With Linux and Big Brother Watching Over Your Network, You Do Not Have to Look Over Your Shoulder (Or Your Budget)
Total Page:16
File Type:pdf, Size:1020Kb
50-10-11 DATA COMMUNICATIONS MANAGEMENT WITH LINUX AND BIG BROTHER WATCHING OVER YOUR NETWORK, YOU DO NOT HAVE TO LOOK OVER YOUR SHOULDER (OR YOUR BUDGET) Daniel Carrere INSIDE Components of a Linux and Big Brother UNIX Network Monitor; Understanding Linux and Big Brother UNIX Network Monitoring; Economizing Without Sacrifice; Details of the Services That Can be Monitored; How Big Brother Monitors Linux’s Hardware Utilization; Big Brother: The User Interface; Automatically Notifying the System Administrator in the Event of a Problem via Pager, E-mail, or Both INTRODUCTION Many systems administrators in the networking world of today find them- selves attending to multiple systems. As such, these administrators want to automate monitoring and problem detection. To effectively monitor a system, one must consider many aspects, each of which are vital to sys- tem availability. The aspects that require a system monitor’s attention are the states of the services being provided (DNS, NNTP, FTP, SMTP, HTTP, and POP3), the states of the server’s hardware (disk space usage, CPU usage/utilization), and the states of core operating system aspects (essen- tial system processes). In addition, one also would like to be able to de- termine the system uptime, as well as any warning or status messages. PAYOFF IDEA Most importantly, one would like to Network administrators can combine the Linux be able to accomplish all of these operating system with the Big Brother UNIX net- tasks without repetition. One of the work monitor to view the status of their systems most effective ways to accomplish all without requiring specialized software to view the results. The status information can be accessed the aims without repetitiveness and from anywhere in the world, and the solution pro- provide the results within a singular vides a very low cost of ownership. 04/00 Auerbach Publications © 2000 CRC Press LLC DATA COMMUNICATIONS MANAGEMENT interface for ease of analysis is with the synergy created by using Linux and the Big Brother UNIX network monitor. Furthermore, by using a combination of Linux and the Big Brother UNIX network monitor, one is afforded the ability to view the status of systems and their associated pro- cesses without having to use specialized software to view the results, since the results are formatted into an HTML document that can be served by the Apache Web server running on Linux. As a benefit of hav- ing a TCP/IP connection available to the monitoring server, one can monitor the systems from anywhere in the world via a TCP/IP connec- tion, provided that the machine serving the results is not blocked from access via a firewall and the machine is using a routable network layer address. Last but not least, an additional benefit of using a monitoring system comprised of Linux and Big Brother is that the total cost of de- ployment involves no associated costs for software (neither system nor monitoring). COMPONENTS OF A LINUX AND BIG BROTHER UNIX NETWORK MONITOR There are two core components of a Linux and Big Brother network monitoring solution. Those two component parts are: (1) the Linux oper- ating system and (2) the Big Brother networking monitor. Each of these two core components can be broken down into numerous categories; but in light of the expressed purpose of this article being network mon- itoring, the monitoring components and how they relate, integrate, and operate within/into the Linux operating system are discussed. Big Brother: The Five Core Parts Big Brother is composed of five core components: the central monitoring station (also called the display server), the network monitor, the local system monitor, pager programs, and intra-machine communications programs. Additionally, these five components involve two key pro- grams: bb (the client that runs on the machines being monitored) and bbd (the server program [daemon] running on the central monitor/dis- play server). Component One: The Central Monitoring Station (Display Serv- er). The central monitoring system/display server effectively accepts the system status reports from the systems being monitored. Through the generation of HTML results, the reports generated can be viewed on vir- tually any computing platform available today. The format of the results has the ability to be customized by simply modifying one of the Bourne shell scripts. Component Two: The Network Monitor. This segment of Big Broth- er operates using ICMP echo requests (pings). Essentially, the network Auerbach Publications © 2000 CRC Press LLC YOU DO NOT HAVE TO LOOK OVER YOUR SHOULDER (OR YOUR BUDGET) monitor contacts each host system listed in its host file. The network mon- itor runs on any UNIX machine and periodically contacts every element listed in the directory_path_chosen_for_installation/bb/etc/bb-hosts file via ping. The results are sent to the central monitor so as to update the system status. Component Three: The Local System Monitor. It is the local system monitor’s duty to keep a check on the disk utilization and CPU utiliza- tion, and that system processes are running in a desirable fashion. After determining the status of these system aspects, the central monitor is then updated. In the event of problems, the local system monitor has the ability to contact the system administrator. Component Four: The Pager Programs. The Big Brother client pro- gram that resides on the system being monitored sends the monitoring information to the display server, which then forwards the information using the Kermit modem protocol to the administrator’s pager. Component Five: Intra-machine Communications Programs. The Big Brother client program sends its status information to the specified display and pager servers to TCP port 1984 (this port number was chosen by Big Brother’s creator, Sean MacGuire, in reference to George Orwell’s book, 1984). UNDERSTANDING LINUX AND BIG BROTHER UNIX NETWORK MONITORING The workings of the Big Brother network monitor are such that there are two core aspects that fit well with the traditional understanding of cli- ent/server computing. In essence, this means that the stations being mon- itored effectively are being servers (serving information to the display server after obtaining system information using their location client appli- cations) of their system and process statuses to a central monitor that functions as a client. The central monitor polls the servers and obtains status information in a similar respect to any client/server interactive que- ry session. Effectively, the central monitor, the machine collecting the in- formation about the other hosts, is acting as a client. Once the central monitor obtains the information, the Web server running on the central monitor servers the statuses, represented by colored spheres, out to re- questing Web clients in the form of an HTML document so that they can effectively determine the status of their network at a glance. ECONOMIZING WITHOUT SACRIFICE When one combines Linux and Big Brother, one gains in several areas. The most important benefit is that of the stability afforded by the Linux operating system. For the machines being monitored, the last thing that Auerbach Publications © 2000 CRC Press LLC DATA COMMUNICATIONS MANAGEMENT one wants to happen is to have the monitor machine fail. When monitor- ing using the Linux operating system, one gains stability — at least in light of the operating system employed. When combined with high-qual- ity hardware, one has a winning solution. To further ensure reliable mon- itoring, one can have redundant display servers. This can easily be accomplished through the simplicity of Big Brother’s structure being a group of Bourne shell scripts that require only a text editor (vi, emacs, pico, etc.) to modify their operation. DETAILS OF THE SERVICES THAT CAN BE MONITORED Big Brother can monitor connection, CPU utilization, disk utilization, DNS availability, HTTP (HyperText Transfer Protocol) service availability, IMAP (Internet Message Access Protocol) service availability, MRTG (Multi-router Traffic Grapher) service availability, msgs, POP3 (Post Of- fice Protocol 3) service availability, procs (specified system processes), SMTP (Simple Mail Transport Protocol) service availability, SSH (Secure SHell) service availability, and Telnet service availability. Many of these services are monitored via an ICMP echo request ping command to determine if the system is reachable. Although the non-re- turn of a ping to a given host is not indicative of a host failure, it does alert the system administrator that the matter needs to be investigated in order to determine if there are problems along the transmission line that provides connectivity to the machine. Additionally, in the event of an un- successful ping and verification that the transmission line is functioning properly, the system administrator should then check the cabling to the machine as well as the network interface card(s) into the machine to de- termine the source of the problem. What Big Brother Monitors Big Brother monitors the following services offered by Linux: • DNS availability • HTTP (HyperText Transfer Protocol) service availability • IMAP (Internet Message Access Protocol) service availability • MRTG (Multi-router Traffic Grapher) service availability • msgs • POP3 (Post Office Protocol 3) service availability • procs (specified system processes) • SMTP (Simple Mail Transfer Protocol) service availability • SSH (Secure SHell) service availability • FTP service availability • NNTP (Network News Transport Protocol) service availability • Telnet service availability Auerbach Publications © 2000 CRC Press LLC YOU DO NOT HAVE TO LOOK OVER YOUR SHOULDER (OR YOUR BUDGET) DNS availability is accessed via the use of a nameserver lookup. HTTP server process/daemon availability is accomplished using a session of the lynx (a text-based Web browser) to check for a valid HTTP re- sponse as well as output. TCP port 80 is the port queried on the host unless an alternate port is specified in the /etc/services file. IMAP availability verification is accomplished querying the server on TCP port 143 on the host unless an alternate port is specified in the /etc/ser- vices file.