Network Monitor in 10 minutes with Splunk

How to create a ping based network monitor with Splunk in 10 minutes. Download Splunk at http://www.splunk.com/

 

# Basic Network Monitor with Splunk Free
# 1st step – bash script to ping hosts and write output to files
# create folder for application and for target files (ping output)
cd ~
mkdir pings
mkdir pings/targets
cd pings

#create monitor to send pings
nano monitor.sh # paste in script below

#make the script file executable
chmod +x monitor.sh

#run the script
./monitor.sh

#tail files to verify data collection
tail -f targets/googledns.txt

#cron job to automatically restart monitor.sh (clears logs files every restart)
#job runs as user – so it will kill/start processes as that user
crontab -e
*/30 * * * * ~/pings/monitor.sh

# 2nd step – install & start Splunk
sudo dpkg -i splunk-6.2.5-272645-linux-2.6-amd64.deb
sudo ./splunk start

# 3rd step – configure Splunk to monitor local files

# 4th step – create dashboard in Splunk

source=”/home/jeremy/pings/targets/defaultgw” | timechart avg(time)

#this search returns all hosts and separates by source – for the multihost chart
source=”/home/jeremy/pings/targets/*” | timechart avg(time) by source

####################################################################
# Notes
# sudo ./splunk enable boot-start #auto-start Splunk at boot
#
# This search will display all sources and compare them:
# source=”/home/jeremy/pings/targets/*” | timechart avg(time) by source
#
####################################################################

#monitor.sh
#!/bin/bash

echo Killing Existing Pings
pkill ping

echo Pings are dead, mon
echo Pinging

# external hosts for testing
ping 8.8.8.8 > ~/pings/targets/googledns.txt &
ping 4.2.2.4 > ~/pings/targets/l3dns.txt &
ping www.sobit.org > ~/pings/targets/sobit.org.txt &

# internal hosts
ping 10.29.30.1 > ~/pings/targets/defaultgw &

echo Process Info:
pgrep -l ping

#end monitor.sh

 

Posted in Linux, Networking

IP Chicken at the Command Line

Why?  Why not?!  Using curl and piping into a short grep statement, I’ll show you how to use IPChicken.com in the terminal.

While I’m partial to the chicken of the IP, my Twitter bros pointed out a few other sites that are built with a lightweight response in mind:

ifconfig.pro, curlmyip.com, icanhazip.com

Here’s the code used in the video:


#Getting your public IP at the command line

#1st Step: Curl to request page, parse the ip with regex & grep
curl ipchicken.com -s | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" -m 1

#2nd Step: Add our one-liner to a script
mkdir ~/scripts
cd ~/scripts
#edit our text file
nano ipchicken
#make it executable
chmod +x ipchicken

#3rd Step:
nano ~/.bash_profile
PATH=$PATH:$HOME/scripts

Posted in Linux, OSX