[monit-dev] Feature suggestion: SNMP support in Monit

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

[monit-dev] Feature suggestion: SNMP support in Monit

Lior Okman


Hi,

It seems to me that Monit is missing the ability to be queried via SNMP about the state of its monitored services and use SNMP traps or notifications as alerts.

I'm going to develop support for this, using Net-SNMP's AgentX support with Monit. Monit would become an SNMP subagent, and if the Net-SNMP snmpd daemon is running on the same host then the SNMP support would be enable-able. 

The RC file would gain one global "set" directive: "set snmp", that would enable SNMP support in Monit. Setting just this would allow Monit to be queried about the services it currently has monitored.

Additionally, I am going to change the "alert" statement, so that in addition to an email you can set a trap or notification OID, and if that alert is to be triggered, then an appropriate SNMP trap/notification would be sent. Something along the lines of:

ALERT TRAP oid [ [NOT] {events}] [REMINDER number]

Since Monit would be a subagent, the SNMP specific configuration (community strings, security settings, etc) would be configured in the local SNMPD daemon configuration file.

I still haven't got a MIB - more about this later.


Comments?

Regards,
Lior

_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] Feature suggestion: SNMP support in Monit

Michael Shigorin
On Fri, Sep 02, 2011 at 07:47:10AM +0300, Lior Okman wrote:
> Comments?

Packager's perspective: being able to provide binaries which
would satisfy both those who need the extended functionality
and those who oppose lib$yetanother mapped into a critical
process' address space helps a lot.

So if any sort of plugin or IPC implementation is feasible,
that would be a huge improvement over plain configure knob.

Thanks in advance!

--
 ---- WBR, Michael Shigorin <[hidden email]>
  ------ Linux.Kiev http://www.linux.kiev.ua/

_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] Feature suggestion: SNMP support in Monit

Lior Okman


On Sat, Sep 3, 2011 at 11:00 PM, Michael Shigorin <[hidden email]> wrote:
On Fri, Sep 02, 2011 at 07:47:10AM +0300, Lior Okman wrote:
> Comments?

Packager's perspective: being able to provide binaries which
would satisfy both those who need the extended functionality
and those who oppose lib$yetanother mapped into a critical
process' address space helps a lot.

So if any sort of plugin or IPC implementation is feasible,
that would be a huge improvement over plain configure knob.


I plan on making it a compile time option, so if you don't want SNMP support, just configure monit as usual, but if you do want it, then add --with-snmp when you run the configure script. 

Is this sufficient?
 
Thanks in advance!


Regards,
Lior 

_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] Feature suggestion: SNMP support in Monit

Michael Shigorin
On Sun, Sep 04, 2011 at 09:47:33AM +0300, Lior Okman wrote:
> > So if any sort of plugin or IPC implementation is feasible,
> > that would be a huge improvement over plain configure knob.
> I plan on making it a compile time option, so if you don't want
> SNMP support, just configure monit as usual, but if you do want
> it, then add --with-snmp when you run the configure script.

It's nice in general, but when packaging, it tends to result
in "alternative builds".  I do understand that it's probably
not your objective, but knowing this can make further work
in this direction easier.

> Is this sufficient?

For me to enable it in ALT Linux package by default, no.
But I'll make a build-time %define knob too, of course.
Guess Debian or OpenWall folks might think similarly.

--
 ---- WBR, Michael Shigorin <[hidden email]>
  ------ Linux.Kiev http://www.linux.kiev.ua/

_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] Feature suggestion: SNMP support in Monit

Lior Okman



On Sun, Sep 4, 2011 at 12:32 PM, Michael Shigorin <[hidden email]> wrote:
It's nice in general, but when packaging, it tends to result
in "alternative builds".  I do understand that it's probably
not your objective, but knowing this can make further work
in this direction easier.


The problem is that as far as I can tell, the 5.2.x branch doesn't have any sort of plugins infrastructure, and adding one to Monit is really not in the scope of what I intend to do.

An IPC infrastructure is also problematic for me, since it means I can't use the IPC infrastructure already written by the NetSNMP project (the AgentX code), and instead I have to roll my own.
 
> Is this sufficient?

For me to enable it in ALT Linux package by default, no.
But I'll make a build-time %define knob too, of course.

That would be great. I'll set the default to disable SNMP support, so existing packages would not be affected.
 
Guess Debian or OpenWall folks might think similarly.

In Debian, there are source packages that generate multiple binary packages that are configured and built a bit differently. It should be possible for the source package to generate a "monit" binary package that is compiled without snmp, and a "monit-snmp" binary package that does provide snmp support. The user would have to choose the required package according to the deployment needs.
 
Lior

_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] Feature suggestion: SNMP support in Monit

Michael Shigorin
On Sun, Sep 04, 2011 at 12:46:13PM +0300, Lior Okman wrote:
> The problem is that as far as I can tell, the 5.2.x branch
> doesn't have any sort of plugins infrastructure, and adding one
> to Monit is really not in the scope of what I intend to do.

That's what I guessed -- please don't take that comment
as a demand. :)

> > Guess Debian or OpenWall folks might think similarly.
> In Debian, there are source packages that generate multiple
> binary packages that are configured and built a bit
> differently.

Yup, the usual workaround I've started to depict but considered
a spam. (another case at hand is dhcpd with LDAP support...)

--
 ---- WBR, Michael Shigorin <[hidden email]>
  ------ Linux.Kiev http://www.linux.kiev.ua/

_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev
Reply | Threaded
Open this post in threaded view
|

[monit-dev] Feature suggestion: SNMP support in Monit

Lior Okman
In reply to this post by Lior Okman

Hi,

With regards to the MIB I intend to implement in Monit, attached is the first draft with initial support for monitored processes and files, that doesn't yet include any of the notification types in it.
See the output of the "monit status" command and the output of an example snmpwalk against that same monit process. 

The MIB itself isn't useful without an IANA assigned private enterprise number [1]. Is it possible for somebody from Tildeslash to contact IANA and get a private enterprise number assigned for Monit by filling out this form: http://pen.iana.org/pen/PenApplication.page ? There's no fee involved, and while I could do it, I think that the contact details for a private enterprise number that is registered for Monit should be for Tildeslash and not myself. I'm currently using a made-up number, which I've replaced with XXXXXXXX in the attached MIB, but in order to actually use this feature a real number must be registered.

Comments?

Regards,
Lior


---------- Forwarded message ----------
From: Lior Okman
Date: Fri, Sep 2, 2011 at 7:47 AM
Subject: Feature suggestion: SNMP support in Monit

Hi,

It seems to me that Monit is missing the ability to be queried via SNMP about the state of its monitored services and use SNMP traps or notifications as alerts.

I'm going to develop support for this, using Net-SNMP's AgentX support with Monit. Monit would become an SNMP subagent, and if the Net-SNMP snmpd daemon is running on the same host then the SNMP support would be enable-able. 

The RC file would gain one global "set" directive: "set snmp", that would enable SNMP support in Monit. Setting just this would allow Monit to be queried about the services it currently has monitored.

Additionally, I am going to change the "alert" statement, so that in addition to an email you can set a trap or notification OID, and if that alert is to be triggered, then an appropriate SNMP trap/notification would be sent. Something along the lines of:

ALERT TRAP oid [ [NOT] {events}] [REMINDER number]

Since Monit would be a subagent, the SNMP specific configuration (community strings, security settings, etc) would be configured in the local SNMPD daemon configuration file.

I still haven't got a MIB - more about this later.


Comments?

Regards,
Lior


_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev

example-snmpwalk.txt (3K) Download Attachment
MONIT.mib (6K) Download Attachment
monit-status.txt (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] Feature suggestion: SNMP support in Monit

martinp@tildeslash.com
In reply to this post by Lior Okman
Hi Lior,

thank you for explaining the plan, we see the point and undestand that better SNMP support can be useful in SNMP-oriented environments.

At this point however, we prefer not to integrate Monit with Net-SNMP - our approach is to keep Monit simple with minimum dependencies on 3rd party libraries, so if everything fail, monit will keep running and will be able to report and fix problems.

To provide support for integrating monit with other systems (like SNMP), we plan to add general framework for custom actions, so it will be possible to use plugins like sending SNMP trap, SMS gateway plugin, tex-to-speach, etc. This way the plugins will be isolated and if there will be some bug let's say in Net-SNMP, it won't make Monit vulnerable nor crash it.

The user will setup the action like this:

    set action snmptrap "/usr/bin/snmptrap <options> <agent> <trap parameters>"
    set action say "/usr/bin/say $MONIT_SERVICE $MONIT_EVENT $MONIT_ACTION"

and the custom action can be used in the testing rules like this:

    if failed … then restart, snmptrap, say # note: this will restart the service, send SNMP trap and say loud what happened

The Monit MIB based OID for the given event will be available for the plugin in the environment variable like $MONIT_OID.


Best regards,

Martin



On Sep 4, 2011, at 11:46 AM, Lior Okman wrote:




On Sun, Sep 4, 2011 at 12:32 PM, Michael Shigorin <[hidden email]> wrote:
It's nice in general, but when packaging, it tends to result
in "alternative builds".  I do understand that it's probably
not your objective, but knowing this can make further work
in this direction easier.


The problem is that as far as I can tell, the 5.2.x branch doesn't have any sort of plugins infrastructure, and adding one to Monit is really not in the scope of what I intend to do.

An IPC infrastructure is also problematic for me, since it means I can't use the IPC infrastructure already written by the NetSNMP project (the AgentX code), and instead I have to roll my own.
 
> Is this sufficient?

For me to enable it in ALT Linux package by default, no.
But I'll make a build-time %define knob too, of course.

That would be great. I'll set the default to disable SNMP support, so existing packages would not be affected.
 
Guess Debian or OpenWall folks might think similarly.

In Debian, there are source packages that generate multiple binary packages that are configured and built a bit differently. It should be possible for the source package to generate a "monit" binary package that is compiled without snmp, and a "monit-snmp" binary package that does provide snmp support. The user would have to choose the required package according to the deployment needs.
 
Lior
_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev


_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] Feature suggestion: SNMP support in Monit

Lior Okman
On 09/04/2011 05:08 PM, Martin Pala wrote:
> Hi Lior,
>
> thank you for explaining the plan, we see the point and undestand that
> better SNMP support can be useful in SNMP-oriented environments.
>
> At this point however, we prefer not to integrate Monit with Net-SNMP
> - our approach is to keep Monit simple with minimum dependencies on
> 3rd party libraries, so if everything fail, monit will keep running
> and will be able to report and fix problems.
Is the objection to the Net-SNMP suite in particular, or to 3rd party
libraries in general?
>
> To provide support for integrating monit with other systems (like
> SNMP), we plan to add general framework for custom actions, so it will
> be possible to use plugins like sending SNMP trap, SMS gateway plugin,
> tex-to-speach, etc. This way the plugins will be isolated and if there
> will be some bug let's say in Net-SNMP, it won't make Monit vulnerable
> nor crash it.
>

This indeed makes supporting SNMP notifications unnecessary directly in
Monit.

However, that's only half of the SNMP story. How are you planning to
make it possible to query monit about the services that it is currently
monitoring while using SNMP? This isn't a trap/notification based
action, it's more like being able to use the "monit status" command from
a remote machine using SNMP facilities.

>
> Best regards,
>
> Martin
>
Regards,

Lior


_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] Feature suggestion: SNMP support in Monit

martinp@tildeslash.com

On Sep 4, 2011, at 6:56 PM, Lior Okman wrote:

> On 09/04/2011 05:08 PM, Martin Pala wrote:
>> Hi Lior,
>>
>> thank you for explaining the plan, we see the point and undestand that better SNMP support can be useful in SNMP-oriented environments.
>>
>> At this point however, we prefer not to integrate Monit with Net-SNMP - our approach is to keep Monit simple with minimum dependencies on 3rd party libraries, so if everything fail, monit will keep running and will be able to report and fix problems.
> Is the objection to the Net-SNMP suite in particular, or to 3rd party libraries in general?


We try to keep minimum dependencies in general so Monit can be kind of "last stand" on the system … nothing personal against Net-SNMP.



>> To provide support for integrating monit with other systems (like SNMP), we plan to add general framework for custom actions, so it will be possible to use plugins like sending SNMP trap, SMS gateway plugin, tex-to-speach, etc. This way the plugins will be isolated and if there will be some bug let's say in Net-SNMP, it won't make Monit vulnerable nor crash it.
>>
>
> This indeed makes supporting SNMP notifications unnecessary directly in Monit.
>
> However, that's only half of the SNMP story. How are you planning to make it possible to query monit about the services that it is currently monitoring while using SNMP? This isn't a trap/notification based action, it's more like being able to use the "monit status" command from a remote machine using SNMP facilities.


Monit has XML interface suitable for integrations like this. In your case you can write independent SNMP subagent which will proxy Monit's XML data source -> SNMP.


Regards,
Martin
_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] Feature suggestion: SNMP support in Monit

Lior Okman

On Mon, Sep 5, 2011 at 3:19 PM, Martin Pala <[hidden email]> wrote:

Monit has XML interface suitable for integrations like this. In your case you can write independent SNMP subagent which will proxy Monit's XML data source -> SNMP.


Is the XML schema returned by the _status action guaranteed not to change between Monit versions?


Lior


_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev
Reply | Threaded
Open this post in threaded view
|

Re: [monit-dev] Feature suggestion: SNMP support in Monit

martinp@tildeslash.com

On Sep 5, 2011, at 2:47 PM, Lior Okman wrote:


On Mon, Sep 5, 2011 at 3:19 PM, Martin Pala <[hidden email]> wrote:

Monit has XML interface suitable for integrations like this. In your case you can write independent SNMP subagent which will proxy Monit's XML data source -> SNMP.


Is the XML schema returned by the _status action guaranteed not to change between Monit versions?


The XML schema may change … we plan also switch from XML to JSON in the near future.




_______________________________________________
monit-dev mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/monit-dev