How many of you remember those afternoon kids public service anouncements that had GI Joe talking about some moral subject and ending with “and knowing is half the battle”?

Well, knowing that Scrutinizer can do more than just post alerts when a threshold has been violated is a big step in gaining control of your network management woes.

Did you know that Scrutinizer has to the ability to send a syslog message when an alarm has been posted? This means you can be alerted when an interface is exceeding a threshhold, a device has stopped sending NetFlow or when one of the many Flow Analytics algorithms has been violated.

What? You don’t have a syslog manager?  Not a problem. We offer a free version of Logalot that will support up to three devices.  Now you can send emails, pages, post to a file or even execute a file when you receive a syslog alert.

Using  syslogs to be your personal attendant – a real life example.

I was working on a unique project that required me to run a file remotely on multiple machines when a syslog alert was received.  To complicate the issue, I needed to qualify the syslog message before issuing the command.

I quickly grabbed a few scripts and started to develop an app that would accomplish the task. Soon I found that this solution was less then perfect.  The code that I had taped together would be difficult to manage and I just didn’t have the time or resources to give it the attention that it needed.  So I started to look for another solution.

We already had Denika and Logalot installed.  I figured that it would be a smart move to use an already existing application to employ my solution. With Logalot, you can create policies that help qualify the syslog message.  Once the policy is violated, it can perform an action.  In most cases you send an email or page, but in this case I was going to run a file.  The next hurdle that I needed to jump was running the file remotely.

After a little more research, I found the perfect solution. PsExe is a tool that I remembered using a while ago; back then it wasn’t owned by Microsoft.

“PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PsExec’s most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems.”  – Microsoft

Bingo! This is what I needed. Now I can execute the application remotely, unattended and generally hassle free. I configured the Logalot policy to run when a certain syslog message came in. In that policy, I asked it to run a batch file that called the PsExe file with various parameters. Within a few minutes, I had this solution tested and implemented across multiple machines.

The moral of the story: there are many solutions out there and finding the right one isn’t as hard as you might think.  In this example, I was able to cut down my work load quite a bit by using two free applications and a little work.  So knowing is half the battle!

Jim D author pic

James Dougherty

I have worn many hats in my professional life. Support engineer, developer, network admin and manager are all points on my resume, but the one common thread with all of these jobs is that I enjoy working with people; that is what I do here at Plixer. I make sure that everyone understands our product and can get the most out of it. It's just simple 'no bull' support!

Let me know if you have any questions, I would be happy to help.

- Jimmy D


Leave a Reply