[simon@limmat.switch.ch: Re: NCC#2005011655 Suggestion for improvement of myASN alarms]
Hi all, I have put the code on RIS page. Arife ----- Forwarded message from Simon Leinen <simon@limmat.switch.ch> ----- From: Simon Leinen <simon@limmat.switch.ch> To: Travel <travel@ripe.net> Subject: Re: NCC#2005011655 Suggestion for improvement of myASN alarms Date: Wed, 28 Jun 2006 14:09:54 +0200 Cc: Arife Vural <arife@ripe.net> Content-Description: message body and .signature Hello Arife (Travel?),
I have fixed this bug, please let me know if you see other problems.
Wonderful, thanks! It was more an "RFE" (request for enhancement) than a bug. I just received my first message with the new AS path column, and found it very useful indeed. Actually, I have a script that I pipe the MyASN alerts through, and that generates a URL for BGPlay, so that I can "replay" what the alert was about. For the last alert, the script generates this URL: http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=130.59.0.0/16&start=2006-06-28+03:52&end=2006-06-28+04:50 Our (AS559's) peering with Cogent (AS174) flapped twice between 04:25:23 and 04:43:05 UTC. The other flaps before and after this may point to more general problems with Cogents backbone. (I'm attaching the original MyASN alert, and my little Perl script that transforms this into the BGPlay URL.) Thanks again for the change! With kind regards, -- Simon. Content-Description: forwarded message From: myASn Notifications <myasn@ripe.net> To: simon@limmat.switch.ch Subject: New alarms for 559 Date: Wed, 28 Jun 2006 07:18:52 GMT Dear myASn contact, New alarms were detected for 559. Please find the details below. Depending on your detail level settings you might not see all the events. Please use the web interface for further details. http://www.ris.ripe.net/myasn/ -- myASn system Advanced alarm 1253 (Default), 130.59.0.0/16 (exceptions not shown), \b(3549|3356|286|1299|3320)\s(559)\b, MinED: 1, MinEC: 1, ADW: 3600 .=------+---------------+--------------+----------------+--------------------------+--------------------------+------=. | RRC | Prefix | AS Path | Peer | First seen | Last seen | Count | |=------+---------------+--------------+----------------+--------------------------+--------------------------+------=| | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 03:54:23 2006 | Wed Jun 28 03:54:23 2006 | 1 | | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 04:01:51 2006 | Wed Jun 28 04:05:58 2006 | 2 | | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 04:10:43 2006 | Wed Jun 28 04:15:05 2006 | 2 | | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 04:20:12 2006 | Wed Jun 28 04:22:59 2006 | 2 | | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 04:30:37 2006 | Wed Jun 28 04:30:37 2006 | 1 | | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 04:45:11 2006 | Wed Jun 28 04:45:11 2006 | 1 | '=------+---------------+--------------+----------------+--------------------------+--------------------------+------=' #!/usr/bin/perl -w ### ### Parse MyASN report and generate a BGPlay URL of the form ### http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=195.135.220.0/22&start=2005-05-30+05:00&end=2005-05-30+09:09 use strict; use Time::Local; sub parse_message (); sub gmt_to_unix ($ ); sub init_months (); sub unixtime_to_bgplay ($ ); sub make_bgplay_url ($$$$); ## BGPlay this many seconds before the earliest "first seen" ## value in the MyASN alert. ## my $seconds_before_first_seen = 120; ## BGPlay this many seconds after the last "last seen" value in the ## MyASN alert. ## my $seconds_after_last_seen = 300; my $echo = 0; init_months (); my ($prefix, $rrcs, $first, $last) = parse_message (); print make_bgplay_url ($prefix, $rrcs, $first, $last),"\n"; sub parse_message () { my ($very_first, $very_last, @rrcs, %rrcs); my (@colnames, @columns, $columns, $line, $k, $rrc, $prefix, $first, $last); while (<>) { print if $echo; next if /^[.|\']=--+/; warn "Cannot parse $_", next unless ($columns) = m@^\| (.*) \|$@; @columns = map { /^(.*\S+)\s*$/ } split (/ \| /, $columns); if (! $colnames[0]) { @colnames = @columns; } else { $line = {}; for ($k = 0; $#columns >= 0; ++$k) { $line->{$colnames[$k]} = shift @columns; } $prefix = $line->{'Prefix'} or die "missing Prefix column"; $rrc = $line->{'RRC'} or die "missing RRC column"; $first = $line->{'First seen'} or die "missing First seen column"; $last = $line->{'Last seen'} or die "missing Last seen column"; ++$rrcs{$rrc}; $first = gmt_to_unix ($first); $last = gmt_to_unix ($last); $very_first = $first if !defined $very_first or $first < $very_first; $very_last = $last if !defined $very_last or $last > $very_last; } } @rrcs = sort keys %rrcs; return ($prefix, \@rrcs, $very_first-$seconds_before_first_seen, $very_last+$seconds_after_last_seen); } my %ugly_months = (); sub init_months () { my $k = 0; my @pretty_months = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec); foreach my $month (@pretty_months) { $ugly_months{$month} = $k++; } } sub gmt_to_unix ($ ) { my ($gmt_string) = @_; my ($wday, $mname, $mon, $mday, $hour, $min, $sec, $year); die "malformed GMT string $gmt_string" unless (($wday, $mname, $mday, $hour, $min, $sec, $year) = $gmt_string =~ m@(Mon|Tue|Wed|Thu|Fri|Sat|Sun) \ (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \ \s*(\d+) \ (\d\d):(\d\d):(\d\d)\ (\d\d\d\d)$@ix); die "unknown month $mname" unless $mon = $ugly_months{$mname}; return timegm ($sec, $min, $hour, $mday, $mon, $year); } sub unixtime_to_bgplay ($ ) { my ($time) = @_; my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime($time); return sprintf ("%04d-%02d-%02d+%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min); } sub make_bgplay_url ($$$$) { my ($prefix, $rrcs, $first, $last) = @_; my $base_url = "http://www.ris.ripe.net/cgi-bin/bgplay.cgi"; return sprintf ("%s?prefix=%s&start=%s&end=%s", $base_url, $prefix, unixtime_to_bgplay ($first), unixtime_to_bgplay ($last)); } ----- End forwarded message ----- -- Arife Vural SED, RIPE NCC
Here, http://www.ripe.net/projects/ris/misc.html a. On Thu, Jun 29, 2006 at 04:16:52PM +0200, Arife Vural wrote:
Hi all,
I have put the code on RIS page.
Arife
----- Forwarded message from Simon Leinen <simon@limmat.switch.ch> -----
From: Simon Leinen <simon@limmat.switch.ch> To: Travel <travel@ripe.net> Subject: Re: NCC#2005011655 Suggestion for improvement of myASN alarms Date: Wed, 28 Jun 2006 14:09:54 +0200 Cc: Arife Vural <arife@ripe.net>
Content-Description: message body and .signature Hello Arife (Travel?),
I have fixed this bug, please let me know if you see other problems.
Wonderful, thanks! It was more an "RFE" (request for enhancement) than a bug. I just received my first message with the new AS path column, and found it very useful indeed.
Actually, I have a script that I pipe the MyASN alerts through, and that generates a URL for BGPlay, so that I can "replay" what the alert was about. For the last alert, the script generates this URL:
Our (AS559's) peering with Cogent (AS174) flapped twice between 04:25:23 and 04:43:05 UTC. The other flaps before and after this may point to more general problems with Cogents backbone.
(I'm attaching the original MyASN alert, and my little Perl script that transforms this into the BGPlay URL.)
Thanks again for the change!
With kind regards, -- Simon.
Content-Description: forwarded message From: myASn Notifications <myasn@ripe.net> To: simon@limmat.switch.ch Subject: New alarms for 559 Date: Wed, 28 Jun 2006 07:18:52 GMT
Dear myASn contact,
New alarms were detected for 559. Please find the details below. Depending on your detail level settings you might not see all the events.
Please use the web interface for further details.
http://www.ris.ripe.net/myasn/
-- myASn system
Advanced alarm 1253 (Default), 130.59.0.0/16 (exceptions not shown), \b(3549|3356|286|1299|3320)\s(559)\b, MinED: 1, MinEC: 1, ADW: 3600 .=------+---------------+--------------+----------------+--------------------------+--------------------------+------=. | RRC | Prefix | AS Path | Peer | First seen | Last seen | Count | |=------+---------------+--------------+----------------+--------------------------+--------------------------+------=| | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 03:54:23 2006 | Wed Jun 28 03:54:23 2006 | 1 | | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 04:01:51 2006 | Wed Jun 28 04:05:58 2006 | 2 | | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 04:10:43 2006 | Wed Jun 28 04:15:05 2006 | 2 | | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 04:20:12 2006 | Wed Jun 28 04:22:59 2006 | 2 | | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 04:30:37 2006 | Wed Jun 28 04:30:37 2006 | 1 | | rrc15 | 130.59.0.0/16 | 6140 174 559 | 200.219.130.18 | Wed Jun 28 04:45:11 2006 | Wed Jun 28 04:45:11 2006 | 1 | '=------+---------------+--------------+----------------+--------------------------+--------------------------+------='
#!/usr/bin/perl -w ### ### Parse MyASN report and generate a BGPlay URL of the form ### http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=195.135.220.0/22&start=2005-05-30+05:00&end=2005-05-30+09:09
use strict; use Time::Local;
sub parse_message (); sub gmt_to_unix ($ ); sub init_months (); sub unixtime_to_bgplay ($ ); sub make_bgplay_url ($$$$);
## BGPlay this many seconds before the earliest "first seen" ## value in the MyASN alert. ## my $seconds_before_first_seen = 120;
## BGPlay this many seconds after the last "last seen" value in the ## MyASN alert. ## my $seconds_after_last_seen = 300;
my $echo = 0; init_months (); my ($prefix, $rrcs, $first, $last) = parse_message (); print make_bgplay_url ($prefix, $rrcs, $first, $last),"\n";
sub parse_message () { my ($very_first, $very_last, @rrcs, %rrcs); my (@colnames, @columns, $columns, $line, $k, $rrc, $prefix, $first, $last); while (<>) { print if $echo; next if /^[.|\']=--+/; warn "Cannot parse $_", next unless ($columns) = m@^\| (.*) \|$@; @columns = map { /^(.*\S+)\s*$/ } split (/ \| /, $columns); if (! $colnames[0]) { @colnames = @columns; } else { $line = {}; for ($k = 0; $#columns >= 0; ++$k) { $line->{$colnames[$k]} = shift @columns; } $prefix = $line->{'Prefix'} or die "missing Prefix column"; $rrc = $line->{'RRC'} or die "missing RRC column"; $first = $line->{'First seen'} or die "missing First seen column"; $last = $line->{'Last seen'} or die "missing Last seen column"; ++$rrcs{$rrc}; $first = gmt_to_unix ($first); $last = gmt_to_unix ($last); $very_first = $first if !defined $very_first or $first < $very_first; $very_last = $last if !defined $very_last or $last > $very_last; } } @rrcs = sort keys %rrcs; return ($prefix, \@rrcs, $very_first-$seconds_before_first_seen, $very_last+$seconds_after_last_seen); }
my %ugly_months = ();
sub init_months () { my $k = 0; my @pretty_months = qw(Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec); foreach my $month (@pretty_months) { $ugly_months{$month} = $k++; } }
sub gmt_to_unix ($ ) { my ($gmt_string) = @_; my ($wday, $mname, $mon, $mday, $hour, $min, $sec, $year); die "malformed GMT string $gmt_string" unless (($wday, $mname, $mday, $hour, $min, $sec, $year) = $gmt_string =~ m@(Mon|Tue|Wed|Thu|Fri|Sat|Sun) \ (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \ \s*(\d+) \ (\d\d):(\d\d):(\d\d)\ (\d\d\d\d)$@ix); die "unknown month $mname" unless $mon = $ugly_months{$mname}; return timegm ($sec, $min, $hour, $mday, $mon, $year); }
sub unixtime_to_bgplay ($ ) { my ($time) = @_; my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday) = gmtime($time); return sprintf ("%04d-%02d-%02d+%02d:%02d", $year+1900, $mon+1, $mday, $hour, $min); }
sub make_bgplay_url ($$$$) { my ($prefix, $rrcs, $first, $last) = @_; my $base_url = "http://www.ris.ripe.net/cgi-bin/bgplay.cgi"; return sprintf ("%s?prefix=%s&start=%s&end=%s", $base_url, $prefix, unixtime_to_bgplay ($first), unixtime_to_bgplay ($last)); }
----- End forwarded message -----
-- Arife Vural SED, RIPE NCC
-- Arife Vural SED, RIPE NCC
participants (1)
-
arife@ripe.net