action.skip

Preparing devices

Collection Zones use collectors to gather data from a wide variety of devices, using the method that is best suited to each device type. For example, most network devices (switches, routers, and so on) support the Simple Network Management Protocol (SNMP). Windows devices support WinRM, which is a WSMAN -based mechanism for communicating with devices running Microsoft Windows.

For each device type, some end-device configuration may be required. For more information about preparing specific devices, see the ZenPack catalog.

Configuring Linux devices to provide data through SNMP

To configure a Linux machine for monitoring, it must have SNMP installed. A good Linux SNMP application is net-snmp. Download, install, and configure net-snmp to then use SNMP to monitor Linux devices.

To monitor Linux devices via SNMP, add them to the default /Server/Linux device class.

SNMP v2c configuration

SNMP version v2c requires only an SNMP community string. To configure your Collection Zone to monitor Linux servers, set the zSnmpCommunity property to the configured community string value.

Required properties and values:

Setting zProperty Name Value
SNMP Version zSnmpVer v2c
Community String zSnmpCommunity public

A sample snmpd.conf file configured for v2c access might look like the following:

rocommunity public

Note

"Public" is a common read-only SNMP community string. When configuring your devices for SNMP-based modeling/monitoring, you should use a unique value.

SNMP v3 configuration

SNMP version v3 configuration is more complex, but adds authentication and encryption (if configured to do so).

Required properties and values:

Setting zProperty Name Value
SNMP Version zSnmpVer v3
Security Name zSnmpSecurityName zenmonitor
Authentication Type zSnmpAuthType (MD5|SHA)
Authentication Password zSnmpAuthPassword authentication password
Privacy Type zSnmpPrivType (AES|DES)
Privacy Password zSnmpPrivPassword privacy password

Configuring an SNMP v3 user on Linux hosts is easily accomplished with the net-snmp-config --create-snmpv3-user command, which may require the installation of the libsnmp-dev package, depending on your OS.

systemctl stop snmpd
sudo net-snmp-config --create-snmpv3-user -ro -a SHA -A authenticationpassword -x DES -X privacypassword zenmonitor
systemctl start snmpd

Note

The net-snmp-config --create-snmpv3-user -ro command can be run without additional flags to launch interactive mode. This may be useful if you'd like to avoid passphrases in your shell history.

To confirm communication from snmpd, you can perform an snmpwalk:

snmpwalk -v3 -u zenmonitor -l authPriv -a SHA -A authenticationpassword -x DES -X privacypassword localhost

Note

  • SNMP v3 can be configured to use no authentication or privacy, authentication without privacy, or authentication with privacy. If zSnmpPrivType and zSnmpPrivPassword are set, zSnmpAuthType and zSnmpAuthPassword must also be set.
  • The displayed zSnmpAuthPassword and zSnmpPrivPassword listed above are for reference only; your organization should use unique values.

Configuring Linux devices to provide data through SSH

To configure a Linux machine for monitoring through SSH, it must be running an SSH server and be accessible remotely. For information on creating a monitoring user account, please refer to the Linux Monitor ZenPack documentation.

To monitor Linux devices via SSH, add them to the default /Server/SSH/Linux device class.

Password-based authentication

Monitoring over SSH requires the user credentials of the monitoring user account. Key-based authentication will be attempting first, falling back to password-based authentication in the absence of an appropriate key.

Required properties and values:

Setting zProperty Name Value
Username zCommandUsername zenmonitor
Password zCommandPassword password

Key-based authentication

Monitoring over SSH with public key authentication requires that monitored devices have the public portion of the key added to the ~/.ssh/authorized_keys file for the monitoring users. The private portion of the key is installed on the collector appliances. You or Zenoss can generate a key pair for use in SSH connections. Zenoss Support installs the private key on collector appliances and you distribute the public key to your monitored devices.

Setting zProperty Name Value
Username zCommandUsername zenmonitor
Password zCommandPassword password
Private key file zKeyPath ~/.ssh/id_dsa

Note

Key pairs generated with a passphrase require that zCommandPassword be set to the value of that passphrase. Key pairs generated without a passphrase require that zCommandPassword remain empty. For alternate values of zKeyPath, please consult Zenoss Support.

Configuring Windows devices to provide data through SNMP

To monitor Microsoft Windows Server 2008 R2 systems, Zenoss Cloud uses SNMP v1/v2 or WinRM. (There is no SNMP v3 support.) For Windows Server 2012 and Windows Server 2016, Microsoft has deprecated SNMP support.

By default, Windows may not have SNMP installed. To install SNMP on your particular version of Windows, please refer to the Microsoft documentation.

After setting up and configuring the SNMP service, you must set the zSnmpCommunity string in Zenoss Cloud to match, to obtain SNMP data.

To set up WinRM on a Windows device, refer to the article in the Microsoft Windows ZenPack documentation.

Forwarding syslog messages

Forwarding syslog messages from UNIX/Linux devices

Collection Zone has its own syslog server (zensyslog). Managed devices should point their syslog daemons to the system.

To do this, edit the /etc/rsyslog.conf file and add an entry, where 192.0.2.10 is the collector appliance IP or virtual IP:

  1. Log in to the target device as a super user.

  2. Open the /etc/rsyslog.conf file with a text editor (such as vi).

  3. Enter the log facility and priority, in the format facility.priority. (for example kern.warning), and then press the Tab key.

  4. Enter the host name or IP address of the server. For example:

    kern.warning @192.0.2.10

  5. Save the file and exit the file editor program.

  6. Restart the Syslog service using the command below:

    /etc/init.d/syslog restart

Forwarding syslog messages from a Cisco IOS router

Here are some Cisco commands to turn on syslog. Typically, it is easier to use syslog than SNMP traps from network devices. The most basic IOS command to send syslog messages is:

logging 192.0.2.10

Forwarding syslog messages from a Cisco CatOS switch

To forward a syslog message from a Cisco CatOS switch, where 192.0.2.10 is the collector appliance IP or virtual IP:

  1. Log in to the target switch.

  2. Type the command enable at the prompt.

  3. Enter the password when prompted.

  4. Set the Syslog forwarding mechanism; for example:

    set logging server 192.0.2.10

  5. You can set the types of logging information that you want the switch to provide with the commands below as examples:

    set logging level mgmt 7 default set logging level sys 7 default set logging level filesys 7 default

Other Cisco syslog configurations

Following are additional configurations for other Cisco devices. To set up these configurations:

  1. Log in to the target router.
  2. Type the command enable at the prompt.
  3. Once you are prompted for a password, enter the correct password.
  4. Type the command config at the prompt.
  5. Type the command terminal at the configuration prompt.

  6. At the prompt, set the Syslog forwarding mechanism. See example below:

    logging 192.0.2.10

  7. Exit out all the prompts to the main router prompt.

Catalyst

set logging server enable set logging server 192.0.2.10 set logging level all 5 set logging server severity 6

Local Director

syslog output 20.5 no syslog console syslog host 192.0.2.10

PIX Firewalls

logging on logging standby logging timestamp logging trap notifications logging facility 19 logging host inside 192.0.2.10

Forwarding syslog messages using syslog-ng

Here is an example for FreeBSD and Linux platforms.

  1. Log in to the target device as a super user.

  2. Open /etc/syslog-ng/syslog-ng.conf file with a text editor.

  3. Add source information to file. See the following examples:

    FreeBSD:

    source src { unix-dgram("/var/run/log"); internal ();};

    Linux: (will gather both system and kernel logs)

    source src { internal(); unix-stream("/dev/log" keep-alive(yes) max-connections(100)); pipe("/proc/kmsg"); udp(); };

  4. Add destination information (in this case, the server). For example:

    log { source(src); destination(zenoss); };