lost and found ( for me ? )

Monitoring DNS traffic via munin

OS: Fedora 11

unbound はソースからインストール
unbound 1.3.0

munin はyum でインストール

munin-node が daemon。

# yum install -y munin-node.noarch munin.noarch

munin の設定ファイル。

/etc/munin

munin-node.conf munin.conf

プラグイン

# ls /etc/munin/plugins/
cpu forks iostat netstat processes swap
df if_err_eth0 irqstats ntp_offset sendmail_mailqueue vmstat
df_inode if_eth0 load open_files sendmail_mailstats
entropy interrupts memory open_inodes sendmail_mailtraffic

これらはシンボリックリンクがはってある。

# ls -l /etc/munin/plugins/cpu
lrwxrwxrwx 1 root root 28 2009-06-28 00:52 /etc/munin/plugins/cpu -> /usr/share/munin/plugins/cpu

unbound の下記ページを参照。

http://www.unbound.net/documentation/howto_statistics.html

Statistics with Munin

unboundのプラグインはuboundのソースに含まれている。( contrib ディレクトリ下 )

# cp unbound_munin_ /usr/local/etc/unbound/

シンボリックリンクをはる。

# ln -s /usr/local/etc/unbound/unbound_munin_ /etc/munin/plugins/unbound_munin_hits

unbound.conf の編集

statistics-interval: 0
statistics-cumulative: no

muninの設定

追加

# cat /etc/munin/plugin-conf.d/munin-node
[unbound*]
user root

ファイルを作成

# cat /etc/munin/plugin-conf.d/unbound
[unbound*]
user root
env.statefile /var/lib/munin/plugin-state/unbound-state
env.unbound_conf /usr/local/etc/unbound/unbound.conf
env.unbound_control /usr/local/sbin/unbound-control
env.spoof_warn 1000
env.spoof_crit 100000

# unbound-control reload
ok

munin-node を起動

# /etc/init.d/munin-node start
Starting Munin Node: [ OK ]

http:://127.1:4949でアクセスできる。

# less /etc/munin/munin-node.conf

# Which address to bind to;
host *
# host 127.0.0.1

# And which port
port 4949

# netstat -an | grep 4949
tcp 0 0 0.0.0.0:4949 0.0.0.0:* LISTEN
ブラウザでアクセスしてもグラフが表示されない。。

# Unknown command. Try list, nodes, config, fetch, version or quit
# Unknown command. Try list, nodes, config, fetch, version or quit
# Unknown command. Try list, nodes, config, fetch, version or quit
muninのログにunbound.conf のパーミッションdenyのログがでてるなー。

/var/log/munin/munin-node.log

[1245340683] unbound-control[3504:0] error: Could not open /etc/unbound/unbound.conf: Permission denied

telnet してみると応答がある。
munin-node がオープンするポートは telnet 待ち受けポートであって、httpではない
気がしてきた。

# telnet 127.1 4949
Trying 127.0.0.1...
Connected to 127.1.
Escape character is '^]'.
# munin node at arizona.localdomain
help
# Unknown command. Try list, nodes, config, fetch, version or quit
list
open_inodes sendmail_mailtraffic if_err_eth0 entropy irqstats sendmail_mailstats if_eth0 processes unbound_munin_hits df netstat interrupts swap load ntp_offset sendmail_mailqueue cpu df_inode open_files forks iostat memory vmstat
Connection closed by foreign host.
#

nboundのグラフができとらんなー。

# pwd
/var/www/html/munin/localhost
# ls *unbound*

unboundのpluginファイルがいけないのかなー。

localhost-unbound_munin_hits.html
/etc/munin/plugins/unbound_munin_hits: line 163: /var/lib/munin/plugin-state: Is a directory
Plugin "unbound_munin_hits" exited with status 256. --error retrieving data from unbound server


これが原因か。。

# less -N /etc/munin/plugins/unbound_munin_hits

25 # env.statefile /usr/local/var/munin/plugin-state/unbound-state

編集。ディレクトリをmuninとあわせる。

# vi /etc/munin/plugins/unbound_munin_hits

[unbound*]
user root
# env.statefile /usr/local/var/munin/plugin-state/unbound-state
env.statefile /var/lib/munin/plugin-state/unbound-state
env.unbound_conf /usr/local/etc/unbound/unbound.conf
env.unbound_control /usr/local/sbin/unbound-control
env.spoof_warn 1000
env.spoof_crit 100000


# touch /var/lib/munin/plugin-state/unbound-state

munin再起動

# /etc/init.d/munin-node restart

まだエラーが出る。

/etc/munin/plugins/unbound_munin_hits: line 164: /var/lib/munin/plugin-state: Is a directory

これが原因か。。state= のやつ。

# egrep plugin-state /etc/munin/plugins/unbound_munin_hits
# env.statefile /usr/local/var/munin/plugin-state/unbound-state
# env.statefile /usr/local/var/munin/plugin-state/unbound-state
env.statefile /var/lib/munin/plugin-state/unbound-state
state=${statefile:-/usr/local/var/munin/plugin-state/unbound-state}

修正。

# egrep plugin-state /etc/munin/plugins/unbound_munin_hits
# env.statefile /usr/local/var/munin/plugin-state/unbound-state
# env.statefile /usr/local/var/munin/plugin-state/unbound-state
env.statefile /var/lib/munin/plugin-state/unbound-state
#state=${statefile:-/usr/local/var/munin/plugin-state/unbound-state}
state=${statefile:-/var/lib/munin/plugin-state/unbound-state}

再起動

こいつかー。

# /etc/init.d/munin-node restart
# cat /etc/munin/plugin-conf.d/unbound
[unbound*]
user root
#env.statefile /var/lib/munin/plugin-state/ ← これ
#env.statefile /var/lib/munin/plugin-state/unbound-state ←修正
env.unbound_conf /usr/local/etc/unbound/unbound.conf
env.unbound_control /usr/local/sbin/unbound-control
env.spoof_warn 1000
env.spoof_crit 100000

# /etc/init.d/munin-node restart

うまくいったっぽい。

# egrep unbound /var/log/munin/munin-node.log
#

ファイルができたー。

# pwd
/var/www/html/munin/localhost

# ls *unbound*
localhost-unbound_munin_hits-day.png localhost-unbound_munin_hits-year.png
localhost-unbound_munin_hits-month.png localhost-unbound_munin_hits.html
localhost-unbound_munin_hits-week.png

情報は cron で定期的に収集している。

# cat /etc/cron.d/munin

#
# cron-jobs for munin
#

MAILTO=root

*/5 * * * * munin test -x /usr/bin/munin-cron && /usr/bin/munin-cron
14 10 * * * munin test -x /usr/share/munin/munin-limits && /usr/share/munin/munin-limits --force --contact nagios --contact old-nagios

unboundの情報も収集できてるみたい。

# head -10 /var/lib/munin/plugin-state/unbound-state
thread0.num.queries=4701
thread0.num.cachehits=3032
thread0.num.cachemiss=1669
thread0.num.recursivereplies=1538
thread0.requestlist.avg=62.441
thread0.requestlist.max=119
thread0.requestlist.overwritten=0
thread0.requestlist.exceeded=0
thread0.requestlist.current.all=112

muninのhtmlのログに warning がでてるなー。

# egrep -i unbound /var/log/munin/munin-html.log
Jun 28 01:20:23 - Warning: Unknown option "error" in "localhost;localhost:unbound_munin_hits.error".
Jun 28 01:20:23 - processing service: unbound_munin_hits

とりあえず画像ファイルのサイズが増えてるのでいいや。

# ls -lh *unbound*
-rw-r--r-- 1 munin munin 22K 2009-06-28 02:10 localhost-unbound_munin_hits-day.png
-rw-r--r-- 1 munin munin 21K 2009-06-28 02:00 localhost-unbound_munin_hits-month.png
-rw-r--r-- 1 munin munin 21K 2009-06-28 02:00 localhost-unbound_munin_hits-week.png
-rw-r--r-- 1 munin munin 21K 2009-06-28 02:00 localhost-unbound_munin_hits-year.png
-rw-r--r-- 1 munin munin 5.6K 2009-06-28 02:10 localhost-unbound_munin_hits.html

長いみちのりだー。凡ミスだらけだっただけど。。

ファイルを直にみるのではなく、80番ポートでみたい場合は httpd を起動。

# /etc/init.d/httpd start
httpd を起動中: [ OK ]

統計グラフを増やそう。

973 ln -s /usr/local/etc/unbound/unbound_munin_ /etc/munin/plugins/unbound_munin_queue
974 ln -s /usr/local/etc/unbound/unbound_munin_ /etc/munin/plugins/unbound_munin_memory
975 ln -s /usr/local/etc/unbound/unbound_munin_ /etc/munin/plugins/unbound_munin_by_type
976 ln -s /usr/local/etc/unbound/unbound_munin_ /etc/munin/plugins/unbound_munin_by_class
977 ln -s /usr/local/etc/unbound/unbound_munin_ /etc/munin/plugins/unbound_munin_by_opcode
978 ln -s /usr/local/etc/unbound/unbound_munin_ /etc/munin/plugins/unbound_munin_by_rcode
979 ln -s /usr/local/etc/unbound/unbound_munin_ /etc/munin/plugins/unbound_munin_by_flags
980 ln -s /usr/local/etc/unbound/unbound_munin_ /etc/munin/plugins/unbound_munin_by_histgram

グラフが増えた。ナイス。

# ls *unbound*.html
localhost-unbound_munin_by_class.html localhost-unbound_munin_by_type.html
localhost-unbound_munin_by_flags.html localhost-unbound_munin_hits.html
localhost-unbound_munin_by_opcode.html localhost-unbound_munin_memory.html
localhost-unbound_munin_by_rcode.html localhost-unbound_munin_queue.html

出来上がったグラフはこんな感じ。



unbound + munin すごいぞ。。キャッシュヒット率、qps , スプーフィングパケット などなどグラフでかんしできる。
BINDよりunboundの統計情報めっちゃ充実してるので、表示できるグラフも豊富だー。

unbound以外でもpluginがあればいろいろ監視できるので、muninすばらしい。
MRTG や cacti より楽だ。








get things done!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.