[Mon-devel] New monitor: infocon.monitor
Brought to you by:
trockij
Menu
▾
▴
[Mon-devel] New monitor: infocon.monitor
|
From: Peter W. <pe...@wi...> - 2005-02-13 00:28:42
|
################################################################################ # Monitor infocon alert level # # The Internet Storm Center (http://isc.sans.org) has a file(infocon.txt), # describing the current level of malicious traffic on the internet. # # from isc... # # +----------------------------------------------------------------------------- # ! The intent of the 'Infocon' is to reflect changes in malicious traffic # ! and the possibility of disrupted connectivity. In particular important # ! is the concept of "Change". Every host connected to the Internet is subject # ! to some amount of traffic caused by worms and viruses. However, once a worm # ! has been identified and the number of infected machines is no longer # ! increasing, this traffic is not likely to cause any disruptions. # ! # ! The Infocon is intended to apply to the condition of the Internet # ! infrastructure. We do not monitor particular nations or companies. # +----------------------------------------------------------------------------- # # This script monitors the content of the file http://isc.sans.org/infocon.txt # # infocon definition: # # green: Everything is normal. No significant new threat known. # # yellow: We are currently tracking a significant new threat. # The impact is either unknown or expected to be minor # to the infrastructure. However, local impact could be # significant. Users are adviced to take immediate specific # action to contain the impact. Example: 'MSBlaster' worm outbreak. # # orange: A major disruption in connectivity is imminent or in progress. # Examples: Code Red on its return, and SQL Slammer worm during # its first half day # # red: Loss of connectivity across a large part of the internet. # ################################################################################ # # Usage : infocon.monitor [options] # # Requirements: LWP::UserAgent; # #------------------------------------------------------------------------------- # # --agent <agentname> # Example: --agent infocon # # To set the agent name (UserAgent->agent method). # Defaults to "libwww-perl/#.##" # #------------------------------------------------------------------------------- # # --timeout <n> # Example: --timeout 30 # # Set the timeout for the http request (UserAgent->timeout method). # Defaults to 180s # #------------------------------------------------------------------------------- # # --proxy <http proxy> # Example: --proxy http://www-proxy.com:8080 # # Set the http proxy (UserAgent->proxy('http','.....') # Default to use *_proxy environment variables. (UserAgent->env_proxy method). # #------------------------------------------------------------------------------- # # --silent # Example: --silent # # Don't print anything on stdout (i.e disable a mon monitor behaviour), # only return the status to the OS # #------------------------------------------------------------------------------- # # --url <url> # Example: --url http://my.mirror.com/infocon.txt # # Set the url to retreive and parse # Defaults to http://isc.sans.org/infocon.txt # #------------------------------------------------------------------------------- # # --version # # Prints the version and exits # ################################################################################ # # Return values # # 0 -> Infocon is green # 1 -> Infocon is unavailable or some other communication or data error # 2 -> Infocon is yellow # 3 -> Infocon is orange # 4 -> Infocon is red # # Mon usage example # +------------------------------------------- # !hostgroup infocon # ! # !watch infocon # ! service infocon.txt # ! interval 1h # ! monitor infocon.monitor # ! allow_empty_group # ! period wd {Sun-Sat} # ! alert exit=1 mail.alert... # ! alert exit=2 sms.alert yellow ... # ! alert exit=3 sms.alert orange ... # ! alert exit=4 sms.alert red ... # ! upalert sms.alert ... # ! upalert mail.alert ... # ! alertevery 8h # +------------------------------------------- # ################################################################################ # # Copyright (C) 2005, Peter Wirdemo # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License. # ################################################################################ |