Port monitoring with system administrator notification

    imageRecently there was a need for periodic monitoring of servers for the fall of some services (read ports) and notifications to the administrator (those of me) when an error occurs.

    The solution is under a cat

    So that we are several servers, a bunch of ports. we check the port for openness classically - nmap
    example output: this means that the terminal server is up, and most likely it works :) if instead of open something else is written - accordingly, a jamb, you need to report. Long invented a message system. Came from the most difficult - to the simplest. A bee has such a mailtosms service, if you send a letter to a mailbox of the format 890912345678@sms.beemail.ru, then it will be fine with the text message.

    firewall:~/scripts# nmap 192.168.1.1 -p3389
    Starting Nmap 4.11 ( www.insecure.org/nmap ) at 2009-05-06 14:54 GMT-4
    Interesting ports on 192.168.1.1:
    PORT STATE SERVICE
    3389/tcp open ms-term-serv
    MAC Address: 00:50:8D:EB:7E:08 (Abit Computer)

    Nmap finished: 1 IP address (1 host up) scanned in 0.132 seconds






    so the task is to scan everything in a row from the list of servers and ports and what is not open - write it out in a separate file and send it to us for soap.

    what happened:
    #! / bin / bash
    for a in $ ( / var / test / serverlist;
    DATENOW = $ (date +% d-% m-% Y_% T)
    if (! ([-Z $ (cat / var / test / serverlist)])); then
    echo $ DATENOW >> / var / test / log
    cat / var / test / serverlist >> / var / test / log
    mail 7909*******@sms.beemail.ru </ var / test / serverlist
    fi
    exit


    How it works?
    create the servers file , put it next to the script itself.
    the content of the servers file is something like this: Well, in general , the sed -e 's /: / -p /' command replaces ":" with "-p" for a in $ (
    192.168.1.1:80
    192.168.1.2:25
    192.168.1.3:110



    - feeds the results to nmap
    grep -q "/ tcp * open" || echo $ a; done> / var / test / serverlist; - pulls out lines if the port is not open and pushes them into the serverlist file ,
    after which the file is checked for something or if there is something there, it is written to the log (for debugging) and sent to the soap / phone of the administrator.
    voila. add to crontab, once an hour (so as not to strain ) and use

    ZYZH I know that there are things like nagios and other network monitors, but they are too powerful and difficult to configure when it is enough to simply scan the ports of several servers.

    Also popular now: