Monday, May 17, 2010

who or what perpetually changes directory names on my public nfs export

i sure hate it when people move or delete stuff on nfs exports. sure, root isn't squashed and half a dozen people need to work on the same thing. so, as opposed to breaking everyone's fingers, i can focus on just one.

place this snippet of code someplace useful and crontab it to run before EOD; just make sure you have perl, tcpdump & bzip installed. in crontab, make sure you have the script's path in the PATH statement.

if you were fancy, you could do something with logrotate or maybe even pipe it off to splunk. if you were fancy.

crontab entry
50 23 * * *   root    /usr/local/bin/nfs-remove-mon


$PIDFILE = "/var/run/";
$LOGFILE_BASE = "/var/log/nfs-remove-mon";
$EXIT = 0;

if ( -e $PIDFILE ) {
        $PID = `cat $PIDFILE`;
        `kill -HUP $PID`;
        $DATE=`date +%F`;
        chomp $DATE;
        unlink "$LOGFILE_BASE.$DATE.log";
        unlink "$LOGFILE_BASE.$DATE.log.bz2";
        rename "$LOGFILE_BASE.log", "$LOGFILE_BASE.$DATE.log";
        unless (fork()) {
                sleep 5;
                `bzip2 -9 $LOGFILE_BASE.$DATE.log`;

open PID, ">$PIDFILE";
print PID $$;
close PID;

open LOG, ">$LOGFILE_BASE.log";
$STDOUT = select LOG;
select $STDOUT;

open TCPDUMP, "tcpdump -vvvvvv -l -i any -s 0 tcp 2>/dev/null |";
select $STDOUT;

$SIG{HUP} = sub { $EXIT = 1; };

while ($line = < tcpdump >) {
        if ($line =~ /remove/) {
                print LOG $line;
        last if $EXIT;

close TCPDUMP;
close LOG;
Post a Comment