OpenBSD monitoring with symon

       357 words, 2 minutes

symon says it is a “system monitor for FreeBSD, NetBSD, OpenBSD and Linux. It can be used to obtain accurate and up to date information on the performance of a number of systems”. What I like is that it is lightweight and quite straight forward to implement.

Here’s how I configured it on my OpenBSD box. Note that my box is both a client and a server regarding monitoring events.

The central monitoring service

Install the binary package and configure the system:

# pkg_add symon-mux
# groupadd -g 666 _symon
# useradd -m -u 666 -g _symon -s /sbin/nologin -d /nonexistent _symon
# vi /etc/symux.conf
mux 127.0.0.1 2100

source 127.0.0.1 {
        accept { cpu(0),  mem,
                 pf,
                 mbuf,
                 sensor(cpu0.temp0),
                 sensor(cpu1.temp0),
                 sensor(acpitz0.temp0),
                 proc(httpd),
                 if(lo0), if(bge0)
                 io(sd0)
        }
        datadir "/var/www/symon/rrds/localhost"
}
# mkdir -p -m 0755 /var/www/symon/rrds/localhost
# /usr/local/share/symon/c_smrrds.sh all

To solve the “fatal: could not get a shared memory identifier” error, you have to rise the shared memory counters:

# sysctl -w kern.shminfo.shmall=32768
kern.shminfo.shmall: 8192 -> 32768
# vi /etc/sysctl.conf
kern.shminfo.shmall=32768

Then, start the daemon and configure the autostart process:

# /usr/local/libexec/symux
# vi /etc/rc.local
(...)
if [ -x /usr/local/libexec/symux ]; then
        echo -n ' symux';
        /usr/local/libexec/symux
fi
(...)

The monitored host

Install the binary package and configure the monitoring process:

# pkg_add symon-mon
# vi /etc/symon.conf
monitor { cpu(0),  mem,
          pf,
          mbuf,
          sensor(cpu0.temp0),
          sensor(cpu1.temp0),
          sensor(acpitz0.temp0),
          proc(httpd),
          if(lo0), if(bge0),
          io(sd0)
} stream to 127.0.0.1 2100

Then, start the daemon and configure the autostart process:

# /usr/local/libexec/symon
# vi /etc/rc.local
(...)
if [ -x /usr/local/libexec/symon ]; then
        echo -n ' symon';
        /usr/local/libexec/symon
fi
(...)

The summary Web page

Install the binary package and configure the Web part:

# pkg_add syweb
# /var/www/symon/install_rrdtool.sh
rrdtool and libs installed in apache root
# vi /var/www/conf/httpd.conf
(...)
Alias /syweb/ "/var/www/htdocs/syweb/"
(...)
<Directory "/var/www/htdocs/syweb">
        Options None
        AllowOverride None
        Order allow,deny
        Allow from all

        SSLVerifyClient none
        SSLRequireSSL
</Directory>
(...)

I want to authenticate the user before displaying the web page. This is why I use the Apache LDAP authentication module:

# pkg_add mod_auth_ldap
# /usr/local/sbin/mod_auth_ldap-enable
# vi /var/www/conf/httpd.conf
(...)
<Directory "/var/www/htdocs/syweb">
(...)
        AuthName "Staff only"
        AuthType Basic
        AuthLDAPURL ldap://ldaphost/ou=admin,dc=tumfatig,dc=net?mail
        require valid-user
</Directory>

This is it m8s!