monitoring - server installation - discussions

8/10/2019 Monitoring - Server Installation - Discussions

1/5


http://discussions.citrix.com/topic/150031-monitoring/ 1/5

Discussionsiscussions Support Forum support Forum s Productsroducts XenServerenServer XenServ er/Essentials Product Fam ilyenServ er/Essentials Product Fam ily Serv er Installat ionerv er Installat ion

15 r eplies to this topic5 replies to this topic

MonitoringonitoringStarted bytarted by Guestuest , 16 June 2008 - 10:24 PM6 June 2 008 - 10:24 PM

Login to Replyogin to Reply

#11Guestuest MEMBERSEMBERS

What are my options to monitor my Xen server? Can I install SNMP on this or something similar which will interact with my ex istinghat are my options to monitor my Xen server? Can I install SNMP on this or something similar which will interact with my existing

monitoring software?onitoring software?

Postedosted 16 June 2008 - 10:24 PM6 June 2008 - 10:24 PM

#22Jonathan Thorpeonathan Thorpe MEMBERSEMBERS

Hi Yalgaar,i Yalgaar,

An SNMP daemon already exists on XenServer, however it is disabled by default in the interests of security .n SNMP daemon already exists on XenServer, however it is disabled by default in the interests of security.

I haven't tested this personally, so please do not run this on a production system at first:haven't tested this personally, so please do not run this on a production system at first:

1. Edit /etc/sysconfig/iptables. Locate the line that reads:. Edit /etc/sysconfig/iptables. Locate the line that reads:

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPTA RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

And add the following line below it:nd add the following line below it:

-A RH-Firewall-1-INPUT -p udp -m udp --dport 161 -j ACCEPTA RH-Firewall-1-INPUT -p udp -m udp --dport 161 -j ACCEPT

Depending on the configuration of your network, it may be worth investigating a more specific IPTables rule.epending on the configuration of your network, it may be worth investigating a more specific IPTables rule.

Remember to restart IPTables after making the change by running:emember to restart IPTables after making the change by running:

service iptables restartervice iptables restart

2. The SNMP daemon has a community string of "public" by default. Pleasechange this as a security precaution (not that it really matters -. The SNMP daemon has a community string of "public" by default. Pleasechange this as a security precaution (not that it really matters -

these are sent in theclear usually anyway):hese are sent in theclear usually anyway):

Edit /etc/snmp/snmpd.conf and locate the line that reads:dit /etc/snmp/snmpd.conf and locate the line that reads:

com2sec notConfigUserom2sec notConfigUser defaultefault publicublic

Change the word "public" with a suitable community string.hange the word "public" with a suitable community string.

3. Allow the SNMP daemon to run on startup by running:. Allow the SNMP daemon to run on startup by running:

chckconfig snmpd onhckconfig snmpd on

4. Start up the SNMP daemon by running:. Start up the SNMP daemon by running:

service snmpd startervice snmpd start

5. Test the SNMP daemon from a remote host and see if it gives you the desired result. Please be aware that the /etc/snmp/snmpd.conf is. Test the SNMP daemon from a remote host and see if it gives you the desired result. Please be aware that the /etc/snmp/snmpd.conf is

configured for a very basic set up. If you find you're not getting the data you're expecting, I recommend doing a backup of this file andonfigured for a very basic set up. If you find you're not getting the data you're expecting, I recommend doing a backup of this file and

investigating further changes that can be made to /etc /snmp/snmpd.conf. XenServer is using the standard net-snmp package, so there is anvestigating further changes that can be made to /etc /snmp/snmpd.conf. XenServer is using the standard net-snmp package, so there is a

fair amount of doc umentation around.air amount of documentation around.

Hope this helps.ope this helps.

Kind Regards,ind Regards,

Jonathanonathan

Message was edited by: Jonathan Thorpeessage was edited by: Jonathan Thorpe



XenServeren erver
https://www.citrix.com/login?url=http%3A%2F%2Fdiscussions.citrix.com%2Ftopic%2F150031-monitoring%2Fhttps://www.citrix.com/login?url=http%3A%2F%2Fdiscussions.citrix.com%2Ftopic%2F150031-monitoring%2Fhttp://discussions.citrix.com/forum/150-support-forums/http://discussions.citrix.com/forum/1370-products/http://discussions.citrix.com/forum/101-xenserver/http://discussions.citrix.com/forum/102-xenserveressentials-product-family/http://discussions.citrix.com/forum/150-support-forums/http://discussions.citrix.com/forum/1370-products/http://discussions.citrix.com/forum/101-xenserver/http://discussions.citrix.com/forum/102-xenserveressentials-product-family/http://www.kampyle.com/feedback_form/ff-feedback-form.php?site_code=3961704&form_id=89952&lang=en&param[siteSection]=Forums&param[pathLevel1]=topic&param[pathLevel2]=150031-monitoring&param[refSearchEng]=Google&param[refGclid]=false&param[m_forSiteMonitoring]=SEARCHSTR_FORUMS&param[m_keywords]=Monitoring%2CWhat%2Care%2Coptions%2Cmonitor%2CXen%2Cserver%3F%2CCan%2Cinstall%2CSNMP%2Csomething%2Csimilar%2Cwhich%2Cinteract%2Cexisting%2Cmonitoring%2Csoftware%3F&param[m_description]=Monitoring%20-%20posted%20in%20Server%20Installation%3A%20What%20are%20my%20options%20to%20monitor%20my%20Xen%20server%3F%20Can%20I%20install%20SNMP%20on%20this%20or%20something%20similar%20which%20will%20interact%20with%20my%20existing%20monitoring%20software%3F&param[m_identifier-url]=http%3A%2F%2Fdiscussions.citrix.com%2Ftopic%2F150031-monitoring%2F&param[pageOverride]=object&param[host]=forums%7Cdiscussions%7Cipboard&param[unit]=forum&param[k_loadtimeMS]=15&param[hostName]=discussions.citrix.com&param[pagePath]=%2Ftopic%2F150031-monitoring%2F&param[pageTitle]=Monitoring%20-%20Server%20Installation%20-%20Discussions&param[refHostName]=www.google.com.br&param[refURL]=https%3A%2F%2Fwww.google.com.br%2F&param[LandingPage]=DiffHost&param[windowWidth]=1600&param[windowHeight]=756&param[windowSize]=1600x756&param[utmz_timestamp]=1404921974&param[utmz_numberOfSessions]=1&param[utmz_visitSources]=1&param[utmcsr]=google&param[utmccn]=(organic)&param[utmcmd]=organic&param[utmctr]=(not%20provided)&param[time_OnSite]=00%3A00%3A01&param[time_OnSiteInSecs]=1&param[time_OnSiteInMins]=0&param[buttonRev]=KB%3A18148%7CKP%3A0%7CCTRX%7CKC%3Av5.5_11Sept12&time_on_site=0&stats=k_button_js_revision%3D18148%26view_percentage%3D0%26display_after%3D60&url=http%3A%2F%2Fdiscussions.citrix.com%2Ftopic%2F150031-monitoring%2F&utmb=87347338.1.10.1404921974&utma=87347338.252605402.1404921974.1404921974.1404921974.1http://-/?-http://-/?-http://-/?-https://www.citrix.com/login?url=http%3A%2F%2Fdiscussions.citrix.com%2Ftopic%2F150031-monitoring%2Fhttp://discussions.citrix.com/forum/1365-server-installation/http://discussions.citrix.com/forum/102-xenserveressentials-product-family/http://discussions.citrix.com/forum/101-xenserver/http://discussions.citrix.com/forum/1370-products/http://discussions.citrix.com/forum/150-support-forums/http://discussions.citrix.com/


2/5



How do I configure the config file for all the MIBS that I need to be sent to my monitoring software?ow do I configure the config file for all the MIBS that I need to be sent to my monitoring software?

Message was edited by: yalgaaressage was edited by: yalgaar




It really depends on what you're trying to monitor. I'm not sure that at this stage, there are any XenServer-specific SNMP MIBs available.t really depends on what you're trying to monitor. I'm not sure that at this stage, there are any XenServer-specific SNMP MIBs available.

If you're really keen, you can extend the functionality of net-snmp to execute xe commands, but that's another topic...f you're really keen, you can extend the functionality of net-snmp to execute xe commands, but that's another topic...

Out of the box, you should have the SNMPv2 MIB at least partially available. It looks like a lot of the functionality is not shown in theut of the box, you should have the SNMPv2 MIB at least partially available. It looks like a lot of the functionality is not shown in the

default configuration in the interests of security.efault configuration in the interests of security.

Please backup your snmpd.conf and try the attached. I've set the community string to "xenpublic" instead of "public", so keep this in mindlease backup your snmpd.conf and try the attached. I've set the community string to "xenpublic" instead of "public", so keep this in mind

when querying the server and ideally, change this to something unique.hen querying the serv er and ideally, change this to something unique.


Jonathanonathan

Attached Filesttached Files

(http://discussions.citrix.com/index.php?app=core&module=attach&section=attach&attach_id=8267)(http://discussions.citrix.com/index.php?app=core&module=attach&section=attach&attach_id=8267) snmpd.confnmpd conf

(http://discussions.citrix.com/index.php?app=core&module=attach&section=attach&attach_id=8267)http://discussions.citrix.com/index.php?app=core&module=attach&section=attach&attach_id=8267) 1.78K7 8K 11 downloads1 downloads

Postedosted 18 June 2008 - 12:22 AM8 June 2008 - 12:22 AM


Excellent!!! Thanks a lot Jonathan. It works great!!!xcellent Thanks a lot Jonathan. It works great

1 simple request. This seems wide open. Can I just allow 1 of the server on the network to be able to have SNMP ciommunications with thesimple request. This seems wide open. Can I just allow 1 of the server on the network to be able to have SNMP ciommunications with the

Xenserver? I don't want to allow everybody on the network to pass SNMP traffic to the server.enserver? I don't want to allow everybody on the network to pass SNMP traffic to the server.




Yes you can - simply by modify ing the IPT ables configuration script.es you can - simply by modifying the IPTables configuration script.

Instead of adding a line that states:nstead of adding a line that states:


Change this to:hange this to:

-A RH-Firewall-1-INPUT -s /32 -p udp -m udp --dport 161 -j ACCEPTA RH-Firewall-1-INPUT -s /32 -p udp -m udp --dport 161 -j ACCEPT

Remember to restart iptables (service iptables restart) when you're done.emember to restart iptables (service iptables restart) when you're done.


Jonathanonathan


#77TODD KINGODD KING MEMBERSEMBERS

I tried both of the suggested edits on the iptables and when I restart the service I get line failed on the new entry I am using xenserver 4.1tried both of the suggested edits on the iptables and when I restart the service I get line failed on the new entry I am using xenserver 4.1

enterprisenterprise


Jonathan Thorpeonathan Thorpe MEMBERSEMBERS
http://-/?-http://-/?-http://-/?-http://discussions.citrix.com/index.php?app=core&module=attach&section=attach&attach_id=8267http://discussions.citrix.com/index.php?app=core&module=attach&section=attach&attach_id=8267http://-/?-


3/5


4/5



> :INPUT ACCEPT [0:0]:INPUT ACCEPT [0:0]

> :FORWARD ACCEPT [0:0]:FORWARD ACCEPT [0:0]

> :OUTPUT ACCEPT [0:0]:OUTPUT ACCEPT [0:0]

> :RH-Firewall-1-INPUT - [0:0]:RH-Firewall-1-INPUT - [0:0]

Regardsegards

Thomashomas

PS: escaping is easy y ust put a \ in front of the [ or ] and the Forum will not try to make a Link out of what is betwen them :-)S: escaping is easy yust put a \ in front of the [ or ] and the Forum will not try to make a Link out of what is betwen them :-)

#1 31 3SCOTT LORENZENCOTT LORENZEN MEMBERSEMBERS

This is what I am showing in the current iptables file. - when you copy and paste into this forum it removes the brackets but when I edit thehis is what I am showing in the current iptables file. - when you copy and paste into this forum it removes the brackets but when I edit the

post it shows.ost it shows.

*filterfilter

:INPUT ACCEPT [0:0]INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]FORWARD ACCEPT [0:0]

:OUTP UT ACCEPT [0:0]OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]RH-Firewall-1-INPUT - [0:0]

-A INPUT -p tcp -m tcp --dport 2381 -j ACCEPTA INPUT -p tcp -m tcp --dport 2381 -j ACCEPT


-A INPUT -p udp -m udp --dport 161 -j ACCEPTA INPUT -p udp -m udp --dport 161 -j ACCEPT

-A INPUT -j RH-Firewall-1-INPUTA INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUTA FORWARD -j RH-Firewall-1-INPUT

-A OUTPUT -p tcp -m tcp --sport 280 -j ACCEPTA OUTP UT -p tcp -m tcp --sport 280 -j ACCEPT

-A OUTPUT -p udp -m udp --sport 162 -j ACCEPTA OUTPUT -p udp -m udp --sport 162 -j ACCEPT

-A RH-Firewall-1-INPUT -i lo -j ACCEPTA RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPTA RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p esp -j ACCEPTA RH-Firewall-1-INPUT -p esp -j ACCEPT

-A RH-Firewall-1-INPUT -p ah -j ACCEPTA RH-Firewall-1-INPUT -p ah -j ACCEPT

-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPTA RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT-A RH-Firewall-1-INP UT -p udp -m udp --dport 631 -j ACCEPTA RH-Firewall-1-INP UT -p udp -m udp --dport 631 -j ACCEPT




-A INPUT -p udp -m udp --dport 161 -j ACCEPTA INPUT -p udp -m udp --dport 161 -j ACCEPT

-A INPUT -j RH-Firewall-1-INPUTA INPUT -j RH-Firewall-1-INPUT

-A FORWARD -j RH-Firewall-1-INPUTA FORWARD -j RH-Firewall-1-INPUT

-A OUTPUT -p tcp -m tcp --sport 280 -j ACCEPTA OUTP UT -p tcp -m tcp --sport 280 -j ACCEPT

-A OUTPUT -p udp -m udp --sport 162 -j ACCEPTA OUTPUT -p udp -m udp --sport 162 -j ACCEPT

-A RH-Firewall-1-INPUT -i lo -j ACCEPTA RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPTA RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p esp -j ACCEPTA RH-Firewall-1-INPUT -p esp -j ACCEPT

-A RH-Firewall-1-INPUT -p ah -j ACCEPTA RH-Firewall-1-INPUT -p ah -j ACCEPT

-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPTA RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT

-A RH-Firewall-1-INP UT -p udp -m udp --dport 631 -j ACCEPTA RH-Firewall-1-INP UT -p udp -m udp --dport 631 -j ACCEPT


Edited by: SCOTTdited by: SCOTT LORENZEN on Oct 18, 2010 1:13 PMORENZEN on Oct 18, 2010 1 :13 PM

Postedosted 18 October 201 0 - 05:11 PM8 October 2010 - 05:11 PM

#1 41 4SCOTT LORENZENCOTT LORENZEN MEMBERSEMBERS

FYI I also found that that SNMP does not seem to work with the free version and in order for this to work you have to purchase anYI I also found that that SNMP does not seem to work with the free version and in order for this to work you have to purchase an

Enterprise License for XenServer.nterprise License for XenServer.

Postedosted 04 Nov ember 2010 - 02:51 PM4 Nov ember 2010 - 02:51 PM

#1 51 5Bryan Dearloveryan Dearlove MEMBERSEMBERS
http://-/?-http://-/?-http://-/?-


5/5



Back to Server Installat ionack to Server Installation

I am using the free version and am monitoring several items of the Xenserver host without issue using SNMP following the referred guide.am using the free version and am monitoring several items of the Xenserver host without issue using SNMP following the referred guide.

I use PRTG and get processor, memory, network and VM status.use PRTG and get processor, memory, network and VM status.

Postedosted 04 Novem ber 2010 - 06:43 PM4 Novem ber 2010 - 06:43 PM

#1 61 6Elisa Brownlisa Brown MEMBERSEMBERS

Check out the eG XenServer Monitoring Tool -heck out the eG XenServer Monitoring Tool - http://www.eginnovat...er-overview.htmttp://www.eginnovat...er-overview.htm (http://www.eginnovations.com/web/citrix-(http://www.eginnovations.com/web/citrix-

xenserver-overview.htm)enserver-overview.htm)

Postedosted 1 7 O c tob er 2 0 1 1 - 1 1 : 34 A M7 O c tob er 2 0 1 1 - 1 1 : 34 A M
http://www.eginnovations.com/web/citrix-xenserver-overview.htmhttp://-/?-http://discussions.citrix.com/forum/1365-server-installation/

monitoring - server installation - discussions

Documents