Re: Remote console administration
Petre Daniel said:
> Hello,i tried the vtgrab package and didn't
> suceeded much in supervising other consoles.
> Well,i have several computers,linux gateways to
> small lans,and the ppl that sit on them aren't
> specialized for the root job,so i must know
> almost all the time what is happening there.
> I am wondering what tools are to inform me
> remotely somehow when and what they are doing
> when they're logging in as root.
i use logcheck (i think thats the package name).
but believe me, get enough emails and you'll
start ignoring them. it gets redundant and boring
to read status reports. i do a TON of mrtg
stuff(i monitor about 45 different things ranging
from company stock price, to disk space to load
average to mail load, to memory usage to tcp connections).
i also use nocol to do network monitoring, and
big brother for system monitoring/alerting.
nocol and big brother also send me email alerts
and i usually ignore them too(i watch the web
sites though, and i do recieve nocol alerts
on my cellphone)
> Btw,how can i mail each 5 or so minutes the
> .bash_history of root and send it to my central
> mail.?
cronjob ..doubtful it will be useful though there
are better ways ..
> i am thinking in installing snort everywhere,but
> then how do i grep through the logs and send the
> attacks to me..?
demarc. i highly reccomend it. http://demarc.org
it is free for non commercial use or if your
company has less then 25 employees or your an
isp with less then 1000(?) customers. my
company is not so we bought it. its great.
you can also configure it to monitor files
(much like tripwire tho not as advanced), so
you could have it monitor /root/* for changes.
it logs to a mysql database(local or remote),
and can email alerts. ive been working with
it since august, and its improved tons since
and continues to get better.. you can do
tripwire too but thats just 1 more thing to
administer. demarc can also do host monitoring
and system monitoring like nocol/big brother
but i haven't had a chance to dive into that
side of it yet.
> Well,this is my problem,how can i know somehow
> summarized what's hapening on those boxes..?
> i am not that good at shell programming so..all
> help it will be appreciated.
the above tools will help you keep ontop of
multiple systems..they all take significant
amount of time to configure. ive literally
spent days(if you add all the time up) or
even a week of time confinguring the above tools
to suit my needs. it takes a LOOONG time. but its
worth it. it gives tons of info about everything.
as someone who watches over ~40 linux and
unix systems ive leared its important to
be able to provide a lot of info at a glance.
opening 50 emails a day checking on everything
is not the way you wanna go in the long run. i
setup a special website that just loads a couple
frames and from a 1600x1200 monitor i can see
mrtg stats, big brother stats and nocol all
at the same time and i tell opera to auto
refresh the mrtg stuff every 5 minutes(nocol
and big brother auto refresh already). i
also watch over a colocation, 5 t1s, 4 inter-office
vpns, multiple switches, along with the servers
themselves..thats a LOT of information to try
to co-ordinate.
you know its working well when your able to
detect a server failing, or a downed route
though. i love it when my monitors are able
to track down problems before anyone else even
knows they are there. makes life much easier.
as for console administration, currently i don't
do it. my linux systems run 6-8 months at a time
with no issues, i would like to do remote consoles
say a portmaster hooked up to a linux box so
i could ssh to the linux box, login to the portmaster
in minicom then login to a system from there rather
then telnet to the portmaster(bad). but haven't
done that yet.
hope this helps
nate
Reply to: