diff options
Diffstat (limited to 'net-mgmt/netmond/files/README.port.eng')
| -rw-r--r-- | net-mgmt/netmond/files/README.port.eng | 246 |
1 files changed, 0 insertions, 246 deletions
diff --git a/net-mgmt/netmond/files/README.port.eng b/net-mgmt/netmond/files/README.port.eng deleted file mode 100644 index 0f04f2995d85..000000000000 --- a/net-mgmt/netmond/files/README.port.eng +++ /dev/null @@ -1,246 +0,0 @@ - - netmond-2.2-b6-port - -This document describe additions & changes relatively original -netmon-2.2-b6 source code. - -################################################################## - -SrcAddress patch - -################################################################## - -Sometimes you need explisitly set source IP address for packets -ejected to some host from multihoming (or multialiasing) host. - -For example: - -- you need to check host accessability via predefined route, not - matching default route for this host. - -- remote host can have "strange" configured packet filters so only - specific IP addresses accepted. - -- traffic priority settings exits somethere on trace to host. - This may impact network managenment traffic while - some channels overloaded. - -Added directive "SrcAddress" in global context and in object contest. - -In global context this directive explisitly set source IP address for all -objects when source IP not defined inside this object definition. -If no directive specified, default source address 0.0.0.0 assigned. - -Inside object definition this directive set source IP address for this -object only. All IP packets ejected to this host have this source address. - -When nowhere directive specified, the programm behave like before -patch applying. - -Example: - - SrcAddress "192.168.2.1" - - Object "somehost" { - Address "192.168.1.2" - SrcAddress "192.168.1.1" - .................... - } - -Flaws: - No preliminary IP address validity check applied. So until first packet processed -you can't to know IP address mistaken. - NetState server can't report source IP addresses for objects. - -################################################################## - -UID-GID-ChRoot Patch - -################################################################## -For save methods PIPE or FILE in some cases need to fork daugther process. -Usally, "netmond" working under "root" privrleges, so daugther processes -will have "root" privrleges too. This is unsecure. - -Directives "UserName" "GroupName" "ChrootDir" added in global context. -When used this directives, before daugther process launching -(after 'fork' but before 'exec') "chroot" syscall performed for specified -directory ( if no direcive - no "chroot") and process GID, UID changes. - -By default, no chroot performed, UserName = netmon, GroupName = netmon. - -Example: - - UserName "nobody" - GroupName "nogroup" - ChRootDir "/var/netmon" - -However you can set UserName=root GroupName=wheel if needed. - -################################################################## - -NetState BindAddress Patch - -################################################################## -Sometimes you need explicitly set IP address to bind for NetState -server. - -Directive "BindAddress" added in "Port" context. - -Example: - - Port 3333 { - BindAddress "192.168.1.1" - ............ - } -Or: - -NetState { - Port 3333 - BindAddress "192.168.1.1" -} - -By default, NetState expect incoming TCP connection on all local -addresses. - -################################################################## - -Trap Patch - -################################################################## -Sometimes you need explicitly set IP Address to accept incoming SNMP -traps on. - - -Direcive "TrapBindAddress" added in global context. - -Example: - TrapBindAddress "192.168.1.1" - -By default, trap collector expect incoming SNMP traps on all local -addresses. - - -################################################################## - -PID-file all the time is written to /var/run/netmond.pid - -################################################################## - -Possibility added to use russian letters in NetState requests and -regular expressions. - -################################################################## - -Object multiple states - -################################################################## - -With this patch applied, the object have more states: UP DEGRADED WARNING DOWN NONE. -(before was only UP DOWN NONE states) -Object falls to DOWN state when ALL object checking "Methods" fall. -DEGRADED state mean that some object "Methods" fall, but some finished successfully. -WARNING state mean, that any slave subobject (interface, service, BGP peer, ENVMON, etc.) -are not in UP|NORMAL|ESTABLISHED state. - -################################################################## - -Method WHEN - -################################################################## - -Like in saving method WHEN, you can define logical expression, format -for resulting string and timeout. If logical expression would evaluated -as TRUE all the times during timeout, this method falls. As a result, variable -'OBJECT!methodname' became eqiual to evaluated resulting string. -The object falls to DEGRADED state. - -Example: -Пример: - Method "CPU_alarm" { - When "$LoadAve > 20" 300 "Attention! LoadAve too much! ($LoadAve)" - } - -The main goal of this method - to change (sub)object state when performance -thresholds exceeded. - -Attention! Variables used here have to be mined by other methods. - -################################################################## - -Method PIPE - -################################################################## - -Work like TCP checking method. But instead of tcp port for remote host, -you have to define 'programm' name. This programm executed locally. -You can use CHAT script statements, like in TCP method. -From inside the 'programm' chat messages arrive on STDIN, and -the results have to be written to STDOUT. - -On startup, programm supplied by argument string, defined in method -call statement. Additionally, environment variables OBJECT_NAME, OBJECT_ADDRESS -are preset. If explicitly defined in config file, variables -OBJECT_SRC_ADDRESS, OBJECT_DATADIR are preset two. - -Example: - ..................... - Method "CheckSSL" { - Pipe "/usr/local/bin/check_ssl.pl" - Timeout 3 - ChatScript { - Expect "verify" - Send "GET /\n\r\n\r" - Expect "<HTML>" - } - } - ................ -/usr/local/bin/check_ssl.pl: - #!/usr/bin/perl - # - $addr = $ENV{"OBJECT_ADDRESS"}; - if ($ARGV[0] ) { - $port = $ARGV[0]; - } else { - $port ="443"; - } - $SIG{TERM} = sub { - close PRGR; - close PRGW; - close STDIN; - close STDOUT; - kill $main::pid; - exit(0); - }; - use FileHandle; - use IPC::Open2; - $main::pid=open2(PRGR,PRGW,"/usr/bin/openssl s_client -quiet -ssl3 -connect $addr:$port"); - $_=<STDIN>; - print PRGW $_; while (<PRGR>){ - print $_; - } - close STDOUT; - exit 0; - -Every time checking interval elapsed only ONE 'programm' launch retry take place. -When chat messges exchnage finished, pipe socket closed, and 'programm' notified -by SIGTERM signal. - -The goal of this method - to check complex services, while simple TCP -method can not be used and impossible to use RSH or other text based -protocols on remote side. - -The 'programm' launches with privileges defined globally -with directives UserName GroupName. If directive ChRootDir defined, -chroot to this directory take place before run. - -################################################################## - -Interfce index number limit expanded up to INT_MAX. So, for MS Windows -servers you can write - Interface 65539 { } - - Thanks to Artemiy Kropachev <kropachev(sobaka)rdu.kirov.ru> - -################################################################## - -Default config file = /usr/local/etc/netmond.conf |