Preparing devices

Collection Zones use collectors to gather data from a wide variety of devices, using the method that is best suited to each device type. For example, most network devices (switches, routers, and so on) support the Simple Network Management Protocol (SNMP). Windows devices support WinRM, which is a WSMAN-based mechanism for communicating with devices running Microsoft Windows.

For each device type, some end-device configuration may be required. For more information about preparing specific devices, see the ZenPack catalog.

Configuring Linux devices to provide data through SNMP

To configure a Linux machine for monitoring, it must have SNMP installed. Net-SNMP is a widely used, open source SNMP application suite. Download, install, and configure Net-SNMP to then use SNMP to monitor Linux devices.

On the Zenoss side, to monitor Linux devices via SNMP, add them to the default /Server/Linux device class.

SNMP v2c configuration

SNMP version v2c requires only an SNMP community string. To configure your Collection Zone to monitor Linux servers, set the zSnmpCommunity configuration property to the community string value as set in your SNMP configuration.

Required properties and values:

Setting	zProperty Name	Value
SNMP Version	zSnmpVer	v2c
Community String	zSnmpCommunity	public

A minimal snmpd.conf file configured for v2c access might look like the following:

rocommunity public

Note

"public" is a common read-only SNMP community string. When configuring your devices for SNMP-based modeling/monitoring, you should use a unique community string value.

SNMP v3 configuration

SNMP version v3 configuration is more complex, but adds authentication and encryption (if configured to do so).

Required properties and values:

Setting	zProperty Name	Value
SNMP Version	zSnmpVer	v3
Security Name	zSnmpSecurityName	zenmonitor
Authentication Type	zSnmpAuthType	(MD5|SHA)
Authentication Password	zSnmpAuthPassword	authentication password
Privacy Type	zSnmpPrivType	(AES|DES)
Privacy Password	zSnmpPrivPassword	privacy password

Configuring an SNMP v3 user on Linux hosts is easily accomplished with the net-snmp-config --create-snmpv3-user command, which may require the installation of the libsnmp-dev package, depending on your OS.

systemctl stop snmpd
sudo net-snmp-config --create-snmpv3-user -ro -a SHA -A authenticationpassword -x DES -X privacypassword zenmonitor
systemctl start snmpd

Note

The net-snmp-config --create-snmpv3-user -ro command can be run without additional flags to launch interactive mode. This may be useful if you'd like to avoid passphrases in your shell history.

To confirm communication from snmpd, you can perform an snmpwalk:

snmpwalk -v3 -u zenmonitor -l authPriv -a SHA -A authenticationpassword -x DES -X privacypassword localhost

Note

• SNMP v3 can be configured to use no authentication or privacy, authentication without privacy, or authentication with privacy. If zSnmpPrivType and zSnmpPrivPassword are set, zSnmpAuthType and zSnmpAuthPassword must also be set.
• The values displayed for zSnmpAuthPassword and zSnmpPrivPassword shown above are for reference only; your organization should use unique values.

Configuring Linux devices to provide data through SSH

To configure a Linux machine for monitoring through SSH, it must be running an SSH server and be accessible remotely. For information on creating a user account for monitoring, see the Linux Monitor ZenPack documentation.

To monitor Linux devices via SSH, add them to the default /Server/SSH/Linux device class.

Password-based authentication

Monitoring over SSH requires the user credentials of the monitoring user account. Key-based authentication will be attempting first, falling back to password-based authentication in the absence of an appropriate key.

Required properties and values:

Setting	zProperty Name	Value
Username	zCommandUsername	zenmonitor
Password	zCommandPassword	password

Key-based authentication

Monitoring over SSH with public key authentication requires that monitored devices have the public portion of the key added to the ~/.ssh/authorized_keys file for the monitoring users. The private portion of the key is installed on the collector appliances. You or Zenoss can generate a key pair for use in SSH connections. Zenoss Support installs the private key on your collector appliances, and you distribute the public key to your monitored devices.

Setting	zProperty Name	Value
Username	zCommandUsername	zenmonitor
Password	zCommandPassword	password
Private key file	zKeyPath	~/.ssh/id_dsa

Note

Key pairs generated with a passphrase require that zCommandPassword be set to the value of that passphrase. Key pairs generated without a passphrase require that zCommandPassword remain empty. For alternate values of zKeyPath, please consult Zenoss Support.

Configuring Windows devices to provide data through SNMP

To monitor Microsoft Windows Server 2008 R2 systems, Zenoss Cloud uses SNMP v1/v2 or WinRM. (There is no SNMP v3 support.) For Windows Server 2012 and Windows Server 2016, Microsoft has deprecated SNMP support.

By default, Windows may not have SNMP installed. To install SNMP on your particular version of Windows, please refer to the Microsoft documentation.

After setting up and configuring the SNMP service, you must set the zSnmpCommunity string in Zenoss Cloud to match, to obtain SNMP data.

To set up WinRM on a Windows device, refer to the article in the Microsoft Windows ZenPack documentation.

Forwarding syslog messages

Forwarding syslog messages from UNIX/Linux devices

Each Collection Zone has its own syslog server (zensyslog). Managed devices should point their syslog daemons to the system.

To do this, edit the /etc/rsyslog.conf file and add an entry. In the example below, 192.0.2.10 is used as the collector appliance IP or virtual IP. Contact Zenoss Support if you are unsure of the IP address to use in your environment.

1. Log in to the target device as a superuser.

2. Open the /etc/rsyslog.conf file with a text editor (such as vi or nano).

3. Enter the log facility and priority, in the format facility.priority (for example kern.warning), and then press the Tab key.

4. Enter the host name or IP address of the collector host. For example:

   kern.warning @192.0.2.10
   

5. Save the file and exit the editor.

6. Restart the syslog service using the command below:

   service rsyslog restart
   

Forwarding syslog messages from a Cisco IOS router

In the examples below, 192.0.2.10 is used as the collector appliance IP or virtual IP. Contact Zenoss Support if you are unsure of the IP address to use in your environment.

Here are some Cisco commands to enable syslog. Typically, it is easier to use syslog than SNMP traps from network devices. The most basic IOS command to send syslog messages is:

logging 192.0.2.10

Forwarding syslog messages from a Cisco CatOS switch

To forward a syslog message from a Cisco CatOS switch, where 192.0.2.10 is the collector appliance IP or virtual IP:

1. Log in to the target switch.

2. Type the command enable at the prompt.

3. Enter the password when prompted.

4. Set the Syslog forwarding mechanism; for example:

   set logging server 192.0.2.10
   

5. You can set the types of logging information that you want the switch to provide with the commands below as examples:

   set logging level mgmt 7 default set logging level sys 7 default set logging level filesys 7 default
   

Other Cisco syslog configurations

Following are additional configurations for other Cisco devices. To set up these configurations:

1. Log in to the target router.
2. Enter enable at the prompt.
3. Enter the password when prompted.
4. Enter config at the prompt.
5. Enter terminal at the configuration prompt.

6. At the prompt, set the syslog forwarding mechanism. See the example below:

   logging 192.0.2.10
   

7. Exit out of all the prompts to the main router prompt.

CatalystLocal DirectorPIX Firewalls

set logging server enable set logging server 192.0.2.10 set logging level all 5 set logging server severity 6

syslog output 20.5 no syslog console syslog host 192.0.2.10

logging on logging standby logging timestamp logging trap notifications logging facility 19 logging host inside 192.0.2.10

Forwarding syslog messages using syslog-ng

Here is an example for FreeBSD and Linux platforms.

1. Log in to the target device as a superuser.

2. Open the /etc/syslog-ng/syslog-ng.conf file with a text editor.

3. Add the source information to file. See the following examples:

   FreeBSDLinux

   source src { unix-dgram("/var/run/log"); internal ();};
   

   (Will gather both system and kernel logs)

   source src { internal(); unix-stream("/dev/log" keep-alive(yes) max-connections(100)); pipe("/proc/kmsg"); udp(); };
   

4. Add destination information (in this case, the server). For example:

   log { source(src); destination(zenoss); };