CentOS IP Tables?
We don't do much monitoring of servers at the moment, but I received an inquiry about the possibility of monitoring iptables data for a CentOS server. I've looked through modules in the exchange and I'm not seeing much that seems to do this but I was curious if anyone else has ever looked into this. I'm not a server person so I am also not as knowledgeable about how this works as I'd like to be Thank youLinux details for EC2 hosts
Linux details for EC2 hosts such as Kernel version, etc are not displayed, as the Linux_SSH datasource specifically excludes these. I can understand that for some hardware specific properties/info, but it would be useful to have the patch release, etc. of the kernel regardless of being a VM/EC2 in AWS. Is there another datasource or property source I should be using for this info?Migrate your Linux collectors to non-root by Sept 30!
Hello All, Thank you for supporting LogicMonitor's efforts to ensure Collector Security. With your help, we have been able to transition ~7,000 collectors to non-privileged users out of the 10,000 linux collectors currently live in customer environments. Per our last email on this topic, we had shared a deadline of June 30, 2023 for customers to migrate their collectors from root to non-root users. Due to customer requests needing more time, we have now extended the deadline to September 30, 2023, allowing for more time to test the non-root migration scripts and migrate linux collectors. We appreciate your support in helping us achieve our goal of running all collectors using non-privileged credentials. ACTION REQUIRED: Migrate any collectors which are running under root users to non-privileged users For more details, please refer to: https://www.logicmonitor.com/support/migrating-collector-from-root-to-non-root-user If your current collector installation process uses the root user to install linux collectors, please start using non-privileged user For more details, please refer to: https://www.logicmonitor.com/support/collectors/collector-installation/installing-collectors#Linux-collector. TIMELINE: Migrate your current linux collector install base to non-privileged users as soon as possible, however no later than September 30, 2023. Your current collectors will not be affected by this change, only new installs will not be installed as root. Thank you for your prompt attention to this matter. If you have any questions, please contact Logicmonitor Support or contact your Customer Success Manager (CSM) Is there a reasonwhy this will not work in your environment? Would you still like to run a linux collector as root? Let us know in the comments Thank you!
eBPF monitoring support for Linux hosts
I have seen this with some other enterprise solutions and it’s a popular choice when we don’t want ‘APM’ level metrics but we are interested in the HTTP metrics such as requests/sec, error/sec, etc. Redhat has a decent article on this: Monitoring eBPF-based metrics (redhat.com) Some blogs focussed on HTTP metrics: eBPF enhanced HTTP observability — L7 metrics and tracing | by Apache SkyWalking | Jan, 2023 | Medium I am starting to see DevOps requests this sort of monitoring especially on third party software where instrumentation for APM is not possible or preferred by vendor. We’d recently had a requirement similar to this for an enterprise product and LM can only poll HTTP and record results and not be able to track incoming requests to the server. Quite like to see this being supported - DataDog already supports this and I can see this being quite important going forward.
Export Netflow from Linux to LogicMonitor
Exporting Netflow from Linux with softflowd NetFlow is an industry standard network protocol for monitoring traffic flows across a network interface. It is used most commonly by devices like firewalls, routers, and switches, but some software packages make it possible to export Netflow data from a server operating system - in this caseLinux (withsoftflowd) - toa Netflow collector (LogicMonitor)for traffic analysis. Ubuntu Documentation here:http://manpages.ubuntu.com/manpages/xenial/man8/softflowd.8.html The following assumes you have an Ubuntu device in your portal which you can access with sudoer permissions. It also assumes Netflow has been enabled for the device and the collector in question. Install softflowd: sudo apt-get install softflowd Open /etc/default/softflowd for editing: sudo nano /etc/default/softflowd Set the value for INTERFACE and add the destination ip:port (<collectorIP>:2055) under OPTIONS. Other options are available, check the link above for full documentation. # # configuration for softflowd # # note: softflowd will not start without an interface configured. # The interface softflowd listens on. You may also use "any" to listen # on all interfaces. INTERFACE= "eth0" # Further options for softflowd, see "man softflowd" for details. # You should at least define a host and a port where the accounting # datagrams should be sent to, e.g. # OPTIONS="-n 127.0.0.1:9995" OPTIONS= "-n 192.168.170.130:2055" Save your changes by pressing Ctrl-O , then exit nano by pressing Ctrl-X . Restart softflowd. sudo service softflowd restart Add a rule to the firewall to allow traffic on 2055. sudo ufw allow 2055 CentOs This is a bit more work since you can't just install a package; you'll need to download the source and compile. Most of the information here comes fromhttps://www.scribd.com/doc/199440303/Cacti-Netflow-Collector-Flowview-and-Softflowd More good info:https://thwack.solarwinds.com/thread/59620 Check to see if you have the compiler installed. which gcc If you don't get /usr/bin/gcc as the response, you'll need to install it. sudo yum install gcc Install libpcap-devel (you'll need this to compile softflowd). sudo yum install libpcap-devel Download the softflowd source. wget https: //storage .googleapis.com /google-code-archive-downloads/v2/code .google.com /softflowd/softflowd-0 .9.9. tar .gz Make sure you're in the directory where you saved the download, then untar the dowloaded source files. tar -xzvf softflowd-0.9.9. tar .gz Switch to the softflowd directory, then run the commands to compile and install it. cd softflowd-0.9.9 . /configure make make install Now we want to have softflowd start when the system boots. We'll need to add a line to the end of /etc/rc.d/rc.local . Use your device's interface after -i and your collector's IP address after -n . sudo nano /etc/rc .d /rc . local <add the following line to the end of the file > /usr/local/sbin/softflowd -i eth0 -n 10.13.37.111:2055 Save your changes with Ctrl-O , exit nano with Ctrl-X . Make sure /etc/rc.d/rc.local is executable. sudo chmod +x /etc/rc .d /rc . local Open port 2055 in the firewall so the collector can receive the data. sudo firewalld-cmd --zone=public --add-port=2055 /tcp --permanent Reboot the machine for all changes to take effect. *Original guide courtesy of@Kurt Huffmanat LogicMonitor