TIPS & TRICKS

Pulling out Bluecoat and Brocade Load Balancers Internal Metrics via Scripted Input

We were working on a project to pull out internal operational metrics from Bluecoat and Brocade devices via a Python Scripted Input. There are a few ways to achieve this, either via Telnet (less secure) or via SSH. In any case, we were testing this out using the Telnetlib on Python, and managed to get everything working nicely. We will eventually extend the script to use the SSH library.

One of the reasons why we have to go via the Telnet/SSH route is because certain metrics are not readily available via Syslog or SNMP. It is incredible that Splunk can pull out such transient information to provide operational intelligence to the enterprise.

If you think about it, you can extend this use case to other networking devices out there. For example, do you want to know the number of error packets on a certain interface in your network appliances? Or how many times the interfaces are flapping?

One of the interesting findings we observed was that Broacade load balancers will require you to send a “\r\n” after every command, or else the Python script will freeze at the first line while waiting for the next response.

Once we have the scripted input working, we can easily integrate it into Splunk by defining in the inputs.conf something like:

[script://$SPLUNK_HOME/etc/apps/my_app/bin/bluecoat.py]
disabled = false
host = 192.168.88.209
interval = 30
sourcetype = bluecoat

[script://$SPLUNK_HOME/etc/apps/my_app/bin/brocade.py]
disabled = false
host = 192.168.88.208
interval = 30
sourcetype = foundry

So in this case, I have Splunk running the two scripts every 30 seconds.

If everything works, you should have the output coming straight into Splunk, just like these screenshots.

Working on it, we were able to build dashboards that are important to the user.

----------------------------------------------------
Thanks!
Tat-Wee

Splunk
Posted by

Splunk

Join the Discussion