Presentation is loading. Please wait.

Presentation is loading. Please wait.

HEPIX Nov 1, 2000Ranger – Chuck Boeheim1 Ranger Update Chuck Boeheim SLAC.

Published byMaximillian James Modified over 9 years ago

Similar presentations

Presentation on theme: "HEPIX Nov 1, 2000Ranger – Chuck Boeheim1 Ranger Update Chuck Boeheim SLAC."— Presentation transcript:

1 HEPIX Nov 1, 2000Ranger – Chuck Boeheim1 Ranger Update Chuck Boeheim SLAC

2 HEPIX Nov 1, 2000Ranger – Chuck Boeheim2 History Nicemon Patrol 2.0 Ranger 3.0 – Never released Ranger 4.0

3 HEPIX Nov 1, 2000Ranger – Chuck Boeheim3 New Approach Previous versions interpreted a rules file –This added complexity and errors New version is a Perl toolkit –No scanner, parser, or interpreter needed –Rich library of tests and actions provided –Nearly anything else can be expressed in Perl

4 HEPIX Nov 1, 2000Ranger – Chuck Boeheim4 Observations An observation is an object with the values describing one entity –E.g. one process, one filesystem, one file Observations may be saved between runs –Deltas calculated from previous runs –History may be accumulated Observations may be made about aggregate entities, too –E.g. cumulative processes for one user, numbers of daemons running.

5 HEPIX Nov 1, 2000Ranger – Chuck Boeheim5 Collectors Collectors return observations to the calling script Also responsible for saving them between calls New collectors easily created by overriding the base Collector class

6 HEPIX Nov 1, 2000Ranger – Chuck Boeheim6 Built-in Collectors PSCollector – processes DFCollector – file systems FileCollector – file sizes, md5 signatures NSCollector – listening sockets SystemCollector – load averages, uptime, number of users, processes Watch – tail a file or process (in development)

7 HEPIX Nov 1, 2000Ranger – Chuck Boeheim7 Basic Structure use PSCollector; apply pscollector => ruleset {rule { cpu > 50 and time > 60*MIN } action { log; mail LIMIT, user; kill }; rule { cpu > 50 and time > 20*MIN } action { log; mail HOG, user; nice }; }; Includes code for collector Generates one observation per call Calls collector repeatedly, feeds observation to ruleset Brackets a set of rules The first rule that succeeds ends the ruleset Rules return true or false Actions are blocks done when true

8 HEPIX Nov 1, 2000Ranger – Chuck Boeheim8 Rules A rule statement is followed by a block that must return true or false rule { (pct > 50 and delta > 10) or (pct > 75 and delta > 5) } sub chk { pct > $_[0] and delta > $_[1] } rule { chk(50,10) or chk(75,5) } Each rule has an associated action

9 HEPIX Nov 1, 2000Ranger – Chuck Boeheim9 Actions An action statement is followed by a block. Any perl statements allowed within the block. rule { pct > 90 } action { system 'cleanup' };

10 HEPIX Nov 1, 2000Ranger – Chuck Boeheim10 Built-in Actions Built-in actions operate on the current observation: –nice – kill – restart –mail – page – log –mcons action { kill; mail RUNAWAY, user; page BADPROC, 'admin', log };

11 HEPIX Nov 1, 2000Ranger – Chuck Boeheim11 Messages The Message statement stores text in a library and tags it: Message HOG => <<'EOF'; You have been using $pct% of one CPU on $host. EOF Actions like mail, page, and log retrieve message by their tag: mail HOG, user; Messages are evaluated each time they are retrieved.

12 HEPIX Nov 1, 2000Ranger – Chuck Boeheim12 Observation Values Functions provide values from current observation –name – size – user –pct – time – delta –loadavg – numcpu – numusers –Numprocs Can be used in either rules or actions. Prototyped unary functions need no args

13 HEPIX Nov 1, 2000Ranger – Chuck Boeheim13 Scheduling Tasks every 10*MIN => background { apply pscollector => ruleset { … };

14 HEPIX Nov 1, 2000Ranger – Chuck Boeheim14 Units Constants are provided to provide natural expression of units: –Time: SEC, MIN, HOUR, DAY –Size: KB, MB, GB Examples cpu > 2*HOUR size > 1*MB and delta > 100*KB

15 HEPIX Nov 1, 2000Ranger – Chuck Boeheim15 Repetition Suppression Many actions take a parameter to suppress multiple triggers for the same observation mail HOG, user, 6*HR;

16 HEPIX Nov 1, 2000Ranger – Chuck Boeheim16 MD5 Watching The file collector can observe MD5 checksums of files –Either supply a list of known good checksums: rule { name eq '/lib/security/pam_afs.so' and md5change('bf1501489fc0bb9bf0052f624558aed4', '13f50f924bbe64758c6400c4fd412ae7') } –Or let it record the first one as the base: rule { name eq '/usr/lib/libc.a' and md5change }

17 HEPIX Nov 1, 2000Ranger – Chuck Boeheim17 Filtering a File Intended to replace swatch for many purposes apply watch('/var/log/messages') => ruleset { rule { /error/ } action { mcons; log }; rule { /ecache parity error/ } action { page …}; };

18 HEPIX Nov 1, 2000Ranger – Chuck Boeheim18 Example: Watch for Bad Guys apply pscollector => ruleset { # Processes that we want to know about. rule { name =~ /crack|irc|eggd|satan/ } action { mail PROC_REPORT,'boeheim',1*DAY; mcons ALERT; log 1*DAY }; } Message PROC_REPORT => '$name is running on $host';

19 HEPIX Nov 1, 2000Ranger – Chuck Boeheim19 Example: Watch Daemons apply pscollector([sshd ools]) ruleset { # Only execute this ruleset for summary records by name. return unless summary eq 'BYNAME'; rule { number == 0 } action { my $mailto = admin; perform ruleset { rule { name eq "sshd" } action { restart '/usr/etc/sshd' }; rule { name eq 'ools' } action { $mailto = 'oomonitor' }; }; mail NO_DAEMON, $mailto; mcons ALERT; log 6*HR; }

20 HEPIX Nov 1, 2000Ranger – Chuck Boeheim20 Example: Watch Filesystems apply dfcollector() => ruleset { rule { name =~ m(^/(var|tmp)) } action {rule { size 99 } action { mail FSFULL, admin, 6*HR; log 2*HR }; rule { size 95, [90,1], [80,5], [50+50] } action { mcons 2*HR; log 2*HR }; };

Download ppt "HEPIX Nov 1, 2000Ranger – Chuck Boeheim1 Ranger Update Chuck Boeheim SLAC."

Similar presentations

The Web Warrior Guide to Web Design Technologies

The Web Warrior Guide to Web Design Technologies
CS0004: Introduction to Programming Repetition – Do Loops.

CS0004: Introduction to Programming Repetition – Do Loops.
IS 1181 IS 118 Introduction to Development Tools VB Chapter 06.

IS 1181 IS 118 Introduction to Development Tools VB Chapter 06.
C Lecture Notes 1 Program Control (Cont...). C Lecture Notes 2 4.8The do / while Repetition Structure The do / while repetition structure –Similar to.

C Lecture Notes 1 Program Control (Cont...). C Lecture Notes 2 4.8The do / while Repetition Structure The do / while repetition structure –Similar to.
CIS101 Introduction to Computing Week 11. Agenda Your questions Copy and Paste Assignment Practice Test JavaScript: Functions and Selection Lesson 06,

CIS101 Introduction to Computing Week 11. Agenda Your questions Copy and Paste Assignment Practice Test JavaScript: Functions and Selection Lesson 06,
CS 117 Spring 2002 Review for Exam 2 March 6, 2002 open book, 1 page of notes.

CS 117 Spring 2002 Review for Exam 2 March 6, 2002 open book, 1 page of notes.
CIS101 Introduction to Computing Week 12 Spring 2004.

CIS101 Introduction to Computing Week 12 Spring 2004.
20-753: Fundamentals of Web Programming Copyright © 1999, Carnegie Mellon. All Rights Reserved. 1 Lecture 8: Perl Basics Fundamentals of Web Programming.

20-753: Fundamentals of Web Programming Copyright © 1999, Carnegie Mellon. All Rights Reserved. 1 Lecture 8: Perl Basics Fundamentals of Web Programming.
11 Chapter 4 LOOPS AND FILES. 22 THE INCREMENT AND DECREMENT OPERATORS To increment a variable means to increase its value by one. To decrement a variable.

11 Chapter 4 LOOPS AND FILES. 22 THE INCREMENT AND DECREMENT OPERATORS To increment a variable means to increase its value by one. To decrement a variable.
Exploring Microsoft Excel 2002 Chapter 8 Chapter 8 Automating Repetitive Tasks: Macros and Visual Basic for Applications By Robert T. Grauer Maryann Barber.

Exploring Microsoft Excel 2002 Chapter 8 Chapter 8 Automating Repetitive Tasks: Macros and Visual Basic for Applications By Robert T. Grauer Maryann Barber.
Python quick start guide

Python quick start guide
Chapter Seven Advanced Shell Programming. 2 Lesson A Developing a Fully Featured Program.

Chapter Seven Advanced Shell Programming. 2 Lesson A Developing a Fully Featured Program.
REPETITION STRUCTURES. Topics Introduction to Repetition Structures The while Loop: a Condition- Controlled Loop The for Loop: a Count-Controlled Loop.

REPETITION STRUCTURES. Topics Introduction to Repetition Structures The while Loop: a Condition- Controlled Loop The for Loop: a Count-Controlled Loop.
August 28, 1998New features in PATROL 3.01 New features in PATROL version 3 Michael Jung (TU-Berlin), Waltraut Niepraschk (DESY) System overview Patrol.

August 28, 1998New features in PATROL 3.01 New features in PATROL version 3 Michael Jung (TU-Berlin), Waltraut Niepraschk (DESY) System overview Patrol.
Conditions and Terms of Use

Conditions and Terms of Use
Lecture Set 5 Control Structures Part D - Repetition with Loops.

Lecture Set 5 Control Structures Part D - Repetition with Loops.
Web Design and Development for E-Business By Jensen J. Zhao Copyright 2003 Prentice Hall, Inc. Web Design and Development for E-Business Jensen J. Zhao.

Web Design and Development for E-Business By Jensen J. Zhao Copyright 2003 Prentice Hall, Inc. Web Design and Development for E-Business Jensen J. Zhao.
Chapter 12: How Long Can This Go On?

Chapter 12: How Long Can This Go On?
Chapter 4: Decision Making with Control Structures and Statements JavaScript - Introductory.

Chapter 4: Decision Making with Control Structures and Statements JavaScript - Introductory.
Tutorial 10 Programming with JavaScript

Tutorial 10 Programming with JavaScript

Similar presentations

Ads by Google