Wbm2009v2/Logging

From Hackerspace Brussels
Jump to: navigation, search

Parent: Wbm2009v2

Contents

[edit] Environment

Results of a walk around with Kismet:

More details in the cvs: File:Wbm2009-v2-kistmet-caputure.ods

Channel# of nodes
627
117
1112
07
25
123
102
92
52
42
32
71
361

[edit] All your base are belong to us

Installed syslog-ng on host 192.168.42.44 (wbm2009v2-log)

[edit] remote logging from OpenWRT node

how to enable remote logging from OpenWRT node to the server

 uci set system.@system[0].log_ip=192.168.42.44
 (add uci commit & reboot)

(this is equivalent from adding the log_ip field in /etc/config/system

[edit] sending messages over to the server:

make sure all your nodes can send UDP messages to our local syslog server (192.168.42.44/24) so configure one node as a gateway to the local (wired), or connect all your nodes over the wired interface and add an alias (!!) IP address (DO NOT CHANGE THE DEFAULT config of eth0 192.168.1.1 -- unless you really know what your doing of course (this is a requirement for our Wbm2009v2/NodeConfigurationFactory to work.)

 # be sure we're on the local lan 
 ifconfig eth0:2 192.168.42.2
 logger -t TAG blah foo bar

this message ends up in a log file on our syslog machine (192.168.42.44)

 /var/log-wbm/192.168.42.2/wbm-TAG.log
 user@wbm2009v2-log$ cat wbm-TAG.log 
 Jan  1 00:01:34 192.168.42.2 TAG: blah foo bar


[edit] sending your logs over

you can pipe output of your logfiles to logger

 tail -f /var/log/yourlogfile | logger -t PROGNAME

on OpenWRT use the logread utility

 logread -f | logger -t PROGNAME

[edit] access your log files

you can access your log files over http

 http://192.168.42.44/192.168.42.2/wbm-TAG.log

these messages will end up in separate logfiles,one for each node and TAG.

[edit] our syslog-ng config


options {
 use_time_recvd(yes);
 keep_hostname(yes);
 create_dirs(yes);
       use_dns(no);

# among others, default 
}


# log msgs received from udp (default port 514) 
source s_udp {
        udp();
};

destination df_wbm {
        file("/var/log-wbm/$HOST/wbm-$PROGRAM.log");
};

log {  
        source(s_udp);
        destination(df_wbm);
};

Did install of

But don't see results, don't know how the logdata should get to the msqldatabase.

Answer: http://chaos.untouchable.net/index.php/HOWTO_setup_syslog-ng_to_log_to_mysql


[edit] SNMP/MRTG/CACTI

  • install the snmpd package:
# opkg update
# opkg install libelf libnetsnmp smnpd
# HOSTNAME=$(uci get system.@system[0].hostname)
# uci set snmpd.@system[0].sysContact=contact@hackerspace.be
# uci set snmpd.@system[0].sysDescr=wbm2009v2
# uci set snmpd.@system[0].sysLocation=okno
# uci set snmpd.@system[0].sysName=$HOSTNAME
# uci commit

# /etc/init.d/snmpd start
# /etc/init.d/snmpd enable
  • test snmp from remote with snmpwalk (apt-get install snmp):
# snmpwalk -v 1 -OS -c public <ip of the node>
  • install MRTG on the logserver:
# apt-get install mrtg
- create the config file:
# cfgmaker --global "Workdir: /var/log-wbm/mrtg" --ifref=ip public@192.168.42.151 > /etc/mrtg/***-wbm.cfg

- create extra section for cpu etc.
- create the index file for webserver:
# indexmaker /etc/mrtg/fon.cfg > /var/www/mrtg/index.htm
- change the cron job for the right config files:
# vi /etc/cron.d/mrtg
  • to document:
- install on central logserver: cacti
  • configure a node to be gateway from our internal network into your mesh
  • contact Tazo to add your node to our snmp query configuration
  • look to the graphs rolling in
  • ...
  • profit!

[edit] Playing with leds

[edit] first things first

you can use the led for easy -on site- feedback the (fonera)WLAN led is addressable on pin 2

first, modify which led is used to give feedback on the WLAN status (we'll set it to use the 'INTERNET' led)

 echo 0 > /proc/sys/dev/wifi0/ledpin

then you can play with the led using the commands

 gpioctl set 2  

to light-up the led, and

 gpioctl clear 2

[edit] example

for example by blink the led, when a ping is succesfull, to monitor a connection you could:

while true; do
  ping -c 1 192.168.42.42 > /dev/null ; 
  if [ $? -eq 0 ]; then  
    gpioctl set 2 ; 
    gpioctl clear 2 ; 
  fi
  if [ -f /tmp/stop_ping_led ] ; then
    break;
  fi
  sleep 1
done

of course, you can should change the ip-address with some @PARAM@ in our Wbm2009v2/NodeConfigurationFactory


[edit] Capture-all nodes

we're monitoring 3 channels, doing a dump of all packages sent

wget http://192.168.42.42/images/trunk-r18050/packages/atheros_uClibc-0.9.30.1/tcpdump_4.0.0-1_atheros.ipk
wget http://192.168.42.42/images/trunk-r18050/packages/atheros_uClibc-0.9.30.1/libpcap_1.0.0-1_atheros.ipk


[edit] 00:18:84:11:e1:6c,wbm-108

 sudo arp -s 192.168.1.1 00:18:84:11:e1:6c


root@wbm-108:~# cat /etc/config/wireless 
config wifi-device  wifi0
        option type     atheros
        option channel  3
        option hwmode   11g

config wifi-iface
        option device   wifi0
        option mode     monitor
        option bgscan   0

add a alias on the local network


config 'alias' 'zlan'
        option 'interface' 'lan'
        option 'proto'     'static'
        option 'ipaddr'    '192.168.42.152'
        option 'netmask'   '255.255.255.0'
 

[edit] 00:12:cf:7f:fc:de,wbm-136

 sudo arp -s 192.168.1.1 00:12:cf:7f:fc:de
root@wbm-136:~# cat /etc/config/wireless 
config wifi-device  wifi0
        option type     atheros
        option channel  7
        option hwmode   11g

config wifi-iface
        option device   wifi0
        option mode     monitor
        option bgscan   0

add a alias on the local network


config 'alias' 'zlan'
        option 'interface' 'lan'
        option 'proto'     'static'
        option 'ipaddr'    '192.168.42.153'
        option 'netmask'   '255.255.255.0'
 

[edit] 00:12:cf:7f:ff:98,wbm-132

 sudo arp -s 192.168.1.1 00:12:cf:7f:ff:98

root@wbm-132:~# cat /etc/config/wireless 
config wifi-device  wifi0
        option type     atheros
        option channel  11
        option hwmode   11g

config wifi-iface
        option device   wifi0
        option mode     monitor
        option bgscan   0

add a alias on the local network


config 'alias' 'zlan'
        option 'interface' 'lan'
        option 'proto'     'static'
        option 'ipaddr'    '192.168.42.154'
        option 'netmask'   '255.255.255.0'
 

[edit] remote tcp-dumping

saving logfiles on central server


  • on each monitor node (with respective IP)
  while true; tcpdump -i ath0 -w - | nc 192.168.42.44 5152 ; [ -f /tmp/stop_logging ] && break  ; sleep 1; done
  while true; tcpdump -i ath0 -w - | nc 192.168.42.44 5153 ; [ -f /tmp/stop_logging ] && break  ; sleep 1; done
  while true; tcpdump -i ath0 -w - | nc 192.168.42.44 5154 ; [ -f /tmp/stop_logging ] && break  ; sleep 1; done


  • on the log-server:
  while true; do nc -l -p 5152  >> ./log_192.168.42.152.`date +%T`.log ; [ -f /tmp/stop_logging.192.168.42.152 ] && break ; sleep 1 ; done &
  while true; do nc -l -p 5153  >> ./log_192.168.42.153.`date +%T`.log ; [ -f /tmp/stop_logging.192.168.42.153 ] && break ; sleep 1 ; done &
  while true; do nc -l -p 5154  >> ./log_192.168.42.154.`date +%T`.log ; [ -f /tmp/stop_logging.192.168.42.154 ] && break ; sleep 1 ; done &

to stop them (this doesn't seem to work, anyway)

touch /tmp/stop_logging.192.168.42.152 
touch /tmp/stop_logging.192.168.42.153
touch /tmp/stop_logging.192.168.42.154 
sleep 10
rm /tmp/stop_logging.192.168.42.152 
rm /tmp/stop_logging.192.168.42.153
rm /tmp/stop_logging.192.168.42.154