IMPORTANT: Per accedir als fitxer de subversion: (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

Alert.png Aquesta wiki forma part dels materials d'un curs
Curs: SeguretatXarxesInformàtiques, LinuxAdministracioAvancada, DissenyXarxesLinux
Fitxers: EinesMonitoritzacio.pdf (EinesMonitoritzacio.odp)

EinesMonitoritzacio2.pdf (EinesMonitoritzacio2.odp)

Repositori SVN:àtiques
Usuari: anonymous
Paraula de pas: sense paraula de pas
Autors: Sergi Tur Badenas
Munin Logo

Munin és un servei de monitorització. El servidor munin (munin-node) utilitza el port 4949.

$ cat /etc/services | grep 4949
munin           4949/tcp        lrrd            # Munin

L'origen del nom tal i com es comenta a la pàgina oficial de Munin, està en un dels nom dels corbs d'un antic deu nòrdic anomenat el Rei Odin. Els corbs s'encarregaven de controlar el reialme del rei.

Munin vol dir memòria.

Hugin and Munin are the ravens of the Norse god king Odin. They flew all over Midgard for him, seeing and remembering, and later telling him.


Munin-node (paquet munin-node) és el servidor en l'arquitectura de Munin. És el que respons a les peticions de monitorització rebudes des de un o més clients munin (paquet munin). Els clients reben les respostes i creen les gràfiques de l'aplicació web. Es pot accedir a la aplicació web amb la següent URL:





$ sudo apt-get install munin

Fitxers instal·lats


$ dpkg -L munin | grep bin

Fitxers de configuració:

$ dpkg -L munin | grep etc


$ sudo dpkg -L munin | grep doc

Un cop instal·lat podem utilitzat munin obrint la URL:


Al nostre navegador web.


Bàsicament la configuració de Munin consisteix en afegir al fitxer /etc/munin/munin.conf. Un exemple:

$ sudo joe /etc/munin/munin.conf
   use_node_name yes

   use_node_name yes

   use_node_name yes

   use_node_name yes

   use_node_name yes

   use_node_name yes

   use_node_name yes

   use_node_name yes

   use_node_name yes

   use_node_name yes

   use_node_name yes

Un cop configurat munin només cal esperar. Cada 5 minuts Munin es executat per cron:

$ cat /etc/cron.d/munin
# cron-jobs for munin


@reboot         root  if [ ! -d /var/run/munin ]; then /bin/bash -c 'perms=(`/usr/sbin/dpkg-statoverride --list /var/run/munin`); mkdir /var/run/munin;   
chown ${perms[0]:-munin}:${perms[1]:-root} /var/run/munin; chmod ${perms[2]:-0755} /var/run/munin'; f  i
*/5 * * * *     munin if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi
14 10 * * *     munin if [ -x /usr/share/munin/munin-limits ]; then /usr/share/munin/munin-limits --force --contact nagios --contact old-nagios; fi

Vegeu també: 

i el manual:

$ man munin.conf
MUNIN.CONF(5)                  Munin Documentation                 MUNIN.CONF(5)

       munin.conf - Munin configuration file

       Munin is a group of programs to gather data from hosts, graph them,
       create html-pages, and optionally warn contacts about any off-limit

       The hosts are divided into three groups: One master (could be more, but
       Munin is not cluster aware so they'll likely be independent).  The master
       contacts a number of machines running munin-node, these are called nodes.
       Each node has data from one or more hosts that is monitored by Munin. 

       munin.conf is the configuration file for the Munin master server.  The
       programs using it are munin-update, munin-graph, munin-limits and munin-
       html.  There is also quite extensive documentation of this file at

       The format of the file is simple. A minimal configuration looks something

               dbdir           /var/lib/munin
               logdir          /var/log/munin
               htmldir         /var/www/munin
               rundir          /var/run/munin
               tmpldir         /etc/munin/templates/  

                       address localhost  

      The default location of munin.conf is @@CONFDIR@@/munin.conf. If your
      placement deviates from this norm, use the "--config <file>"-option when
      running the munin-* programs.

      Munin-update will expand all node-entries in this file, and save them to
      @@DBDIR@@/datafile, which is used by all programs in the package together
      with this file.

      Any directives in this file will override directives of the same name in
      "datafile".  E.g., if you want to change the title of the "load"-graph in
      the above minimum configuration, you would modify the two bottom lines

                      address localhost
                      load.graph_title Edited title of the load-graph

      This will override the "graph_title" attribute of the "load" field/data
      series while keeping all the others at their default.
      These directives should appear in munin.conf before any host or group

      dbdir <path>
          Directory for generated database files.  Required.

      logdir <path>
          Directory for log files.  Required.

      htmldir <path>
          Directory for HTML pages and graphs.  Required.

      rundir <path>
          Directory for files tracking munin's current running state.

      tmpldir <path>
          Directory for templates used to generate HTML pages.  Required.

      fork <value>
          This directive determines whether munin-update fork when gathering
          information from nodes.  Possible values are "yes" and "no".  Default
          is "yes".  If you set it to "no" munin-update will collect data from
          the nodes in sequence rather than in paralell and this will take
          considerably more time.  Affects: munin-update.

      graph_data_size <value>
          This directive sets the resolution of the RRD files that are created.
          Possible values are "normal" and "huge".  Default is "normal".
          Affects: munin-update.

      graph_strategy <value>
          This directive can be "cron" or "cgi".  This determines whether
          graphs will be produced when the cron job is run or whether they will
          be generated by the CGI script (Links this CGI script will be added
          to the HTML pages if "cgi" is selected).  This is one of several
          steps required to enable CGI graphing, see
          <> for more details.
          Default is "cron".  Affects: munin-graph and munin-html.

      local_address <value>
          The local address to connect any node from.  This can be overriden by
          a group or global directive.  Munin will attempt to guess an
          appropriate interface.

      max_processes <value>
          This directive specifies the maximum number of processes to be used
          for gathering information from nodes.  If left blank, munin will use
          as many processes as necessary.  Affects: munin-update.
 tls <value>
          Can have four values. "paranoid", "enabled", "auto", and "disabled".
          Paranoid and enabled require a TLS connection, auto will attempt a
          connection but continue on failure, and disabled will not attempt one
          at all.  If the perl module Net::SSLeay is available the setting is
          "auto".  If the module isn't available it's "off".  If munin is not
          propperly configured for TLS and Net::SSLeay is available munin-
          update has been known to fail mysteriously.  If you see data dropouts
          (gaps in graphs) please try to disable TLS.  Affects: munin-update.

      tls_verify_certificate <value>
          This directive can be "yes" or "no".  It determines if the remote
          certificate needs to be signed by a CA that is known locally.
          Default is "no".  Affects: munin-update.

      tls_private_key <value>
          This directive sets the location of the private key to be used for
          TLS.  Default is @@CONFDIR@@/munin.pem.  The private key and
          certificate can be stored in the same file.  Affects: munin-update.

      tls_certificate <value>
          This directive sets the location of the TLS certificate to be used
          for TLS.  Default is @@CONFDIR@@/munin.pem.  The private key and
          certificate can be stored in the same file.  Affects: munin-update.

      tls_ca_certificate <value>
          This directive sets the CA certificate to be used to verify the
          node's certificate, if tls_verify_certificate is set to "yes".
          Default is @@CONFDIR@@/cacert.pem.  Affects: munin-update.

      tls-verify_depth <value>
          This directive sets how many signings up a chain of signatures TLS is
          willing to go to reach a known, trusted CA when verifying a
          certificate.  Default is 5.  Affects: munin-update.

      FIXME: This section MAY be complete, it may be missing a directive or
      Host definitions can have several types.  In all forms, the definition is
      used to generate the host name and group for the host, and the following
      lines define its directives.  All following directives apply to that node
      until another node definition or EOF.  Note that when defining a nodename
      it is vital that you use a standard DNS name, as in, one that uses only
      a-z, '-', and '.'.  While other characters can be used in a DNS name, it
      is against the RFC, and Munin uses the other characters as delimiters.
      If they appear in nodenames, unexpected behavior may occur.

      The simplest node definition defines the section for a new node by simply
      wrapping the DNS name of the node in brackets, e.g.
      "[machine1.your.dom]".  This will add the node "machine1.your.dom" to the
      group "your.dom".

      The next form of definition is used to define the node and group
      independently.  It follows the form "[your.dom;machine1.sub.your.dom]".
      This adds the node "machine1.sub.your.dom" to the group "your.dom".  This
      can be useful if you have machines you want to put together as a group
      that are under different domains (as in the given example).  This can
      also solve a problem if your machine is "", where having a
      group of "com" makes little sense.

      These are directives that can follow a node definition and will apply
      only to that node.

      address <value>
          The IP address of the node.  Required.

      local_address <value>
          The local address to connect to the node from.  This overrides a
          group or global directive.

      FIXME: This section is incomplete.

      These directives should appear after a node definition and are of the
      form "plugin.directive <value>".  Using these directives you can override
      various directives for a plugin, such as its contacts, and can also be
      used to create graphs containing data from other plugins.

      FIXME: This section is (obviously) incomplete.
      These directives should appear after a node definition and are of the
      form "plugin.field <value>".  Using these directives you can override
      values originally set by plugins on the nodes, such as warning and
      critical levels or graph names.

      graph_height <value>
          The graph height for a specific service.  Default is 175.  Affects:

      graph_width <value>
          The graph width for a specific service.  Default is 400.  Affects:

      warning <value>
          The value at which munin-limits will mark the service as being in a
          warning state.  Value can be a single number to specify a limit that
          must be passed or they can be a comma separated pair of numbers
          defining a valid range of values.  Affects: munin-limits.

      critical <value>
          The value at which munin-limits will mark the service as being in a
          critical state.  Value can be a single number to specify a limit that
          must be passed or they can be a comma separated pair of numbers
          defining a valid range of values Affects: munin-limits.

      FIXME: This section is incomplete.

      On all the examples below, all the 'top-level' parameters (dbdir, logdir,
      htmldir, tmpldir) are not present. They are only skipped for brevity -
      they are needed.

      An example with three servers on two domains:



                      address localhost

      This will appear as two groups (one.dom and two.dom), having respectively
      two and one node.

      Summarize the 'load'-graphs of the two servers in one.dom, in a 'total

                      update no
                      load.graph_title Total load
                      load.sum_load.label load

      Jimmy Olsen, Audun Ytterdal, Brian de Wolf, Nicolai Langfeldt

      Copyright (C) 2002-2008 Audun Ytterdal, Jimmy Olsen, Nicolai Langfeldt,
      Linpro AS and others.

      This is free software; see the source for copying conditions. There is NO
      warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR

      This program is released under the GNU General Public License

      For more information, see the man pages of the individual munin-*
      programs or the Munin homepage <>.



Segons el manual:

$ man munin-check
MUNIN-CHECK(8)                                                               Munin Documentation                                                              MUNIN-CHECK(8)

      munin-check - A program to fix permissions of Munin directories and files

      munin-check [--options]

            Display usage information.

           Fix the permissions of the munin dirs and files.

      munin-check is a utility that fixes the permissions of the munin directories and files.

      Note: munin-check needs superuser rights.

      Please don't use this script if you are using 'graph_strategy cgi'!  It doesn't care about the right permissions for www-data yet...

      Matthias Schmitz

      Copyright (C) 2002-2008 Matthias Schmitzs.

      This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

      This program is released under the GNU General Public License

Permet conprovar els permisos dels fitxers de munin. Un exemple:

$ sudo munin-check
Check /var/cache/munin/www
check /var/lib/munin/datafile
check /var/lib/munin/
check /var/lib/munin/limits
check /var/lib/munin/localdomain
check /var/lib/munin/munin-graph.stats
check /var/lib/munin/munin-update.stats
Check miscelaneous
# /var/lib/munin/datafile : Wrong permissions (664 != 644)
# /var/lib/munin/limits : Wrong permissions (664 != 644)
# /var/lib/munin/munin-graph.stats : Wrong permissions (664 != 644)
# /var/lib/munin/munin-update.stats : Wrong permissions (664 != 644)
# /var/lib/munin/plugin-state : Wrong owner (munin != nobody)
# /etc/munin/plugin-conf.d : Wrong permissions (750 != 755)
Check done.  Please note that this script only checks most things,
not all things. 

Please also note that this script is very new and may be buggy.


[[muni-cron és el programa principal de munin i es executat cada 5 minuts per cron (vegeu el fitxer /etc/cron.d/munin).

Es tracta d'un script de shell:

$ cat /usr/bin/munin-cron

# This used to test if the executables were installed.  But that is
# perfectly redundant and supresses errors that the admin should see.

/usr/share/munin/munin-update $@ || exit 1

# The result of munin-limits is needed by munin-html but not by
# munin-graph.  So run it in the background now, it will be done
# before munin-graph.  

/usr/share/munin/munin-limits $@ &

nice /usr/share/munin/munin-graph --cron $@ 2>&1 | 
	fgrep -v "*** attempt to put segment in horiz list twice"


nice /usr/share/munin/munin-html $@ || exit 1

Es pot forçar la seva execució de forma manual. Consulteu Munin#.2Fusr.2Fbin.2Fmunin-check




Munin-node és el client en l'arquitectura de Munin. És el que processa les dades i les envia al servidor munin (paquet munin).


$ sudo apt-get install munin-node

Fitxers instal·lats


$ dpkg -L munin-node | grep bin

Fitxers de configuració:

$ dpkg -L munin-node | grep etc


$ dpkg -L munin-node | grep doc

Paquets que poden ser utils

$ sudo apt-get install munin-node libnet-snmp-perl libio-socket-ssl-perl libcrypt-des-perl libdigest-hmac-perl  libio-socket-inet6-perl libwww-perl libnet-irc-perl smartmontools ethtool

Control del servei munin-node. Execució, parada i reconfiguració de munin-node

Seguint els estàndards de Debian GNU/Linux (basat en el sistema d'scripts d'inicialització SystemV ) l'script de control del dimoni bind és:


Les accions que podem fer amb el servei són start|stop|restart|force-reload|try-restart.

Cada cop que fem un canvi a la configuració de munin-node hem de fer un restart o, millor encara, un reload del servei:

$ sudo /etc/init.d/munin-node reload

Tal com podem veure executant:

$ sudo updatedb
$ locate munin-node | grep rc

El servei munin-node s'executa a partir del nivell 2.

Podeu trobar més informació a l'article Configuració de serveis en Linux.


El fitxer de configuració és /etc/munin/munin-node.conf. Un exemple de fitxer de configuració pot ser:

$ cat munin-node.conf
# Example config-file for munin-node

log_level 4
log_file /var/log/munin/munin-node.log
port 4949
pid_file /var/run/munin/
background 1
setseid 1

# Which port to bind to;
host *
user root
group root
setsid yes 

# Regexps for files to ignore 

ignore_file ~$
ignore_file \.bak$
ignore_file %$
ignore_file \.dpkg-(tmp|new|old|dist)$
ignore_file \.rpm(save|new)$

# Set this if the client doesn't report the correct hostname when
#  telnetting to localhost, port 4949
#host_name localhost.localdomain

# A list of addresses that are allowed to connect.  This must be a
# regular expression, due to brain damage in Net::Server, which
# doesn't understand CIDR-style network notation.  You may repeat
# the allow line as many times as you'd like
allow ^127\.0\.0\.1$

El més important són les línies allow que indiquen quins clients poden accedir al servei que proporciona Munin-node.

Cada cop que modifiquem la configuració de munin-node hem de tornar a iniciar Munin:

$ sudo /etc/init.d/munin-node restart


Amb aquesta comanda podeu indicar quins plugins, és a dir que es pot monitoritzar amb munin:

$ sudo munin-node-configure
.Plugin                     | Used | Extra information                      
------                     | ---- | -----------------                      
acpi                       | no   |                                        
apache_accesses            | no   |                                        
apache_processes           | yes  |                                        
apache_volume              | no   |                                        
apt                        | no   |                                        
apt_all                    | no   |                                        
courier_mta_mailqueue      | no   |                                        
courier_mta_mailstats      | no   |                                        
courier_mta_mailvolume     | no   |                                        
cps_                       | no   |                                        
cpu                        | yes  |                                        
cupsys_pages               | no   |                                        
df                         | yes  |                                        
df_abs                     | no   |                                        
df_inode                   | yes  |                                        
entropy                    | yes  |                                        
exim_mailqueue             | no   |                                        
exim_mailstats             | no   |                                        
forks                      | yes  |                                        
fw_conntrack               | no   |                                        
fw_forwarded_local         | no   |                                        
fw_packets                 | no   |                                        
hddtemp_smartctl           | no   |                                        
if_                        | yes  | eth1                                   
if_err_                    | yes  | eth1                                   
interrupts                 | yes  |                                        
iostat                     | yes  |                                        
ip_                        | no   |                                        
ircu                       | no   |                                        
irqstats                   | yes  |                                        
load                       | yes  |                                        
loggrep                    | no   |                                        
memory                     | yes  |                                        
multips                    | no   |                                        
munin_graph                | no   |                                        
munin_update               | no   |                                        
mysql_bytes                | yes  |                                        
mysql_isam_space_          | no   |                                        
mysql_queries              | yes  |                                        
mysql_slowqueries          | yes  |                                        
mysql_threads              | yes  |                                        
netstat                    | no   |                                        
nfs_client                 | no   |                                        
nfsd                       | no   |                                        
ntp_                       | no   |                                        
ntp_offset                 | no   |                                        
ntp_states                 | no   |                                        
open_files                 | yes  |                                        
open_inodes                | yes  |                                        
ping_                      | no   |                                        
port_                      | no   |                                        
postfix_mailqueue          | yes  |                                        
postfix_mailstats          | no   |                                        
postfix_mailvolume         | yes  |                                        
postgres_block_read_       | no   |                                        
postgres_commits_          | no   |                                        
postgres_locks             | no   |                                        
postgres_queries_          | no   |                                        
postgres_space_            | no   |                                        
processes                  | yes  |                                        
ps_                        | no   |                                        
psu_                       | no   |                                        
sendmail_mailqueue         | no   |                                        
sendmail_mailstats         | no   |                                        
sendmail_mailtraffic       | no   |                                        
sensors_                   | no   |                                        
smart_                     | yes  | sda                                    
squid_cache                | no   |                                        
squid_icp                  | no   |                                        
squid_requests             | no   |                                        
squid_traffic              | no   |                                        
swap                       | yes  |                                        
sybase_space               | no   |                                        
tomcat_access              | no   |                                        
tomcat_jvm                 | no   |                                        
tomcat_threads             | no   |                                        
tomcat_volume              | no   |                                        
uptime                     | no   |                                        
vlan_                      | no   |                                        
vlan_inetuse_              | no   |                                        
vlan_linkuse_              | no   |                                        
vmstat                     | yes  |

Per exemple, amb l'opció suggest us indicarà que podeu activar i que no (i en alguns casos el perquè):

$ sudo munin-node-configure --suggest
Plugin                     | Used | Suggestions                            
------                     | ---- | -----------                            
acpi                       | no   | [thermal not supported by ACPI]        
apache_accesses            | no   | [no apache server-status or ExtendedStatus missing on ports 80]
apache_volume              | no   | [no apache server-status or ExtendedStatus missing on ports 80]
courier_mta_mailqueue      | no   | [spooldir not found]                   
courier_mta_mailstats      | no   | [could not find executable]            
courier_mta_mailvolume     | no   | [could not find executable]            
cupsys_pages               | no   | [logfile not readable]                 
exim_mailqueue             | no   |                                        
exim_mailstats             | no   | ['/usr/sbin/exim -bP log_file_path' returned an error]
hddtemp_smartctl           | no   | [no drives known]                      
if_                        | yes  |                                        
if_err_                    | yes  |                                        
ip_                        | no   |                                        
mysql_isam_space_          | no   |                                        
netstat                    | no   |                                        
nfs_client                 | no   | [no /proc/net/rpc/nfs]                 
nfsd                       | no   | [no /proc/net/rpc/nfsd]                
ntp_offset                 | no   | [no ntpq program]                      
postgres_block_read_       | no   |                                        
postgres_commits_          | no   |                                        
postgres_locks             | no   |                                        
postgres_queries_          | no   |                                        
postgres_space_            | no   |                                        
ps_                        | no   |                                        
sendmail_mailqueue         | no   |                                        
sendmail_mailstats         | no   | [no mailstats command]                 
sendmail_mailtraffic       | no   |                                        
smart_                     | yes  |                                        
squid_cache                | no   | [could not connect: Connection refused]
squid_requests             | no   | [could not connect: Connection refused]
squid_traffic              | no   | [could not connect: Connection refused]
tomcat_access              | no   | [no tomcat status]                     
tomcat_jvm                 | no   | [no tomcat status]                     
tomcat_threads             | no   | [no tomcat status]                     
tomcat_volume              | no   | [no tomcat status]



The easy way to configure snmp plugins in Munin is to use munin-node-configure.

On the node you want to use as an snmp gateway, run the configure script against your snmp enabled device. For example your netopia router.

dumbledore:~# munin-node-configure --shell --snmp netopia ln -s /usr/share/munin/plugins/snmp__if_ /etc/munin/plugins/snmp_netopia_if_1 ln -s /usr/share/munin/plugins/snmp__if_err_ /etc/munin/plugins/snmp_netopia_if_err_1

Note that munin-node-configure also accepts other switches, namely --snmpversion and --snmpcommunity:

munin-node-configure --shell --snmp <host|cidr> --snmpversion <ver> --snmpcommunity <comm>

This process will check each plugin in your Munin plugin directory for the "magic markers?" family=snmpauto and capabilities=snmpconf, and then run each of these plugins against the given host or CIDR network.

Cut and paste the suggested ln commands and restart your node.

The node will then present multiple virtual nodes:

dumbledore:~# telnet localhost 4949 Trying Connected to localhost. Escape character is '^]'.

  1. munin node at dumbledore

nodes netopia dumbledore . list netopia snmp_netopia_if_1 snmp_netopia_if_err_1

On your master server (where you gather the information into rrd files) you add this virtual node to your munin.conf (example contains both real node and the virtual one -- both with the same address line)


   use_node_name yes


   use_node_name no

Next time munin-cron runs, the virtual node should start showing up in your Munin website.

You cannot easily set the SNMP community if it is different from the default "public".

Recommended solution:

# munin-node-configure --snmp --snmpcommunity "seacrat community"

Note that the community strings are not automatically saved anywhere. You will have to store them yourself to a file under /etc/munin/plugin-conf.d/. This file should not be world readable.

Example file /etc/munin/plugin-conf.d/snmp_communities:

[snmp_gw.example.org_*] "seacrat community"

[snmp_fw.example.org_*] "frnpeng pbzzhavgl"

If your community name has no whitespace in it, you can provide it unquoted. In fact, if you do quote it, it may not work (it didn't for me) so my version of /etc/munin/plugin-conf.d/snmp_communities looks like this:

[snmp_gateway_*] hobbitses
  env.version 2c

Vegeu també



Segons el manual:

$ man munin-run

MUNIN-RUN(1p)                                                        User Contributed Perl Documentation                                                       MUNIN-RUN(1p)

      munin-run - A program to run Munin plugins from the command line

      munin-run [options] <plugin> [ config | autoconf | snmpconf | suggest ]

      --config <configfile>
           Use <file> as configuration file. [/etc/munin/munin-node.conf]

      --servicedir <dir>
           Use <dir> as plugin dir. [/etc/munin/plugins/]

      --sconfdir <dir>
           Use <dir> as plugin configuration dir. [/etc/munin/plugin-conf.d/]

      --sconffile <file>
           Use <file> as plugin configuration. Overrides sconfdir.  [undefined]

           Only run plugins owned by root and check permissions.  [disabled]

           View this help message.

           Print debug messages.  Debug messages are sent to STDOUT and are prefixed with "#" (this makes it easier for other parts of munin to use munin-run and still
           have --debug on).  Only errors go to STDERR.

           Plugin debug.  Sets the environment variable MUNIN_DEBUG to 1 so that plugins may enable debugging.  [disabled]

           Show version information.

      munin-run is a script to run Munin plugins from the command-line.  It's useful when debugging plugins, as they are run in the same conditions as they are under

munin-run és una comanda que permet executar plugins de munin des de la línia de comandes.

Per exemple per corre el plugin df:

$ sudo munin-run df
_dev_mapper_todo_root.value 7.63905686852302
_dev.value 0.000798881565807869
_run.value 0.143199027031268
_run_lock.value 0
_run_shm.value 0
_dev_sda1.value 42.7044167610419


El port de munin-node és:

$ cat /etc/services | grep munin
munin           4949/tcp        lrrd            # Munin
$ sudo nmap -p 4949
Starting Nmap 4.20 ( ) at 2007-11-23 11:30 CET
Interesting ports on
4949/tcp open  unknown
MAC Address: 00:30:1B:B7:CD:B6 (Shuttle)


Els plugins es troben a:



La configuració dels plugins la trobareu a:

# This file is used to configure how the plugins are invoked.
# Place in /etc/munin/plugin-conf.d/ or corresponding directory.
# PLEASE NOTE: Changes in the plugin-conf.d directory are only
# read at munin-node startup, so restart at any changes.
# user <user>         # Set the user to run the plugin as.
# group <group>       # Set the group to run the plugin as.
# command <command>   # Run <command> instead of the plugin. %c expands to
#                       what would normally be run.
# env.<variable> <value> # Sets <variable> in the plugin's environment, see the
#                       individual plugins to find out which variables they
#                       care about. 

user root 

group daemon 

group adm  

group adm 

user root  

group mail, (Debian-exim) 

group mail, adm  

user root

user root

user root

user root

user nobody

user root

user root
env.mysqlopts --defaults-extra-file=/etc/mysql/debian.cnf

user (postfix)

group adm 

group adm
env.logfile mail.log

user root 

user root

user root

Munin exchange

És la web oficial de Nagios on podeu torbar disponibles Plugins.

Instal·lació de Plugins

A Debian/Ubuntu teniu alguns plugins extres a:

$ sudo apt-get install munin-plugins-extra

Els passos són:

Copieu-lo a /usr/share/munin/plugins

Poseu els permisos adequats:

$ sudo chmod 755 myplugin
  • Activeu-lo fent un link simbòlic:
$ sudo ln - s /usr/share/munin/plugins/NOM_PLUGIN /etc/munin/plugins/NOM_PLUGIN

Podeu establir opcions especifiques del Plugin a:


Torneu a iniciar el servidor:

$ sudo service munin-node restart


$ sudo /etc/init.d/munin-node restart

Espereu uns minuts per tal que les noves estadístiques apareguin a Munin.

NOTA: Els plugins wildcard, és a dir els que acaben amb _ funcionen diferent:


Plugins Java

TODO, paquet:

sudo apt-get install munin-java-plugins

Establir/sobrescriure paràmetres dels plugins

Es pot fer canviant el fitxer /etc/munin/munin.conf, per exemple per canviar el nivell de warning de la mida de disk:

  df._home.warning 98

La sintaxi és:

[plugin_name].[fieldname].(warning|critical) [value]. 

A la pàgina de munin especifica del plugin, els noms dels camps són llistats com "Internal name" a sota de les gràfiques.


[<plugin name>]
user <user>
group <group>
command <command>
env.<variable> <value>
host_name <host-name>
timeout <seconds>

The attributes adhere to the following:

[<plugin-name>]	The following lines are for <plugin-name>. May include one wildcard ('*') at the start or end of the plugin-name, but not both, and not in the middle.
user <username|userid>	Run plugin as this user
group <groupname|groupid>[, <groupname|groupid>] ...	Run plugin as this group. If group is inside parentheses, the plugin will continue if the group doesn't exist. What  
does comma separated groups do? See $EFFECTIVE_GROUP_ID in the manual page for perlvar(1 )
command <command>	Run <command> instad of plugin. %c will be expanded to what would otherwise have been run. E.g. command sudo -u root %c.
env. <contents>	Will cause the environment variable  to be set to <contents> when running the plugin. More than one env line may exist. See the individual  
plugins to find out which variables they care about.
host_name <host-name>	Forces the plugin to be associated with the given host, overriding anything that "plugin config" may say. (This option is very old but has never been 
timeout <seconds>	Maximum number of seconds before the plugin script should be killed when fetching values. The default is 10 seconds, but some plugins may require  
more time. This option has been available since [461]. 

Wheater plugin

Utilitzant la web:

Podeu consultar el temps de una ciutat específica, per exemple Tortosa:

Podeu instal·lar el plugin wheater per tal de realitzar una gràfica, el plugin el trobareu a:

El podeu baixar amb:

$ cd /usr/share/munin/plugins
$ wget
$ sudo mv download weather_-v2
$ sudo chmod +x weather_-v2
$ sudo ln -s /usr/share/munin/plugins/weather_-v2 /etc/munin/plugins/weather_tortosa

Ara configureu el plugin:

$ sudo joe /etc/munin/plugin-conf.d/munin-node 

I afegiu:

env.code Tortosa+Spain+SPXX0209

Finalment apliqueu els canvis:

$ sudo /etc/init.d/munin-node restart

Ara us apareixerà una gràfica extra (amb el temps de Tortosa) al clients Munin que monitoritzin aquesta màquina.

Discs durs


Primer cal instal·lar i configurar smartd del paquet smartmontools. Consulteu:


Ara cal activar el plugin, per a cada disc dur, per exemple per al sda:

$ sudo ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sda

En canvi per al sdb seria:

 $ sudo ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sdb

Podeu comprovar que el plugin funcioni amb:

$ sudo munin-run smart_sda
Power_Off_Retract_Count.value 100
Power_Cycle_Count.value 100
Total_LBAs_Read.value 100
Available_Reservd_Space.value 100
Unknown_Attribute.value 100
Total_LBAs_Written.value 100
Reallocated_Sector_Ct.value 100
Power_On_Hours.value 000
Load_Cycle_Count.value 100
Program_Fail_Cnt_Total.value 000
Media_Wearout_Indicator.value 100
Erase_Fail_Count_Total.value 000
smartctl_exit_status.value 0


$ sudo munin-run smart_sda autoconf

A /etc/munin/plugin-conf.d/munin-node ja trobareu part de la configuració feta:

user root    

user root
user root


Temperatura dels discos

Per activar el plugin:

$ sudo ln -s /usr/share/munin/plugins/hddtemp_smartctl /etc/munin/plugins

Oco si no tots els discs ho suporten, cal indicar aleshores es discos concrets que si que funcionen!. A l'exemple indiquem el discos sdb i sdc:

$ sudo joe /etc/munin/plugin-conf.d/munin-node
env.drives sdb sdc
user root

Podeu provar el plugin amb:

$ sudo munin-run hddtemp_smartctl 
sdb.value 40
sdc.value 39


$ sudo env drives="sdb" /etc/munin/plugins/hddtemp_smartctl

Les gràfiques d'aquest plugin van a l'apartat sensors



TODO? Hi ha un plugin hddtemp2!?

Bind plugin

El plugin de bind ja el trobareu instal·lat a la carpeta:


De fet hi ha dos plugins

Però que estiguin instal·lats no vol dir que estiguin activats. Els plugins actius són els que es troben a la carpeta:


De fet hi ha dos plugins:




El plugin bind9 crea gràfiques a partir del fitxer de log /var/log/bind9/query.log (o el que s'indiqui), o el que és el mateix monitoritza les peticions al servidor DNS. En canvi el plugin bind9_rndc utilitza les estadístiques de Bind per a fer la monitortizació.

Els plugins són scripts de perl i es poden llegir, de fet hi ha certa informació als scripts que pot ser interessant (com per exemple la configuració per defecte):

$ cat /usr/share/munin/plugins/bind9
=head1 NAME

bind9 - Plugin to monitor usage of bind 9 servers


This plugin is configurable environment variables.  The following
shows the default settings:

    env.logfile   /var/log/bind9/query.log  

You must also configure query logging in your named.conf.  Please
contribute your documentation about how to do that.  Thanks.


$ cat /usr/share/munin/plugins/bind9_rndc
=head1 NAME

bind9_rndc - Plugin to monitor usage of bind 9 servers using rndc stats


The following environment variables are used by this plugin

    env.rndc		/usr/sbin/rndc
    env.querystats      /var/run/named.stats

The user/group that runs the plugin must have read access to the stats
file.  To change user or group (usually Munin plugins are run as
nobody) add this to the [bind_rndc] stanza if the "bind" user runs

    user bind 

On the BIND side put

  statistics-file "/var/run/named.stats";

in the options part of your named.conf or set the querystats variable
(see below) to where your named puts the statistics file by default.

You must also make sure the rndc.key file is readable by the user that
runs the plugin.


Previous versions of this plugin allowed a empty "rndc" environment
setting to not do a explicit dump of stats to the stats file.  This
version requires running rndc itself.  This makes the method of
finding the correct stats in the file more reliable than before.


Per activar els plugins cal crear un enllaç simbòlic:

$ sudo ln -s /usr/share/munin/plugins/bind9 /etc/munin/plugins/bind9
$ sudo ln -s /usr/share/munin/plugins/bind9_rndc /etc/munin/plugins/bind9_rndc

Ara la configuració. La configuració es fa al fitxer:


En el nostre cas utilitzem les opcions per defecte i no cal configura res. Un exemple però seria:

$ sudo cat /etc/munin/plugin-conf.d/munin-node
user root
env.logfile   /var/log/bind9/query.log

user root
env.querystats /var/named/data/named_stats.txt

IMPORTANT: Si us dona l'error: $ sudo munin-run bind9_rndc rndc: error: none:0: open: /etc/bind/rndc.key: permission denied, poseu al fitxer:

user root

Per defecte bind9 espera que el fitxer amb el log de les peticions rebudes pel servidor DNS es trobi a:


I les estadístiques generades per la comanda:

$ sudo rndc stats

es guardin a:


Bind per defecte no genera aquest fitxer. Per generar-lo cal configurar Bind afegint les línies següents:

$ sudo joe /etc/bind/named.conf.options
options {
 statistics-file "/var/log/bind9/named.stats";
logging {
       channel b_query {
               file "/var/log/bind9/query.log" versions 2 size 1m;
               print-time yes;
               severity info;
       category queries { b_query; };

IMPORTANT: Afegiu aquestes línies al final del fitxer. NO POSEU DINS l'APARTAT OPTIONS l'apartat logging

Ara cal crear la carpeta i els fitxers de log:

$ sudo mkdir /var/log/bind9
$ sudo chown bind:bind /var/log/bind9
$ sudo touch /var/log/bind9/named.stats
$ sudo chown bind:bind /var/log/bind9/named.stats 
$ sudo ln -s /var/log/bind9/named.stats /var/run/named.stats

Amb Ubuntu i AppArmor uns caldrà també configurar AppArmor. Modifiqueu el fitxer:

$ sudo joe /etc/apparmor.d/usr.sbin.named

Busqueu les línies:

 # some people like to put logs in /var/log/named/ instead of having
 # syslog do the heavy lifting.
 /var/log/named/** rw,
 /var/log/named/ rw,  

I poseu:

 # some people like to put logs in /var/log/named/ instead of having
 # syslog do the heavy lifting.
 /var/log/named/** rw,
 /var/log/named/ rw,  
 /var/log/bind9/** rw,
 /var/log/bind9/ rw, 

Reinicieu Apparmor:

$ sudo /etc/init.d/apparmor restart 

I apliqueu els canvis a Bind:

 $ sudo /etc/init.d/bind9 restart

Comproveu que el servidor de DNS funciona correctament:

$ ps aux | grep bind


$ sudo tail -f /var/log/syslog

Un cop feta la configuració cal aplicar els canvis:

$ sudo /etc/init.d/munin-node restart

Ara podeu provar els plugins per línia de comandes:

$ sudo munin-run bind9
query_PTR.value 1
query_A.value 19
query_other.value 0


$ sudo munin-run bind9_rndc 
query_recursion.value 1
query_success.value 3
query_nxrrset.value 0
query_requests.value 3
query_failure.value 0
query_duplicates.value 0 
query_nonauth_answer.value 3
query_nxdomain.value 0
query_auth_answer.value 0
query_responses.value 3

Apliqueu els canvis:

$ sudo /etc/init.d/munin-node restart
Stopping Munin-Node: done.
Starting Munin-Node: done.

Vegeu també Bind


Squid plugin


apache_* plugin

Cal activar apache2 extended status (cf

Instal·leu el mòdul info

$ sudo a2enmod info

Modifiqueu el fitxer /etc/apache2/apache2.conf la secció:

<Location /server-status> 

o també pot ser:

$ sudo joe /etc/apache2/mods-available/status.conf

I poseu:

ExtendedStatus On

Apliqueu els canvis a apache2

$ sudo /etc/init.d/apache2 force-reload

Un exemple de configuració del fitxer /etc/munin/plugin-conf.d/munin-node

env.lrrd_url "http://<my_ip>:%d/server-status?auto"

NOTA: No cal posar res

Per activar el plugin:

$ sudo ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/apache_processes/etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins

ip_ plugin

Afegiu a /etc/munin/plugin-conf.d/munin-node (a les últimes versions ja està fet normalment)

user root

Afegiu les normes "dummy" d'iptables per tal de recol·lectar estadístiques per a una Ip particular:

$ sudo iptables -A INPUT -d <ip>;iptables -A OUTPUT -s <ip>

Instal·leu el plugin per a la IP

$ ln -s /usr/share/munin/plugins/ip_ /etc/munin/plugins/ip_<ip>

sensors_ plugin


Vegeu també sensors

Usually you create symlinks calles sensors_fan, sensors_volt and sensors_temp.

I had many troubles after a kernel upgrade:

Now the output of "sensors" features a "phantom" chip w83627hf-i2c-0-28 with no valid values, aside the 2 others, w83782d-i2c-0-29 and w83627hf-isa-0290.
One more or less correct way would be to e.g. add an entry at the end of /etc/sensors.conf with

chip "w83627hf-i2c-*"
   ignore in0

But sth is really wrong no way to get a section only considered by the -isa- and the other by -i2c-, whatever I tried both sections were submitted to the same filtering rules :-(

I could finally filter properly by specifying completely the chip:

chip "w83782d-i2c-1-29"
chip "w83627hf-isa-0290"
chip "w83627hf-i2c-0-28"
   ignore in0

But the entry order was not the same as before, the sections have to be inverted and some new values must be postponed to the end to keep the uniformity in the history values.
A big hack was to change the output of sensors when called by munin:
In /etc/munin/plugin-conf.d/munin-node it became:

env.sensors sensors|awk 'b==1{p=p"\n"$0};b==2&&/^in/{o=o"\n"$0;next};b==2;/^$/{b+=1};END{print p o}'

Finaly I dumped the rrd files to see what were the previous values and rename the rrd files to the corresponding proper voltN entry:

rrdtool dump /vs/public/var/lib/munin/ |grep "2008-02-1[12] 23:30"


Podeu comprovar si està activat amb:

$ sudo munin-node-configure | grep apt
apt                        | no   |                                        
apt_all                    | no   |  

Per activar el plugin:

$ sudo ln -s /usr/share/munin/plugins/apt /etc/munin/plugins/apt 
$ sudo service munin-node restart
$ sudo munin-node-configure | grep apt
$ sudo munin-node-configure | grep apt
apt                        | yes  |

Podeu fer el mateix amb apt_all:

$ sudo ln -s /usr/share/munin/plugins/apt_all /etc/munin/plugins/apt_all
$ sudo service munin-node restart

Comproveu el funcionament amb:

$ sudo munin-run apt
pending.value 0
hold.value 0
$ sudo munin-run apt_all 
pending_stable.value 0
hold_stable.value 0
pending_testing.value 0
hold_testing.value 0
pending_unstable.value 0
hold_unstable.value 0


$ sudo munin-node-configure --suggest
Plugin                     | Used | Suggestions                            
------                     | ---- | -----------                            

apache_accesses            | no   | no [ExtendedStatus option for apache mod_status is missing on port 80]
apache_processes           | no   | no [ExtendedStatus option for apache mod_status is missing on port 80]
apache_volume              | no   | no [ExtendedStatus option for apache mod_status is missing on port 80]

Com veieu cal tenir activat ExtendedStatus a Apache

$ sudo ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/apache_accesses
$ sudo ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/apache_processes
$ sudo ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/apache_volume
$ sudo service munin-node restart


Podeu veure si està activat amb:

$ sudo munin-node-configure | grep mysql
mysql_                     | no   |                                        
mysql_bytes                | no   |                                        
mysql_innodb               | no   |                                        
mysql_queries              | no   |                                        
mysql_slowqueries          | no   |                                        
mysql_threads              | no   |

Si no està activat potser és que no tenim un servidor MySQL a la màquina o mireu altres possibles errors amb:

$ sudo munin-node-configure -suggest| grep mysql
mysql_                     | no   | no [Missing dependency Cache::Cache]  

A l'exemple falta una dependència:

$ sudo cpan -i Cache:Cache

La configuració del plugin:

$ sudo joe /etc/munin/plugin-conf.d/munin-node
user root   
env.mysqlopts --defaults-file=/etc/mysql/debian.cnf
env.mysqluser debian-sys-maint
env.mysqlconnection DBI:mysql:mysql;mysql_read_default_file=/etc/mysql/debian.cnf
env.warning 0
env.critical 0

Per activar el plugin:

$ sudo ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_bytes /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_innodb /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_queries /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_slowqueries /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_threads /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins
$ sudo /etc/init.d/munin-node restart
$ sudo munin-node-configure | grep mysql
mysql_                     | yes  |                                        
mysql_bytes                | yes  |                                        
mysql_innodb               | yes  |                                        
mysql_queries              | yes  |                                        
mysql_slowqueries          | yes  |                                        
mysql_threads              | yes  |



Per tal de poder monitortizar un servidor Ldap, el primer que cal fer es activar el Monitoring al server Ldap. Consulteu:

Slapd Monitoring

Un cop el servidor preparat, anem a preparar Munin-node. Tenim dos plugins:

  • slpad_: Monitoritza diversos aspectes del servidor Ldap. realment es tracta d'un plugin amb symlinks, és a dir que és múltiples plugins:
  • slapd_statistics_bytes
  • slapd_connections
  • slapd_operations
  • slapd_operations_diff
  • slapd_statistics_entries
  • slapd_statistics_pdu
  • slapd_statistics_referrals
  • slapd_waiters

Per al plugin slapd_ cal tenir instal·lat el següent:

$ sudo cpan -i Net::LDAP

També cal la versió que pertoqui de db-util per al plugin slapd_bdb_cache:

$ sudo apt-get install db5.1-util

Normalment es posa la versió que requereix el servidor Ldap, podeu saber quina versió és amb:

$ apt-cache depends slapd | grep libdb
 Depèn: libdb5.1

Els plugins són scripts de perl, a dins dels fitxers hi ha informació interessant sobre com cal invocar-los i/o configurar-los:

$ sudo joe /usr/share/munin/plugins/slapd
# We use one script for all monitoring.
# This script may be symlinked with several names, all
# performing different functions:
# slapd_statistics_bytes
# slapd_statistics_pdu  
# slapd_statistics_other
# slapd_connections
# slapd_waiters   
# slapd_operations
# slapd_operations_diff
# Change these to reflect your LDAP ACL. The given DN must have
# read access to the Monitor branch.
my $basedn = "cn=Monitor";
my $server = ($ENV{'server'} || 'localhost');
my $userdn = ($ENV{'binddn'} || );
my $userpw = ($ENV{'bindpw'} || );

NOTA: Com podeu observar el plugin espera tenir accés anònim a cn monitor

La configuració dels plugins es realitza al fitxer:

$ sudo joe  /etc/munin/plugin-conf.d/munin-node  
user root
env.dbstat /usr/bin/db5.1_stat

NOTA: Per a slapd_ no posem cap configuració, la configuració per defecte ja ens és correcte

Ara cal arreglar un error al plugin slapd_bdb_cache_

$ sudo joe /usr/share/munin/plugins/slapd_bdb_cache_

Busqueu les línies:

} elsif ( -d $dbdir && -r $dbdir) {
       print "no (Can't open database directory '$dbdir')";

I canvieu-les per (observeu el simbol ! afegit)

 } elsif (! -d $dbdir && -r $dbdir) {
       print "no (Can't open database directory '$dbdir')";

Ara executeu:

$ sudo munin-node-configure --suggest | grep slapd
slapd_                     | yes  | yes (statistics_bytes +connections +operations +operations_diff +statistics_entries +statistics_pdu +statistics_referrals +waiters)
slapd_                     | no   | no                                     
slapd_bdb_cache_           | no   | yes (+pages +percent)                  

Activem els plugins amb:

$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_statistics_bytes
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_connections
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_operations
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_operations_diff
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_statistics_entries
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_statistics_pdu
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_statistics_referrals
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_waiters
$ sudo ln -s /usr/share/munin/plugins/slapd_bdb_cache_ /etc/munin/plugins/slapd_bdb_cache_pages
$ sudo ln -s /usr/share/munin/plugins/slapd_bdb_cache_ /etc/munin/plugins/slapd_bdb_cache_percent
$ sudo /etc/init.d/munin-node restart

Comprovem si funciona amb:

$ sudo munin-run slapd_connections
connections.value 1054

Si us dona l'error:

$ sudo /usr/share/munin/plugins/slapd_ autoconf
no (Can't use string ("cn") as an ARRAY ref while "strict refs" in use at /usr/local/share/perl/5.14.2/Convert/ASN1/ line 269,  line 558.

Proveu d'eliminar la línia:

$ sudo joe /usr/share/munin/plugins/slapd_
                         cn => 'cn'

I que quedi:

$mesg =
           $ldap->search (
                          base   => $basedn,
                          scope  => 'one',
                          filter => '(objectClass=monitorServer)'


Other plugins

More info on plugins incl. how to write yours:

Munin-node per a Windows

Podeu obtenir un zip a:

IMPORTANT: També podeu utilitzar el MSI:

Aka munin-node-win32

És un programa escrit en C++ amb la majoria de plugins inclosos a l'executable principal. L'ús per línia de comandes de DOS és:

  • -install: Instal·la l'aplicació com a servei
  • -uninstall: Elimina el servei
  • -quiet: Tanca la consola, 'sexecuta en segon terme
  • -run: S'executa com un programa normal

El fitxer de configuració és:


Esta en el format estàndard de fitxer de configuració INI de Windows

La secció [Plugins] defineix quins plugins estan activats.


  • CPU (cpu)
  • Disk (df):Configuration in [DiskPlugin] section.
  • HD (hdd): reporta la temperatura del disc dur
  • Memory (memory)
  • Process (processes)
  • Network (network)
  • MBM (mbm, mbm_volt, mbm_fan, mbm_cpu): sensors de la placa mare
  • SpeedFan (speedfan). Configuration in [SpeedFanPlugin] section. You have to change the BroadcastIP and UID settings to match SpeedFan (Configuration->xAP)
  • Performance Counter
  • ...

Un exemple de fitxer munin-niode.ini:

; Plugin Section, 1 enables plugin, 0 disables

; Default Warning and Critical values for % space used

; For External Plugins just add an entry with the path to the program to run
; It doesn't matter what the name of the name=value pair is
Plugin01=C:\Users\Jory\Documents\Visual Studio Projects\munin-node\src\plugins\python\

Counter=% Disk Time
GraphTitle=Disk Time
GraphArgs=--base 1000 -l 0

Counter=% Processor Time
GraphTitle=Processor Time
GraphArgs=--base 1000 -l 0

; This is a section for the Performance Counter plugin
; The Object and Counter settings are used to access the Performance Counter
; For uptime this would result in \System\System Up Time
; The Graph settings are reported to munin
; The DropTotal setting will drop the last instance from the list, which is often _Total
; Has no effect on single instance counters (Uptime)
; The CounterFormat setting controls what format the counter value is read in as a double, int, or large (int64).
; The plugin always outputs doubles, so this shouldn't have that much effect
; The CounterMultiply setting sets a value the counter value is multiplied by, use it to adjust the scale
; 1.1574074074074073e-005 is the result of(1 / 86400.0), the uptime counter reports seconds and we want to report days.
; So we want to divide the counter value by the number of seconds in a day, 86400.
Counter=System Up Time
GraphArgs=--base 1000 -l 0


Munin a IPCOP

Consulteu IPCOP#Munin_IPCOP.

Protocol Munin

$ telnet localhost 4949
Trying ::1...
Connected to localhost.
Escape character is '^]'.
# munin node at ubuntuacer 

# Unknown command. Try list, nodes, config, fetch, version or quit
Connection closed by foreign host.

Les ordres possibles són:

list, nodes, config, fetch, version or quit

Munin des de la línia d'ordres

$ sudo su - munin --shell=/bin/bash

Fitxers de log

La carpeta és:


Els fitxer que hi trobareu són:

munin-graph.log  munin-limits.log          munin-node.log
munin-html.log   munin-node-configure.log  munin-update.log

Podeu monitoritzr la connexió de clients al vostre servidor:

$ sudo tail -f munin-node.log 
2011/02/17-19:35:00 CONNECT TCP Peer: "" Local: ""
2011/02/17-19:35:01 CONNECT TCP Peer: "" Local: ""
2011/02/17-19:35:01 CONNECT TCP Peer: "" Local: ""
2011/02/17-19:35:01 CONNECT TCP Peer: "" Local: ""
2011/02/17-19:35:01 CONNECT TCP Peer: "" Local: ""
2011/02/17-19:35:02 CONNECT TCP Peer: "" Local: ""
2011/02/17-19:35:36 CONNECT TCP Peer: "" Local: ""
2011/02/17-19:37:07 CONNECT TCP Peer: "" Local: ""
2011/02/17-19:37:21 CONNECT TCP Peer: "" Local: ""
2011/02/17-19:37:36 CONNECT TCP Peer: "" Local: ""

Plugin SNMP

Munin i Nagios


Receiving messages in Nagios ¶

First you need a way for Nagios to accept messages from Munin. Nagios has exactly such a thing, namely the NSCA which is documented here:

NSCA consists of a client (a binary usually named send_nsca and a server usually run from inetd. We recommend that you enable encryption on NSCA communication.

You also need to configure Nagios to accept messages via NSCA. NSCA is, unfortunately, not very well documented in Nagios' official documentation. We'll cover writing the needed service check configuration further down in this document. Configuring Nagios ¶

In the main config file, make sure that the command_file directive is set and that it works. See for details.

Below is a sample extract from nagios.cfg:


The /var/run/nagios directory is owned by the user nagios runs as. The nagios.cmd is a named pipe on which Nagios accepts external input. Configuring NSCA, server side ¶

NSCA is run through (x)inetd. Using inetd, the below line enables NSCA listening on port 5667:

5667 stream tcp nowait nagios /usr/sbin/tcpd /usr/sbin/nsca -c /etc/nsca.cfg --inetd

Using xinetd, the blow line enables NSCA listening on port 5667, allowing connections only from the local host:

  1. description: NSCA (Nagios Service Check Acceptor)

service nsca {

flags           = REUSE
type		 = UNLISTED
port		 = 5667
socket_type     = stream
wait            = no
server          = /usr/sbin/nsca
server_args     = -c /etc/nagios/nsca.cfg --inetd
user            = nagios
group           = nagios
log_on_failure  += USERID
only_from       =


The file /etc/nsca.cfg defines how NSCA behaves. Check in particular the nsca_user and command_file directives, these should correspond to the file permissions and the location of the named pipe described in nagios.cfg.

nsca_user=nagios command_file=/var/run/nagios/nagios.cmd

Configuring NSCA, client side ¶

The NSCA client is a binary that submits to an NSCA server whatever it received as arguments. Its behaviour is controlled by the file /etc/send_nsca.cfg, which mainly controls encryption.

You should now be able to test the communication between the NSCA client and the NSCA server, and consequently whether Nagios picks up the message. NSCA requires a defined format for messages. For service checks, it's like this: <host_name>[tab]<svc_description>[tab]<return_code>[tab]<plugin_output>[newline]

Below is shown how to test NSCA.

$ /usr/sbin/send_nsca -H localhost -c /etc/send_nsca.cfg test 0 0 1 data packet(s) sent to host successfully.

This caused the following to appear in /var/log/nagios/nagios.log:

[1159868622] Warning: Message queue contained results for service 'test' on host ''. The service could not be found!

Sending messages from Munin ¶

Messages are sent by munin-limits based on the state of a monitored data source: OK, Warning and Critical. Munin does not currently support a Unknown state (This will be fixed in the future, see Ticket 29 for more information). Configuring munin.conf ¶

Nagios uses the above mentioned send_nsca binary to send messages to Nagios. In /etc/munin/munin.conf, enter this:

contacts nagios contact.nagios.command /usr/bin/send_nsca -H -c /etc/send_nsca.cfg

Be aware that the -H switch to send_nsca appeared sometime after send_nsca version 2.1. Always check send_nsca --help! Configuring Munin plugins ¶

Lots of Munin plugins have (hopefully reasonable) values for Warning and Critical levels. To set or override these, you can change the values in munin.conf. Configuring Nagios services ¶

Now Nagios needs to recognize the messages from Munin as messages about services it monitors. To accomplish this, every message Munin sends to Nagios requires a matching (passive) service defined or Nagios will ignore the message (but it will log that something tried).

A passive service is defined through these directives in the proper Nagios configuration file:

active_checks_enabled 0 passive_checks_enabled 1

A working solution is to create a template for passive services, like the one below:

define service {

       name                            passive-service
       active_checks_enabled           0
       passive_checks_enabled          1
       parallelize_check               1
       notifications_enabled           1
       event_handler_enabled           1
       register                        0
       is_volatile                     1


When the template is registered, each Munin plugin should be registered as per below:

define service {

       use                             passive-service
       host_name                       foo
       service_description             bar
       check_period                    24x7
       max_check_attempts              3
       normal_check_interval           3
       retry_check_interval            1
       contact_groups                  linux-admins
       notification_interval           120
       notification_period             24x7
       notification_options            w,u,c,r
       check_command                   check_dummy!0


Notes ¶

   * host_name is either the FQDN of the host_name registered to the Nagios plugin, or the host alias corresponding to Munin's notify_alias? directive. The host_name must be registered as a host in Nagios. 
   * service_description must correspond to the plugin's name, and for Nagios to be happy it shouldn't have any special characters. If you'd like to change the service description from Munin, use notify_alias? on the data source. Available in Munin-1.2.5 and later. For earlier versions, see [1081] and #34 for required details. A working example is shown below:
             df.notify_alias Filesystem usage
             # The above changes from Munin's default "Filesystem usage (in %)"
   What characters are allowed in a Nagios service definition?
   service_description: This directive is used to define the description of the service, which may contain spaces, dashes, and colons (semicolons, apostrophes, and quotation marks should be avoided). No two services associated with the same host can have the same description. Services are uniquely identified with their host_name and service_description directives.

This means that lots of Munin plugins will not be accepted by Nagios. This limitation impacts every plugin with special characters in them, e.g. '(', ')', and '%'. Workarounds are described in ticket #34 and the bug has been fixed in the Munin code in changeset 1081.

Alternatively you can use ([p_view]=968 ) to gather fresh data from nagios instead of check_dummy Sample munin.conf ¶

To illustrate, a (familiar) sample munin.conf configuration file shows the usage:

contact.nagios.command /usr/local/nagios/bin/send_nsca -c /usr/local/nagios/etc/send_nsca.cfg -to 60

contacts no # Disables warning on a system-wide basis.


 contacts nagios              # Enables warning through the "nagios" contact for the group


 address localhost
 contacts no                  # Disables warning for all plugins on the host


 df.contacts no               # Disables warning on the df plugin only.
 df.notify_alias Disk usage   # Uses the title "Disk usage" when sending warnings through munin-limits
                              # Useful if the receiving end does not accept all kinds of characters
                              # NB: Only available in Munin-1.2.5 or with the patch described in ticket 34.

Setting up Nagios active checks ¶

Use to get data from munin-node directly info nagios :[p_view]=968 and then use it as a regular check plugin. Basically munin-node become a kind of snmp agent with a lot of preconfigured plugins.

Vegeu també Nagios.

Munin i routerOS

Consulteu Munin i routerOS.


Munin no proporciona cap sistema d'autenticació de per sí, però es pot utilitzar autenticació HTTP.


Munin no proporciona cap sistema d'autenticació amb Ldap de per sí, però es pot utilitzar autenticació HTTP amb Ldap.

Un exemple de configuració amb autenticació HTTP i LDAP (primer Ldap i si no funciona aleshores s'utilitzen "usuaris locals")

$ cat /etc/munin/apache.conf
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
       Order allow,deny
       #Allow from localhost ::1
	Allow from all
       Options None

	# This file can be used as a .htaccess file, or a part of your apache
	# config file.
	# For the .htaccess file option to work the munin www directory
	# (/var/cache/munin/www) must have "AllowOverride all" or something 
	# close to that set.

	# AuthUserFile /etc/munin/munin-htpasswd
	# AuthName "Munin"
	# AuthType Basic
	# require valid-user

	AuthType Basic
	AuthName Calamaris
	AuthUserFile /etc/apache2/users-munin

	AuthBasicProvider ldap file
	AuthzLDAPAuthoritative off
	AuthLDAPURL "ldap://localhost/ou=especials,ou=SocisPremium,ou=socis,ou=All,dc=augute,dc=org?uid?sub"
	AuthLDAPGroupAttributeIsDN off
	AuthLDAPGroupAttribute memberUid

#Local Users
	Require user sergi
	Require user ramon

#Ldap Users
	Require ldap-group cn=munin,ou=groups,ou=especials,ou=SocisPremium,ou=socis,ou=All,dc=augute,dc=org
#	Require ldap-user sergitur

	# This next part requires mod_expires to be enabled.
	# Set the default expiration time for files to 5 minutes 10 seconds from
	# their creation (modification) time.  There are probably new files by
	# that time. 

    <IfModule mod_expires.c>
        ExpiresActive On
   	ExpiresDefault M310


Vegeu també Apache#Autenticaci.C3.B3_amb_Ldap

Resol·lució de problemes

403 Forbidden

NOTA: Normalment aquest error és degut al fet que encara no s'ha executat Munin per primer cop. Espereu un màxim de 5 minuts o forceu l'execució amb:

$ sudo -u munin /usr/bin/munin-cron

Però també poden ser altres raons. L'important es consultar el fitxer de log d'Apache:

$ sudo tail -f /var/log/apache2/error.log

Si l'error és:

[Sat Aug 18 10:17:27 2012] [error] [client] client denied by server configuration: /var/cache/munin/www

o similar, aleshores es que no heu canviat la configuració per tal d'indicar quins rangs d'adreces IP són accessibles:

$ sudo joe /etc/apache2/conf.d/munin
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
       Order allow,deny
       Allow from localhost ::1

Si voleu que sigui accesible de tot arreu:

 $ sudo joe 
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
       Order allow,deny
#       Allow from localhost ::1
       Allow from all

I apliques els canvis:

$ sudo /etc/init.d/apache2 restart

Errors habituals


Executar el cron de munin manualment

Ho podeu fer més senzillament amb sudo:

$ sudo -u munin /usr/bin/munin-cron


El client munin és bàsicament una tasca que s'executa periòdicament amb cron. L'executable és:


I s'executa cada 5 minuts segons:

# cat /etc/cron.d/munin

Per forçar l'execució de la tasca a mà feu

$ sudo joe /etc/passwd

Busqueu una línia similar a:


i la canvieu per:


Ara ja podeu iniciar una sessió:

$ su munin
munin@maquina:~$ /usr/bin/munin-cron
$ exit

Desfeu els canvis al fitxer /etc/passwd.

Enllaços externs