Showing posts with label Nagios Icinga. Show all posts
Showing posts with label Nagios Icinga. Show all posts

Monday, August 13, 2012

Nagios monitoring mysql

Category: SkyHi @ Monday, August 13, 2012

I was asked by a client to configure nagios to monitor two database servers, running on Redhat
Enterprise Linux 5. Here are the steps, including a couple mis-steps to get it working. Nagios
was already set up and running on a server called monitor, which is running CentOS5.
I had two options. I could directly monitor the databases from monitor using the check_mysql or
run check_mysql on the database server and call it through check_by_ssh. I started out configuring
the method over ssh.
First, in each database server I created a user nagios and set a password for that user. I then
created a set of keys:
ssh-keygen -t dsa
I set no passphrase for the key, since I intended it to have a single purpose and limited
access to the database servers. I then tested the access to see if there were any glitches.
It worked on one server but not the other. After a quick once over, I decided to proceed and
solve that problem later. Since I needed check_mysql I compiled the plugins
From the nagios plugins web site, I downloaded nagios-plugins-1.4.14.tar.gz to each of the
database servers. However, because not all the necessary mysql packages were in place, it
threw some errors during the configure stage.
./configure –with-nagios-user=nagios –with-nagios-group=nagios –with-mysql=/usr
The main error that interfered with my plans was the failure to build the check_mysql plugin.
After some research I discovered that the failure was probably due to the absence of some
mysql libraries that would be in a development package. However, RHEL5 doesn’t have such a
package in their repository for RHEL5. It is available in some of the alternate repositories. It’s not really that surprising, when I think about it, that the package is unavailable, RHEL isn’t intended to be a development platform, it’s a server platform. I didn’t want to add alternate repositories without permission from the client.
So I went for plan B. I decided to configure the check-mysql to run on the monitor server
and attach to the mysql database over the network. There is a danger that If not carefully configured this could represent a security vulnerability for the database server. To make it as secure as possible
I logged into mysql on each of the database servers and created special access rules for this
purpose. I created a special nagios user with it’s own password and gave it read only permissions
and only on one database.
grant select on database.* to nagios@monitor identified by “password”
Now the user nagios can read that database. It doesn’t have any more privileges, so it’s unlikely to be used to damage the database, even if the monitor were compromised. The bad guys won’t
be able to use the compromise of the monitor to also compromise or damage the database server.
To test my work I issued the following command:
/usr/local/nagios/libexec/check_mysql -d database -u nagios -p password -H $HOSTNAME$
$HOSTNAME is the ip of the database server.
The data came back:
Uptime: 528011 Threads: 61 Questions: 83799845 Slow queries: 38527 Opens:
11365 Flush tables: 1 Open tables: 1003 Queries per second avg: 158.709
To prevent the username and password from being exposed in the web interface I put some of the command values in resource.cfg
###########################################################################
#
# RESOURCE.CFG – Sample Resource File for Nagios 3.0b6
#
# Last Modified: 09-10-2003
#
# You can define $USERx$ macros in this file, which can in turn be used
# in command definitions in your host config file(s).  $USERx$ macros are
# useful for storing sensitive information such as usernames, passwords,
# etc.  They are also handy for specifying the path to plugins and
# event handlers – if you decide to move the plugins or event handlers to
# a different directory in the future, you can just update one or two
# $USERx$ macros, instead of modifying a lot of command definitions.
#
# The CGIs will not attempt to read the contents of resource files, so
# you can set restrictive permissions (600 or 660) on them.
#
# Nagios supports up to 32 $USERx$ macros ($USER1$ through $USER32$)
#
# Resource files may also be used to store configuration directives for
# external data sources like MySQL…
#
###########################################################################
# Sets $USER1$ to be the path to the plugins
$USER1$=/usr/local/nagios/libexec
# Sets $USER2$ to be the path to event handlers
#$USER2$=/usr/local/nagios/libexec/eventhandlers
# Store some usernames and passwords (hidden from the CGIs)
$USER3$=nagios
$USER4$=password
###############################################################################################
commands.cfg is where I put my tested command
############################### commands.cfg ######################
define command{
command_name check-mysql
command_line $USER1$/check_mysql -d tracking -u $USER3$ -p $USER4$ -H $HOSTADDRESS$
}
####################################################################
Next I need to tell nagios where to send messages.
############################### contacts.cfg #######################
define contact{
contact_name pacneil
use generic-contact
alias Neil Schneider
email pacneil@linuxgeek.net
}
define contactgroup {
contactgroup_name pacneil
alias Test Group
members pacneil
}
######################################################################
What group of servers are we going to monitor?
############################### host_groups.cfg #####################
define hostgroup{
hostgroup_name db-host-group
alias Database Servers Host Group
hostgroup_members db-slave-host-group
}
define hostgroup{
hostgroup_name db-slave-host-group
alias Slave Database Servers Host Group
}
######################################################################
And we need to configure some parameters how we want to display the hosts in the web interface.
############################### hosts.cfg ############################
define host{
use db-server
host_name db3.servers.pmc
hostgroups db-slave-host-group,lb1-host-group,rackspace-host-group
alias db3
display_name Db3
address 74.205.65.35
parents app2.servers.pmc
2d_coords 100,0
3d_coords -5,4,1
}
define host{
use db-server
host_name db4.servers.pmc
hostgroups db-slave-host-group,lb1-host-group,rackspace-host-group
alias db4
display_name Db4
address 74.205.65.36
parents app2.servers.pmc
2d_coords 200,0
3d_coords -5,4,-1
}
######################################################################
And I create a service group just for database servers.
########################## service_groups.cfg ########################
define servicegroup{
servicegroup_name db-server-service-group
alias Database Server Service Group
servicegroup_members server-service-group
}
######################################################################
Then I define the service
############################ services.cfg ############################
define service{
use server-service
name db-server-service
servicegroups db-server-service-group
hostgroup_name db-host-group
register 0
}
######################################################################

REFERENCES
http://www.linuxgeek.net/2010/06/24/nagios-monitoring-mysql/

Friday, December 16, 2011

Nagios Icinga related

Category: SkyHi @ Friday, December 16, 2011
icinga on Ubuntu bash install script

http://blog.kyodium.net/search/label/icinga





Related Articles
http://www.kernelhardware.org/category/nagios/
http://www.thegeekstuff.com/tag/nagios/

Nagios Email Notification Frequency or Interval

Category: SkyHi @ Friday, December 16, 2011
Question:
How do I configure how often Nagios emails notifications about problems.
Solution:
The notification interval setting for service and hosts allows you to configure when email notifications get sent by Nagios

Nagios Notifications

Before Nagios sends out a notification the program runs a series of filters.
1. Are notifications enabled ?
2. Scheduled Downtime for Host/Service ?
3. Is service Flapping ?
4. Notification Period (Is Nagios allowed to send notifications at this time ?)
Some techs dont want their cellphone pinging at 4 am with a new email alert :)
5. Notification Interval ( check and make sure the time that has passed since the last notification went out either meets or exceeds )

Nagios Notification Interval

The notification interval filter requires two previous check to be met first.
1. A notification was already sent out about the problem
2. the host/service has remained in an not OK state since the last notification went out
Configure Nagios Notification Interval Setting
The setting for notification interval can be defined within the host definition section of the configuration files.
The easiest way to modify this setting is to modify the main generic-host template “template.cfg” found in
# cd /user/local/nagios/etc/objects/
Edit the file “template.cfg”
# vi /user/local/nagios/etc/objects/template.cfg
Find the line (** The below line will show for each type of host defined in the template **)
define host {

notification_interval     120       ; Resend notification every 2 hours

}
Change “120″ to match how minutes you want to wait before receiving additional notifications
Save your changes
Next, verify your Nagios configuration files and restart Nagios.
# /usr/local/nagios/bin/nagios -v /usr/local/nagios/etc/nagios.cfg

# service nagios restart



REFERENCES
http://www.kernelhardware.org/nagios-email-notification-frequency-or-interval/

Monday, October 31, 2011

Nagios Icinga DISK error

Category: SkyHi @ Monday, October 31, 2011
ERROR:

DISK CRITICAL - /home/rdp/.gvfs is not accessible: Permission denied
 
Solution: 
This is bug #615848.
 You can either give the nagios user permission to that file or just 
ignore the file during check. To ignore the file, edit the disk.cfg file
 located in /etc/nagios-plugins/config and add the arguments [-A -i 
'.gvfs'] at the end of the command line arguments for the command 
check_disk and check_all_disks. 
 
REFERENCES
https://help.ubuntu.com/community/Nagios3

Monday, September 26, 2011

Free Tools for Monitoring Your Site’s Uptime

Category: SkyHi @ Monday, September 26, 2011
A website or web application’s high availability is very crucial; users who constantly encounter problems accessing the content of a site will not likely come back. For web applications – poor uptimes means users won’t be confident about your product: if they constantly experience issues with your apps’s availability, they will likely look for another solution that isn’t as problematic.
It’s essential that your sites and web apps are constantly accessible to your users. In this article, you will find free and useful monitoring tools to help you know when your website or web application becomes unavailable.

1. Site24x7

Site24x7

Sites24x7 is a simple website-monitoring tool for keeping track of your website or web application’s availability. It tests your uptime in several global locations such as Singapore, the Netherlands, and New Jersey so that you can be assured that your website is being served in major regions of the world at optimal page load times.

2. Are My Sites Up?

Are My Sites Up?
Are My Sites Up? is a straightforward free web tool for being alerted when your websites are down. With Are My Sites Up?, you can monitor up to five different websites, receive email and text message alerts so that you have constant awareness of your sites’ uptime, and checks performed 25 times a day.

3. mon.itor.us

mon.itor.us
mon.itor.us is a free site monitoring tool with loads of useful features that will help you maintain a high uptime. By providing you with a ton of information about your site and web server, you can quickly spot potential issues that relate with your site’s availability. mon.itor.us has an intuitive dashboard GUI, the ability to send you downtime alerts via email, text message, and RSS, monitoring from multiple geographical locations, and real-time visitor monitoring. It’s a simple-to-use tool boasting a low setup time (sign-up and installation) of only five minutes.

4. Montastic

Montastic
Montastic is a free, quick, and easy-to-use tool for keeping constant knowledge of your websites’ availability. Developed by Metadot, Montastic sends you warnings whenever your site crashes (and when it comes back up) through email, RSS, or their Windows and Mac widget. Montastic lets you monitor up to 100 sites per account, supports monitoring for HTTP and HTTP Secure connections, and a simple and elegant end-user interface.

5. ServerMojo

ServerMojo
ServerMojo is a simple-to-use service for supervising your web server’s uptime. It alerts you via IM, Twitter, and email when your site is unavailable. ServerMojo permits you to monitor one site at one-hour intervals.

6. HostTracker

HostTracker
HostTracker is a free web tool for monitoring site availability. You can monitor up to two websites at a time and get free weekly, monthly, quarterly, and yearly reports on your web server’s performance. HostTracker provides distributed monitoring, tracking of useful data on site availability for diagnostics, and alerts of issues via email, IM, and/or SMS. HostTracker’s front page features a nice utility widget for instantly checking your website’s availability: you simply enter your URL and it will ping your server.

7. Observu

Observu
Observu is a very simple tool intentionally designed for rapid set-up and ease of use. With Observu, you can monitor an unlimited amount of websites/web servers, which is great for multi-site owners who want a hassle-free way of keeping track of what’s going on with their web properties.

8. InternetSeer

InternetSeer
InternetSeer has a free standard service that offers 60-minute intervals for monitoring your site’s uptime and performance. It gives you site availability and page response time reports, real-time error notifications, and a weekly report on your server’s performance for diagnostics.

9. FreeSiteStatus

FreeSiteStatus
FreeSiteStatus is a web-based application that provides email alerts of your site’s downtime, a monitoring interval of 60 minutes, and a distributed monitoring network of 13 global locations. FreeSiteStatus also has a nifty tool on the site called "Quick Test" for instantly checking your site services’ performance and availability (i.e. HTTP, POP3, MySQL, FTP, and more).

10. SiteUptime

SiteUptime
SiteUptime is a free tool that lets you monitor one site at 30 or 60-minute intervals from four geographical locations. You can monitor your HTTP (web server), POP3 (email server), FTP server, and more using SiteUptime. It also gives you the option to display your availability statistics publicly, which you can use as a site widget to show off your site or web application’s high-availability. Check out the live demo of SiteUptime.

11. Basic State

Basic State
Basic State is a free monitoring tool for uptime, server, and network failures of your site. Basic State checks your website at 15-minute intervals and sends you notifications via email or text message when something goes kaboom. With a simple sign-up process that will get you set up in no time and the ability to keep tabs on any number of sites, Basic State is a solid option to consider when looking into site monitoring tools.

12. Livewatch

Livewatch
Livewatch allows you to get alerts when your site is unavailable via email, SMS, phone, IM, and even Twitter. It can record and create PDF reports for site failures so that you can keep track of downtime events for documentation and troubleshooting. They also have a nice and simple web tool for instantly checking your site availability called Free HTTP Check that quickly checks your web server’s availability.

What tool do you use to for monitoring uptime/availability?

Do you have a tool not on the list that you use for your sites and applications? Do you have positive or negative experiences that you’d like to share about the tools featured here? Please do share your thoughts and opinions with us in the comments.

Related content

Monday, June 14, 2010

Stack installation on CentOS 5

Category: , , , , SkyHi @ Monday, June 14, 2010
All commands are run as root.

Text editor (mostly for my use):

yum install nano

EPEL and Remi repositories

  • Install the repositories 
    rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-2.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/el5.x86_64/remi-release-5-4.el5.remi.noarch.rpm
  • Edit /etc/yum.repos.d/remi.repo.
    • Under [TECH:remi], set enabled=1.

PHP and MySQL(i) client

  • Configure base packages 
    yum install php-pear php-mysql php-mbstring
/etc/init.d/httpd restart
  • Test
    • Configure phpinfo() page 
      echo " /var/www/html/index.php
chmod 644 /var/www/html/index.php
    • Load page in browser

APC

yum install php-pecl-apc
/etc/init.d/httpd restart
  • Test: Load page in browser and look for "apc.stat"

Memcached

yum install zlib-devel memcached php-pecl-memcache
/etc/init.d/memcached start
Test:  telnet localhost 11211
/etc/init.d/httpd restart
  • Test: Load page in browser and look for "memcache.default_port"

Apache

  • Change "AllowOverride None" to "AllowOverride All" for :
    /etc/httpd/conf/httpd.conf (excerpt)
    "/var/www/html">

[...]

AllowOverride All

[...]

MySQL server

  • Install MySQL 
    yum install mysql-server
  • Set better defaults in /etc/my.cnf under [TECH:mysqld]: 
    default_storage_engine = InnoDB
default_character_set = utf8
collation_server = utf8_general_ci
character_set_server = utf8
  • Start MySQL and set the root password: 
    /etc/init.d/mysqld start
/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h localhost.localdomain password 'new-password'

Synchronize system clock

yum install ntp
chkconfig ntpd on
ntpdate pool.ntp.org
/etc/init.d/ntpd start

phpMyAdmin

  • Install phpMyAdmin 
    yum install phpmyadmin
  • Edit /etc/httpd/conf.d/phpMyAdmin.conf to allow access from non-localhost clients.
  • Edit /etc/phpMyAdmin/config.inc.php to add additional servers and use the "mysqli" driver for connections.
  • Restart Apache: 
    /etc/init.d/httpd restart
  • Visit http://server.example.com/phpmyadmin
  • Log in using "root" and the root password set from the MySQL server installation.

Nagios (only for monitoring server)

  • Install Nagios 
    yum install nagios nagios-plugins-disk nagios-plugins-dns nagios-plugins-http nagios-plugins-load \
nagios-plugins-mysql nagios-plugins-ping nagios-plugins-ssh nagios-plugins-users nagios-plugins-procs \
nagios-plugins-nrpe nagios-plugins-swap
htpasswd -c /etc/nagios/passwd nagios
chgrp apache /etc/nagios/passwd
chmod 640 /etc/nagios/passwd
  • Edit /etc/httpd/conf.d/nagios.conf.
    • Change allow from 127.0.0.1 to allow from all.
  • Edit /etc/nagios/nagios.cfg.
    • Uncomment cfg_dir=/etc/nagios/servers.
  • mkdir /etc/nagios/servers && chgrp nagios /etc/nagios/servers && chmod g+s /etc/nagios/servers.
  • Edit /etc/nagios/localhost.cfg to change nagios-admin to nagios.
  • Add the following text to /etc/nagios/commands.cfg to support querying NRPE on remote hosts: 
    define command{
command_name    check_nrpe
command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$
}
  • Verify configurations: 
    nagios -v /etc/nagios/nagios.cfg
  • Add server configurations to /etc/nagios/servers.
  • Restart Apache and Nagios: 
    /etc/init.d/httpd restart
/etc/init.d/nagios restart


Nagios clients

  • Install NRPE plugin: 
    yum install nrpe nagios-plugins-disk nagios-plugins-load nagios-plugins-ping \
nagios-plugins-ssh nagios-plugins-users nagios-plugins-procs nagios-plugins-swap
  • Edit /etc/nagios/nrpe.cfg.
    • Add the Nagios server to allowed_hosts.
    • Add necessary commands to the command definitions section.
  • Start the service: 
    /etc/init.d/nrpe start
  • Make the service start by default: 
    chkconfig nrpe on
  • Verify access to NRPE from the Nagios server: 
    /usr/lib64/nagios/plugins/check_nrpe -H [nrpe-remote-host]
  • Verify access to commands from the Nagios server: 
    /usr/lib64/nagios/plugins/check_nrpe -H [nrpe-remote-host] -c [command]


Nagios Apache clients

  • Install relevant plugin(s): 
    yum install nagios-plugins-http
  • Add a check_http command to /etc/nagios/nrpe.cfg: 
    command[check_http]=/usr/lib64/nagios/plugins/check_http -w 5 -c 20 -I 127.0.0.1


Nagios MySQL clients

  • Install relevant plugin(s): 
    yum install nagios-plugins-mysql
  • Log into MySQL and add an unprivileged nrpe user: 
    CREATE USER 'nrpe'@'localhost' IDENTIFIED BY 'nrpe';
GRANT REPLICATION CLIENT ON *.* TO 'nrpe'@'localhost';
  • Add a check_mysql command to /etc/nagios/nrpe.cfg for a non-slave server: 
    command[check_mysql]=/usr/lib64/nagios/plugins/check_mysql -u nrpe -p nrpe
  • Add a check_mysql command to /etc/nagios/nrpe.cfg for a slave server: 
    command[check_mysql]=/usr/lib64/nagios/plugins/check_mysql -u nrpe -p nrpe -S -w 2 -c 10


Cacti (only for monitoring server)

  • Install the main package 
    yum install php-snmp net-snmp net-snmp-utils cacti
  • Edit /etc/cacti/db.php: 
    $database_type = 'mysql';
$database_default = 'cacti';
$database_hostname = 'localhost';
$database_username = 'cacti';
$database_password = 'password-here';
$database_port = '3306';
  • Install the database: 
    mysql -p cacti < /usr/share/doc/cacti-0.8.7b/cacti.sql mysql_convert_table_format --password="mysql-root-password" --type="InnoDB" cacti
  • Edit /etc/httpd/conf.d/cacti.conf to allow access from non-localhost.
  • Restart Apache: 
    /etc/init.d/httpd restart
  • Enable cron operation by adding the line */5 * * * * /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1 to cacti's crontab: 
    export EDITOR=nano
crontab -u cacti -e
  • Grant Apache access to the RRD files: 
    chgrp -R apache /var/lib/cacti/rra
chmode -R g+s /var/lib/cacti/rra
  • Go to http://server.example.com/cacti and log in as admin/admin.


Cacti clients

  • Install the SNMP daemon: 
    yum install net-snmp net-snmp-libs net-snmp-utils
  • If the /etc/snmp/snmpd.conf is the default, move it: 
    mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.original
# snmpconf -i -g basic_setup
  • Configure the SNMP daemon by putting the following in /etc/snmp/snmpd.conf: 
    rocommunity public cacti-server-ip
rocommunity public 127.0.0.1
dontPrintUnits true
includeAllDisks
  • Enable the SNMP daemon: 
    /etc/init.d/snmpd start
chkconfig snmpd on
  • Add the device to the Cacti server
    • Console > Management > Devices > Add
      • Description: enter-name
      • Hostname: ip-address
      • Host Template: Generic SNMP-enabled Host
      • SNMP Version: Version 1
    • Console > Management > Graph Trees > Default Tree > Add
      • Tree Item Type: Host
      • Host: select-host


Cacti Apache clients

  • Add the following to /etc/snmp/snmpd.conf: 
    proc httpd


Cacti MySQL clients

To be written.


Load testing with curl-loader

  • Download, build, and install: 
    yum install gcc openssl-devel
wget http://downloads.sourceforge.net/curl-loader/curl-loader-0.46.tar.gz
tar xzf curl-loader-0.46.tar.gz
rm curl-loader-0.46.tar.gz
cd curl-loader-0.46
make
make install
  • Run: 
    curl-loader -f configfile

PHP PECL xdebug

  • Install xdebug and restart Apache 
    pear install pecl/xdebug
/etc/init.d/httpd restart
  • To profile code
    • Add the following to /etc/php.d/xdebug.conf: 
      zend_extension=/usr/lib64/php/modules/xdebug.so
xdebug.profiler_enable_trigger = 1
    • Restart Apache: 
      /etc/init.d/httpd restart
    • And then load the page you want to profile with "?XDEBUG_PROFILE=1" at the end of the URL.

To do

  • Set up multiple memcached instances (instead of the default single instance)
  • Tune APC
REFERENCES https://wiki.fourkitchens.com/display/PF/Stack+installation+on+CentOS+5
Subscribe to: Posts (Atom)