I have challenge to Monitor some of the process running or not on Linux
There are many ways you can perform this Monitoring, But if you have centralize NMS and people do not have enough experience on Linux this steps help to Monitor extended MIB to poll and get outcome of Process running or not.
by default you can only Monitor certain system inputs using SNMP Like :
- CPU
- RAM
- HDD space
- Interface
But if you like to Monitor NTP Process or Squid process working or not ( you need to Login got Linux and check with status of service or using ps -ef command. (its not easy task if you looking to Monitor 100 of Servers to login and check ps -ef or status every 5min or 10min ….so on.)
So i found good documentation online let me put them order what i have done so people can easily refer.
- Install SNMP package on Linux (i am referring Ubuntu here – its same other distro’s)
Login to Ubuntu Server using SSH
Update packages :
#apt-get update
#apt-get -y install snmp snmpd snmp-mibs-downloader libnet-snmp-perl snmptrapd
Note : I am installing SNMP trapd , so from Linux you can also send SNMP trap to NMS server, based on that you can make any action.
If you do not need SNMPtrap package. use below packages only.
#apt-get -y install snmp snmpd snmp-mibs-downloader
by default after installation snmp start automatically (and open for the people to use public community)
we need to tweak as per the security best practice.
Stop the SNMP Service and make changes.
#/etc/init.d/snmpd stop
backup the old config – so in case required we can move the config to default if we like to roleback.
#cd /etc/snmp
#cp snmpd.conf snmpd.back
editing snmpd config and make basic config.
#vi snmpd.conf ( add below basic config to work – more information refer Manuals)
sysLocation – Where this Server Located (so in NMS it will automatically placed in that Location)
sysContact – Team who manages this Server
sysServices 72
master agentx
agentaddress 127.0.0.1,[::1]
agentAddress udp:x.x.x.x:161 (x.x.x.x – replace with Server IP address, so SNMP can listen on that IP address).
view systemonly included .1.3.6.1.2.1.1
view systemonly included .1.3.6.1.2.1.25.1
extend squid-status /usr/bin/sudo /bin/sh /etc/snmp/squid-status.sh – this is the example i used for Squid process to check up or down) – you will the File content Later in this steps
extend squid-clients /usr/bin/sudo /etc/snmp/squid-tcp-connections.sh – this will show you how many TCP connection Squid using.
rouser authPrivUser authpriv -V systemonly
includeDir /etc/snmp/snmpd.conf.d
Saving the config
:wq!
Creating the SNMPv3 user (this is more secure to use v3)
#net-snmp-create-v3-user -ro -A xxxxxxxxxxxxxxxxxxxxx -a SHA -X yyyyyyyyyyyyyyyyy -x AES BB-snmpv3-User
Create below files using vi editor with the content posted
Create a File squid-status.sh
!/bin/sh
NUMPIDS=sudo /bin/netstat -lnptu | grep -i squid | grep -c :3128
exit $NUMPIDS
Create a File squid-tcp-connections.sh
!/bin/sh
NUMPIDS=sudo /usr/bin/ss -s | head -1 | awk '{ print $2 }'
exit $NUMPIDS
change the file to executable.
#chmod +x squid-status.sh
#chmod +x squid-tcp-connections.sh
Start the SNMP Service
#/etc/init.d/snmpd start
check the status
#/etc/init.d/snmpd status
Testing :
From NMS Server try polling using snmpwalk.
#snmpwalk -v3 -l authPriv -u BB-snmpv3-User -a SHA -A “xxxxxxxxxxxxx” -x AES -X “yyyyyyyyyy” x.x.x.x NET-SNMP-EXTEND-MIB::nsExtendObjects
Good Luck….Happy Learninggggggggggggggggg!