IMPORTANT: Per accedir als fitxer de subversion: http://acacha.org/svn (sense password). Poc a poc s'aniran migrant els enllaços. Encara però funciona el subversion de la farga però no se sap fins quan... (usuari: prova i la paraula de pas 123456)

Alert.png Aquesta wiki forma part dels materials d'un curs
Curs: SeguretatXarxesInformàtiques, LinuxAdministracioAvancada, DissenyXarxesLinux
Fitxers: EinesMonitoritzacio.pdf (EinesMonitoritzacio.odp)

EinesMonitoritzacio2.pdf (EinesMonitoritzacio2.odp)

Repositori SVN: https://anonymous@svn.projectes.lafarga.cat/svn/iceupc/SeguretatXarxesInformàtiques
Usuari: anonymous
Paraula de pas: sense paraula de pas
Autors: Sergi Tur Badenas
Munin Logo

Munin és un servei de monitorització. El servidor munin (munin-node) utilitza el port 4949.

$ cat /etc/services | grep 4949
munin           4949/tcp        lrrd            # Munin

L'origen del nom tal i com es comenta a la pàgina oficial de Munin, està en un dels nom dels corbs d'un antic deu nòrdic anomenat el Rei Odin. Els corbs s'encarregaven de controlar el reialme del rei.

Munin vol dir memòria.

Hugin and Munin are the ravens of the Norse god king Odin. They flew all over Midgard for him, seeing and remembering, and later telling him.

Munin

Munin-node (paquet munin-node) és el servidor en l'arquitectura de Munin. És el que respons a les peticions de monitorització rebudes des de un o més clients munin (paquet munin). Els clients reben les respostes i creen les gràfiques de l'aplicació web. Es pot accedir a la aplicació web amb la següent URL:

http://localhost/munin

o

http://ip_munin/munin

Instal·lació

$ sudo apt-get install munin

Fitxers instal·lats

Executables:

$ dpkg -L munin | grep bin
/usr/bin
/usr/bin/munin-check
/usr/bin/munin-cron
/usr/lib/cgi-bin
/usr/lib/cgi-bin/munin-cgi-graph
/usr/lib/cgi-bin/munin-fastcgi-graph


Fitxers de configuració:

$ dpkg -L munin | grep etc
/etc
/etc/munin
/etc/munin/templates
/etc/munin/templates/munin-comparison-day.tmpl
/etc/munin/templates/munin-comparison-month.tmpl
/etc/munin/templates/munin-comparison-week.tmpl
/etc/munin/templates/munin-comparison-year.tmpl
/etc/munin/templates/munin-domainview.tmpl
/etc/munin/templates/munin-nodeview.tmpl
/etc/munin/templates/munin-overview.tmpl
/etc/munin/templates/munin-serviceview.tmpl
/etc/munin/templates/logo.png
/etc/munin/templates/style.css
/etc/munin/templates/definitions.html
/etc/munin/munin.conf
/etc/cron.d
/etc/cron.d/munin
/etc/logrotate.d
/etc/logrotate.d/munin

Documentació:

$ sudo dpkg -L munin | grep doc
/usr/share/doc
/usr/share/doc/munin
/usr/share/doc/munin/munin-faq.html
/usr/share/doc/munin/munin-faq.txt.gz
/usr/share/doc/munin/munin-doc.pdf.gz
/usr/share/doc/munin/munin-doc.html
/usr/share/doc/munin/munin-doc.txt.gz
/usr/share/doc/munin/NEWS.Debian.gz
/usr/share/doc/munin/README-apache-cgi
/usr/share/doc/munin/copyright
/usr/share/doc/munin/changelog.gz
/usr/share/doc/munin/munin-faq.pdf.gz
/usr/share/doc/munin/changelog.Debian.gz

Un cop instal·lat podem utilitzat munin obrint la URL:

http://localhost/munin

Al nostre navegador web.

Configuració

Bàsicament la configuració de Munin consisteix en afegir al fitxer /etc/munin/munin.conf. Un exemple:

$ sudo joe /etc/munin/munin.conf
...
[moodle.iescopernic.com]
   address 127.0.0.1
   use_node_name yes

[imatges.iescopernic.com]
   address 192.168.0.4
   local_address 192.168.0.4
   use_node_name yes

[router.iescopernic.com]
   address 192.168.0.2
   local_address 192.168.0.2
   use_node_name yes

[ipcopaula1.iescopernic.com]
   address 192.168.1.2 
   local_address 192.168.1.2
   use_node_name yes

[ipcopaula2.iescopernic.com]       
   address 192.168.2.2 
   local_address 192.168.2.2
   use_node_name yes

[ipcopaula3.iescopernic.com]       
   address 192.168.3.2 
   local_address 192.168.3.2
   use_node_name yes

[ipcopaula4.iescopernic.com]       
   address 192.168.4.2 
   local_address 192.168.4.2
   use_node_name yes

[ipcopaula5.iescopernic.com]       
   address 192.168.5.2 
   local_address 192.168.5.2
   use_node_name yes

[ipcopaula6.iescopernic.com]       
   address 192.168.6.2 
   local_address 192.168.6.2
   use_node_name yes

[ipcopaula7.iescopernic.com]       
   address 192.168.7.2 
   local_address 192.168.7.2
   use_node_name yes

[ipcopaula8.iescopernic.com]       
   address 192.168.8.2 
   local_address 192.168.8.2
   use_node_name yes

Un cop configurat munin només cal esperar. Cada 5 minuts Munin es executat per cron:

$ cat /etc/cron.d/munin
#
# cron-jobs for munin
#  

MAILTO=root

@reboot         root  if [ ! -d /var/run/munin ]; then /bin/bash -c 'perms=(`/usr/sbin/dpkg-statoverride --list /var/run/munin`); mkdir /var/run/munin;   
chown ${perms[0]:-munin}:${perms[1]:-root} /var/run/munin; chmod ${perms[2]:-0755} /var/run/munin'; f  i
*/5 * * * *     munin if [ -x /usr/bin/munin-cron ]; then /usr/bin/munin-cron; fi
14 10 * * *     munin if [ -x /usr/share/munin/munin-limits ]; then /usr/share/munin/munin-limits --force --contact nagios --contact old-nagios; fi

Vegeu també:

http://munin.projects.linpro.no/wiki/munin.conf 

i el manual:

$ man munin.conf
MUNIN.CONF(5)                  Munin Documentation                 MUNIN.CONF(5)

NAME
       munin.conf - Munin configuration file

DESCRIPTION
       Munin is a group of programs to gather data from hosts, graph them,
       create html-pages, and optionally warn contacts about any off-limit
       values.

       The hosts are divided into three groups: One master (could be more, but
       Munin is not cluster aware so they'll likely be independent).  The master
       contacts a number of machines running munin-node, these are called nodes.
       Each node has data from one or more hosts that is monitored by Munin. 

       munin.conf is the configuration file for the Munin master server.  The
       programs using it are munin-update, munin-graph, munin-limits and munin-
       html.  There is also quite extensive documentation of this file at
       <http://munin.projects.linpro.no/wiki/munin.conf>  

       The format of the file is simple. A minimal configuration looks something
       like: 

               dbdir           /var/lib/munin
               logdir          /var/log/munin
               htmldir         /var/www/munin
               rundir          /var/run/munin
               tmpldir         /etc/munin/templates/  

               [machine1.your.dom]
                       address localhost  

      The default location of munin.conf is @@CONFDIR@@/munin.conf. If your
      placement deviates from this norm, use the "--config <file>"-option when
      running the munin-* programs.

      Munin-update will expand all node-entries in this file, and save them to
      @@DBDIR@@/datafile, which is used by all programs in the package together
      with this file.

      Any directives in this file will override directives of the same name in
      "datafile".  E.g., if you want to change the title of the "load"-graph in
      the above minimum configuration, you would modify the two bottom lines
      to:

              [machine1.your.dom]
                      address localhost
                      load.graph_title Edited title of the load-graph

      This will override the "graph_title" attribute of the "load" field/data
      series while keeping all the others at their default.
GLOBAL DIRECTIVES
      These directives should appear in munin.conf before any host or group
      definitions.

      dbdir <path>
          Directory for generated database files.  Required.

      logdir <path>
          Directory for log files.  Required.

      htmldir <path>
          Directory for HTML pages and graphs.  Required.

      rundir <path>
          Directory for files tracking munin's current running state.
          Required.

      tmpldir <path>
          Directory for templates used to generate HTML pages.  Required.

      fork <value>
          This directive determines whether munin-update fork when gathering
          information from nodes.  Possible values are "yes" and "no".  Default
          is "yes".  If you set it to "no" munin-update will collect data from
          the nodes in sequence rather than in paralell and this will take
          considerably more time.  Affects: munin-update.

      graph_data_size <value>
          This directive sets the resolution of the RRD files that are created.
          Possible values are "normal" and "huge".  Default is "normal".
          Affects: munin-update.

      graph_strategy <value>
          This directive can be "cron" or "cgi".  This determines whether
          graphs will be produced when the cron job is run or whether they will
          be generated by the CGI script (Links this CGI script will be added
          to the HTML pages if "cgi" is selected).  This is one of several
          steps required to enable CGI graphing, see
          <http://munin.projects.linpro.no/wiki/CgiHowto> for more details.
          Default is "cron".  Affects: munin-graph and munin-html.

      local_address <value>
          The local address to connect any node from.  This can be overriden by
          a group or global directive.  Munin will attempt to guess an
          appropriate interface.

      max_processes <value>
          This directive specifies the maximum number of processes to be used
          for gathering information from nodes.  If left blank, munin will use
          as many processes as necessary.  Affects: munin-update.
 tls <value>
          Can have four values. "paranoid", "enabled", "auto", and "disabled".
          Paranoid and enabled require a TLS connection, auto will attempt a
          connection but continue on failure, and disabled will not attempt one
          at all.  If the perl module Net::SSLeay is available the setting is
          "auto".  If the module isn't available it's "off".  If munin is not
          propperly configured for TLS and Net::SSLeay is available munin-
          update has been known to fail mysteriously.  If you see data dropouts
          (gaps in graphs) please try to disable TLS.  Affects: munin-update.

      tls_verify_certificate <value>
          This directive can be "yes" or "no".  It determines if the remote
          certificate needs to be signed by a CA that is known locally.
          Default is "no".  Affects: munin-update.

      tls_private_key <value>
          This directive sets the location of the private key to be used for
          TLS.  Default is @@CONFDIR@@/munin.pem.  The private key and
          certificate can be stored in the same file.  Affects: munin-update.

      tls_certificate <value>
          This directive sets the location of the TLS certificate to be used
          for TLS.  Default is @@CONFDIR@@/munin.pem.  The private key and
          certificate can be stored in the same file.  Affects: munin-update.

      tls_ca_certificate <value>
          This directive sets the CA certificate to be used to verify the
          node's certificate, if tls_verify_certificate is set to "yes".
          Default is @@CONFDIR@@/cacert.pem.  Affects: munin-update.

      tls-verify_depth <value>
          This directive sets how many signings up a chain of signatures TLS is
          willing to go to reach a known, trusted CA when verifying a
          certificate.  Default is 5.  Affects: munin-update.

      FIXME: This section MAY be complete, it may be missing a directive or
      two.
HOST DEFINITIONS
      Host definitions can have several types.  In all forms, the definition is
      used to generate the host name and group for the host, and the following
      lines define its directives.  All following directives apply to that node
      until another node definition or EOF.  Note that when defining a nodename
      it is vital that you use a standard DNS name, as in, one that uses only
      a-z, '-', and '.'.  While other characters can be used in a DNS name, it
      is against the RFC, and Munin uses the other characters as delimiters.
      If they appear in nodenames, unexpected behavior may occur.

      The simplest node definition defines the section for a new node by simply
      wrapping the DNS name of the node in brackets, e.g.
      "[machine1.your.dom]".  This will add the node "machine1.your.dom" to the
      group "your.dom".

      The next form of definition is used to define the node and group
      independently.  It follows the form "[your.dom;machine1.sub.your.dom]".
      This adds the node "machine1.sub.your.dom" to the group "your.dom".  This
      can be useful if you have machines you want to put together as a group
      that are under different domains (as in the given example).  This can
      also solve a problem if your machine is "machine1.com", where having a
      group of "com" makes little sense.

NODE DIRECTIVES
      These are directives that can follow a node definition and will apply
      only to that node.

      address <value>
          The IP address of the node.  Required.

      local_address <value>
          The local address to connect to the node from.  This overrides a
          group or global directive.

      FIXME: This section is incomplete.

PLUGIN DIRECTIVES
      These directives should appear after a node definition and are of the
      form "plugin.directive <value>".  Using these directives you can override
      various directives for a plugin, such as its contacts, and can also be
      used to create graphs containing data from other plugins.

      FIXME: This section is (obviously) incomplete.
FIELD DIRECTIVES
      These directives should appear after a node definition and are of the
      form "plugin.field <value>".  Using these directives you can override
      values originally set by plugins on the nodes, such as warning and
      critical levels or graph names.

      graph_height <value>
          The graph height for a specific service.  Default is 175.  Affects:
          munin-graph.

      graph_width <value>
          The graph width for a specific service.  Default is 400.  Affects:
          munin-graph.

      warning <value>
          The value at which munin-limits will mark the service as being in a
          warning state.  Value can be a single number to specify a limit that
          must be passed or they can be a comma separated pair of numbers
          defining a valid range of values.  Affects: munin-limits.

      critical <value>
          The value at which munin-limits will mark the service as being in a
          critical state.  Value can be a single number to specify a limit that
          must be passed or they can be a comma separated pair of numbers
          defining a valid range of values Affects: munin-limits.

      FIXME: This section is incomplete.

EXAMPLES
      On all the examples below, all the 'top-level' parameters (dbdir, logdir,
      htmldir, tmpldir) are not present. They are only skipped for brevity -
      they are needed.

EXAMPLE 1
      An example with three servers on two domains:

              [machine1.one.dom]
                      address machine1.one.dom

              [machine2.one.dom]
                      address 10.33.32.123

              [machine3.two.dom]
                      address localhost

      This will appear as two groups (one.dom and two.dom), having respectively
      two and one node.

EXAMPLE 2
      Summarize the 'load'-graphs of the two servers in one.dom, in a 'total
      load'-graph.

              [one.dom;Totals]
                      update no
                      load.graph_title Total load
                      load.sum_load.label load
                      load.sum_load.special_stack machine1=machine1.one.dom:load.load machine2=machine2.one.dom:load.load

AUTHORS
      Jimmy Olsen, Audun Ytterdal, Brian de Wolf, Nicolai Langfeldt

COPYRIGHT
      Copyright (C) 2002-2008 Audun Ytterdal, Jimmy Olsen, Nicolai Langfeldt,
      Linpro AS and others.

      This is free software; see the source for copying conditions. There is NO
      warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
      PURPOSE.

      This program is released under the GNU General Public License

SEE ALSO
      For more information, see the man pages of the individual munin-*
      programs or the Munin homepage <http://munin.sf.net/>.

Comandes

/usr/bin/munin-check

Segons el manual:

$ man munin-check
MUNIN-CHECK(8)                                                               Munin Documentation                                                              MUNIN-CHECK(8)

NAME
      munin-check - A program to fix permissions of Munin directories and files

SYNOPSIS
      munin-check [--options]

OPTIONS
      -h|--help
            Display usage information.

      -f|--fix-permissions
           Fix the permissions of the munin dirs and files.

DESCRIPTION
      munin-check is a utility that fixes the permissions of the munin directories and files.

      Note: munin-check needs superuser rights.

      Please don't use this script if you are using 'graph_strategy cgi'!  It doesn't care about the right permissions for www-data yet...

AUTHOR
      Matthias Schmitz

COPYRIGHT
      Copyright (C) 2002-2008 Matthias Schmitzs.

      This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

      This program is released under the GNU General Public License

Permet conprovar els permisos dels fitxers de munin. Un exemple:

$ sudo munin-check
Check /var/cache/munin/www
check /var/lib/munin/datafile
check /var/lib/munin/iesmontsia.org
check /var/lib/munin/limits
check /var/lib/munin/localdomain
check /var/lib/munin/munin-graph.stats
check /var/lib/munin/munin-update.stats
Check miscelaneous
# /var/lib/munin/datafile : Wrong permissions (664 != 644)
# /var/lib/munin/limits : Wrong permissions (664 != 644)
# /var/lib/munin/munin-graph.stats : Wrong permissions (664 != 644)
# /var/lib/munin/munin-update.stats : Wrong permissions (664 != 644)
# /var/lib/munin/plugin-state : Wrong owner (munin != nobody)
# /etc/munin/plugin-conf.d : Wrong permissions (750 != 755)
Check done.  Please note that this script only checks most things,
not all things. 

Please also note that this script is very new and may be buggy.

/usr/bin/munin-cron

[[muni-cron és el programa principal de munin i es executat cada 5 minuts per cron (vegeu el fitxer /etc/cron.d/munin).

Es tracta d'un script de shell:

$ cat /usr/bin/munin-cron
#!/bin/sh

# This used to test if the executables were installed.  But that is
# perfectly redundant and supresses errors that the admin should see.

/usr/share/munin/munin-update $@ || exit 1

# The result of munin-limits is needed by munin-html but not by
# munin-graph.  So run it in the background now, it will be done
# before munin-graph.  

/usr/share/munin/munin-limits $@ &

nice /usr/share/munin/munin-graph --cron $@ 2>&1 | 
	fgrep -v "*** attempt to put segment in horiz list twice"

wait

nice /usr/share/munin/munin-html $@ || exit 1

Es pot forçar la seva execució de forma manual. Consulteu Munin#.2Fusr.2Fbin.2Fmunin-check

/usr/lib/cgi-bin/munin-cgi-graph

/usr/lib/cgi-bin/munin-fastcgi-graph

Munin-node

Munin-node és el client en l'arquitectura de Munin. És el que processa les dades i les envia al servidor munin (paquet munin).

Instal·lació

$ sudo apt-get install munin-node

Fitxers instal·lats

Executables:

$ dpkg -L munin-node | grep bin
/usr/sbin
/usr/sbin/munin-node
/usr/sbin/munin-node-configure
/usr/sbin/munin-run
/usr/sbin/munin-node-configure-snmp

Fitxers de configuració:

$ dpkg -L munin-node | grep etc
/etc
/etc/munin
/etc/munin/plugins
/etc/munin/plugin-conf.d
/etc/munin/plugin-conf.d/munin-node
/etc/munin/munin-node.conf
/etc/init.d
/etc/init.d/munin-node
/etc/cron.d
/etc/cron.d/munin-node
/etc/logrotate.d
/etc/logrotate.d/munin-node

Documentació:

$ dpkg -L munin-node | grep doc
/usr/share/doc
/usr/share/doc/munin-node
/usr/share/doc/munin-node/munin-faq.html
/usr/share/doc/munin-node/munin-faq.txt.gz
/usr/share/doc/munin-node/munin-doc.pdf.gz
/usr/share/doc/munin-node/munin-doc.html
/usr/share/doc/munin-node/munin-doc.txt.gz
/usr/share/doc/munin-node/NEWS.Debian.gz
/usr/share/doc/munin-node/README.Debian
/usr/share/doc/munin-node/copyright
/usr/share/doc/munin-node/changelog.gz
/usr/share/doc/munin-node/munin-faq.pdf.gz
/usr/share/doc/munin-node/changelog.Debian.gz

Paquets que poden ser utils

$ sudo apt-get install munin-node libnet-snmp-perl libio-socket-ssl-perl libcrypt-des-perl libdigest-hmac-perl  libio-socket-inet6-perl libwww-perl libnet-irc-perl smartmontools ethtool

Control del servei munin-node. Execució, parada i reconfiguració de munin-node

Seguint els estàndards de Debian GNU/Linux (basat en el sistema d'scripts d'inicialització SystemV ) l'script de control del dimoni bind és:

/etc/init.d/munin-node

Les accions que podem fer amb el servei són start|stop|restart|force-reload|try-restart.

Cada cop que fem un canvi a la configuració de munin-node hem de fer un restart o, millor encara, un reload del servei:

$ sudo /etc/init.d/munin-node reload

Tal com podem veure executant:

$ sudo updatedb
$ locate munin-node | grep rc
/etc/rc0.d/K20munin-node
/etc/rc1.d/K20munin-node
/etc/rc2.d/S98munin-node
/etc/rc3.d/S98munin-node
/etc/rc4.d/S98munin-node
/etc/rc5.d/S98munin-node
/etc/rc6.d/K20munin-node

El servei munin-node s'executa a partir del nivell 2.

Podeu trobar més informació a l'article Configuració de serveis en Linux.

Configuració

El fitxer de configuració és /etc/munin/munin-node.conf. Un exemple de fitxer de configuració pot ser:

$ cat munin-node.conf
#
# Example config-file for munin-node
#

log_level 4
log_file /var/log/munin/munin-node.log
port 4949
pid_file /var/run/munin/munin-node.pid
background 1
setseid 1

# Which port to bind to;
host *
user root
group root
setsid yes 

# Regexps for files to ignore 

ignore_file ~$
ignore_file \.bak$
ignore_file %$
ignore_file \.dpkg-(tmp|new|old|dist)$
ignore_file \.rpm(save|new)$

# Set this if the client doesn't report the correct hostname when
#  telnetting to localhost, port 4949
#
#host_name localhost.localdomain

# A list of addresses that are allowed to connect.  This must be a
# regular expression, due to brain damage in Net::Server, which
# doesn't understand CIDR-style network notation.  You may repeat
# the allow line as many times as you'd like
 
allow ^127\.0\.0\.1$
allow 192.168.1.3

El més important són les línies allow que indiquen quins clients poden accedir al servei que proporciona Munin-node.

Cada cop que modifiquem la configuració de munin-node hem de tornar a iniciar Munin:

$ sudo /etc/init.d/munin-node restart

munin-node-configure

Amb aquesta comanda podeu indicar quins plugins, és a dir que es pot monitoritzar amb munin:

$ sudo munin-node-configure
.Plugin                     | Used | Extra information                      
------                     | ---- | -----------------                      
acpi                       | no   |                                        
apache_accesses            | no   |                                        
apache_processes           | yes  |                                        
apache_volume              | no   |                                        
apt                        | no   |                                        
apt_all                    | no   |                                        
courier_mta_mailqueue      | no   |                                        
courier_mta_mailstats      | no   |                                        
courier_mta_mailvolume     | no   |                                        
cps_                       | no   |                                        
cpu                        | yes  |                                        
cupsys_pages               | no   |                                        
df                         | yes  |                                        
df_abs                     | no   |                                        
df_inode                   | yes  |                                        
entropy                    | yes  |                                        
exim_mailqueue             | no   |                                        
exim_mailstats             | no   |                                        
forks                      | yes  |                                        
fw_conntrack               | no   |                                        
fw_forwarded_local         | no   |                                        
fw_packets                 | no   |                                        
hddtemp_smartctl           | no   |                                        
if_                        | yes  | eth1                                   
if_err_                    | yes  | eth1                                   
interrupts                 | yes  |                                        
iostat                     | yes  |                                        
ip_                        | no   |                                        
ircu                       | no   |                                        
irqstats                   | yes  |                                        
load                       | yes  |                                        
loggrep                    | no   |                                        
memory                     | yes  |                                        
multips                    | no   |                                        
munin_graph                | no   |                                        
munin_update               | no   |                                        
mysql_bytes                | yes  |                                        
mysql_isam_space_          | no   |                                        
mysql_queries              | yes  |                                        
mysql_slowqueries          | yes  |                                        
mysql_threads              | yes  |                                        
netstat                    | no   |                                        
nfs_client                 | no   |                                        
nfsd                       | no   |                                        
ntp_                       | no   |                                        
ntp_offset                 | no   |                                        
ntp_states                 | no   |                                        
open_files                 | yes  |                                        
open_inodes                | yes  |                                        
ping_                      | no   |                                        
port_                      | no   |                                        
postfix_mailqueue          | yes  |                                        
postfix_mailstats          | no   |                                        
postfix_mailvolume         | yes  |                                        
postgres_block_read_       | no   |                                        
postgres_commits_          | no   |                                        
postgres_locks             | no   |                                        
postgres_queries_          | no   |                                        
postgres_space_            | no   |                                        
processes                  | yes  |                                        
ps_                        | no   |                                        
psu_                       | no   |                                        
sendmail_mailqueue         | no   |                                        
sendmail_mailstats         | no   |                                        
sendmail_mailtraffic       | no   |                                        
sensors_                   | no   |                                        
smart_                     | yes  | sda                                    
squid_cache                | no   |                                        
squid_icp                  | no   |                                        
squid_requests             | no   |                                        
squid_traffic              | no   |                                        
swap                       | yes  |                                        
sybase_space               | no   |                                        
tomcat_access              | no   |                                        
tomcat_jvm                 | no   |                                        
tomcat_threads             | no   |                                        
tomcat_volume              | no   |                                        
uptime                     | no   |                                        
vlan_                      | no   |                                        
vlan_inetuse_              | no   |                                        
vlan_linkuse_              | no   |                                        
vmstat                     | yes  |

Per exemple, amb l'opció suggest us indicarà que podeu activar i que no (i en alguns casos el perquè):

$ sudo munin-node-configure --suggest
Plugin                     | Used | Suggestions                            
------                     | ---- | -----------                            
acpi                       | no   | [thermal not supported by ACPI]        
apache_accesses            | no   | [no apache server-status or ExtendedStatus missing on ports 80]
apache_volume              | no   | [no apache server-status or ExtendedStatus missing on ports 80]
courier_mta_mailqueue      | no   | [spooldir not found]                   
courier_mta_mailstats      | no   | [could not find executable]            
courier_mta_mailvolume     | no   | [could not find executable]            
cupsys_pages               | no   | [logfile not readable]                 
exim_mailqueue             | no   |                                        
exim_mailstats             | no   | ['/usr/sbin/exim -bP log_file_path' returned an error]
hddtemp_smartctl           | no   | [no drives known]                      
if_                        | yes  |                                        
if_err_                    | yes  |                                        
ip_                        | no   |                                        
mysql_isam_space_          | no   |                                        
netstat                    | no   |                                        
nfs_client                 | no   | [no /proc/net/rpc/nfs]                 
nfsd                       | no   | [no /proc/net/rpc/nfsd]                
ntp_offset                 | no   | [no ntpq program]                      
postgres_block_read_       | no   |                                        
postgres_commits_          | no   |                                        
postgres_locks             | no   |                                        
postgres_queries_          | no   |                                        
postgres_space_            | no   |                                        
ps_                        | no   |                                        
sendmail_mailqueue         | no   |                                        
sendmail_mailstats         | no   | [no mailstats command]                 
sendmail_mailtraffic       | no   |                                        
smart_                     | yes  |                                        
squid_cache                | no   | [could not connect: Connection refused]
squid_requests             | no   | [could not connect: Connection refused]
squid_traffic              | no   | [could not connect: Connection refused]
tomcat_access              | no   | [no tomcat status]                     
tomcat_jvm                 | no   | [no tomcat status]                     
tomcat_threads             | no   | [no tomcat status]                     
tomcat_volume              | no   | [no tomcat status]

munin-node-configure-snmp

TODO


The easy way to configure snmp plugins in Munin is to use munin-node-configure.

On the node you want to use as an snmp gateway, run the configure script against your snmp enabled device. For example your netopia router.

dumbledore:~# munin-node-configure --shell --snmp netopia ln -s /usr/share/munin/plugins/snmp__if_ /etc/munin/plugins/snmp_netopia_if_1 ln -s /usr/share/munin/plugins/snmp__if_err_ /etc/munin/plugins/snmp_netopia_if_err_1

Note that munin-node-configure also accepts other switches, namely --snmpversion and --snmpcommunity:

munin-node-configure --shell --snmp <host|cidr> --snmpversion <ver> --snmpcommunity <comm>

This process will check each plugin in your Munin plugin directory for the "magic markers?" family=snmpauto and capabilities=snmpconf, and then run each of these plugins against the given host or CIDR network.

Cut and paste the suggested ln commands and restart your node.

The node will then present multiple virtual nodes:

dumbledore:~# telnet localhost 4949 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'.

  1. munin node at dumbledore

nodes netopia dumbledore . list netopia snmp_netopia_if_1 snmp_netopia_if_err_1

On your master server (where you gather the information into rrd files) you add this virtual node to your munin.conf (example contains both real node and the virtual one -- both with the same address line)

[dumbledore]

   address 10.123.123.2
   use_node_name yes

[netopia]

   address 10.123.123.2
   use_node_name no

Next time munin-cron runs, the virtual node should start showing up in your Munin website.

You cannot easily set the SNMP community if it is different from the default "public".

Recommended solution:

# munin-node-configure --snmp your.host.domain.tld --snmpcommunity "seacrat community"

Note that the community strings are not automatically saved anywhere. You will have to store them yourself to a file under /etc/munin/plugin-conf.d/. This file should not be world readable.

Example file /etc/munin/plugin-conf.d/snmp_communities:

[snmp_gw.example.org_*]
env.community "seacrat community"

[snmp_fw.example.org_*]
env.community "frnpeng pbzzhavgl"

If your community name has no whitespace in it, you can provide it unquoted. In fact, if you do quote it, it may not work (it didn't for me) so my version of /etc/munin/plugin-conf.d/snmp_communities looks like this:

[snmp_gateway_*]
  env.community hobbitses
  env.version 2c

Vegeu també

Comandes

/usr/sbin/munin-run

Segons el manual:

$ man munin-run

MUNIN-RUN(1p)                                                        User Contributed Perl Documentation                                                       MUNIN-RUN(1p)

NAME
      munin-run - A program to run Munin plugins from the command line

SYNOPSIS
      munin-run [options] <plugin> [ config | autoconf | snmpconf | suggest ]

OPTIONS
      --config <configfile>
           Use <file> as configuration file. [/etc/munin/munin-node.conf]

      --servicedir <dir>
           Use <dir> as plugin dir. [/etc/munin/plugins/]

      --sconfdir <dir>
           Use <dir> as plugin configuration dir. [/etc/munin/plugin-conf.d/]

      --sconffile <file>
           Use <file> as plugin configuration. Overrides sconfdir.  [undefined]

      --paranoia
           Only run plugins owned by root and check permissions.  [disabled]

      --help
           View this help message.

      --debug
           Print debug messages.  Debug messages are sent to STDOUT and are prefixed with "#" (this makes it easier for other parts of munin to use munin-run and still
           have --debug on).  Only errors go to STDERR.

      --pidebug
           Plugin debug.  Sets the environment variable MUNIN_DEBUG to 1 so that plugins may enable debugging.  [disabled]

      --version
           Show version information.

DESCRIPTION
      munin-run is a script to run Munin plugins from the command-line.  It's useful when debugging plugins, as they are run in the same conditions as they are under
      munin-node.

munin-run és una comanda que permet executar plugins de munin des de la línia de comandes.

Per exemple per corre el plugin df:

$ sudo munin-run df
_dev_mapper_todo_root.value 7.63905686852302
_dev.value 0.000798881565807869
_run.value 0.143199027031268
_run_lock.value 0
_run_shm.value 0
_dev_sda1.value 42.7044167610419

Ports

El port de munin-node és:

$ cat /etc/services | grep munin
munin           4949/tcp        lrrd            # Munin
$ sudo nmap 192.168.1.2 -p 4949
Starting Nmap 4.20 ( http://insecure.org ) at 2007-11-23 11:30 CET
Interesting ports on 192.168.1.2:
PORT     STATE SERVICE
4949/tcp open  unknown
MAC Address: 00:30:1B:B7:CD:B6 (Shuttle)

Plugins

Els plugins es troben a:

/usr/share/munin/plugins

Configuració

La configuració dels plugins la trobareu a:

/etc/munin/plugin-conf.d/munin-node
# This file is used to configure how the plugins are invoked.
# Place in /etc/munin/plugin-conf.d/ or corresponding directory.
#
# PLEASE NOTE: Changes in the plugin-conf.d directory are only
# read at munin-node startup, so restart at any changes.
#
# user <user>         # Set the user to run the plugin as.
# group <group>       # Set the group to run the plugin as.
# command <command>   # Run <command> instead of the plugin. %c expands to
#                       what would normally be run.
# env.<variable> <value> # Sets <variable> in the plugin's environment, see the
#                       individual plugins to find out which variables they
#                       care about. 

[apt]
user root 

[courier_mta_mailqueue]
group daemon 

[courier_mta_mailstats]
group adm  

[courier_mta_mailvolume]
group adm 

[cps*]
user root  

[exim_mailqueue]
group mail, (Debian-exim) 

[exim_mailstats]
group mail, adm  

[fw_conntrack]
user root

[fw_forwarded_local]
user root

[hddtemp_smartctl]
user root

[if_*]
user root

[if_err_*]
user nobody

[ip_*]
user root

[mysql*]
user root
env.mysqlopts --defaults-extra-file=/etc/mysql/debian.cnf

[postfix_mailqueue]
user (postfix)

[postfix_mailstats]
group adm 

[postfix_mailvolume]
group adm
env.logfile mail.log

[smart_*]
user root 

[vlan*]
user root

[ejabberd]
user root

Munin exchange

És la web oficial de Nagios on podeu torbar disponibles Plugins.

Instal·lació de Plugins

A Debian/Ubuntu teniu alguns plugins extres a:

$ sudo apt-get install munin-plugins-extra

Els passos són:

Copieu-lo a /usr/share/munin/plugins

Poseu els permisos adequats:

$ sudo chmod 755 myplugin
  • Activeu-lo fent un link simbòlic:
$ sudo ln - s /usr/share/munin/plugins/NOM_PLUGIN /etc/munin/plugins/NOM_PLUGIN

Podeu establir opcions especifiques del Plugin a:

/etc/munin/plugin-conf.d/munin-node

Torneu a iniciar el servidor:

$ sudo service munin-node restart

o

$ sudo /etc/init.d/munin-node restart

Espereu uns minuts per tal que les noves estadístiques apareguin a Munin.

NOTA: Els plugins wildcard, és a dir els que acaben amb _ funcionen diferent:

TODO

Plugins Java

TODO, paquet:

sudo apt-get install munin-java-plugins

Establir/sobrescriure paràmetres dels plugins

Es pot fer canviant el fitxer /etc/munin/munin.conf, per exemple per canviar el nivell de warning de la mida de disk:

[foo.example.com]
  address 10.20.30.40
  df._home.warning 98

La sintaxi és:

[plugin_name].[fieldname].(warning|critical) [value]. 

A la pàgina de munin especifica del plugin, els noms dels camps són llistats com "Internal name" a sota de les gràfiques.

TODO:

[<plugin name>]
user <user>
group <group>
command <command>
env.<variable> <value>
host_name <host-name>
timeout <seconds>

The attributes adhere to the following:

[<plugin-name>]	The following lines are for <plugin-name>. May include one wildcard ('*') at the start or end of the plugin-name, but not both, and not in the middle.
user <username|userid>	Run plugin as this user
group <groupname|groupid>[, <groupname|groupid>] ...	Run plugin as this group. If group is inside parentheses, the plugin will continue if the group doesn't exist. What  
does comma separated groups do? See $EFFECTIVE_GROUP_ID in the manual page for perlvar(1 )
command <command>	Run <command> instad of plugin. %c will be expanded to what would otherwise have been run. E.g. command sudo -u root %c.
env. <contents>	Will cause the environment variable  to be set to <contents> when running the plugin. More than one env line may exist. See the individual  
plugins to find out which variables they care about.
host_name <host-name>	Forces the plugin to be associated with the given host, overriding anything that "plugin config" may say. (This option is very old but has never been 
documented)
timeout <seconds>	Maximum number of seconds before the plugin script should be killed when fetching values. The default is 10 seconds, but some plugins may require  
more time. This option has been available since [461]. 

Wheater plugin

Utilitzant la web:

http://www.weather.com

Podeu consultar el temps de una ciutat específica, per exemple Tortosa:

http://www.weather.com/weather/today/Tortosa+Spain+SPXX0209

Podeu instal·lar el plugin wheater per tal de realitzar una gràfica, el plugin el trobareu a:

http://exchange.munin-monitoring.org/plugins/weather_/details

El podeu baixar amb:

$ cd /usr/share/munin/plugins
$ wget http://exchange.munin-monitoring.org/plugins/weather_/version/2/download
$ sudo mv download weather_-v2
$ sudo chmod +x weather_-v2
$ sudo ln -s /usr/share/munin/plugins/weather_-v2 /etc/munin/plugins/weather_tortosa

Ara configureu el plugin:

$ sudo joe /etc/munin/plugin-conf.d/munin-node 

I afegiu:

[weather_tortosa]
env.code Tortosa+Spain+SPXX0209

Finalment apliqueu els canvis:

$ sudo /etc/init.d/munin-node restart

Ara us apareixerà una gràfica extra (amb el temps de Tortosa) al clients Munin que monitoritzin aquesta màquina.

Discs durs

smart

Primer cal instal·lar i configurar smartd del paquet smartmontools. Consulteu:

Smartmontools#Smart_daemon_._smartd

Ara cal activar el plugin, per a cada disc dur, per exemple per al sda:

$ sudo ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sda

En canvi per al sdb seria:

 $ sudo ln -s /usr/share/munin/plugins/smart_ /etc/munin/plugins/smart_sdb

Podeu comprovar que el plugin funcioni amb:

$ sudo munin-run smart_sda
Power_Off_Retract_Count.value 100
Power_Cycle_Count.value 100
Total_LBAs_Read.value 100
Available_Reservd_Space.value 100
Unknown_Attribute.value 100
Total_LBAs_Written.value 100
Reallocated_Sector_Ct.value 100
Power_On_Hours.value 000
Load_Cycle_Count.value 100
Program_Fail_Cnt_Total.value 000
Media_Wearout_Indicator.value 100
Erase_Fail_Count_Total.value 000
smartctl_exit_status.value 0

i

$ sudo munin-run smart_sda autoconf
yes

A /etc/munin/plugin-conf.d/munin-node ja trobareu part de la configuració feta:

[hddtemp_smartctl]
user root    

[hddtemp2]
user root
...
[smart_*]
user root

Recursos:

Temperatura dels discos
hddtemp_smartctl

Per activar el plugin:

$ sudo ln -s /usr/share/munin/plugins/hddtemp_smartctl /etc/munin/plugins

Oco si no tots els discs ho suporten, cal indicar aleshores es discos concrets que si que funcionen!. A l'exemple indiquem el discos sdb i sdc:

$ sudo joe /etc/munin/plugin-conf.d/munin-node
...
[hddtemp_smartctl]
env.drives sdb sdc
user root

Podeu provar el plugin amb:

$ sudo munin-run hddtemp_smartctl 
sdb.value 40
sdc.value 39

O:

$ sudo env drives="sdb" /etc/munin/plugins/hddtemp_smartctl

Les gràfiques d'aquest plugin van a l'apartat sensors

Recursos:

hddtemp

TODO? Hi ha un plugin hddtemp2!?

Bind plugin

El plugin de bind ja el trobareu instal·lat a la carpeta:

/usr/share/munin/plugins

De fet hi ha dos plugins

Però que estiguin instal·lats no vol dir que estiguin activats. Els plugins actius són els que es troben a la carpeta:

/etc/munin/plugins

De fet hi ha dos plugins:

/usr/share/munin/plugins/bind9

i

/usr/share/munin/plugins/bind9_rndc

El plugin bind9 crea gràfiques a partir del fitxer de log /var/log/bind9/query.log (o el que s'indiqui), o el que és el mateix monitoritza les peticions al servidor DNS. En canvi el plugin bind9_rndc utilitza les estadístiques de Bind per a fer la monitortizació.

Els plugins són scripts de perl i es poden llegir, de fet hi ha certa informació als scripts que pot ser interessant (com per exemple la configuració per defecte):

$ cat /usr/share/munin/plugins/bind9
...
=head1 NAME

bind9 - Plugin to monitor usage of bind 9 servers

=head1 CONFIGURATION

This plugin is configurable environment variables.  The following
shows the default settings:

 [bind9]
    env.logfile   /var/log/bind9/query.log  

You must also configure query logging in your named.conf.  Please
contribute your documentation about how to do that.  Thanks.
...

i:

$ cat /usr/share/munin/plugins/bind9_rndc
...
=head1 NAME

bind9_rndc - Plugin to monitor usage of bind 9 servers using rndc stats

=head1 CONFIGURATION

The following environment variables are used by this plugin

  [bind_rndc]
    env.rndc		/usr/sbin/rndc
    env.querystats      /var/run/named.stats

The user/group that runs the plugin must have read access to the stats
file.  To change user or group (usually Munin plugins are run as
nobody) add this to the [bind_rndc] stanza if the "bind" user runs
BIND:

    user bind 

On the BIND side put

  statistics-file "/var/run/named.stats";

in the options part of your named.conf or set the querystats variable
(see below) to where your named puts the statistics file by default.

You must also make sure the rndc.key file is readable by the user that
runs the plugin.
....

=head1 FEATURES AND BUGS

Previous versions of this plugin allowed a empty "rndc" environment
setting to not do a explicit dump of stats to the stats file.  This
version requires running rndc itself.  This makes the method of
finding the correct stats in the file more reliable than before.

...

Per activar els plugins cal crear un enllaç simbòlic:

$ sudo ln -s /usr/share/munin/plugins/bind9 /etc/munin/plugins/bind9
$ sudo ln -s /usr/share/munin/plugins/bind9_rndc /etc/munin/plugins/bind9_rndc

Ara la configuració. La configuració es fa al fitxer:

/etc/munin/plugin-conf.d/munin-node

En el nostre cas utilitzem les opcions per defecte i no cal configura res. Un exemple però seria:

$ sudo cat /etc/munin/plugin-conf.d/munin-node
...
[bind9]
user root
env.logfile   /var/log/bind9/query.log

[bind9_rndc]
user root
env.querystats /var/named/data/named_stats.txt

IMPORTANT: Si us dona l'error: $ sudo munin-run bind9_rndc rndc: error: none:0: open: /etc/bind/rndc.key: permission denied, poseu al fitxer:

[bind9_rndc]
user root


Per defecte bind9 espera que el fitxer amb el log de les peticions rebudes pel servidor DNS es trobi a:

/var/log/bind9/query.log

I les estadístiques generades per la comanda:

$ sudo rndc stats

es guardin a:

/var/log/bind9/named.stats

Bind per defecte no genera aquest fitxer. Per generar-lo cal configurar Bind afegint les línies següents:

$ sudo joe /etc/bind/named.conf.options
options {
 ...
 statistics-file "/var/log/bind9/named.stats";
}
logging {
       channel b_query {
               file "/var/log/bind9/query.log" versions 2 size 1m;
               print-time yes;
               severity info;
       };
       category queries { b_query; };
};

IMPORTANT: Afegiu aquestes línies al final del fitxer. NO POSEU DINS l'APARTAT OPTIONS l'apartat logging

Ara cal crear la carpeta i els fitxers de log:

$ sudo mkdir /var/log/bind9
$ sudo chown bind:bind /var/log/bind9
$ sudo touch /var/log/bind9/named.stats
$ sudo chown bind:bind /var/log/bind9/named.stats 
$ sudo ln -s /var/log/bind9/named.stats /var/run/named.stats

Amb Ubuntu i AppArmor uns caldrà també configurar AppArmor. Modifiqueu el fitxer:

$ sudo joe /etc/apparmor.d/usr.sbin.named

Busqueu les línies:

 # some people like to put logs in /var/log/named/ instead of having
 # syslog do the heavy lifting.
 /var/log/named/** rw,
 /var/log/named/ rw,  

I poseu:

 # some people like to put logs in /var/log/named/ instead of having
 # syslog do the heavy lifting.
 /var/log/named/** rw,
 /var/log/named/ rw,  
 /var/log/bind9/** rw,
 /var/log/bind9/ rw, 

Reinicieu Apparmor:

$ sudo /etc/init.d/apparmor restart 

I apliqueu els canvis a Bind:

 $ sudo /etc/init.d/bind9 restart

Comproveu que el servidor de DNS funciona correctament:

$ ps aux | grep bind

i

$ sudo tail -f /var/log/syslog

Un cop feta la configuració cal aplicar els canvis:

$ sudo /etc/init.d/munin-node restart

Ara podeu provar els plugins per línia de comandes:

$ sudo munin-run bind9
query_PTR.value 1
query_A.value 19
query_other.value 0

i:

$ sudo munin-run bind9_rndc 
query_recursion.value 1
query_success.value 3
query_nxrrset.value 0
query_requests.value 3
query_failure.value 0
query_duplicates.value 0 
query_nonauth_answer.value 3
query_nxdomain.value 0
query_auth_answer.value 0
query_responses.value 3

Apliqueu els canvis:

$ sudo /etc/init.d/munin-node restart
Stopping Munin-Node: done.
Starting Munin-Node: done.


Vegeu també Bind

Recursos:

Squid plugin

+http://exchange.munin-monitoring.org/plugins/squid_efficiency/details

apache_* plugin

Cal activar apache2 extended status (cf http://www.debian-administration.org/articles/161):

Instal·leu el mòdul info

$ sudo a2enmod info

Modifiqueu el fitxer /etc/apache2/apache2.conf la secció:

<Location /server-status> 

o també pot ser:

$ sudo joe /etc/apache2/mods-available/status.conf

I poseu:

ExtendedStatus On

Apliqueu els canvis a apache2

$ sudo /etc/init.d/apache2 force-reload

Un exemple de configuració del fitxer /etc/munin/plugin-conf.d/munin-node

[apache_*]
env.lrrd_url "http://<my_ip>:%d/server-status?auto"

NOTA: No cal posar res

Per activar el plugin:

$ sudo ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/apache_processes/etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins

ip_ plugin

Afegiu a /etc/munin/plugin-conf.d/munin-node (a les últimes versions ja està fet normalment)

[ip_*]
user root

Afegiu les normes "dummy" d'iptables per tal de recol·lectar estadístiques per a una Ip particular:

$ sudo iptables -A INPUT -d <ip>;iptables -A OUTPUT -s <ip>

Instal·leu el plugin per a la IP

$ ln -s /usr/share/munin/plugins/ip_ /etc/munin/plugins/ip_<ip>

sensors_ plugin

TODO

Vegeu també sensors

Usually you create symlinks calles sensors_fan, sensors_volt and sensors_temp.

I had many troubles after a kernel upgrade:


Now the output of "sensors" features a "phantom" chip w83627hf-i2c-0-28 with no valid values, aside the 2 others, w83782d-i2c-0-29 and w83627hf-isa-0290.
One more or less correct way would be to e.g. add an entry at the end of /etc/sensors.conf with

chip "w83627hf-i2c-*"
   ignore in0
   ...

But sth is really wrong no way to get a section only considered by the -isa- and the other by -i2c-, whatever I tried both sections were submitted to the same filtering rules :-(

I could finally filter properly by specifying completely the chip:

chip "w83782d-i2c-1-29"
   ...
chip "w83627hf-isa-0290"
   ...
chip "w83627hf-i2c-0-28"
   ignore in0

But the entry order was not the same as before, the sections have to be inverted and some new values must be postponed to the end to keep the uniformity in the history values.
A big hack was to change the output of sensors when called by munin:
In /etc/munin/plugin-conf.d/munin-node it became:

[sensors_*]
env.sensors sensors|awk 'b==1{p=p"\n"$0};b==2&&/^in/{o=o"\n"$0;next};b==2;/^$/{b+=1};END{print p o}'

Finaly I dumped the rrd files to see what were the previous values and rename the rrd files to the corresponding proper voltN entry:

rrdtool dump /vs/public/var/lib/munin/yobi.be/zeus.yobi.be-sensors_volt-volt1-g.rrd |grep "2008-02-1[12] 23:30"

apt

Podeu comprovar si està activat amb:

$ sudo munin-node-configure | grep apt
apt                        | no   |                                        
apt_all                    | no   |  

Per activar el plugin:

$ sudo ln -s /usr/share/munin/plugins/apt /etc/munin/plugins/apt 
$ sudo service munin-node restart
$ sudo munin-node-configure | grep apt
$ sudo munin-node-configure | grep apt
apt                        | yes  |

Podeu fer el mateix amb apt_all:

$ sudo ln -s /usr/share/munin/plugins/apt_all /etc/munin/plugins/apt_all
$ sudo service munin-node restart

Comproveu el funcionament amb:

$ sudo munin-run apt
pending.value 0
hold.value 0
$ sudo munin-run apt_all 
pending_stable.value 0
hold_stable.value 0
pending_testing.value 0
hold_testing.value 0
pending_unstable.value 0
hold_unstable.value 0

Apache

$ sudo munin-node-configure --suggest
Plugin                     | Used | Suggestions                            
------                     | ---- | -----------                            

apache_accesses            | no   | no [ExtendedStatus option for apache mod_status is missing on port 80]
apache_processes           | no   | no [ExtendedStatus option for apache mod_status is missing on port 80]
apache_volume              | no   | no [ExtendedStatus option for apache mod_status is missing on port 80]

Com veieu cal tenir activat ExtendedStatus a Apache

$ sudo ln -s /usr/share/munin/plugins/apache_accesses /etc/munin/plugins/apache_accesses
$ sudo ln -s /usr/share/munin/plugins/apache_processes /etc/munin/plugins/apache_processes
$ sudo ln -s /usr/share/munin/plugins/apache_volume /etc/munin/plugins/apache_volume
$ sudo service munin-node restart

MySQL

Podeu veure si està activat amb:

$ sudo munin-node-configure | grep mysql
mysql_                     | no   |                                        
mysql_bytes                | no   |                                        
mysql_innodb               | no   |                                        
mysql_queries              | no   |                                        
mysql_slowqueries          | no   |                                        
mysql_threads              | no   |

Si no està activat potser és que no tenim un servidor MySQL a la màquina o mireu altres possibles errors amb:

$ sudo munin-node-configure -suggest| grep mysql
mysql_                     | no   | no [Missing dependency Cache::Cache]  

A l'exemple falta una dependència:

$ sudo cpan -i Cache:Cache

La configuració del plugin:

$ sudo joe /etc/munin/plugin-conf.d/munin-node
[mysql*]
user root   
env.mysqlopts --defaults-file=/etc/mysql/debian.cnf
env.mysqluser debian-sys-maint
env.mysqlconnection DBI:mysql:mysql;mysql_read_default_file=/etc/mysql/debian.cnf
[mysql_innodb]
env.warning 0
env.critical 0

Per activar el plugin:

$ sudo ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_bytes /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_innodb /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_queries /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_slowqueries /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_threads /etc/munin/plugins
$ sudo ln -s /usr/share/munin/plugins/mysql_ /etc/munin/plugins
$ sudo /etc/init.d/munin-node restart
$ sudo munin-node-configure | grep mysql
mysql_                     | yes  |                                        
mysql_bytes                | yes  |                                        
mysql_innodb               | yes  |                                        
mysql_queries              | yes  |                                        
mysql_slowqueries          | yes  |                                        
mysql_threads              | yes  |

Recursos:

Ldap

Per tal de poder monitortizar un servidor Ldap, el primer que cal fer es activar el Monitoring al server Ldap. Consulteu:

Slapd Monitoring

Un cop el servidor preparat, anem a preparar Munin-node. Tenim dos plugins:

  • slpad_: Monitoritza diversos aspectes del servidor Ldap. realment es tracta d'un plugin amb symlinks, és a dir que és múltiples plugins:
  • slapd_statistics_bytes
  • slapd_connections
  • slapd_operations
  • slapd_operations_diff
  • slapd_statistics_entries
  • slapd_statistics_pdu
  • slapd_statistics_referrals
  • slapd_waiters

Per al plugin slapd_ cal tenir instal·lat el següent:

$ sudo cpan -i Net::LDAP

També cal la versió que pertoqui de db-util per al plugin slapd_bdb_cache:

$ sudo apt-get install db5.1-util

Normalment es posa la versió que requereix el servidor Ldap, podeu saber quina versió és amb:

$ apt-cache depends slapd | grep libdb
 Depèn: libdb5.1

Els plugins són scripts de perl, a dins dels fitxers hi ha informació interessant sobre com cal invocar-los i/o configurar-los:

$ sudo joe /usr/share/munin/plugins/slapd
...
# We use one script for all monitoring.
# This script may be symlinked with several names, all
# performing different functions:
# slapd_statistics_bytes
# slapd_statistics_pdu  
# slapd_statistics_other
# slapd_connections
# slapd_waiters   
# slapd_operations
# slapd_operations_diff
...
# Change these to reflect your LDAP ACL. The given DN must have
# read access to the Monitor branch.
my $basedn = "cn=Monitor";
my $server = ($ENV{'server'} || 'localhost');
my $userdn = ($ENV{'binddn'} || );
my $userpw = ($ENV{'bindpw'} || );

NOTA: Com podeu observar el plugin espera tenir accés anònim a cn monitor

La configuració dels plugins es realitza al fitxer:

$ sudo joe  /etc/munin/plugin-conf.d/munin-node  
...
[slapd_bdb_cache_*]
user root
env.dbstat /usr/bin/db5.1_stat

NOTA: Per a slapd_ no posem cap configuració, la configuració per defecte ja ens és correcte

Ara cal arreglar un error al plugin slapd_bdb_cache_

$ sudo joe /usr/share/munin/plugins/slapd_bdb_cache_

Busqueu les línies:

} elsif ( -d $dbdir && -r $dbdir) {
       print "no (Can't open database directory '$dbdir')";

I canvieu-les per (observeu el simbol ! afegit)

 } elsif (! -d $dbdir && -r $dbdir) {
       print "no (Can't open database directory '$dbdir')";

Ara executeu:

$ sudo munin-node-configure --suggest | grep slapd
slapd_                     | yes  | yes (statistics_bytes +connections +operations +operations_diff +statistics_entries +statistics_pdu +statistics_referrals +waiters)
slapd_                     | no   | no                                     
slapd_bdb_cache_           | no   | yes (+pages +percent)                  

Activem els plugins amb:

$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_statistics_bytes
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_connections
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_operations
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_operations_diff
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_statistics_entries
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_statistics_pdu
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_statistics_referrals
$ sudo ln -s /usr/share/munin/plugins/slapd_ /etc/munin/plugins/slapd_waiters
$ sudo ln -s /usr/share/munin/plugins/slapd_bdb_cache_ /etc/munin/plugins/slapd_bdb_cache_pages
$ sudo ln -s /usr/share/munin/plugins/slapd_bdb_cache_ /etc/munin/plugins/slapd_bdb_cache_percent
$ sudo /etc/init.d/munin-node restart

Comprovem si funciona amb:

$ sudo munin-run slapd_connections
connections.value 1054

Si us dona l'error:

$ sudo /usr/share/munin/plugins/slapd_ autoconf
no (Can't use string ("cn") as an ARRAY ref while "strict refs" in use at /usr/local/share/perl/5.14.2/Convert/ASN1/_encode.pm line 269,  line 558.

Proveu d'eliminar la línia:

$ sudo joe /usr/share/munin/plugins/slapd_
...
                         cn => 'cn'

I que quedi:

$mesg =
           $ldap->search (
                          base   => $basedn,
                          scope  => 'one',
                          filter => '(objectClass=monitorServer)'
                          );


Recursos

Other plugins

More info on plugins incl. how to write yours: http://munin.projects.linpro.no/wiki/HowToWritePlugins

Munin-node per a Windows

Podeu obtenir un zip a:

http://puzzle.dl.sourceforge.net/project/munin-nodewin32/munin-node-win32/Munin%20Node%20for%20Windows%20v1.5/munin-node-win32-v1.5.1942-bin.zip

IMPORTANT: També podeu utilitzar el MSI: http://garr.dl.sourceforge.net/project/munin-nodewin32/munin-node-win32/Munin%20Node%20for%20Windows%20v1.5/munin-node-win32-v1.5.1942.msi

Aka munin-node-win32

És un programa escrit en C++ amb la majoria de plugins inclosos a l'executable principal. L'ús per línia de comandes de DOS és:

  • -install: Instal·la l'aplicació com a servei
  • -uninstall: Elimina el servei
  • -quiet: Tanca la consola, 'sexecuta en segon terme
  • -run: S'executa com un programa normal

El fitxer de configuració és:

munin-node.ini

Esta en el format estàndard de fitxer de configuració INI de Windows

La secció [Plugins] defineix quins plugins estan activats.

Plugins:

  • CPU (cpu)
  • Disk (df):Configuration in [DiskPlugin] section.
  • HD (hdd): reporta la temperatura del disc dur
  • Memory (memory)
  • Process (processes)
  • Network (network)
  • MBM (mbm, mbm_volt, mbm_fan, mbm_cpu): sensors de la placa mare
  • SpeedFan (speedfan). Configuration in [SpeedFanPlugin] section. You have to change the BroadcastIP and UID settings to match SpeedFan (Configuration->xAP)
  • Performance Counter
  • ...

Un exemple de fitxer munin-niode.ini:

[Plugins]
; Plugin Section, 1 enables plugin, 0 disables
Disk=1
Memory=1
Processes=1
Network=1
MbmTemp=1
MbmVoltage=1
MbmFan=1
MbmMhz=1
SMART=0
HD=1
Cpu=1
SpeedFan=1
External=1

[DiskPlugin]
; Default Warning and Critical values for % space used
Warning=92
Critical=98

[ExternalPlugin]
; For External Plugins just add an entry with the path to the program to run
; It doesn't matter what the name of the name=value pair is
Plugin01=C:\Users\Jory\Documents\Visual Studio Projects\munin-node\src\plugins\python\disk_free.py

[PerfCounterPlugin_disktime]
DropTotal=1
Object=LogicalDisk
Counter=% Disk Time
CounterFormat=double
CounterMultiply=1.000000
GraphTitle=Disk Time
GraphCategory=system
GraphArgs=--base 1000 -l 0
GraphDraw=LINE

[PerfCounterPlugin_processor]
DropTotal=1
Object=Processor
Counter=% Processor Time
CounterFormat=double
CounterMultiply=1.000000
GraphTitle=Processor Time
GraphCategory=system
GraphArgs=--base 1000 -l 0
GraphDraw=LINE

[PerfCounterPlugin_uptime]
; This is a section for the Performance Counter plugin
; The Object and Counter settings are used to access the Performance Counter
; For uptime this would result in \System\System Up Time
; The Graph settings are reported to munin
; The DropTotal setting will drop the last instance from the list, which is often _Total
; Has no effect on single instance counters (Uptime)
; The CounterFormat setting controls what format the counter value is read in as a double, int, or large (int64).
; The plugin always outputs doubles, so this shouldn't have that much effect
; The CounterMultiply setting sets a value the counter value is multiplied by, use it to adjust the scale
; 1.1574074074074073e-005 is the result of(1 / 86400.0), the uptime counter reports seconds and we want to report days.
; So we want to divide the counter value by the number of seconds in a day, 86400.
Object=System
Counter=System Up Time
GraphTitle=Uptime
GraphCategory=system
GraphDraw=AREA
GraphArgs=--base 1000 -l 0
DropTotal=0
CounterFormat=large
CounterMultiply=1.1574074074074073e-005

[SpeedFanPlugin]
BroadcastIP=192.168.0.255
UID=FF671100

Munin a IPCOP

Consulteu IPCOP#Munin_IPCOP.

Protocol Munin

$ telnet localhost 4949
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
# munin node at ubuntuacer 

# Unknown command. Try list, nodes, config, fetch, version or quit
quit
Connection closed by foreign host.

Les ordres possibles són:

list, nodes, config, fetch, version or quit

Munin des de la línia d'ordres

$ sudo su - munin --shell=/bin/bash
munin@ubuntuacer:~$

Fitxers de log

La carpeta és:

/var/log/munin

Els fitxer que hi trobareu són:

munin-graph.log  munin-limits.log          munin-node.log
munin-html.log   munin-node-configure.log  munin-update.log

Podeu monitoritzr la connexió de clients al vostre servidor:

$ sudo tail -f munin-node.log 
2011/02/17-19:35:00 CONNECT TCP Peer: "192.168.202.109:58983" Local: "192.168.202.100:4949"
2011/02/17-19:35:01 CONNECT TCP Peer: "192.168.202.116:41473" Local: "192.168.202.100:4949"
2011/02/17-19:35:01 CONNECT TCP Peer: "127.0.0.1:38195" Local: "127.0.0.1:4949"
2011/02/17-19:35:01 CONNECT TCP Peer: "192.168.202.100:49201" Local: "192.168.202.100:4949"
2011/02/17-19:35:01 CONNECT TCP Peer: "192.168.202.115:35798" Local: "192.168.202.100:4949"
2011/02/17-19:35:02 CONNECT TCP Peer: "192.168.202.110:40479" Local: "192.168.202.100:4949"
2011/02/17-19:35:36 CONNECT TCP Peer: "192.168.202.115:35832" Local: "192.168.202.100:4949"
2011/02/17-19:37:07 CONNECT TCP Peer: "192.168.202.105:48474" Local: "192.168.202.100:4949"
2011/02/17-19:37:21 CONNECT TCP Peer: "192.168.202.116:53670" Local: "192.168.202.100:4949"
2011/02/17-19:37:36 CONNECT TCP Peer: "192.168.202.115:58333" Local: "192.168.202.100:4949"

Plugin SNMP

Munin i Nagios

TODO:

Receiving messages in Nagios ¶

First you need a way for Nagios to accept messages from Munin. Nagios has exactly such a thing, namely the NSCA which is documented here: http://nagios.sourceforge.net/docs/1_0/addons.html#nsca.

NSCA consists of a client (a binary usually named send_nsca and a server usually run from inetd. We recommend that you enable encryption on NSCA communication.

You also need to configure Nagios to accept messages via NSCA. NSCA is, unfortunately, not very well documented in Nagios' official documentation. We'll cover writing the needed service check configuration further down in this document. Configuring Nagios ¶

In the main config file, make sure that the command_file directive is set and that it works. See http://nagios.sourceforge.net/docs/2_0/configmain.html#command_file for details.

Below is a sample extract from nagios.cfg:

command_file=/var/run/nagios/nagios.cmd

The /var/run/nagios directory is owned by the user nagios runs as. The nagios.cmd is a named pipe on which Nagios accepts external input. Configuring NSCA, server side ¶

NSCA is run through (x)inetd. Using inetd, the below line enables NSCA listening on port 5667:

5667 stream tcp nowait nagios /usr/sbin/tcpd /usr/sbin/nsca -c /etc/nsca.cfg --inetd

Using xinetd, the blow line enables NSCA listening on port 5667, allowing connections only from the local host:

  1. description: NSCA (Nagios Service Check Acceptor)

service nsca {

flags           = REUSE
type		 = UNLISTED
port		 = 5667
socket_type     = stream
wait            = no
server          = /usr/sbin/nsca
server_args     = -c /etc/nagios/nsca.cfg --inetd
user            = nagios
group           = nagios
log_on_failure  += USERID
only_from       = 127.0.0.1

}

The file /etc/nsca.cfg defines how NSCA behaves. Check in particular the nsca_user and command_file directives, these should correspond to the file permissions and the location of the named pipe described in nagios.cfg.

nsca_user=nagios command_file=/var/run/nagios/nagios.cmd

Configuring NSCA, client side ¶

The NSCA client is a binary that submits to an NSCA server whatever it received as arguments. Its behaviour is controlled by the file /etc/send_nsca.cfg, which mainly controls encryption.

You should now be able to test the communication between the NSCA client and the NSCA server, and consequently whether Nagios picks up the message. NSCA requires a defined format for messages. For service checks, it's like this: <host_name>[tab]<svc_description>[tab]<return_code>[tab]<plugin_output>[newline]

Below is shown how to test NSCA.

$ /usr/sbin/send_nsca -H localhost -c /etc/send_nsca.cfg foo.example.com test 0 0 1 data packet(s) sent to host successfully.

This caused the following to appear in /var/log/nagios/nagios.log:

[1159868622] Warning: Message queue contained results for service 'test' on host 'foo.example.com'. The service could not be found!

Sending messages from Munin ¶

Messages are sent by munin-limits based on the state of a monitored data source: OK, Warning and Critical. Munin does not currently support a Unknown state (This will be fixed in the future, see Ticket 29 for more information). Configuring munin.conf ¶

Nagios uses the above mentioned send_nsca binary to send messages to Nagios. In /etc/munin/munin.conf, enter this:

contacts nagios contact.nagios.command /usr/bin/send_nsca -H your.nagios-host.here -c /etc/send_nsca.cfg

Be aware that the -H switch to send_nsca appeared sometime after send_nsca version 2.1. Always check send_nsca --help! Configuring Munin plugins ¶

Lots of Munin plugins have (hopefully reasonable) values for Warning and Critical levels. To set or override these, you can change the values in munin.conf. Configuring Nagios services ¶

Now Nagios needs to recognize the messages from Munin as messages about services it monitors. To accomplish this, every message Munin sends to Nagios requires a matching (passive) service defined or Nagios will ignore the message (but it will log that something tried).

A passive service is defined through these directives in the proper Nagios configuration file:

active_checks_enabled 0 passive_checks_enabled 1

A working solution is to create a template for passive services, like the one below:

define service {

       name                            passive-service
       active_checks_enabled           0
       passive_checks_enabled          1
       parallelize_check               1
       notifications_enabled           1
       event_handler_enabled           1
       register                        0
       is_volatile                     1

}

When the template is registered, each Munin plugin should be registered as per below:

define service {

       use                             passive-service
       host_name                       foo
       service_description             bar
       check_period                    24x7
       max_check_attempts              3
       normal_check_interval           3
       retry_check_interval            1
       contact_groups                  linux-admins
       notification_interval           120
       notification_period             24x7
       notification_options            w,u,c,r
       check_command                   check_dummy!0

}

Notes ¶

   * host_name is either the FQDN of the host_name registered to the Nagios plugin, or the host alias corresponding to Munin's notify_alias? directive. The host_name must be registered as a host in Nagios. 
   * service_description must correspond to the plugin's name, and for Nagios to be happy it shouldn't have any special characters. If you'd like to change the service description from Munin, use notify_alias? on the data source. Available in Munin-1.2.5 and later. For earlier versions, see [1081] and #34 for required details. A working example is shown below:
     [foo.example.com]
             address foo.example.com
             df.notify_alias Filesystem usage
             # The above changes from Munin's default "Filesystem usage (in %)"
   What characters are allowed in a Nagios service definition?
   From http://nagios.sourceforge.net/docs/2_0/xodtemplate.html#service:
   service_description: This directive is used to define the description of the service, which may contain spaces, dashes, and colons (semicolons, apostrophes, and quotation marks should be avoided). No two services associated with the same host can have the same description. Services are uniquely identified with their host_name and service_description directives.

This means that lots of Munin plugins will not be accepted by Nagios. This limitation impacts every plugin with special characters in them, e.g. '(', ')', and '%'. Workarounds are described in ticket #34 and the bug has been fixed in the Munin code in changeset 1081.


Alternatively you can use check_munin.pl ( http://www.nagiosexchange.org/Misc.54.0.html?&tx_netnagext_pi1[p_view]=968 ) to gather fresh data from nagios instead of check_dummy Sample munin.conf ¶

To illustrate, a (familiar) sample munin.conf configuration file shows the usage:

contact.nagios.command /usr/local/nagios/bin/send_nsca nagioshost.example.com -c /usr/local/nagios/etc/send_nsca.cfg -to 60

contacts no # Disables warning on a system-wide basis.

[example.com;]

 contacts nagios              # Enables warning through the "nagios" contact for the group example.com

[foo.example.com]

 address localhost
 contacts no                  # Disables warning for all plugins on the host foo.example.com.

[example.com;bar.example.com]

 address bar.example.com
 df.contacts no               # Disables warning on the df plugin only.
 df.notify_alias Disk usage   # Uses the title "Disk usage" when sending warnings through munin-limits
                              # Useful if the receiving end does not accept all kinds of characters
                              # NB: Only available in Munin-1.2.5 or with the patch described in ticket 34.

Setting up Nagios active checks ¶

Use check_munin.pl to get data from munin-node directly info nagios : http://www.nagiosexchange.org/Misc.54.0.html?&tx_netnagext_pi1[p_view]=968 and then use it as a regular check plugin. Basically munin-node become a kind of snmp agent with a lot of preconfigured plugins.

Vegeu també Nagios.

Munin i routerOS

Consulteu Munin i routerOS.

Autenticació

Munin no proporciona cap sistema d'autenticació de per sí, però es pot utilitzar autenticació HTTP.

Ldap

Munin no proporciona cap sistema d'autenticació amb Ldap de per sí, però es pot utilitzar autenticació HTTP amb Ldap.

Un exemple de configuració amb autenticació HTTP i LDAP (primer Ldap i si no funciona aleshores s'utilitzen "usuaris locals")

$ cat /etc/munin/apache.conf
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
       Order allow,deny
       #Allow from localhost 127.0.0.0/8 ::1
	Allow from all
       Options None

	# This file can be used as a .htaccess file, or a part of your apache
	# config file.
	#
	# For the .htaccess file option to work the munin www directory
	# (/var/cache/munin/www) must have "AllowOverride all" or something 
	# close to that set.
	#

	# AuthUserFile /etc/munin/munin-htpasswd
	# AuthName "Munin"
	# AuthType Basic
	# require valid-user
 


	AuthType Basic
	AuthName Calamaris
	AuthUserFile /etc/apache2/users-munin

	AuthBasicProvider ldap file
	AuthzLDAPAuthoritative off
	AuthLDAPURL "ldap://localhost/ou=especials,ou=SocisPremium,ou=socis,ou=All,dc=augute,dc=org?uid?sub"
	AuthLDAPGroupAttributeIsDN off
	AuthLDAPGroupAttribute memberUid

#Local Users
	Require user sergi
	Require user ramon

#Ldap Users
	Require ldap-group cn=munin,ou=groups,ou=especials,ou=SocisPremium,ou=socis,ou=All,dc=augute,dc=org
#	Require ldap-user sergitur



	# This next part requires mod_expires to be enabled.
	#
	
	# Set the default expiration time for files to 5 minutes 10 seconds from
	# their creation (modification) time.  There are probably new files by
	# that time. 
	#

    <IfModule mod_expires.c>
        ExpiresActive On
   	ExpiresDefault M310
   </IfModule>

</Directory>

Vegeu també Apache#Autenticaci.C3.B3_amb_Ldap

Resol·lució de problemes

403 Forbidden

NOTA: Normalment aquest error és degut al fet que encara no s'ha executat Munin per primer cop. Espereu un màxim de 5 minuts o forceu l'execució amb:

$ sudo -u munin /usr/bin/munin-cron

Però també poden ser altres raons. L'important es consultar el fitxer de log d'Apache:

$ sudo tail -f /var/log/apache2/error.log
...

Si l'error és:

[Sat Aug 18 10:17:27 2012] [error] [client 87.111.152.7] client denied by server configuration: /var/cache/munin/www

o similar, aleshores es que no heu canviat la configuració per tal d'indicar quins rangs d'adreces IP són accessibles:

$ sudo joe /etc/apache2/conf.d/munin
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
       Order allow,deny
       Allow from localhost 127.0.0.0/8 ::1
 ...

Si voleu que sigui accesible de tot arreu:

 $ sudo joe 
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
       Order allow,deny
#       Allow from localhost 127.0.0.0/8 ::1
       Allow from all
...

I apliques els canvis:

$ sudo /etc/init.d/apache2 restart

Errors habituals

Consulteu:

Executar el cron de munin manualment

Ho podeu fer més senzillament amb sudo:

$ sudo -u munin /usr/bin/munin-cron

---

El client munin és bàsicament una tasca que s'executa periòdicament amb cron. L'executable és:

/usr/bin/munin-cron

I s'executa cada 5 minuts segons:

# cat /etc/cron.d/munin

Per forçar l'execució de la tasca a mà feu

$ sudo joe /etc/passwd

Busqueu una línia similar a:

munin:x:108:113::/var/lib/munin:/bin/false

i la canvieu per:

munin:x:108:113::/var/lib/munin:/bin/bash

Ara ja podeu iniciar una sessió:

$ su munin
munin@maquina:~$ /usr/bin/munin-cron
$ exit

Desfeu els canvis al fitxer /etc/passwd.

Enllaços externs