Re: {bb} find a way detect enable/disable OFFLINE (Blue) events in BB

[Asif Iqbal <iqbala-bb@qwestip.net>]

On Thu, Dec 23, 2004 at 02:42:05PM, Jeff Stoner wrote:
> On Wed, 22 Dec 2004, satish kumar wrote:
> 
> >I have a requirement of finding a way to detect
> >who/when/where enabled/disabled the OFFLINE (blue)
> >events  in BB. please let me know at the earliest.
> 
> A sure-fire way to detect them would be to check the log files directly 
> in $BBVAR/logs. Something like
> 
> cd $BBVAR/logs
> $GREP '^blue ' * | while read
> do
>    HOST=`echo $REPLY | $CUT -d: -f1 | $CUT -d. -f1`
>    SERVICE=`echo $REPLY | $CUT -d: -f1 | $CUT -d. -f2`
> 
>    # do something with the information
>    echo "$SERVICE on $HOST is disabled"
> done
> 
> (The casual shell scripter will recognize that this will fail for some 
> medium to large sites...those with lots of log files...unless you have an 
> insanely large buffer for command lines.)
> 
> The actual disable message (if any) is embedded into the status log and 
> you'll have to parse that out. For the adventerous, you can parse the 
> $BBVAR/hist files to find past occurrences of disabled hosts/services, 
> then using those results, grabbing the appropriate status message from 
> $BBVAR/histlogs to get the reason (if any.) This assumes you used the 
> defaults when setting up Big Brother to store history and historical logs.
> 
> The where will be an IP address at the bottom of the status message. This 
> is where the msesage came from. Determining who disabled a host/service - 
> well, that's a different matter. If you are using one of the CGI scripts 
> from Deadcat.net - then you don't need to go through all this - simply 
> modify that code to gather all the information and do something with it.
> 
> The ultimate way is to hack the C code to the bbd daemon - but I don't 
> recommend this as it makes upgrading hard and you'll be on your own for 
> the most part in supporting it. This will give you the what, the where, 
> the why (if they bothered to add a message) but not the who. Big Brother 
> has no concept of users.

In addition as for future you can force users to login to bigbrother
website to enable/disable services. It will keep a log of the user. And
if you allow the users to enable/disable service through email/sms you
just modify the bb-ack.sh(?) to grab the sender's email.

I have been doing that for my site with 300+ hosts with in an avg of 7
services per host

Thanks

> 
> 
> --Jeff
> 
> "Kernel-based message queues are sexy."
> --
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
> To unsubscribe from this list, or to subscribe to the bb-digest list
> send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
> subscribe bb-digest in the BODY of the message.

-- 
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
"...it said: Install Windows XP or better...so I installed Solaris..."
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=
To unsubscribe from this list, or to subscribe to the bb-digest list
send e-mail to mailto:majordomo@bb4.com with unsubscribe bb -and/or-
subscribe bb-digest in the BODY of the message.