[f-nsp] bouncing interfaces script

[Nick Morrison]

Hello,

Thought I'd share a small script I run from cron each day - it's a quick and
dirty way of listing interfaces on your switches that are bouncing a lot ..
something that's often missed in the busy day of a network administrator.

It works by reading through ironview's syslog file, so expects ironview's
slightly ugly syslog format (and also copes with its strange behaviour of
starting a uniquely named file each day.)  You can hack it to match for
syslog-ng systems.

You will need: perl.

Apologies if gmail screws up the formatting!  And run at your own risk etc -
no responsibility taken if it eats your network.

#!/usr/bin/perl -w

#
# bouncing-interfaces.pl, Nick Morrison, 11/5/2009
#
# Simple script to look for a high number (where "high" is defined below) of
# interface state changes, and report on them.
#
# Good for alerting the network team to misconfigured server NICs or switch
ports.
#

use strict;
use POSIX qw (strftime);
use Getopt::Std;

our ( $opt_h, $opt_t, $opt_d, $opt_l );
getopts ('hdl:s:t:');

####################################################
# Configurable settings
####################################################

my $today = strftime "%m%d%y", localtime;
my $logfile = "/ironview/logs/syslog$today.log";
my $switch;

# bounce_threshhold tells the script how many bounces it's worth alerting
for
my $bounce_threshhold = 15;

####################################################
# End of configurable settings
####################################################

$logfile = $opt_l if defined $opt_l;
$bounce_threshhold = $opt_t if defined $opt_t;

if (defined $opt_h) {
  print <<EOM
Looks for repetitious interface up/down messages in the logfile
specified with -l (or today's ironview syslog, by default) and
prints its findings.

Options:

-h             this help text
-l filename    specify a log file to look through
-t n           set the number-of-bounces threshhold to report on
 -s switch      look only for the named switch (not implemented! use grep.)

EOM
  ;exit;
}

# Open our file for reading
open FILE, "<$logfile" or die $!;

# We need a hash to store the bounce counts in
my %boing;

# Read each line of the logfile
while (<FILE>) {

  # Look for lines that look like an interface state change
  if (/Sender:(\S+).+Message:System: Interface ethernet (\S+), state (\S+)/)
{
    $boing{$1}{$2}{$3}++;

    # $1 should be the hostname
    # $2 should be the interface number
    # $3 should be the state (up or down)
  }
}

# Produce some output
foreach my $switch (sort keys %boing) {
  foreach my $int (sort keys %{$boing{$switch}}) {
    if (defined ($boing{$switch}{$int}{"down"}) ) { # this might not be
defined,
                                                    # if an interface came
UP but didn't go down
      if ( $boing{$switch}{$int}{"down"} > $bounce_threshhold ) {
        print "$switch ethernet $int has bounced " .
$boing{$switch}{$int}{"down"} . " times today.\n";
      }
    }
  }
}

# Be polite and explicitly close the log file
close FILE;


Cheers!
Nick
-- 
Nick Morrison <nick at nick.on.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20090715/ccf51a1c/attachment.html>