でmuninを使う - k32ruの日記

前にmuninをFreeBSDで使ったことがあったが，先日別のマシンでもmuninを入れようとしたら忘れまくって苦労したのでメモ

cd /usr/ports/sysutils/munin-node
make config-recursive
make install clean

cd /usr/ports/sysutils/munin-master
make config-recursive
make install clean

今回途中,/usr/ports/www/p5-HTML-Parserで止まる場合があったのでそれの対処方法を載せときます.
まず，原因として3.64がDL出来ないことが原因のようだった．しかし，3.65はあるのでそれで我慢してもらうことにした．

cd /usr/ports/www/p5-HTML-Parser
vi Makefile
3.64 →3.65
rm distinfo
cd /usr/ports/distfiles
fetch http://www.sfr-fresh.com/fresh/unix/www/HTML-Parser-3.65.tar.gz
cd /usr/ports/www/p5-HTML-Parser
make install clean

ここでうまくインストールできたら，また，
cd /usr/ports/sysutils/munin-nodeとかに戻って再びmake install cleanを始めれば良い
ちなみにdistinfoをけしてもmake makesumでもう一回作成できる．
例

cd /usr/ports/www/p5-HTML-Parser
rm distinfo
make makesum

インストールが終わったら設定を行う．

vi usr/local/etc/munin/munin.conf
[hoge.localhost]
    address 127.0.0.1
    use_node_name yes

vi usr/local/etc/munin/munin-node.conf
# Which address to bind to;
#host *
host 127.0.0.1

vi /usr/local/etc/apache22/Includes/munin.conf
Alias /munin/ "/usr/local/www/munin/"
<Directory "/usr/local/www/munin/">
        Options none
        Order Deny,Allow
        Deny from all
        Allow from all
</Directory>

プラグインの設定．必要なぶんだけ繰り返す.

 ln -s /usr/local/share/munin/plugins/df /usr/local/etc/munin/plugins/df

起動に追加した場合には以下のコマンドで再起動すること．

/usr/local/etc/rc.d/munin-node restart

muninの起動

vi /etc/rc.conf
munin_enable="YES"

/usr/local/etc/rc.d/munin-node restart

あとはhttp://serveraddress/munin/でみることができる．出来ない場合は /var/log/muninでエラーログの表示を見る．具体的には別ウインドウでターミナルを開き，screenを使いC-a Sを押して画面を上下に2つに分けて上でtail -f /var/log/munin/munin-node.log 下でtail -f /var/log/munin-graph.logを監視すると良い．

muninのプラグインのsshd_logが個人的にはおすすめだがそのままでは動かないので多少いじったのを載せる．

http://qurl.com/w9dnp
or
http://muninexchange.projects.linpro.no/?search=&cid=27&os[4]=on&os[7]=on&os[3]=on&os[2]=on&os[5]=on&os[8]=on&os[1]=on&os[6]=on&pid=420http://muninexchange.projects.linpro.no/?search=&cid=27&os[4]=on&os[7]=on&os[3]=on&os[2]=on&os[5]=on&os[8]=on&os[1]=on&os[6]=on&pid=420

vi /usr/local/share/munin/plugins/sshlog
#!/bin/sh
#
# Plugin to monitor auth.log for sshd server events.
#
# Require read permitions for $LOG
#  (set in /etc/munin/plugin-conf.d/munin-node on debian)
# On busy servers you can change value type to COUNTER and set min to 0 to avoid minus peaks at logrotate
#
# $Log$
# Revision 1.2  2010/03/19 15:03:00  pmoranga
# Revision 1.1  2009/04/26 23:28:00  ckujau
# Revision 1.0  2009/04/22 22:00:00  zlati
# Initial revision
#
# Parameters:
#
#       config   (required)
#       autoconf (optional - used by munin-config)
#
# Magick markers (optional):
#%# family=auto
#%# capabilities=autoconf

LOG=${logfile}
CATEGORY=${category:-system}


if [ "$1" = "autoconf" ]; then
        if [ -r "$LOG" ]; then
                echo yes
                exit 0
        else
                echo no
                exit 1
        fi
fi

if [ "$1" = "config" ]; then

        echo 'graph_title SSHD login stats from auth.log'
        echo 'graph_args --base 1000 -l 0'
        echo 'graph_vlabel logins'
        echo 'graph_category' $CATEGORY

        echo 'LogPass.label Successful password logins'
        echo 'LogPassPAM.label Successful login via PAM'
        echo 'LogKey.label Successful PublicKey logins'
        echo 'NoID.label No identification from user'
        echo 'rootAttempt.label Root login attempts'
        echo 'InvUsr.label Invalid user login attepmts'
        echo 'NoRDNS.label No reverse DNS for peer'
        echo 'Breakin.label Potential Breakin Attempts'
        exit 0
fi

awk 'BEGIN{
c["LogPass"]=0;
c["LogKey"]=0;
c["NoID"]=0;
c["rootAttempt"]=0;
c["InvUsr"]=0;
c["LogPassPAM"]=0;
c["Breakin"]=0;
c["NoRDNS"]=0;
}
     /sshd\[.*Accepted password for/{c["LogPass"]++}
     /sshd\[.*Accepted publickey for/{c["LogKey"]++}
     /sshd\[.*Did not receive identification string/{c["NoID"]++}
     /sshd\[.*Failed password for root/{c["rootAttempt"]++}
     /sshd\[.*Invalid user/{c["InvUsr"]++}
     /sshd\[.*POSSIBLE BREAK-IN ATTEMPT!/{c["Breakin"]++}
     /sshd\[.*keyboard-interactive\/pam/{c["LogPassPAM"]++}
     /sshd\[.*reverse mapping checking getaddrinfo/{c["NoRDNS"]++}
     END{for(i in c){print i".value " c[i]} }' < $LOG

ln -s /usr/local/share/munin/plugins/sshlog /usr/local/etc/munin/plugins/sshlog

このpluginを使用するためにplugins.confに以下を追加

vi /usr/local/etc/munin/plugin-conf.d/plugins.conf
[sshlog]
user root
env.logfile /var/log/auth.log
env.category users

/usr/local/etc/rc.d/munin-node restart