Prepare Remote Device

From Zenoss Wiki
This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search


Before we can monitor a device in Zenoss, we need to ensure that is is properly set up to be monitored. Zenoss does not use agents, but it needs to query the device using some protocol. The "classical" way to monitor devices with Zenoss is to use the Simple Network Management Protocol, also known as SNMP. SSH can be used to monitor Linux and Unix types of systems as an alternative to SNMP. WinRM is used by our latest Zenpack to monitor Windows servers, while the legacy Windows Zenpacks offered either WMI or SNMP.

We also support various APIs, such as the Amazon EC2 and CloudStack API, for monitoring cloud services.

Once we select a protocol to use for monitoring, we need to ensure that Zenoss is configured with the proper credentials to access the remote system, which is typically done using zProperties.

Bulbgraph.png Note: ICMP echo (ping) is also used automatically by Zenoss to perform frequent checks to ensure that devices are "up". Devices are pinged once every 60 seconds, while SNMP and SSH monitoring happen once every 5 minutes by default. ICMP monitoring is enabled by default and doesn't require any manual configuration steps.

Linux SNMP-based Monitoring

For using SNMP-based monitoring, all you need to do is to ensure that SNMP is enabled on your device. On Linux systems, this can be done by ensuring that snmpd is running and that you have a read-only public community specified on the server. Here is a minimal /etc/snmp/snmpd.conf configuration that will get the job done:

A default configuration can be found below and at http://pastebin.com/WgNGdCt6

trapsink  192.168.0.1 public
trap2sink  192.168.0.1 public
authtrapenable  1
rocommunity  public

syslocation  "Set this to the location"
syscontact  whoever@contact.com

sysservices 76

load  5 5 5

com2sec paranoid  default         public
group MyROSystem v1        paranoid
group MyROSystem v2c       paranoid
group MyROSystem usm       paranoid
group MyROGroup v1         readonly
group MyROGroup v2c        readonly
group MyROGroup usm        readonly
group MyRWGroup v1         readwrite
group MyRWGroup v2c        readwrite
group MyRWGroup usm        readwrite
view all    included  .1                               80
view system included  .iso.org.dod.internet.mgmt.mib-2.system
access MyROSystem ""     any       noauth    exact  system none   none
access MyROGroup ""      any       noauth    exact  all    none   none
access MyRWGroup ""      any       noauth    exact  all    all    none

This is all that Linux devices in the /Server/Linux Device Class require for SNMP-based modeling and monitoring to function. It is also possible to Configure SNMPv3, which provides strong authentication and encryption for all SNMP traffic.

Switch/Router SNMP Monitoring

Zenoss has very good defaults for SNMP monitoring of network devices such as switches or routers. Simply placing the device in the /Network, /Network/Switch, /Network/Router, or /Network/Cisco Device Class and ensuring that a public community is enabled on the remote device is generally sufficient for monitoring network equipment via SNMP.

Linux SSH Monitoring

Zenoss is also capable of monitoring systems using a direct SSH connection. Zenoss does not typically require root access for collecting remote server information. The use of a public/private SSH key pairs as well as traditional passwords are supported for SSH authentication.

To use a username/password for SSH authentication

  1. Select Configuration Properties from the left-hand pane to access zProperties.
  2. Ensure that a zCommandUsername is set to the username to use for remote access to the server. If blank, the remote access username defaults to zenoss.
  3. Similarly, select zCommandPassword and enter a password.

To use a SSH private/public key pair for SSH authentication

  1. Select Configuration Properties from the left-hand pane to access zProperties.
  2. Ensure that a zCommandUsername is set to the username to use for remote access to the server. If blank, the remote access username defaults to zenoss
  3. Ensure that a zKeyPath is set properly -- the default is ~/.ssh/id_dsa. The tilde is short-hand for the zenoss user home directory (/home/zenoss)
  4. You will need to generate a DSA key as the zenoss user:
    1. Type ssh-keygen -t dsa as the zenoss user. A public and private key will be generated and placed in ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub, respectively.
    2. You will now need to append the contents of the ~/.ssh/id_dsa.pub file to the remote server's ~/.ssh/authorized_keys file to allow access.
    3. Bulbgraph.png Note: For Zenoss 5.X, the above operations need to be carried out in a Zope container. Since ~/.ssh/id_dsa.pub is part of the Zenoss 5.X DFS (Distributed Filesystem) there is no need to commit the container. Also this implies that the SSH credentials will persist beyond any upgrades.

Bulbgraph.png Note: Remember, you can set zProperties on a per-device basis, or set them for an entire Device Class. If set for an entire Device Class, they will be inherited by all child devices and Device Classes unless overridden. See zProperties for more information.

Once SSH password-based or RSA/DSA key-based authentication has been enabled and the device has been placed in the /Server/SSH/Linux Device Class, Zenoss will be able to model and monitor it.