Monitoring

The sar command collects, report, or save UNIX / Linux system activity information. It will save selected counters in the operating system to the /var/log/sa/sadd file. From the collected data, you get lots of information about your server:

  1. CPU utilization
  2. Memory paging and its utilization
  3. Network I/O, and transfer statistics
  4. Process creation activity
  5. All block devices activity
  6. Interrupts/sec etc.

The sar command output can be used for identifying server bottlenecks. However, analyzing information provided by sar can be difficult, so use kSar tool. kSar takes sar command output and plots a nice easy to understand graph over a period of time.
[continue reading…]

Securing your Linux server is important to protect your data, intellectual property, and time, from the hands of crackers (hackers). The system administrator is responsible for security of the Linux box. In this first part of a Linux server security series, I will provide 40 Linux server hardening tips for default installation of Linux system.
[continue reading…]

Need to monitor Linux server performance? Try these built-in commands and a few add-on tools. Most distributions come with tons of Linux monitoring tools. These tools provide metrics which can be used to get information about system activities. You can use these tools to find the possible causes of a performance problem. The commands discussed below are some of the most fundamental commands when it comes to system analysis and debugging Linux server issues such as:

  1. Finding out system bottlenecks
  2. Disk (storage) bottlenecks
  3. CPU and memory bottlenecks
  4. Network bottleneck.

[continue reading…]

The ss command is used to show socket statistics. It can display stats for PACKET sockets, TCP sockets, UDP sockets, DCCP sockets, RAW sockets, Unix domain sockets, and more. It allows showing information similar to netstat command. It can display more TCP and state information than other tools. It is a new, incredibly useful and faster (as compared to netstat) tool for tracking TCP connections and sockets. SS can provide information about:

  • All TCP sockets.
  • All UDP sockets.
  • All established ssh / ftp / http / https connections.
  • All local processes connected to X server.
  • Filtering by state (such as connected, synchronized, SYN-RECV, SYN-SENT,TIME-WAIT), addresses and ports.
  • All the tcp sockets in state FIN-WAIT-1 and much more.

[continue reading…]

The tail command is one of the best tool to view log files in a real time using tail -f /path/to/log.file syntax on a Unix-like systems. The program MultiTail lets you view one or multiple files like the original tail program. The difference is that it creates multiple windows on your console (with ncurses). This is one of those dream come true program for UNIX sys admin job. You can browse through several log files at once and do various operations like search for errors and more.
[continue reading…]

Recently, I noticed that the timeout values differ on CentOS v5.x and RHEL Linux 5.x guests on VMWare ESX4 and ESX3.5. I’ve notices that older ESX 3.5 set a 60 secs timeout and ESX4.x set to 180 secs. Luckly you can fix it easily:
Edit /etc/udev/rules.d/99-vmware-scsi-udev.rules,
# vi /etc/udev/rules.d/99-vmware-scsi-udev.rules
Sample config:

RUN+="/bin/sh -c 'echo 180 >/sys$DEVPATH/device/timeout'"

Find timeout value (180) and change it as per your requirements. Make sure you install the vmware-tools RPM.

I’ve already written about Linux process accounting under Linux ( see how to keep a detailed audit trail of what’s being done on your Linux systems). You can easily setup process accounting under FreeBSD.

FreeBSD Process Accounting

FreeBSD process accounting is a security method in which you can keep track of system resources used, their allocation among users, provide for system monitoring, and minimally track a user’s commands.
[continue reading…]

Nagios is a popular open source computer system and network monitoring application software. You can easily monitor all your hosts, network equipment and services. It can send alert when things go wrong and again when they get better.

The convenience and reliability that monitoring programs offer system administrators is astounding. Whether at home, commuting, or on vacation, admins can continuously monitor their networks, learning of issues long before they become catastrophes.

Nagios, the most popular open source solution for system and network monitoring, is extremely robust, but it’s also intensely complex. This eagerly anticipated revision of the highly acclaimed Nagios: System and Network Monitoring, has been updated to address Nagios 3.0 and will help readers take full advantage of the many powerful features of the new version. Ethan Galstad, the main developer of Nagios, called the first edition of Nagios “incredibly detailed.” He went on to say, “I don’t think I could have gone into that much detail if I wrote a book myself.”

Nagios, which runs on Linux and most *nix variants, can be configured to continuously monitor network services such as SMTP, POP3, HTTP, NNTP, SSH, and FTP. It can also supervise host resources (processor load, disk and memory usage, running processes, log files, and so on) and environmental factors, such as temperature and humidity. Readers of Nagios learn how to:

  • Install and configure the Nagios core, all standard plugins, and selected third-party plugins
  • Configure the notification system
  • Program event handlers to take automatic action when trouble occurs
  • Write Perl plugins to customize Nagios for unique system needs
  • Quickly understand Nagios data using graphing and visualization tools
  • Monitor Windows servers, SAP systems, and databases

This dense, all-inclusive guide to Nagios also contains a chapter that highlights the differences between Nagios versions 2 and 3 and gives practical migration and compatibility tips. Nagios, 2nd Edition is a key resource for any system and network administrator and will ease the pain of network monitoring migraines in no time.

Wolfgang Barth has written several books for professional network administrators, including The Firewall Book (Suse Press), Network Analysis (Suse Press), and Backup Solutions with Linux (Open Source Press). He is a professional system administrator with considerable experience using Nagios.

Book Info

  • Title: Nagios: System and Network Monitoring, 2nd Edition
  • Author: Wolfgang Barth
  • Pub Date: October 2008, 720 pp
  • ISBN 9781593271794, $59.95 USD
  • Download free chapter 18: “NagVis” (PDF)
  • Order info: order@oreilly.com // 1-800-998-9938 // 1-707-827-7000
  • Support nixCraft: Order Nagios: System and Network Monitoring from Amazon.

This is a user contributed tutorial.

Nagios is free, open source host, service and network monitoring services. Nagios provides an extensible framework, that can monitor pretty much anything using plugins. Some of the items that can be monitored using Nagios plugins are listed below.

=> Disk space usage of remote Linux and Windows server
=> CPU Usage
=> Memory usage
=> Hardware Temperature
=> VPN tunnels
=> Router and Switches
=> Databases
=> Network services (DHCP, DNS, LDAP, SMTP etc.)

Nagios Configurations are very granular and managed using following three different category of configuration files:

  • Nagios server and web console configuration files can be used to configure the Nagios server itself. For e.g. Use the nagios.cfg and cgi.cfg
  • Resource files can be used to store user defined macros and sensitive configuration informations such as passwords.
  • Object definition configuration files are used to store information about the hosts, services, commands, contacts, notification period etc.

Nagios has a web front end to display the status. Apart from getting the notification about the hosts and service status through email, SMS etc., you can also see the hosts, services, status through nagios web front end. You can project is on the NOC (Network Operation Center) to view the current status of your whole data center. You can also perform few actions on the web console such as disable and enable notification for a specific service. If you have defined the relationship between your hosts properly in the nagios configuration files, you can use the 3D display view to see a graphical representation of the whole data center visually. This also provides reporting feature where you can view the historic data such as availability of a particular service on a specific host over a period of time.


(Fig. 01 – Nagios web UI displaying status of various services on a Linux host)

Notification process on the Nagios is defined at a very granular level that it covers a wide range of possible scenarios on the notification including escalation process where a specific contact group can be notified if an issues has not been fixed after certain number of initial notifications. This is very helpful to automatically notify the management team about a critical service that was not fixed immediately.

Nagios can also be configured in a distributed setup, where datacenters from different parts of the world can be monitored using local nagios server that can report the status back to a central nagios server. This is achieved by NSCA (Nagios Service Check Acceptor) sending monitoring results from the local nagios server to the central server.

Following articles from The Geek Stuff blog, explains about everything that is required to get a jumpstart on the Nagios installation, configuration on Linux. This also explains about how to monitor Linux and Windows host.