SNMP Warnings in Debian Squeeze
The default installation of snmpd in Debian Squeeze will put several warnings into the daemon.log.
The reason is the licensing of the MIB files, that is not compatible with Debian.
If you are not satisfied with errors on each restart of the snmpd, here are the steps, that solved this problem in my case:
- Edit /etc/apt/sources.list and append contrib and non-free to the standard repositories.
- apt-get update
- apt-get install snmpd snmp-mibs-downloader
- Edit /etc/default/snmpd:
export MIBS=/usr/share/mibs/netsnmp/UCD-SNMP-MIB
Commenting the original line export MIBS= did not help, also the definition export MIBS=/usr/share/mibs/netsnmp did not work, so I will leave the MIBS reference in the configuration on UCD-SNMP_MIB.
Java VisualVM
For quick analysis of the options and health of a Java VM I used the jconsole tool, that is part of the Java SDK.
Now there is also VisualVM, that not only provides information about the options and health (CPU, Memory), but also a useful overview of the threads including their state and finally easy access to CPU and memory profiling.
See http://visualvm.java.net/ for details. To start this tool use the command jvisualvm instead of jconsole and select the Java VM that is your object.
SNMP Monitoring for Java VM
SNMP is not really simple, but quite a useful protocol, if you want to run standard monitoring tools like Nagios, Zero RRD or Cacti.
Even though Java offers JMX for runtime information like thread and memory consumption, you can also use SNMP to read at least a subset.
In my opinion usage of a standard monitoring tool has several advantages over JMX-based visualization in jconsole or Lambda Probe:
- Statistics fit into centralized reporting, e.g. for SLAs.
- The tools are independent of the Java VM. If the VM freezes, the history is still available
First you need to enable the SNMP Agent in your Java VM. Please find the details here. This is only an outline:
- Prepare an ACL configuration at $JAVA_HOME/lib/management/snmp.acl. On Sun's Java 6 for Ubuntu 10.04 64 Bit you will find these files in the package ia32-sun-java6-bin.
- Use the following options on the command line to enable SNMP:
-Dcom.sun.management.snmp.port=7667 -Dcom.sun.management.snmp.acl.file=$JAVA_HOME/lib/management/snmp.acl
If you really put the snmp.acl at $JAVA_HOME/lib/management, it's very likely, you will not need to specify the com.sun.management.snmp.acl.file option.
Now you are ready to read the internal state by using SNMP:
- Zero Agent's module for Java SNMP just needs the port specified in conf/enabled/JavaSNMP.conf.
- Please find some available OIDs in the source code of JavaSNMP.pm
- The full list of available values is included in the following MIB.
Cacti at Home (DD-WRT)
I recently used my MRTG to analyse some network problems at home. Since zooming felt not easy enough, I installed Cacti to monitor my DD-WRT interfaces (LAN, WLAN, DSL).
Now the only problem are the enforced downtimes of my main system in the context of Green IT. But for the usual request like Why is the internet currently so damn slow and unstable? I can use the nice reporting features of Cacti instead of BOFH-style excuses to explain that.
I just had to map the router's devices eth0, eth1, ppp0 (Linksys WRT54G/GL/GS) to some graphs (eth0/LAN, eth1/Wireless, ppp0/DSL).
Since DD-WRT is Linux-based, CPU Usage and Load Average will also work on that device.
Nagios Check for Security Fixes
If you are tired of scanning all kind of CERT advisories in your mailbox and you are running a nice Debian-based landscape using mostly package-based software anyway, you should consider using check_apt contained in the Nagios plugins.
You just need to run check_apt, that will check for available updates and is turning into CRITICAL, if security updates are available. For Debian and Ubuntu the default pattern for security-related updates will do fine.
It's a good idea to setup a cron job, that will update the package database like this:
30 */12 * * * root /usr/bin/apt-get -qq update
You can also let check_apt do this, but normally it will run with non-privileged permissions (using NRPE or SNMP-exec), which is not compatible with the requirements of the update on the package database. The check itself is doing a fake upgrade, which is allowed for non-privileged users.
Of course you can also use sudo to solve this minor issue.
By the way, my APT services on Debian-based hosts are normally setup with a lower frequency (normal_check_interval, retry_check_interval, notification_interval). It should work as a useful notification during daylight, but I don't want to wake-up in the middle of the night triggered by a check_apt.