160 likes | 337 Views
Module 12. Performing Preventive Maintenance. Mon Overview. What is Mon? Mon is a general purpose service monitor Mon schedules monitors Mon provides a multitude of alert methods Mon is extensible SCO office Server uses Mon to monitor: HTTP LDAP FTP SMTP IMAP Pop3.
E N D
Module 12 • Performing Preventive Maintenance
Mon Overview • What is Mon? • Mon is a general purpose service monitor • Mon schedules monitors • Mon provides a multitude of alert methods • Mon is extensible • SCOoffice Server uses Mon to monitor: • HTTP • LDAP • FTP • SMTP • IMAP • Pop3
Mon Monitor facilities • Monitor scripts provided by Mon: • dns.monitor • ftp.monitor • http.monitor • imap.monitor • ldap.monitor • ping.monitor • pop3.monitor • smtp.monitor • tcp.monitor • telnet.monitor • Monitor scripts are stored in /opt/insight/mon/mon.d
Mon Alert Methods • Alert scripts provided by Mon: • file.alert • mail.alert • remote.alert • Alert scripts are stored in /opt/insight/mon/alert.d
The MON configuration file MON is configured in /opt/insight/mon/etc/mon.cf • maxprocs = 20 • randstart = 60s • hostgroup building1 elm.example.com oak.example.com • hostgroup building2 spruce.example.com maple.example.com • watch building1 • service ftp • interval 1m • monitor ftp.monitor • period wd {Sun-Sat} • alert file.alert /opt/insight/logs/mon_ftp.log • alert mail.alert admin@example.com • alertevery 1h
The MON configuration file (cont.) MON is configured in /opt/insight/mon/etc/mon.cf • maxprocs = 20 • randstart = 60s • hostgroup building1 elm.example.com oak.example.com • hostgroup building2 spruce.example.com maple.example.com • watch building1 • service ftp • interval 1m • monitor ftp.monitor • period wd {Sun-Sat} • alert file.alert /opt/insight/logs/mon_ftp.log • alert mail.alert admin@example.com • alertevery 1h
The MON configuration file (cont.) MON is configured in /opt/insight/mon/etc/mon.cf • maxprocs = 20 • randstart = 60s • hostgroup building1 elm.example.com oak.example.com • hostgroup building2 spruce.example.com maple.example.com • watch building1 • service ftp • interval 1m • monitor ftp.monitor • period wd {Sun-Sat} • alert file.alert /opt/insight/logs/mon_ftp.log • alert mail.alert admin@example.com • alertevery 1h
The MON configuration file (cont.) MON is configured in /opt/insight/mon/etc/mon.cf • maxprocs = 20 • randstart = 60s • hostgroup building1 elm.example.com oak.example.com • hostgroup building2 spruce.example.com maple.example.com • watch building1 • service ftp • interval 1m • monitor ftp.monitor • period wd {Sun-Sat} • alert file.alert /opt/insight/logs/mon_ftp.log • alert mail.alert admin@example.com • alertevery 1h
Managing Disk Space • Strategies for managing disk space usage: • Setting maximum message size • Restricting attachments • Imposing quotas • Setting mailbox expire values • Setting logging levels • Pruning log files
Managing Disk Space • Strategies for managing disk space usage: • Setting maximum message size • Restricting attachments • Imposing quotas • Setting mailbox expire values • Setting logging levels • Pruning log files
Guarding Backups • Backups are stored in /opt/insight/htdocs/is4web/tar • Protected by .htaccess in that directory • Beware of: • Missing .htaccess • Modified .htaccess • World writable .htaccess
Configuration File Sanity Checks • spamassassin --lint • postfix check • apachectl configtest
Log Files • SCOoffice uses the following log files: • /var/adm/syslog • /opt/insight/logs/amavis.log • /opt/insight/logs/freshclam.log • /opt/insight/logs/access_log • /opt/insight/logs/error_log
Log Files Where to specify logging levels: • /etc/syslog.conf • /opt/insight/etc/postfix/master.cf • /opt/insight/etc/postfix/main.cf • /opt/insight/etc/amavisd.conf • /opt/insight/etc/clamav.conf • /opt/insight/etc/freshclam.conf • /opt/insight/etc/apache/httpd.conf
Log Files Events to monitor in syslog: • Monitor SMTPD connections: egrep “[^s]connect from|client=“ /var/adm/syslog • Monitor bounced messages: grep status=bounced /var/adm/syslog • Monitor deferred messages: grep status=deferred /var/adm/syslog • Monitor address rewriting: grep orig_to /var/adm/syslog • Monitor SASLAUTHD failures: grep “auth failure” /var/adm/syslog