Module 12

1. Module 12 • Performing Preventive Maintenance

2. Mon Overview • What is Mon? • Mon is a general purpose service monitor • Mon schedules monitors • Mon provides a multitude of alert methods • Mon is extensible • SCOoffice Server uses Mon to monitor: • HTTP • LDAP • FTP • SMTP • IMAP • Pop3

3. Mon Monitor facilities • Monitor scripts provided by Mon: • dns.monitor • ftp.monitor • http.monitor • imap.monitor • ldap.monitor • ping.monitor • pop3.monitor • smtp.monitor • tcp.monitor • telnet.monitor • Monitor scripts are stored in /opt/insight/mon/mon.d

4. Mon Alert Methods • Alert scripts provided by Mon: • file.alert • mail.alert • remote.alert • Alert scripts are stored in /opt/insight/mon/alert.d

5. The MON configuration file MON is configured in /opt/insight/mon/etc/mon.cf • maxprocs = 20 • randstart = 60s • hostgroup building1 elm.example.com oak.example.com • hostgroup building2 spruce.example.com maple.example.com • watch building1 • service ftp • interval 1m • monitor ftp.monitor • period wd {Sun-Sat} • alert file.alert /opt/insight/logs/mon_ftp.log • alert mail.alert admin@example.com • alertevery 1h

6. The MON configuration file (cont.) MON is configured in /opt/insight/mon/etc/mon.cf • maxprocs = 20 • randstart = 60s • hostgroup building1 elm.example.com oak.example.com • hostgroup building2 spruce.example.com maple.example.com • watch building1 • service ftp • interval 1m • monitor ftp.monitor • period wd {Sun-Sat} • alert file.alert /opt/insight/logs/mon_ftp.log • alert mail.alert admin@example.com • alertevery 1h

7. The MON configuration file (cont.) MON is configured in /opt/insight/mon/etc/mon.cf • maxprocs = 20 • randstart = 60s • hostgroup building1 elm.example.com oak.example.com • hostgroup building2 spruce.example.com maple.example.com • watch building1 • service ftp • interval 1m • monitor ftp.monitor • period wd {Sun-Sat} • alert file.alert /opt/insight/logs/mon_ftp.log • alert mail.alert admin@example.com • alertevery 1h

8. The MON configuration file (cont.) MON is configured in /opt/insight/mon/etc/mon.cf • maxprocs = 20 • randstart = 60s • hostgroup building1 elm.example.com oak.example.com • hostgroup building2 spruce.example.com maple.example.com • watch building1 • service ftp • interval 1m • monitor ftp.monitor • period wd {Sun-Sat} • alert file.alert /opt/insight/logs/mon_ftp.log • alert mail.alert admin@example.com • alertevery 1h

9. Managing Disk Space • Strategies for managing disk space usage: • Setting maximum message size • Restricting attachments • Imposing quotas • Setting mailbox expire values • Setting logging levels • Pruning log files

10. Managing Disk Space • Strategies for managing disk space usage: • Setting maximum message size • Restricting attachments • Imposing quotas • Setting mailbox expire values • Setting logging levels • Pruning log files

11. Guarding Backups • Backups are stored in /opt/insight/htdocs/is4web/tar • Protected by .htaccess in that directory • Beware of: • Missing .htaccess • Modified .htaccess • World writable .htaccess

12. Configuration File Sanity Checks • spamassassin --lint • postfix check • apachectl configtest

13. Log Files • SCOoffice uses the following log files: • /var/adm/syslog • /opt/insight/logs/amavis.log • /opt/insight/logs/freshclam.log • /opt/insight/logs/access_log • /opt/insight/logs/error_log

14. Log Files

15. Log Files Where to specify logging levels: • /etc/syslog.conf • /opt/insight/etc/postfix/master.cf • /opt/insight/etc/postfix/main.cf • /opt/insight/etc/amavisd.conf • /opt/insight/etc/clamav.conf • /opt/insight/etc/freshclam.conf • /opt/insight/etc/apache/httpd.conf

16. Log Files Events to monitor in syslog: • Monitor SMTPD connections: egrep “[^s]connect from|client=“ /var/adm/syslog • Monitor bounced messages: grep status=bounced /var/adm/syslog • Monitor deferred messages: grep status=deferred /var/adm/syslog • Monitor address rewriting: grep orig_to /var/adm/syslog • Monitor SASLAUTHD failures: grep “auth failure” /var/adm/syslog