Using logmon to capture output of a command and alarm if a port (or any string) is Not Found
Article ID: 10691
Updated On:
Products
Issue/Introduction
This particular use case explains how to configure the logmon probe in command mode to run a netstat command and configure an alert against the output (whether a port is found or not).
We need to monitor to see whether a UDP port is open and listening on a Linux robot. If the port/string is not present, we want to raise a Critical Alarm.
Environment
- UIM 8.5.1 or higher
- logmon 3.90 or higher
- Linux Robot
Resolution
1- Identify the appropriate command (sample below) to see if a port or service (or string) is present or NOT present.
This example looks for 'radius'. If found, it will print: "Found Radius". If NOT found, it will return: "No Radius".
if netstat -a | grep -qi "radius"; then echo Found Radius; else echo No Radius; fi
Validate that the command returns the expected output. Use a bogus string if necessary to test the failure case. For example, as shown in Figure 1.
Figure 1:
2- Deploy the "logmon" probe to the robot you want to monitor.
3- Using the IM or admin console, configure a new 'command' profile. Use the command above as the command in the profile, for example as shown in Figure 2.
Figure 2:
4- Create a new 'Watcher Rule' on the Watcher Rules tab as shown in Figure 3. Use the appropriate string returned by the command above.
Figure 3:
5- For testing purposes, you may edit the string in the command to a bogus string, for example:
if netstat -a | grep -qi "radius123"; then echo Found Radius; else echo No Radius; fi
to validate the alarm is generated. You can also create a "good case" Informational alarm as shown in Figure 4.
Additional Information
The message in the logmon.log file: "Unable to open logmon.dta file" is not an issue and will appear in a working environment.
Attachments
Feedback
