Monitoring for Stolen CPU on Linux Servers

From Zenoss Wiki
This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search

Note: This information is also available in the Knowledge Base article "How Do I Monitor for Stolen CPU Cycles on Linux Servers?" on the Zenoss Support portal.


If you are looking for an automated way to add the “CPU steal time” to your overall Linux server monitoring regimen, Zenoss can help.

Just go into the monitoring template for Linux servers and activate the %st counter. Then, if Zenoss detects high steal time, you can drill down directly in the Zenoss console to see which host a VM is running on and immediately discover the CPU utilization. With this information, you’ll be able to determine the best way to get your “stolen CPU” back.

To monitor for stolen CPU:

  1. Ensure that you have Net-SNMP 5.7 or higher installed on the Linux server where you want to monitor for stolen CPU.
  2. Edit the monitoring template used to monitor Linux servers to include the ssCPURawSteal data source. For more information, see “Adding ssCPURawSteal to the Monitoring Template”.
  3. Set up a graph that displays stolen CPU when you view the Linux server. For more information, see “Setting Up a Graph That Displays Stolen CPU”.
  4. Set up a threshold that alerts you when CPU is being stolen. For more information, see “Setting Up a Threshold for Alerting on Stolen CPU”.

For additional information about monitoring for Stolen CPU, see the “Hey! Who Stole My CPU?” article, available on the Zenoss blog.

Adding ssCPURawSteal to the Monitoring Template

To monitor for stolen CPU on Linux servers, first add ssCPURawSteal as a data source to your Linux server monitoring template.

To add the ssCPURawSteal data source the monitoring template used for monitoring Linux servers:

  1. In the Zenoss Console, click the Advanced tab, and then click Monitoring Templates.
  2. In the left tree pane, under Device, click Server/Linux.
  3. Add a new data source for “CPU steal time” by completing the following steps:
    1. In the Data Sources area, click the plus (+) sign.
    2. In the Add Data Source dialog box, in the Name field, type ssCpuRawSteal.
    3. In the Type field, specify SNMP, and then click Submit.
  4. After adding ssCpuRawSteal as a new data source, add the SNMP OID for ssCpuRawSteal by completing the following steps:
    1. Select the ssCpuRawSteal data point, click the gear, or Edit icon, and then click View and Edit Details.
    2. In the OID field, type 1.3.6.1.4.1.2021.11.64.0.
    3. Click Save.
  5. Edit the RRD Type for the data point by completing the following steps:
    1. Under ssCPUawSteal, select ssCPURawSTeal.ssCPURawSteal,click the gear, or Edit icon, and then click View and Edit Details.
    2. In the RRD Type field, select DERIVE from the drop-down list. This calculates the rate at which CPU is being stolen as a percent.
    3. Click Save.

Setting Up a Graph That Displays Stolen CPU

Once you have added ssCPURawSteal as a data source to your Linux server monitoring template, set up a graph that shows stolen CPU for the Linux server. To graph stolen CPU data:

  1. Under Graph Definitions, ensure you have a CPU Utilization graph set.
  2. Under Graph Definitions, select the CPU Utilization graph, and then on the gear button, or Edit button, click Manage Graph Points.
  3. On the Manage Graph Points dialog box, click the plus (+) sign, and then click Data Point.
  4. In the Data Point field, select ssCpuRawSteal.ssCpuRawSteal, and then click Submit.
  5. Click Save.

Now you are monitoring for stolen CPU, and you also have a graph that displays stolen CPU when you go and look at the Linux server.

Setting Up a Threshold for Alerting on Stolen CPU

After you have configured Zenoss to collect and graph stolen CPU data, your final step is to go in and set a threshold so you get an alert when your stolen CPU on a Linux server goes about a certain value.

To generate an alert when stolen CPU passes a certain threshold:

  1. Under Thresholds, click the plus (+) sign.
  2. In the Name field, specify the name you want to use for the threshold. For example, type High Stolen CPU.
  3. In the Type field, select MinMaxThreshold from the drop-down list, and then click Add.
  4. Select the new high stolen CPU threshold you just created, and then and then on the gear button, or Edit button.
  5. On the Edit Threshold dialog box, under Data Points, ensure the ssCPURawStea_SSCPURawSteal data point displays in the Selected column.
  6. In the Maximum Value field, specify a value. For example, if you want to receive an alert when more than 10% of the CPU is being stolen, type 10.
  7. In the Severity field, select a type for the event, such as Warning.
  8. In the Event Class field, specify the event class you want to use, such as /Perf/CPU.
  9. Click Save.


Now you are collecting stolen CPU information from your Linux server. You will receive an alert when the value goes above 10%. You can also see trends over time when you look at the Linux server.