anything else, or have comments, ideas or criticisms. please let me know. I
would appreciate my name being acknowledged in any re-write. Thanks :)
Any trademarks are the properties of their respective owners.
Introduction
------------
"Getting Started with tkined/scotty" makes a certain number of assumptions:
1) The most fundamental assumption that you can already start a tkined session
on the system of your choice.
2) The reader has some basic UNIX systems administration skills (your choice
of flavour)
3) You want to spend the absolute minimum on your administration tools
The monitoring described below is done using the basic systems tools
supplied by manufacturers. No 3rd party or add-on packages have been used.
The idea behind this guide is to show how easy it is to put together an
effective systems monitoring tool in a short period of time, using the most
basic features of tkined/scotty. There are many features in the software that
will not even be discussed in this document.
The document is based on my experiences of setting up tkined/scotty, to
monitor my systems environment. The system that I am monitoring has the
following components:
9 sites linked together by Cisco routers over either Frame Relay or 64k lines
1 site has 5 HP 9000 systems running the "SAP" accounting system.
1 site has 2 SCO UNIX systems
2 sites have AS400 systems
All the sites have 1 or more Netware file servers plus the usual office
systems paraphenalia, hubs,printers,Windows workstations etc.
There are no discussions of specific platform issues, although I will make
references to platforms I know by way of example. There may also be simple
monitoring techniques for equipment I do not have. If you know any, let me
know.
What can tkined/scotty do?
---------------------------------
The cornerstone of systems monitoring is of course, TCP/IP, so once you have
got TCP/IP loaded onto something, you can monitor it in some fashion or
another. Even if this only means knowing that the system is down before some
irate manager tells you, you are already streets ahead. 60% of monitoring is
simply knowing that something is down before anybody else, and being able to
say "I know it's down, we're working on it". Setting up monitoring such as
this is very simple with tkined/scotty.
Hubs and routers and other bits of equipment can often give lots of very
useful information about themselves, either when asked, or by sending out
messages to designated systems. Tkined/scotty can be set up to automatically
monitor these systems, and produce alerts where necessary.
Systems that support TCP/IP can often be made to yield lots of useful
information about themselves on a real-time basis, via a variety of in-built
tools. Tkined/scotty can interrogate this systems and display the information
they provide in an easily understandable fashion.
For the marginally more advanced, a few basic shell scripts plus some inbuilt
UNIX commands or a simple C program gives the opportunity for custom
monitoring of your own applications. These can be easily integrated into
tkined/scotty.
Above all, tkined/scotty provides this system based on a graphical
representation of nodes and networks. A single screen can show an overview
of a World-wide network, with detail provided by expanding network groups
on the screen.
Lets Build an application.......
you need to do anything that starts ->
You also need to get a few IP addresses of some things you want to monitor.
Basic Mouse Control Terminology
-------------------------------
a) Creating an object or selecting an existing object is done by clicking
over the object with the LEFT Mouse button.
b) Selecting many objects is done by clicking over the objects with the LEFT
mouse button while holding down the SHIFT key.
c) Moving an object is done by selecting an object, then dragging it by moving
the mouse while holding down the MIDDLE mouse button.
d) Modifying the attributes of an object is done by clicking over the object
with the RIGHT mouse button.
LMB Click: Clicking on a object with the Left Mouse Button
MMB Click: Clicking on a object with the Middle Mouse Button
RMB Click: Clicking on a object with the Right Mouse Button
SLMB Click: Clicking on a object with the Left Mouse Button while holding
the SHIFT key down
SMMB Click: Clicking on a object with the Middle Mouse Button while
holding the SHIFT key down
SRMB Click: Clicking on a object with the Right Mouse Button while holding
the SHIFT key down
LMB Drag : Dragging the cursor over an object while holding the Left
Mouse Button
MMB Drag : Dragging the cursor over an object while holding the Middle
Mouse Button
RMB Drag : Dragging the cursor over an object while holding the Right
Mouse Button
COO : Place cursor over object
The Desktop
-----------
Is that the correct X terminology? who knows... what you should have in front
of you is a screen with a menu bar File,Select,Edit,Structure,Icon,Options,
Tools. Tools is missing? go straight to the tkined user group for help on
compiling scotty. Down the left hand side of the screen is select,resize,text,
A picture of a television with a question mark on the screen, a thick bar,
a thin bar,a cloud,and a pointing finger.
We also have a nice blank bit on the middle to build a network diagram. I'll
call this the workspace.
-> Select: the television screen.
-> LMB Click: somewhere on the workspace.
The icon appears on the workspace with the name node0.
-> COO: the equipment object you have just created.
-> RMB Click:
a pop-up menu appears beside the equipment object, create attribute,edit all
attributes, label with attribute.
-> RMB Drag: the cursor to "edit all attributes"
-> fill in the name(in the name field) and the IP address (in the address
field)
-> LMB Click: on "Set values" button.
**TIP** The name you give it does not have to correspond to it's defined Host
name. Tkined/Scotty always uses the IP address, and cross checks it on DNS or
the Hosts file.
Your equipment object is now labelled with the name you have given it.
-> LMB Click: "Select" (on left of screen).
-> LMB Click: on object you have created.
The equipment object should now have a little square at each corner. This
means it is selected.
-> LMB Click: "Tools" (on menu bar)
-> LMB Click: "IP Trouble" (on pull-down)
IP-Trouble should appear next to tools on the menu bar
-> LMB Click: "IP Trouble" (on menu bar)
-> LMB Click: "Ping" (on pull-down)
You should get an "IP Trouble" window appear, with either a Round Trip Time
(rtt) or "unreachable". If you have an rtt time you are ready to start
monitoring. If you get unreachable check the IP address of the object.
+---------------------------------------------------------------------------+
Basic IP Monitoring
+---------------------------------------------------------------------------+
-> LMB Click: "Tools"
-> LMB Click: "IP Monitor" (on pull down)
IP Monitor appears on the menu bar
-> LMB Click: "IP-Monitor"
-> LMB Click: "Check Reachability"
You are now monitoring that piece of equipment! Get a friendly user to
disconnect that piece of equipment from the network. The icon flashes. Get
them to reconnect the equipment. The icon stops flashing. Amazing, dude.
Repeat this for every piece of equipment in your network. Easy, isn't it. But
now you say, "I am not monitoring televison screens, but a CISCO router".
-> LMB Click: Select
-> LMB Click: The object that represents your CISCO router.
-> LMB Click: Icon (On menu bar)
-> LMB Click: Node
-> LMB Click: Network Device
-> LMB Click: Cisco
Your node now shows a jolly nice (but simple) picture of a Cisco router.
-> Experiment with the different pictures in the ICON set.
To change the colour of an object,
->Select the object to colour.
->LMB Click: "Icon" (on menu bar)
->LMB Click: "Color" (on pull-down)
->Select the colour of your choice
**TIP** Colour change works for any type of object.
For Information on how to create and use your own icons, see section on
creating icons.
By now, you might have 20 or more icons on the workspace, and things are
getting a little complicated to understand, so we can tidy up the work space
by grouping some items together.
-> LMB Click: The cloud on the left hand side. In fact this is the GROUP
object so thats what I'll call it from now on.
-> LMB Click: On workspace. The Group object appears.
-> RMB Click: On Group object. The attributes pop-up appears.
-> RMB Drag: to "Edit all attributes". Lets call it "Corporate HQ" or
something.
-> LMB Click: On save values.
Now we can add objects to the group.
-> LMB Click: "Select"
-> LMB Click: Group Object
-> SLMB Click: Any equipment objects you want to add to group
Note that all the objects we have clicked on are selected.
-> LMB Click: "Structure" (on menu bar).
-> LMB Click: "Join Group" (on pull down).
Note how the equipment objects disappear.
-> LMB Click: "Select"
-> LMB Click: The Group object
-> RMB Click: The popup menu appears.
-> RMB Drag: cursor over "Expand Group"
The Group object disappears, the equipment objects within those groups
reappear surrounded by a box, labelled the same as the group object.
-> RMB Click: Any part of the group box. A pop-up menu appears.
-> RMB Drag: "Collapse Group". The equipment objects disappear and are
replaced by the group object.
Get your friendly user to disconnect the same piece of equipment from the
network. The group icon flashes. Get them to reconnect the equipment. The
group icon stops flashing after a short time. Really Amazing, dude.
We can make the group a bit neater now by creating a network to join all these
objects to.
-> LMB Click: The thick bar on the left hand side. This is the "Network"
object.
-> LMB Click: In the workspace. Now move the cursor to the right. A line is
drawn in the workspace.
-> LMB Click: The line becomes thicker with the name "network0"
-> COO : Any part of the Network object.
-> RMB Click: Pop up menu appears.
-> RMB Drag: Edit attributes. Edit the name and the network address.
Add the network object to the group you created using the technique described
earlier. Note how the expanded group grows to accomodate the network object.
Expand the group. We can now tidy the group by moving the network objects
closer to the network object.
-> LMB Click: "Select"
-> LMB Click: A network object
-> MMB Drag: The equipment object to a suitable place
We can join the equiment object to the network object.
-> LMB Click: The thin line on the left hand side.
-> LMB Click: Over the equipment object
-> LMB Click: Over the network object.
The equipment is now attached to the network. Repeat this exercise for the
rest of your equipment objects. There is no need to join these to the group,
they will be automatically grouped where necessary.
It's about time we saved our work,
-> LMB Click: "File" on the menu bar.
-> LMB Click: "Save" on the pull-down menu.
-> Fill in the name of the file you wish to create.
If we were to close our session, then restart it, the IP monitoring will be
automatically restarted when we reload our file.
** TIP ** You can use this method to signify connections between Networks. If
each network is grouped and 2 objects from different groups are joined
together, the interconnection between them will remain visible even if the
groups are collapsed.
+-----------------------------------------------------------------------------+
Slightly More Advanced IP Monitoring
+-----------------------------------------------------------------------------+
About the only other thing we can do with IP monitoring is use the ping time
as an indication that there is a problem with the network. This is especially
true in a WAN environment,where a high ping time to a distant host may
indicate an overloaded WAN. We may also want to modify the action the system
takes when a host becomes unreachable.
-> LMB Click: "IP Monitor" (on menu bar)
-> LMB Click: "Modify Monitor Job". A list of Current monitor jobs appears
-> LMB Click: A Job to modify
A Box appears with the following options.
1) Interval Time
2) Job Status
3) Falling Threshold
4) Rising Threshold
5) Threshold Action
1) Interval time is how often the host is checked, the default is every 60
seconds. Remember, you are going to add to the volume of traffic to the
network. If you have a non-critical host on a distant network, maybe once
every 5 minutes is enough. Modify this parameter as necessary.
2) Job status - self explanatory.
3) Falling threshold. Can't think of a reason to use this.
4) Rising Threshold. If you have a host with a normal response time of 150ms,
then if the ping time goes to 1000ms, but the host is still reachable, you
have problems somewhere connected to either system loading or network failure.
This is the point at which the threshold action takes affect.
5) Threshold action.
a) syslog - writes a message to the syslog.
b) flash icon
c) write - creates a window titles "IP Monitor" with information on
the host and ping time.
In order to get a view on how the ping time to a specific host is changing,
we can graph the responses we get.
->LMB Click: On equipment object we want to monitor.
->LMB Click: "IP Monitor" (on menu bar)
->LMB Click: "Round Trip time" (on menu bar)
A box is displayed close to the equipment object. This box is called a
"stripchart". The box is gradually filled in left to right, with the ping time.
This is useful for monitoring changes over a period of time. We can add the
same thresholds as the above example.
Note that it we have created the stripchart against a host we are monitoring
with the "Check Reachabilty" option, we now have 2 jobs monitoring the same
piece of equipment. We should delete off the first one.
->LMB Click: "IP Monitor" (On menu bar)
->LMB Click: "Modify Monitor Job" (On pull down)
->Select the Job to Remove
->LMB Click: "Kill Job"
The monitor job is now deleted.
+-----------------------------------------------------------------------------+
SNMP (Simple Network Management Protocol)
+-----------------------------------------------------------------------------+
SNMP (Simple Network Management Protocol) is a standard method of retrieving
information about a system in an IP environment. The amount of information
retrievable depends on the manufacturer of the network equipment. The rules of
defining SNMP are extremely complex, but understanding SNMP is not necessarily
a prerequisite to using it. Just understanding a few basic rules is enough.
SNMP aware systems communicate with management stations in 2 ways.
a) By sending out messages to Management stations without being asked. This
normally happens when the system is powered up, or if some error condition
occurs in the equipment e.g if a port on a hub has auto-segmented. These
messages are known as "SNMP traps", and the management stations that get
these messages are "Trap receivers".
b) By responding to specific requests from management stations for information
about values stored in memory on the equipment. An example of this is a
request to supply the current throughput on a network interface on a router.
The information that can be supplied is defined in "Management Information
Bases" (MIB) and a simple rule is that for a management station to understand
the messages sent to it, it must know about the MIB that is being used to
transmit this information. The MIB contains a set of variables, with unique
names. These variables have a number of attributes, such as the type of
variable, e.g integer,string etc.
There are 2 different types of MIB.
The first is a set of generic pieces of information such as the physical
location of a piece of equipment e.g "3rd Floor Head Office". This would have
been set up when the equipment was installed, either by modifying a
configuration file on a computer system, or by plugging a terminal device into
the management port of a Hub,Router or other piece of network equipment. The
MIB which defines this information is called "MIB-2", and a request for MIB-2
information is made exactly the same way for all pieces of equipment. The
variable which stores information about the physical location of the system
is called "sysLocation". Systems may offer full or partial support for this
MIB
The second type of MIB is called an "Enterprise" MIB, and the information
defined in this is unique to a manufacturer (Not normally a piece of equipment). in
To be able to access this information, we must have the Enterprise MIB
available on our management station. See the section on adding extra MIBs for
information on obtaining and installing MIB files.
** TIP ** Although MIBs can contain huge numbers of variables, in general the
number of variables which offer valuable and useful information to the
Systems administrator is often small. Documentation on Enterprise MIBs is
generally poor or non-existent, so the general technique is "suck it and see".
+-----------------------------------------------------------------------------+
Basic SNMP Monitoring (Trap receiving)
+-----------------------------------------------------------------------------+
->LMB Click: "Tools"
->LMB Click: "SNMP Monitoring" (on pull down)
The SNMP-Monitor menu item appears on the menu bar.
->LMB Click; SNMP-Monitor (on menu bar)
->LMB Click: "Trap Sink"
A window appears titled "Listen for SNMP trap messages". With an option to
listen for SNMPv1 messages. click on listen, then accept.
At this point, you are probably going to have to get up from your desk, arm
yourself with a portable pc and some RS232 cables and get to know the internal
setup of a piece of networking equipment. An obvious example of this is a
SNMP manageable hub. Somewhere in the internals of the hub there is going to
be definable parameters, you need to ensure that the hub has it's own
allocated IP address and that the "SNMP Trap receiver" is the IP address of
your monitoring station. You will probably need to reinitialise the Hub when
you have finished.
If you are very lucky, when you sit down again, you will see that a window
titled "SNMP Trap" has appeared on the screen, with the IP Address of the hub
plus information like "cold start" or other message. This should be case,
because "Cold Start" information is held in MIB-2 information and
tkined/scotty already knows about this. If it hasn't, try physically
resetting the equipment This really ought to generate a "Cold Start" SNMP
trap. If this doesn't happen, check the setup on the hub, paying particular
attention to the IP Configuration of the hub, IP addres,netmask,routing
information.
Once you have received the "Cold Start" trap and installed the Enterprise MIB
for that particular manufacturer, you know that you can receive any other trap
sent from that piece of equipment. Hubs often send out "Jabber" or
"Segmentation" traps, which can indicate a problem with network cabling or
workstations attached to the hubs. If you have a poorly performing network
with large numbers of collisions, this could give you clues as to where to
start looking.
+-----------------------------------------------------------------------------+
Slightly More Advanced SNMP Monitoring (Querying Variables)
+-----------------------------------------------------------------------------+
We can start monitoring SNMP variables, without really knowing anything about
how SNMP works, we just need to know which ones we can monitor, and how.
-> LMB Click: "Tools" (on menu bar)
-> LMB Click: "SNMP Tree"
This then opens the SNMP Tree window. The top menu shows File,MIB-2,SNMPv2,
Enterprises,Bookmarks,Options and a couple of Space Invaders.
-> LMB Click: "Enterprises"
A pulldown menu is now going to show the MIB tables available for specific
manufacturers. If you haven't got the manufacturers listed that you want,
now is the time to sidetrack off to the "loading extra MIBs" section.
Select a MIB that relates to a piece of equipment that you are using. A "tree"
appears on the workspace, with Boxes containing incomprensible names, linked
together left to right, by lines, with the branches expanding towards the
right.
-> COO: Any of the Boxes on the workspace
-> RMB Click: A pop-up window appears
-> RMB Drag: To "Describe "
A window appears with the following informmation.
Object Type:
Object Identifier:
Object Access:
Access:
Syntax:
File:
Followed by a description of the variable.
The object access is important here, because if it says NOT-ACCESSIBLE we
can't monitor it. However, if the variable synatax is INDEX, it will allow
you to query the whole of the tree below it. As an example , see the
"hrStorageEntry" variable on the MIB-2 tree. Use the method above to
investigate a few of the variables. If you can find one that has a syntax of
GAUGE then this is definitely something that we can monitor. On the HP MIB for
example, there is a variable called "SystemBAvail" and the description is
"Disk blocks available to non super-user". This looks like something useful,
so lets have a look to see what it does.
Go back to the main tkined workspace.
-> Select a host that you wish to SNMP monitor. ( The manufacturer must match
the enterprise table. i.e you can't monitor Cabletron Hubs with a Synoptics
MIB variable).
LMB Click: "SNMP-Monitor"
LMB Click: "Monitor Variable"
A window appears "Tell me which variable I should show you". In the box is
"ip.ipForwarDatagrams". Erase this and type in the name of the variable you
have chosen to try to monitor. It is important to type the name of the
variable correctly, if the name of the variable is SystemBAvail, then
systembavail or SYSTEMBAVAIL are not acceptable, and you will receive an error
message telling you that the variable is unknown.
If you receive a message, something like "Authentication Failure", you do not
have the right to query the SNMP table of the particular piece of equipment.
You should check the configuration of the piece of equipment, especially
regarding the "SNMP communities" and the access defined .
If all is well, then one or more stripcharts should appear on the screen,
close to the icon of the system you are monitoring. If for example you are
monitoring disks, then you will get one box for each disk on the system. A
router may display a box for each of the interface cards if you had decided to
monitor interface throughput. The stripcharts themselves will be overlayed
and therefore impossible to read.
->LMB Click: Select a box
->MMB Drag: The stripcharts to a suitable location.
Repeat this for all the other stripcharts. The title of the stripcharts will
show the name of the variable being monitored, an indication of the item being
monitored and a value. for example
SystemBAvail 102223020222 20304
In this instance, this means that the disk with the serial number 102223020222
has 20304 Blocks available. We can watch the value change as it is updated
every 60 seconds, with the stripchart gradually filling left to right.
We are already showing some pretty useful information here, but it
would be even better if we could
a) Know which physical device the serial number relates to.
b) Be able to set a threshold point at which point we could get a
warning. This could be a falling threshold for a disk, or a rising
threshold for a router or a hub.
First, lets produce a report of all the values of queryable variables on that
piece of equipment.
->Select the equipment object.
->LMB Click: "Tools" (on menu bar)
->LMB Click: "SNMP Trouble" (on pulldown) The "SNMP Trouble" item appears
on the menu bar.
->LMB Click: "SNMP Trouble" (on menu bar)
->LMB Click: "Walk MIB tree" (on pulldown)
A window appears titled "Walk MIB tree", with a value MIB-2. Clear this and
type in the "enterprise" name for the MIB e.g cisco,hp,novell. A scrolling
window will then appear showing all the values of the queryable variables on
that piece of equipment. Warning! this can be a quite long list, its easiest
to print it.
-> Select "File" on the "Walk MIB tree" window.
-> Select "Print"
-> Enter any further print options on the print window.
The report shows us the queryable variables and their values. In this instance
we might see the lines
SystemDiskID 102223020222 /usr
SystemDiskBSize 102223020222 1k
SystemBAvail 102223020222 20400
This indicates that the /usr file system has 20400 1k Blocks in free space
On the main workspace.
->LMB Click: "Text" on left side of screen
->LMB Click: Close to the stripchart we have created
Type in some text relating to the object we are monitoring, such as "/usr" for
a file system, or "Interface if1" for a router interface card.
We can join text and stripcharts to groups in exactly the same way as other
objects. They will collapse and expand as before. Save the work. When you
close and restart tkined, the monitoring jobs will be restarted automatically.
Now we have a realtime monitor of our environment, lets add in a warning
threshold to indicate a problem.
->LMB Click "SNMP Monitor"
->LMB Click "Modify monitor Job"
->Select the Job you want to modify
Note that there is a single monitor job monitoring all the disks or interfaces
or whatever on the piece of equipment.
A window appears titled "Modify monitor Job". the following items appear.
Interval time:
Rising Threshold:
Falling Threshold:
Action Syslog/Flash/Write
If we wanted to get a popup message if the disk space got below 20000 1k
blocks we would type in 20000 in the "Falling Threshold" and click on the
"write" button. Alternatively, to monitor router traffic we could enter a
rising threshold, to warn us if traffic went over a certain level.
->Enter the required threshold variables.
->Select a required action.
->LMB Click: Accept values.
It is important to point out at this point that the threshold you have set is
applied to all the items in the monitoring job you have set up, so if you are
monitoring 6 disks they will all be monitored with a minimum threshold of
20000 blocks. However, if 2 of those disks always run with about 15000 blocks
free space, they are going to start flashing, writing messages on pop-up
screens etc. You need to modify the thresholds for those 2 disks individually.
Now that you have created a default, you can do this.
->Select the stripchart that you want to modify.
->RMB Click: Popup appears
->RMB Drag: Drag to Edit all attributes.
Note that the attributes window now includes a threshold field. Modify this
field as required. This change is only applied to the individual stripchart.
**TIP** You can only apply a theshold to an individual stripchart after you
have setup a default for the job.
Another problem you might encounter is that the stripchart immediately shows
black and white stripes when you create it. This means that the scale defined
(default 0-100) is not large enough to accomodate the value displayed e.g
20000
->Select the stripchart
->RMB Click: popup appears.
->RMB Drag: Cursor to "scale attributes"
A small slider appears to the left of the stripchart.
Drag the slider up and down and see how the scale changes. Select a suitable
scale.
** BUG? ** You cannot select a value greater than the value currently
displayed in the stripchart.
Any scaling changes and threshold changes made are saved when you save the
workspace.
We now have real time monitoring of the performance of our systems in place.
** TIP ** Although you can use the "name" attribute to label a stripchart, the
next time you reload the chart, the name attribute will be overwritten by the
SNMP variable attribute.
+-----------------------------------------------------------------------------+
Basic syslogd Monitoring
+-----------------------------------------------------------------------------+
This is the point at which we can start monitoring the basic information that
UNIX (and maybe other) systems produce on their own, without the need for that
difficult to understand SNMP stuff. Have a look in the file /var/adm/syslog or
eqivalent. All the information that appears in here, we can redirect to
tkined/scotty, and monitor it more closely. UNIX also includes a feature in
syslogd to forward any information received into syslog to another system.
Check out the following man pages for more info on how to set this up:
syslogd
syslog
logger
syslog.conf
So you can redirect all the information from all your syslog files to a single
point (the syslog file on your monitoring station), and monitor them from that
point.
-> LMB Click: "Tools" (on menu bar)
-> LMB Click: "Event Filter" (on pull down)
The "Event" item appears on the menu bar
-> LMB Click: "Event" (on menu bar)
-> LMB Click: "Connect" (on pull down)
A window appears with following options
server: bayes.ibr.cs.tu-bs.de
port: 8567
use: server/file
file: /var/adm/messages
-> LMB Click: the "File" button
-> Enter the name of your syslog file.
** UNIX SYSTEM SETUP ** You need to direct all of your syslog messages to
a single file e.g /var/adm/syslog. You cannot use the feature of splitting
syslog messages based on level. To be able to do this, you need to install
the modified syslogd program (see advanced syslogd monitoring).
-> LMB Click: "set values"
-> LMB Click: "Event" (on menu bar)
-> LMB Click: "Create Filter"
A "Create Filter" window pops up with a filter name "Temporary Filter"
-> LMB Click: "set values"
You have now set into action a basic syslog monitoring tool.
-> Go to unix, type something like
As soon as you press return, A window should pop up on the screen titled
"Temporary filter" with all the information required, such as host,time and
message. If it doesn't, check the syslog file for the message you have just
typed. If it doesn't appear, check your syslogd configuration for message
level recording.
** TIP ** get to know the logger command. It is the simplest way to pass
custom inforation to tkined/scotty.
an obvious example is backup reporting so you can script up:
if (return code = 0)
logger "Backup completed successfully"
else
logger "Backup Failed!!!!!"
or:
cat /etc/passwd | logger
We can see later how we can apply different actions to different types of
messages.
** TIP ** Printers and Multiprotocol print servers often support the syslog
feature, so you can direct printer intervation, paper out messages straight to
your monitoring system without worrying about those needlessly complicated
MS Windows printer monitoring packages.
** BUG? ** You cannot currently save filters in tkined. If you close and
re-start your application, you will need to re-enter the events you create.
You can, however, manually insert the definitions for your filters in the
tkined.defaults file. Before doing this it is best to create your own defaults
file.
copy the $TKINED_HOME/tkined.default file to $HOME/.tkined/tkined.default.
tkined/scotty always looks first for this file when starting up. Add the
following lines at the bottom of the .tkined file.
!
event.server:
event.port:
!
event.filter1.name: Default Filter
event.filter1.host:
event.filter1.level:
event.filter1.facility:
event.filter1.process:
event.filter1.message:
event.filter1.action:
event.filter1.status: active
event.filter1.highlight:false
event.filter1.report: local
This will ensure that all events are passed from syslogd to tkined/scotty.
We will look at more sophisticated filtering in the next section.
+-----------------------------------------------------------------------------+
Slightly More Advanced Syslogd Monitoring
+-----------------------------------------------------------------------------+
Syslog monitoring is the easiest way we can add custom monitoring into our
applications. This gives us an opportunity to immediately add value to the
basic package. Lets take as an example, we have an Oracle package running on
a UNIX system, and we want to monitor the log file from the Database server.
We could do it by buying HP Openview + the Oracle extensions = $$$$$$$
or we could do it by writing a script that says something like
tail -f oracle.log | logger -t oracle
and run it as a background job. Any messages being written into the oracle
log file will be immediately passed into the syslog system, and displayed on
the monitoring station. Another easy way of using this is by simple C programs
which use the functions. (read the man page on syslog). This gives
you the opportunity to utilise the facility and level features in the syslog
environment. so taking the above example, we could write a program which
accepted data on the stdin, searched for the word "error" and then wrote
directly to syslog, passing a facility and level. So the script would be
tail -f oracle.log | mylogger
Any messages would be passed through with a level of "info", unless they
contained the string "error", in which case they would be passed through with
a level of "error"
Take make best use of this, you need to obtain the replacement syslogd program
available from:
which allows the use of facility and level features inside event monitoring.
assuming we have done this, lets now create filters to give different
responses to the above scenario:
LMB Click: "Event" (on menu bar)
LMB Click: "Create Filter" (on pulldown)
->Filter Name: "Oracle Info"
->Host Name: IP Address (or Hostname including domain)
->Level: info
->Process: oracle (assuming that is the process 'tag' we are using
->Select Accept Values
LMB Click: "Event" (on menu bar)
LMB Click: "Create Filter" (on pulldown)
->Filter Name: "Oracle Errors"
->Host Name: IP Address (or Hostname including domain)
->Level: error
->Process: oracle (assuming that is the process 'tag' we are using
->LMB Click: Flash Icon
->Select Accept Values
The scenario is now that all messages received from Oracle will be displayed
in the "Oracle Info" window, except errors, which will appear in the "Oracle
Errors" window. In addition, if an error message is received, the equipment
object will flash.
To save these filters, so that they automatically restart with tkined, you
must manually enter the information into the tkined.defaults file as above.
For the above examples we would add the following lines:
!
event.filter2.name: Oracle Info
event.filter2.host:
event.filter2.level: info
event.filter2.facility:
event.filter2.process: oracle
event.filter2.message:
event.filter2.action:
event.filter2.status: active
event.filter2.highlight:false
event.filter2.report: local
!
event.filter3.name: Oracle Errors
event.filter3.host:
event.filter3.level: error
event.filter3.facility:
event.filter3.process: oracle
event.filter3.message:
event.filter3.action:
event.filter3.status: active
event.filter3.highlight:true
event.filter3.report: local
** TIP ** To use the facility and level fields in event monitoring, you must
install the replacement syslogd.
To stop the objects from flashing,
->LMB Click; "Event" (on menu bar)
->LMB Click: "Clear All Events" (on pull-down)
** TIP ** The action field can be used to execute any external process if the
syslog message appears in that filter group. An obvious example for
this is a program that gives an audible warning. The program should
be placed somewhere on the standard search path.
+-----------------------------------------------------------------------------+
Basic UNIX systems Monitoring (rstatd)
+-----------------------------------------------------------------------------+
rstatd is a function (written by Sun, I believe) to provide information on
CPU Usage, System Load, Disk Activity and Interface Activity. It is broadly
equivalent to the information from the UNIX functions sa/sar, and is not
available on some platforms by default. It is certainly available on HP and
SUN systems, available as a add-on to Linux, not available on SCO. Check on
your system whether the rstatd function is available. It may be installed but
not enabled, HP for example does not enable this feature. It is simply a case
of enabling the feature and rebooting the system to make it available.
->Select the object of the system you wish to monitor.
->LMB Click: "IP Monitor"(on menu bar)
->LMB Clock: "System Load"
If the error message "program not registered" is returned, rstatd is not
enabled on the host you are trying to query.
If rstatd is enabled, a strip chart will appear, titled "system load" plus a
value
repeat the above exercise for "CPU activity","Disk Activity","Interface
Activity" The charts will all appear in the same place, so you will need to
drag them to a suitable place and label them (see above for how to do this).
System Load is a very useful graph, used in conjunction with CPU usage, it
gives an indicator as to when the system is being "hammered". The number it
gives for system usage is defined by a rather complicated algorithm, but what
is important is the relativity of normal usage to abnormal usage of the system.
The stripchart enables you to easily establish levels of low, normal and
abnormal usage and to begin looking at ways to flatten out the differences in
usage levels.
+-----------------------------------------------------------------------------+
Monitoring User levels
+-----------------------------------------------------------------------------+
In order to monitor the number of users actually logged onto the system, you
can make use of the fingerd. NB, fingerd is considered insecure by many
systems administrators. Fingerd may also yield unreliable results. If you
wish to use this:
->Select the host to monitor
->LMB Click: "IP Monitor" (on menu bar)
->LMB Click: "Active Users"
The object will be labelled with the active users.
** BUG? ** You cannot define a monitoring threshold for this job.
** TIP ** There is a more secure version of fingerd available at:
ftp.bitgate.com/pub/cfingerd
+-----------------------------------------------------------------------------+
Adding a background Picture
+-----------------------------------------------------------------------------+
A network diagram can often be made more understandable by overlaying the
diagram on a picture, either a map, or a building plan. The picture can be any
size, but it must be an xbm (X bitmap) format file.
Ideas for obtaining background pictures.
Detailed maps are often available in MSDOS prsentation graphics
packages. Use a product like xpaint to convert the file to xbm format.
If you have a PC based fax system, fax yourself a building plan. These
can be exported to a graphics file format then converted as above.
A world.xbm file is supplied with the software.
Once you have a background picture available:
->Select "File" from the menu bar
->Select "Import" from the pulldown menu.
->Select the picture to import into tkined.
Note that you can move the picture in the workspace but you cannot scale it,
to do that you must use an external graphics package.
+-----------------------------------------------------------------------------+
Creating and using your own icons
+-----------------------------------------------------------------------------+
You can create and use your own icons in tkined/scotty. The icons need to be
in xbm format. The icon must be:
a) black and white
b) exactly 26 pixels wide and 33 pixels deep
You should save the bitmap into the $TKINED_HOME/bitmaps directory. You should
also save the same file into the same directory as a mask. e.g if you create an
icon called XYZ.xbm, you should also create a file called XYZMask.xbm
To add the new icon into the workspace you must modify the tkined.defaults
file. Each icon used is defined in the tkined.node section, with an entry that
looks like:
tkined.node1: pc.xbm PC
The first entry is it's position in the icon pull-down menu, the second is
the icon file name and the third is the description on the pull-down menu.
If the description looks like Sun:Sparc Server then this entry will appear
as an item called "Sparc Server" on a cascading menu titled "Sun"
The simplest way to add an icon to the file is to replace an entry you do not
use, for example you have an entry for an SCO server that you wish to use but
do not need an entry for a hyper cube. Change the entry tkined.node16 from
hyper.xbm hyper cube
to:
sco.xbm Sco Unix server
If you add in an entry to the tkined.defaults file you must ensure that each
node that follows the new entry is renumbered correctly. If 2 nodes are
numbered the same then the first entry will be ignored.
To use the new icon you need to unload and reload tkined.
+-----------------------------------------------------------------------------+
loading Extra MIBS
+-----------------------------------------------------------------------------+
In order to query "Enterprise" MIBS, you have to load the MIB table into
scotty. First you must obtain the MIB file. The most likely place to find a
MIB file is on a manufacturers web site. You can alternatively try
Where there is a large library of MIB files
Once you have obtained the MIB file, copy the file to $SCOTTY_HOME/mibs
and add the following line to the $SCOTTY_HOME/site/init.tcl file:
lappend scotty_mibs
Tkined must be unloaded and reloaded to make use of that file. Some MIB files
are dependant on others being loaded first, for example the Intel MIB "ldalert"
assumes that a mib file "common" has already been loaded. If it has not, then
error messages will be generated at tkined startup, and the mib will not be
usable. Ensure that where required, sets of mibs are loaded, and in the correct
order.
+-----------------------------------------------------------------------------+
Printing Graphics from tkined/scotty
+-----------------------------------------------------------------------------+
You can print the workspace onto a Postscript printer. Any background picture
is ignored. It is not possible to use any other graphics format, so if
anybody out there knows of a postscript->PCL converter, let me know...
+-----------------------------------------------------------------------------+
End of "Getting Started with tkined/scotty"
+-----------------------------------------------------------------------------+