To this effect, the sudo configuration file (/etc/sudoers) must be configured so that password prompts are not required for a number of executables. The commands requiring elevated privileges differ by platform. The following commands must be configured for this version of Foglight for Infrastructure.
Used to read IO statistics from the /proc filesystem. | ||
/sbin/ethtool or /usr/sbin/ethtool (depending on distribution) /sbin/mii-tool or /usr/sbin/mii-tool (depending on distribution) |
Used to determine the network card bandwidth; ethtool is favoured if it is found. | |
Oracle Solaris agents do not require sudo access. |
The following is an example of how to configure the /etc/sudoers file to allow the user foglight to execute Linux® commands without being prompted for a password:
In addition, the requiretty flag must not be set in /etc/sudoers for the user, since Foglight for Infrastructure agents use non-interactive shells.
The following is an example of how to unset the requiretty flag for a single user named foglight, so that this user can run sudo commands remotely:
NOTE: If requiretty flag is set, sudo can run only when the user is logged in to a real tty. When this flag is set, sudo can only be run from a login session and not via other means, such as cron or cgi-bin scripts. This flag is off (unset) by default. |
Depending on the user’s sudo and syslog.conf configuration, sudo use may result in excess logging. To minimize the amount of log messages, ensure that sudo does not make use of the LOG_INPUT or LOG_OUTPUT tags for the commands that the UnixAgent runs. Depending on the existing monitored hosts’ configuration, any lines added to the /etc/sudoers file for Foglight monitoring may have to include NOLOG_OUTPUT or NOLOG_INPUT to override the default configuration. For example, for a user named foglight connecting to a monitored host, the following lines are required:
The last argument in this syntax depends on the type and location of the tool, ethtool or mii-tool, used to determine the network card bandwidth. If you are unsure which tool your system uses, you can specify all of them:
The UnixAgent monitors Linux®, Oracle Solaris®, HP-UX, or AIX® systems and collects the following information:
NOTE: The UnixAgent monitoring Solaris platforms treated ZFS® pools (retrieved by executing the zpool list command) as LogicalDisks, however the UnixAgentPlus treats them as PhysicalDisk. Due to this change, when switching from UnixAgent to UnixAgentPlus, you may notice that certain filesystem-related alarms that were raised for LogicalDisks under UnixAgent are now raised for PhysicalDisks under UnixAgentPlus. Additionally, charts for ZFS Pools that used to be populated for LogicalDisks under UnixAgent are populated for PhysicalDisks under UnixAgentPlus. |
IMPORTANT: Using the native collector to monitor an HP-UX system requires that the monitoring UnixAgent’s account belong to the sys and bin groups on the monitored system. Failing to add the account to these groups prevents the agent from collecting some logical disk metrics. |
There are views, rules, and data associated with this agent. For more information, see Reference.
For more details, see these topics:
For a list of platforms supported for the UnixAgent, see “System Requirements” in the Foglight for Infrastructure Release Notes.
When an agent connects to the Foglight Management Server, it is provided with a set of properties that it uses to configure its correct running state. For more information about working with agent properties, see Creating agent instances.
You can configure the following settings for this agent:
• |
• |
Host: host name or IP address. |
• |
Host name override: host name to be used to store this host’s data in the Foglight data model. |
• |
Port: SSH port on which the agent connects. Default value = 22. |
• |
Top CPU Processes: number of top CPU processes to be monitored. Default value = 5. |
• |
Top Memory Processes: number of top memory processes to be monitored. Default value = 5. |
• |
Top IO Processes: number of top IO processes to be monitored. Default value = 5. |
• |
Keep Retry If Collection Failed: Default value = False. When set to True, the agent keeps trying to collect data when failed to connect to the target host during startup. |
• |
Use native collector (if available): Default value = True. |
IMPORTANT: Using the native collector to monitor an HP-UX system requires that the monitoring UnixAgent’s account belong to the sys and bin groups on the monitored system. Failing to add the account to these groups prevents the agent from collecting some logical disk metrics. |
• |
Aggregate data for all instances of a program: Default value = True. When set to True, the agent collects data from all the instances of a program (for example all Oracle® instances), aggregates the information, and presents it in a unified report. |
• |
Collect Top N Process Details: Default value = True. When set to True, the agent collects data for the Top CPU Processes, Top Memory Processes, and Top IO Processes. Details about these top processes are accessible from the Infrastructure Environment dashboard (for example, to see the top CPU processes, in the Monitoring tab, select a host on the Quick view, click the Explore button in the Resource Utilizations view, and click any metric indicator in the CPU area; the top CPU consumers are displayed in the CPU Details dashboard.) |
• |
Collect process metrics: Default value = True. When set to True, the agent collects process metrics. |
• |
Collect CPU metrics: Default value = True. When set to True, the agent collects performance metrics about the system’s CPUs. |
• |
Collect disk metrics: Default value = True. When set to True, the agent collects performance metrics about the system’s disks. |
• |
Include filesystems mounted from memory: Default value = False. This property indicates to the agent whether or not to collect information about RAM disks. This information is typically collected when monitoring Linux® and Solaris® platforms, and not collected for HPUX and AIX® platforms. |
• |
Include mounted remote filesystems: Default value = False. When set to True, the agent collects metrics about remotely mounted disks. |
• |
Collect memory metrics: Default value = True. When set to True, the agent collects performance metrics about the system’s memory. |
• |
Collect network metrics: Default value = True. When set to True, the agent collects performance metrics about the network. |
TIP: If you are collecting basic host metrics using Foglight for VMware, you may need to set the Collect CPU/disk/memory/network metrics options to False, to prevent Foglight for VMware and Foglight for Infrastructure from reporting different or conflicting values. For Foglight for VMware, consider setting all four flags to False. |
• |
Collect System ID: Default value = True. This property indicates to the agent whether or not to collect a unique system ID from this system. This is not always desirable when monitoring Hyper-V® systems, as some Hyper-V systems use the same ID for multiple systems and are not unique. |
• |
Collect Hypervisor metrics: Default value = False. This property indicates to the agent whether or not to collect additional metrics from hypervisor systems (for example, Solaris global Zone, AIX® LPAR, and so on). |
• |
Use ping to validate host availability: Default value = False. When set to True, the agent is configured to use ping to detect if the monitored host is unavailable. If the agent fails to make a connection to the monitored host, and this property is set to True, the agent sends a ping command to the host. If the host does not respond, the Host.monitored observation is set to UNAVAILABLE (for more details, see Host availability alerting). |
NOTE: When the Use ping to validate host availability property is enabled on a UNIX® platform, the sudoer file needs to configured to allow the ICMP process to run with NOPASSWD. For details, see Configuring secure launcher permissions using sudo. |
• |
Use commands with sudo: Default value = False. When set to False, the agent does not use commands that require sudo, and does not collect metrics that require root permissions. For more information about sudo commands that require root access, see Configuring secure launcher permissions using sudo. |
• |
Filter local disks based on declared filesystem types: Default value = True. When set to True, the agent enables the local filesystem type filtering. |
• |
Path to sudo command: The path to the sudo executable. |
• |
Process Availability Config: A list of monitored processes and their expected instance counts. The list contains three columns: Process Name, Command Line, and Expected Process Count, and can be edited, as required. The agent compares the number of actual processes with the number of expected processes, found in this list. Results are displayed in the Processes > User Defined Processes (Process Availability Config) view (for details, see User Defined Processes (Process Availability Config)). |
• |
Solaris: Execute the “/usr/bin/ps -e -o uid,pid,ppid,vsz,rss,time,pcpu,sid,s,user,comm,args” command. Then you will get the following process details. |
• |
Exclude/Include FileSystems: The type of FileSystems list to be used for monitoring. |
• |
Exclude (default) indicates that the file systems listed in the FileSystems list should be excluded from monitoring. |
• |
Include performs system monitoring on the file system that you are defining. |
• |
Filesystem Config: A list of file systems that are excluded from monitoring (if the Exclude/Include FileSystems property is set to Exclude) or included in the monitoring (if the Exclude/Include FileSystems property is set to Include). You can modify, clone, and delete lists of excluded/included file systems, as necessary. The list contains three columns: MountPoint regular expression, Remote host name regular expression, and Monitored host regular expression. An entry in the list consists of three regular expressions that together identify one or more file systems that are excluded from/ included in the monitoring. For example: |
If set, the file systems with the matching mount point should be excluded/included. In this example: All file systems located in /workspace. | ||
In this example: All remote hosts starting with “tor” such as tor.test.com or tor.prod.com. | ||
In this example: All hosts starting with “tor” such as tor.test.com or tor.prod.com. |
• |
Collector Config: defines how quickly the agent collects data. UNIX® provides a defaultSchedule configuration. Users can modify, clone, and delete configurations, as necessary. |
To this effect, the sudo configuration file (/etc/sudoers) must be configured so that password prompts are not required for a number of executables. The commands requiring elevated privileges differ by platform. The following commands must be configured for this version of Foglight for Infrastructure.
Some AIX versions require elevated permissions to access virtual memory information. | ||
Used to read IO statistics from the /proc filesystem. | ||
/sbin/ethtool or /usr/sbin/ethtool (depending on distribution) /sbin/mii-tool or /usr/sbin/mii-tool (depending on distribution) |
Used to determine the network card bandwidth; ethtool is favoured if it is found. | |
Oracle Solaris agents do not require sudo access. | ||
HP-UX agents do not require sudo access. |
The following is an example of how to configure the /etc/sudoers file to allow the user foglight to execute Linux® commands without being prompted for a password:
In addition, the requiretty flag must not be set in /etc/sudoers for the user, since Foglight for Infrastructure agents use non-interactive shells.
The following is an example of how to unset the requiretty flag for a single user named foglight, so that this user can run sudo commands remotely:
NOTE: If requiretty flag is set, sudo can run only when the user is logged in to a real tty. When this flag is set, sudo can only be run from a login session and not via other means, such as cron or cgi-bin scripts. This flag is off (unset) by default. |
Depending on the user’s sudo and syslog.conf configuration, sudo use may result in excess logging. To minimize the amount of log messages, ensure that sudo does not make use of the LOG_INPUT or LOG_OUTPUT tags for the commands that the UnixAgent runs. Depending on the existing monitored hosts’ configuration, any lines added to the /etc/sudoers file for Foglight monitoring may have to include NOLOG_OUTPUT or NOLOG_INPUT to override the default configuration. For example, for a user named foglight connecting to a monitored host, the following lines are required:
The last argument in this syntax depends on the type and location of the tool, ethtool or mii-tool, used to determine the network card bandwidth. If you are unsure which tool your system uses, you can specify all of them:
For complete information about sudo and /etc/sudoers, refer to the sudo and /etc/sudoers man pages.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center