Check for MTA or DNS troubles

Category:	Administration
Author/Contact Info	Neil Watson perlmonk@watson-wilson.ca
Description:	It has been my experience that the first sign of network trouble is when sendmail begins to que up mail. This code examines syslog for "mail deferred" messages. If the ratio of these messages compaired to the time sample of the log matches your criteria a warning email is sent. This is the latest code given some of the comments made.
#!/usr/bin/perl -w use strict; use warnings; my $ratio = 1/3; # ratio of deferred messages per minute need to mail +warning my $lines = 300; #number of lines from the syslog to examine my $day = `date +"%b %d"`; #check only logs for today $day =~ s/(\s{1})0/$1/; #remove leading 0 from day my $recipient = "vgsupport\@voicegenie.com"; #who gets the report my $log = `tail -$lines /var/log/syslog\|egrep -i '$day'\|egrep -i 'defe +rred'`; # get report my @log = split(/\n/,$log); # split report my $ehour = 0; my $eminute = 0; my $shour = 0; my $sminute = 0; my $ttime = 0; my $hostname = `hostname`; chomp($hostname); #examine log $_ = $log[0]; #get time from first log entry if (m/\s(\d{1,2}):(\d{2}):/) { $shour = $1; $sminute = $2; } $_ = $log[-1]; #get time from last log entry if (m/\s(\d{1,2}):(\d{2}):/) { $ehour = $1; $eminute = $2; } # how much time does the log represent $ttime = 60*($ehour-$shour)+ $eminute - $sminute; if ($ttime == 0) {die ("deferred messages ocurred withing 1 minute of +each other\n")}; #create and mail report if ($#log / $ttime >= $ratio) { open(MAIL, "\|/usr/ucb/mail -s \"Mail Transfer Agent Warning\" +$recipient"); #note is you use solaris is you have to use /usr/ubc/mail print MAIL "\nWarning from $hostname\n"; print MAIL "$#log messages have been deferred in the past $tti +me minutes\n"; print MAIL "Recommend you invesigate this issue. Syslog sampl +es below.\n\n"; foreach my $x (@log) { print MAIL "$x\n"; } close(MAIL); }

Comment on Check for MTA or DNS troubles Download Code

Replies are listed 'Best First'.
Whoops. by Marza (Vicar) on Mar 29, 2002 at 22:00 UTC
@full does not seem to get assigned anything. I am guessing you meant `print MAIL "$#full messages have been deferred in the past $ttime mi +nutes\n";` [download] to say `print MAIL "$#log messages have been deferred in the past $ttime minut +es\n";` [download] I would also change `print MAIL "@log";` to `foreach ( @log ) { print MAIL "$_\n\n"; }` [download] to make your output easier to read. I would add a couple other newlines and a rundate just to make things easier to read on the mail. Finally, the die statement if you get deffered within a certain time. `if ($ttime == 0) {die ("deferred messages ocurred withing 1 minute o +f each other\n")};` [download] if you run this from a cron job, how would people know if there was a problem? Do you just keep this around and run it if the network seems slow?	[reply] [d/l] [select]
Re: Whoops. by neilwatson (Priest) on May 14, 2002 at 18:42 UTC
<quote>if you run this from a cron job, how would people know if there was a problem?</quote> I do run from a cron job. The results don't always mean there is a problem. Much of our DNS problems have been fixed since I rewrote all the db files. These days if the script goes off, it usually indicates that marketing is sending their newsletters again. Still I like to know what is going on. Neil Watson watson-wilson.ca	[reply]
Re: Check for MTA or DNS troubles by Braindead_One (Monk) on Mar 22, 2002 at 05:53 UTC
You just have to make sure the $recipient is local. A deferred warning is somwehat useless ;)	[reply]
A minor bug. by Marza (Vicar) on Apr 01, 2002 at 23:26 UTC
You might want to stick a die and a message on my $log = `tail -$lines /var/log/syslog\|egrep -i '$day'\|egrep -i 'defe +rred'`; [download] such as my $log = `tail -$lines /var/log/syslog\|egrep -i '$day'\|egrep -i 'defe +rred'` or die ("No Deferred messages\n"); [download] or place a check for nothing found. There is a chance no deferred mail gets logged and with the current code you get these messages when the job runs. `Use of uninitialized value in pattern match (m//) at dm line 45. Use of uninitialized value in pattern match (m//) at dm line 51. Use of uninitialized value in subtraction (-) at dm line 58. Use of uninitialized value in subtraction (-) at dm line 58. deferred messages ocurred withing 1 minute of each other` [download]	[reply] [d/l] [select]