Prepare Remote Device
Before we can monitor a device in Zenoss, we need to ensure that is is properly set up to be monitored. Zenoss does not use agents, but it needs to query the device using some protocol. The "classical" way to monitor devices with Zenoss is to use the Simple Network Management Protocol, also known as SNMP. SSH can be used to monitor Linux and Unix types of systems as an alternative to SNMP. WinRM is used by our latest Zenpack to monitor Windows servers, while the legacy Windows Zenpacks offered either WMI or SNMP.
We also support various APIs, such as the Amazon EC2 and CloudStack API, for monitoring cloud services.
Once we select a protocol to use for monitoring, we need to ensure that Zenoss is configured with the proper credentials to access the remote system, which is typically done using zProperties.
Note: ICMP echo (ping) is also used automatically by Zenoss to perform frequent checks to ensure that devices are "up". Devices are pinged once every 60 seconds, while SNMP and SSH monitoring happen once every 5 minutes by default. ICMP monitoring is enabled by default and doesn't require any manual configuration steps.
Contents
Linux SNMP-based Monitoring
For using SNMP-based monitoring, all you need to do is to ensure that SNMP is enabled on your device. On Linux systems, this can be done by ensuring that snmpd is running and that you have a read-only public community specified on the server. Here is a minimal /etc/snmp/snmpd.conf configuration that will get the job done:
A default configuration can be found below and at http://pastebin.com/WgNGdCt6
trapsink 192.168.0.1 public trap2sink 192.168.0.1 public authtrapenable 1 rocommunity public syslocation "Set this to the location" syscontact whoever@contact.com sysservices 76 load 5 5 5 com2sec paranoid default public group MyROSystem v1 paranoid group MyROSystem v2c paranoid group MyROSystem usm paranoid group MyROGroup v1 readonly group MyROGroup v2c readonly group MyROGroup usm readonly group MyRWGroup v1 readwrite group MyRWGroup v2c readwrite group MyRWGroup usm readwrite view all included .1 80 view system included .iso.org.dod.internet.mgmt.mib-2.system access MyROSystem "" any noauth exact system none none access MyROGroup "" any noauth exact all none none access MyRWGroup "" any noauth exact all all none
This is all that Linux devices in the /Server/Linux Device Class require for SNMP-based modeling and monitoring to function. It is also possible to Configure SNMPv3, which provides strong authentication and encryption for all SNMP traffic.
Switch/Router SNMP Monitoring
Zenoss has very good defaults for SNMP monitoring of network devices such as switches or routers. Simply placing the device in the /Network, /Network/Switch, /Network/Router, or /Network/Cisco Device Class and ensuring that a public community is enabled on the remote device is generally sufficient for monitoring network equipment via SNMP.
Linux SSH Monitoring
Zenoss is also capable of monitoring systems using a direct SSH connection. Zenoss does not typically require root access for collecting remote server information. The use of a public/private SSH key pairs as well as traditional passwords are supported for SSH authentication.
To use a username/password for SSH authentication
- Select Configuration Properties from the left-hand pane to access zProperties.
- Ensure that a zCommandUsername is set to the username to use for remote access to the server. If blank, the remote access username defaults to zenoss.
- Similarly, select zCommandPassword and enter a password.
To use a SSH private/public key pair for SSH authentication
- Select Configuration Properties from the left-hand pane to access zProperties.
- Ensure that a zCommandUsername is set to the username to use for remote access to the server. If blank, the remote access username defaults to zenoss
- Ensure that a zKeyPath is set properly -- the default is ~/.ssh/id_dsa. The tilde is short-hand for the zenoss user home directory (/home/zenoss)
- You will need to generate a DSA key as the zenoss user:
- Type ssh-keygen -t dsa as the zenoss user. A public and private key will be generated and placed in ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub, respectively.
- You will now need to append the contents of the ~/.ssh/id_dsa.pub file to the remote server's ~/.ssh/authorized_keys file to allow access.
-
Note: For Zenoss 5.X, the above operations need to be carried out in a Zope container. Since ~/.ssh/id_dsa.pub is part of the Zenoss 5.X DFS (Distributed Filesystem) there is no need to commit the container. Also this implies that the SSH credentials will persist beyond any upgrades.
Note: Remember, you can set zProperties on a per-device basis, or set them for an entire Device Class. If set for an entire Device Class, they will be inherited by all child devices and Device Classes unless overridden. See zProperties for more information.
Once SSH password-based or RSA/DSA key-based authentication has been enabled and the device has been placed in the /Server/SSH/Linux Device Class, Zenoss will be able to model and monitor it.