diff options
| author | Daniil Baturin <daniil@baturin.org> | 2013-12-21 08:35:36 +0100 |
|---|---|---|
| committer | Daniil Baturin <daniil@baturin.org> | 2013-12-21 08:35:36 +0100 |
| commit | 3c40c48584eda801686a829defd73736bff34ca8 (patch) | |
| tree | ad9fea4a3df42e0f0452ccfd448f8248044be514 | |
| parent | 3444459922f0e2b2ebb6de859f7e72ca178e9902 (diff) | |
| download | vyatta-op-3c40c48584eda801686a829defd73736bff34ca8.tar.gz vyatta-op-3c40c48584eda801686a829defd73736bff34ca8.zip | |
Bug #95: Issue warnings on attempts to monitor rules with disabled logging.
Additionally notify when monitoring firewall/NAT instances that only
rules with logging enabled are monitored.
18 files changed, 46 insertions, 16 deletions
diff --git a/Makefile.am b/Makefile.am index c26c7db..2d290d2 100644 --- a/Makefile.am +++ b/Makefile.am @@ -48,6 +48,7 @@ bin_SCRIPTS += scripts/vyatta-monitor-list bin_SCRIPTS += scripts/vyatta-monitor-cleanup bin_SCRIPTS += scripts/vyatta-monitor-background bin_SCRIPTS += scripts/vyatta-monitor-background-stop +bin_SCRIPTS += scripts/vyatta-monitor-check-rule-log bin_SCRIPTS += scripts/vyos-show-ram.sh sbin_SCRIPTS = scripts/dhcpv6-client-show-leases.pl diff --git a/scripts/vyatta-monitor-check-rule-log b/scripts/vyatta-monitor-check-rule-log new file mode 100644 index 0000000..bc49491 --- /dev/null +++ b/scripts/vyatta-monitor-check-rule-log @@ -0,0 +1,13 @@ +#!/bin/sh + +API=/bin/cli-shell-api +RULE_PATH=$1 +RULE_NUM=$2 + +LOG=`cli-shell-api returnEffectiveValue $RULE_PATH rule $RULE_NUM log` + +if [ "$LOG" != "enable" ]; then + echo "Warning: logging is not enabled for rule $RULE_NUM" + echo "For proper monitor operation enable logging before issuing this command:" + echo "set $RULE_PATH rule $RULE_NUM log enable" +fi diff --git a/templates/monitor/firewall/ipv6-name/node.tag/background/start/node.def b/templates/monitor/firewall/ipv6-name/node.tag/background/start/node.def index 6f80a81..0008aee 100644 --- a/templates/monitor/firewall/ipv6-name/node.tag/background/start/node.def +++ b/templates/monitor/firewall/ipv6-name/node.tag/background/start/node.def @@ -1,2 +1,3 @@ help: Start background monitoring of a specified firewall -run: ${vyatta_bindir}/vyatta-monitor-background Firewall-ipv6-$4 "\[$4-[0-9]*-[A,D,R]\]" +run: echo "Notice: monitoring information is displayed only for rules with enabled logging"; \ + ${vyatta_bindir}/vyatta-monitor-background Firewall-ipv6-$4 "\[$4-[0-9]*-[A,D,R]\]" diff --git a/templates/monitor/firewall/ipv6-name/node.tag/node.def b/templates/monitor/firewall/ipv6-name/node.tag/node.def index dfd71e8..9c6bd57 100644 --- a/templates/monitor/firewall/ipv6-name/node.tag/node.def +++ b/templates/monitor/firewall/ipv6-name/node.tag/node.def @@ -2,4 +2,5 @@ help: Monitor a specified firewall allowed: local -a ARR eval "ARR=($(cli-shell-api -- listEffectiveNodes firewall ipv6-name))" echo ${ARR[@]} -run: ${vyatta_bindir}/vyatta-monitor Firewall-ipv6-$4 "\[$4-[0-9]*-[A,D,R]\]" +run: echo "Notice: monitoring information is displayed only for rules with enabled logging"; \ + ${vyatta_bindir}/vyatta-monitor Firewall-ipv6-$4 "\[$4-[0-9]*-[A,D,R]\]" diff --git a/templates/monitor/firewall/ipv6-name/node.tag/rule/node.tag/background/start/node.def b/templates/monitor/firewall/ipv6-name/node.tag/rule/node.tag/background/start/node.def index 398f70b..cfbdcd8 100644 --- a/templates/monitor/firewall/ipv6-name/node.tag/rule/node.tag/background/start/node.def +++ b/templates/monitor/firewall/ipv6-name/node.tag/rule/node.tag/background/start/node.def @@ -1,2 +1,3 @@ help: Start background monitoring of the specified firewall -run: ${vyatta_bindir}/vyatta-monitor-background Firewall-ipv6-$4-rule-$6 "\[$4-$6-[A,D,R]\]" +run: ${vyatta_bindir}/vyatta-monitor-check-rule-log "firewall ipv6-name $4" $6; \ + ${vyatta_bindir}/vyatta-monitor-background Firewall-ipv6-$4-rule-$6 "\[$4-$6-[A,D,R]\]" diff --git a/templates/monitor/firewall/ipv6-name/node.tag/rule/node.tag/node.def b/templates/monitor/firewall/ipv6-name/node.tag/rule/node.tag/node.def index 0c1ecb6..aff5063 100644 --- a/templates/monitor/firewall/ipv6-name/node.tag/rule/node.tag/node.def +++ b/templates/monitor/firewall/ipv6-name/node.tag/rule/node.tag/node.def @@ -2,4 +2,5 @@ help: Monitor a rule in the specified firewall allowed: local -a ARR eval "ARR=($(cli-shell-api -- listEffectiveNodes firewall ipv6-name ${COMP_WORDS[3]} rule))" echo ${ARR[@]} -run: ${vyatta_bindir}/vyatta-monitor Firewall-ipv6-$4-rule-$6 "\[$4-$6-[A,D,R]\]" +run: ${vyatta_bindir}/vyatta-monitor-check-rule-log "firewall ipv6-name $4" $6; \ + ${vyatta_bindir}/vyatta-monitor Firewall-ipv6-$4-rule-$6 "\[$4-$6-[A,D,R]\]" diff --git a/templates/monitor/firewall/name/node.tag/background/start/node.def b/templates/monitor/firewall/name/node.tag/background/start/node.def index 8563b98..35beb23 100644 --- a/templates/monitor/firewall/name/node.tag/background/start/node.def +++ b/templates/monitor/firewall/name/node.tag/background/start/node.def @@ -1,2 +1,3 @@ help: Start background monitoring of a specified firewall -run: ${vyatta_bindir}/vyatta-monitor-background Firewall-$4 "\[$4-[0-9]*-[A,D,R]\]" +run: echo "Notice: monitoring information is displayed only for rules with enabled logging"; \ + ${vyatta_bindir}/vyatta-monitor-background Firewall-$4 "\[$4-[0-9]*-[A,D,R]\]" diff --git a/templates/monitor/firewall/name/node.tag/node.def b/templates/monitor/firewall/name/node.tag/node.def index 4b31405..16b9244 100644 --- a/templates/monitor/firewall/name/node.tag/node.def +++ b/templates/monitor/firewall/name/node.tag/node.def @@ -2,4 +2,5 @@ help: Monitor a specified firewall allowed: local -a ARR eval "ARR=($(cli-shell-api -- listEffectiveNodes firewall name))" echo ${ARR[@]} -run: ${vyatta_bindir}/vyatta-monitor Firewall-$4 "\[$4-[0-9]*-[A,D,R]\]" +run: echo "Notice: monitoring information is displayed only for rules with enabled logging"; \ + ${vyatta_bindir}/vyatta-monitor Firewall-$4 "\[$4-[0-9]*-[A,D,R]\]" diff --git a/templates/monitor/firewall/name/node.tag/rule/node.tag/background/start/node.def b/templates/monitor/firewall/name/node.tag/rule/node.tag/background/start/node.def index 310114a..3210a14 100644 --- a/templates/monitor/firewall/name/node.tag/rule/node.tag/background/start/node.def +++ b/templates/monitor/firewall/name/node.tag/rule/node.tag/background/start/node.def @@ -1,2 +1,3 @@ help: Start background monitoring of the specified firewall -run: ${vyatta_bindir}/vyatta-monitor-background Firewall-$4-rule-$6 "\[$4-$6-[A,D,R]\]" +run: ${vyatta_bindir}/vyatta-monitor-check-rule-log "firewall name $4" $6; \ + ${vyatta_bindir}/vyatta-monitor-background Firewall-$4-rule-$6 "\[$4-$6-[A,D,R]\]" diff --git a/templates/monitor/firewall/name/node.tag/rule/node.tag/node.def b/templates/monitor/firewall/name/node.tag/rule/node.tag/node.def index 7f15ed0..554bf70 100644 --- a/templates/monitor/firewall/name/node.tag/rule/node.tag/node.def +++ b/templates/monitor/firewall/name/node.tag/rule/node.tag/node.def @@ -2,4 +2,5 @@ help: Monitor a rule in the specified firewall allowed: local -a ARR eval "ARR=($(cli-shell-api -- listEffectiveNodes firewall name ${COMP_WORDS[3]} rule))" echo ${ARR[@]} -run: ${vyatta_bindir}/vyatta-monitor Firewall-$4-rule-$6 "\[$4-$6-[A,D,R]\]" +run: ${vyatta_bindir}/vyatta-monitor-check-rule-log "firewall name $4" $6; \ + ${vyatta_bindir}/vyatta-monitor Firewall-$4-rule-$6 "\[$4-$6-[A,D,R]\]" diff --git a/templates/monitor/nat/destination/background/start/node.def b/templates/monitor/nat/destination/background/start/node.def index 5feaf6b..8f1f0eb 100644 --- a/templates/monitor/nat/destination/background/start/node.def +++ b/templates/monitor/nat/destination/background/start/node.def @@ -1,2 +1,3 @@ help: Start background destination NAT monitoring -run: ${vyatta_bindir}/vyatta-monitor-background NAT-DEST "\[NAT-DST-[0-9]*.*\]" +run: echo "Notice: monitoring information is displayed only for rules with enabled logging"; \ + ${vyatta_bindir}/vyatta-monitor-background NAT-DEST "\[NAT-DST-[0-9]*.*\]" diff --git a/templates/monitor/nat/destination/node.def b/templates/monitor/nat/destination/node.def index 3dc3e61..7729cc8 100644 --- a/templates/monitor/nat/destination/node.def +++ b/templates/monitor/nat/destination/node.def @@ -1,2 +1,3 @@ help: Monitor destination NAT -run: ${vyatta_bindir}/vyatta-monitor NAT-DEST "\[NAT-DST-[0-9]*.*\]" +run: echo "Notice: monitoring information is displayed only for rules with enabled logging"; \ + ${vyatta_bindir}/vyatta-monitor NAT-DEST "\[NAT-DST-[0-9]*.*\]" diff --git a/templates/monitor/nat/destination/rule/node.tag/background/start/node.def b/templates/monitor/nat/destination/rule/node.tag/background/start/node.def index 955eebb..ad06778 100644 --- a/templates/monitor/nat/destination/rule/node.tag/background/start/node.def +++ b/templates/monitor/nat/destination/rule/node.tag/background/start/node.def @@ -1,2 +1,3 @@ help: Start background monitoring of a specified destination NAT rule -run: ${vyatta_bindir}/vyatta-monitor-background NAT-DEST-RULE-$5 "\[NAT-DST-$5.*\]" +run: ${vyatta_bindir}/vyatta-monitor-check-rule-log "nat destination" $5; \ + ${vyatta_bindir}/vyatta-monitor-background NAT-DEST-RULE-$5 "\[NAT-DST-$5.*\]" diff --git a/templates/monitor/nat/destination/rule/node.tag/node.def b/templates/monitor/nat/destination/rule/node.tag/node.def index 8be31fc..1ada87b 100644 --- a/templates/monitor/nat/destination/rule/node.tag/node.def +++ b/templates/monitor/nat/destination/rule/node.tag/node.def @@ -2,4 +2,5 @@ help: Monitor a specified destination NAT rule allowed: local -a ARR eval "ARR=($(cli-shell-api listEffectiveNodes nat destination rule))" echo ${ARR[@]} -run: ${vyatta_bindir}/vyatta-monitor NAT-DEST-RULE-$5 "\[NAT-DST-$5-*\]" +run: ${vyatta_bindir}/vyatta-monitor-check-rule-log "nat destination" $5; \ + ${vyatta_bindir}/vyatta-monitor NAT-DEST-RULE-$5 "\[NAT-DST-$5-*\]" diff --git a/templates/monitor/nat/source/background/start/node.def b/templates/monitor/nat/source/background/start/node.def index 7b3a275..d7999bb 100644 --- a/templates/monitor/nat/source/background/start/node.def +++ b/templates/monitor/nat/source/background/start/node.def @@ -1,2 +1,3 @@ help: Start background monitoring of source NAT -run: ${vyatta_bindir}/vyatta-monitor-background NAT-SOURCE "\[NAT-SRC-[0-9]*.*\]" +run: echo "Notice: monitoring information is displayed only for rules with enabled logging"; \ + ${vyatta_bindir}/vyatta-monitor-background NAT-SOURCE "\[NAT-SRC-[0-9]*.*\]" diff --git a/templates/monitor/nat/source/node.def b/templates/monitor/nat/source/node.def index 48b2bb9..486743c 100644 --- a/templates/monitor/nat/source/node.def +++ b/templates/monitor/nat/source/node.def @@ -1,2 +1,3 @@ help: Monitor source NAT -run: ${vyatta_bindir}/vyatta-monitor NAT-SOURCE "\[NAT-SRC-[0-9]*.*\]" +run: echo "Notice: monitoring information is displayed only for rules with enabled logging"; \ + ${vyatta_bindir}/vyatta-monitor NAT-SOURCE "\[NAT-SRC-[0-9]*.*\]" diff --git a/templates/monitor/nat/source/rule/node.tag/background/start/node.def b/templates/monitor/nat/source/rule/node.tag/background/start/node.def index 9f83cb4..ca751c6 100644 --- a/templates/monitor/nat/source/rule/node.tag/background/start/node.def +++ b/templates/monitor/nat/source/rule/node.tag/background/start/node.def @@ -1,2 +1,3 @@ help: Start background monitoring of a specified source NAT rule -run: ${vyatta_bindir}/vyatta-monitor-background NAT-SOURCE-RULE-$5 "\[NAT-SRC-$5.*\]" +run: ${vyatta_bindir}/vyatta-monitor-check-rule-log "nat source" $5; \ + ${vyatta_bindir}/vyatta-monitor-background NAT-SOURCE-RULE-$5 "\[NAT-SRC-$5.*\]" diff --git a/templates/monitor/nat/source/rule/node.tag/node.def b/templates/monitor/nat/source/rule/node.tag/node.def index e291421..98e2cfa 100644 --- a/templates/monitor/nat/source/rule/node.tag/node.def +++ b/templates/monitor/nat/source/rule/node.tag/node.def @@ -2,4 +2,5 @@ help: Monitor a specified source NAT rule allowed: local -a ARR eval "ARR=($(cli-shell-api listEffectiveNodes nat source rule))" echo ${ARR[@]} -run: ${vyatta_bindir}/vyatta-monitor NAT-SOURCE-RULE-$5 "\[NAT-SRC-$5.*\]" +run: ${vyatta_bindir}/vyatta-monitor-check-rule-log "nat source" $5; \ + ${vyatta_bindir}/vyatta-monitor NAT-SOURCE-RULE-$5 "\[NAT-SRC-$5.*\]" |