===== ULS-Agent for Linux =====
That is the ULS-agent for
checking runtime metrics and status information of
several Linux and Unix-like operating systems,
searching logfiles, checking audit relevant settings
and logging administrative access.
==== Overview ====
The ULS-Client for Linux consists of several compiled executables,
bash scripts and configuration files.
* the base software parts to generate ULS value files in the [[uls:agents:value_file_format]], from simple values to complete files
* scripts to transfer the ULS value files to the ULS-server
* scripts to gather runtime metrics of the operating system
* a logfile adapter to search logfiles for text pattern or to extract values from text files
* provides a user-related logging mechanism for all entered commands and its output during a terminal session (good for audits)
It requires the package [[:unix2web]].
It is available for SLES11, Kubuntu xy, Solaris x and HP-UX B11.31, although
the latest version is not always and at once available for all operating systems.
-----
=== Features ===
A part from the core ULS-related functions the ULS-Client for Linux provides:
* metrics about cpu, disk and network performance
* the current usage of memory and disks
* detailed process monitoring
* storing of files, plain ascii/binary (e.g. /etc/postfix/master.cf, /etc/sudoers, ...)
* scripts to test web service responses (GET, POST, ...)
* inventory information in csv format
-----
==== Download & Installation ====
-----
=== openSUSE Leap 42.3 ===
Download the the current version of the [[:unix2web]] and the [[:uls:agents:linux]]
* {{:unix2web:u2webtools-9.5-3_opensuse_leap_42.3.x86_64.rpm}}
* {{:uls:agents:uls-client-3.10-8_opensuse_leap_42.3.x86_64.rpm}}
and copy these files as root to a temporary directory.
Checksums:
# sha1sum u2webtools*
b3bf67a71b0e3c34b58a0553030e9ec9a767ee9e u2webtools-9.5-3_openSUSE_Leap_42.3.x86_64.rpm
# sha1sum uls-client*.rpm
9b457d752f5e4cb8266e413b28a4b8c195f58079 uls-client-3.10-8_openSUSE_Leap_42.3.x86_64.rpm
Install the package:
# rpm --install u2webtools-9.5-3_openSUSE_Leap_42.3.x86_64.rpm
# rpm --install uls-client-3.10-8_openSUSE_Leap_42.3.x86_64.rpm
-----
=== SLES12 ===
Download the the current version of the [[:unix2web]] and the [[:uls:agents:linux]]
* {{:unix2web:u2webtools-9.5-2_sles12.x86_64.rpm}}
* {{:uls:agents:uls-client-3.10-7_sles12.x86_64.rpm}}
and copy these files as root to a temporary directory.
Checksums:
# sha1sum u2webtools*
33be6ec70a4362167daf82cb3e8b9a5a35af168d u2webtools-9.5-2_sles12.x86_64.rpm
# sha1sum uls-client*.rpm
d109085f7219a3691803fe3fdb06c44c661a0931 uls-client-3.10-7_sles12.x86_64.rpm
Install the package:
# rpm --install u2webtools-9.5-2_sles12.x86_64.rpm
# rpm --install uls-client-3.10-7_sles12.x86_64.rpm
-----
=== RedHat 9 based ===
Download the the current version of the [[:unix2web]] and the [[:uls:agents:linux]]
* {{:unix2web:u2webtools-9.9-5.el9.x86_64.rpm}}
* {{:unix2web:u2webtools_mariadb_18-9.9-5.el9.x86_64.rpm}}
* {{:uls:agents:uls-client-3.15-8.el9.x86_64.rpm}}
and copy these files as root to a temporary directory.
# Checksums: sha256sum
72fdb9db611d4c18e95eaa89acb72861574c068c2f10827f34bc01f6d8d93a0e u2webtools-9.9-5.el9.x86_64.rpm
0fc702734ad6beffda1293cd20adb84a2cfc417a3cf2e4c406d70a9ca63fb263 u2webtools_mariadb_18-9.9-5.el9.x86_64.rpm
da833ebe7d906f9da31866eb57ac040a03dba7f5116fa8e39b54ef7f6006c6ab uls-client-3.15-8.el9.x86_64.rpm
-----
=== CentOS 7 (RedHat 7) ===
Download the the current version of the [[:unix2web]] and the [[:uls:agents:linux]]
* {{:unix2web:u2webtools-9.5-2.el7.x86_64.rpm}}
* {{:uls:agents:uls-client-3.10-7.el7.x86_64.rpm}}
and copy these files as root to a temporary directory.
Checksums:
# sha1sum u2webtools*
c299402729185837755f00a7e2ac17339ff7388f u2webtools-9.5-2.el7.x86_64.rpm
# sha1sum uls-client*.rpm
19b55bbf55ec2f7ce1bf9424e6eb5157af8ef3ac uls-client-3.10-7.el7.x86_64.rpm
Install the package:
# rpm --install u2webtools-9.5-2.el7.x86_64.rpm
# rpm --install uls-client-3.10-7.el7.x86_64.rpm
-----
=== CentOS 6 (RedHat 6) ===
Download the the current version of the [[:unix2web]] and the [[:uls:agents:linux]]
* {{:unix2web:u2webtools-9.5-2.el6.x86_64.rpm}}
* {{:uls:agents:uls-client-3.10-7.el6.x86_64.rpm}}
and copy these files as root to a temporary directory.
Checksums:
# sha1sum u2webtools*
033dbd4d2107f58c999166ced866b927b1f06983 u2webtools-9.5-2.el6.x86_64.rpm
# sha1sum uls-client*.rpm
d272f4e0fb3b042f6023f2f0ba5eef913e2210fe uls-client-3.10-7.el6.x86_64.rpm
Install the package:
# rpm --install u2webtools-9.5-2.el6.x86_64.rpm
# rpm --install uls-client-3.10-7.el6.x86_64.rpm
-----
=== Debian based ===
Download the the current version of the [[:unix2web]] and the [[:uls:agents:linux]]
* {{:unix2web:u2webtools_9.6-11debian9_amd64.deb}}
* {{:unix2web:u2webtools_9.6-11debian10_amd64.deb}}
* {{:uls:agents:uls-client_3.10-8_amd64.deb}}
and copy these files as root to a temporary directory.
Checksums:
# sha1sum u2webtools*
f1753b8e815bf9202c8ab74f63fe9c62 u2webtools_9.6-11debian9_amd64.deb
795f8121d9201936730b906a152e3e29 u2webtools_9.6-11debian10_amd64.deb
# sha1sum uls-client*.rpm
2de5da6331c57e48d32d21d0fe7b6575c4260e67 uls-client_3.10-8_amd64.deb
Install the package:
# dpkg -i u2webtools_9.5-2_amd64.deb
# dpkg -i uls-client_3.10-7_amd64.deb
-----
=== HP-UX ===
Download the the current version of the [[:unix2web]] and the [[:uls:agents:linux]]
* {{:uls:agents:unix2web-hpux-8.5.6-3.tgz}}
* {{:uls:agents:uls-client-hp-ux.2.1-1.tgz}}
and copy these files as root to a temporary directory.
Checksums:
# sha1sum unix2web*.tgz
# sha1sum uls-client*.tgz
:TODO:
Install the package:
:TODO:
:?: What about Ubuntu and Solaris
-----
==== Configuration ====
All configuration is done in directory ''/etc/uls''.
Define the ip-address of your ULS-server:
# vi /etc/uls/uls.conf
...
ULSSERVER=10.1.2.3:11975
-----
==== Regular Executions ====
A number of scripts is executed in regular time intervals to gather
all metrics. That is defined in the crontab:
$ cat /etc/cron.d/ulsclient
# ULS Monitoring
@reboot root /usr/share/ulsclient/do_tests -f /etc/uls/tests_reboot.conf >/dev/null 2>&1
*/5 * * * * root /usr/share/ulsclient/do_tests /etc/uls/tests5.conf >/dev/null 2>&1
*/15 * * * * root /usr/share/ulsclient/do_tests -f /etc/uls/tests15.conf >/dev/null 2>&1
36 5 * * * root /usr/share/ulsclient/do_tests -f /etc/uls/tests_daily.conf >/dev/null 2>&1
35 12 * * * root /usr/share/ulsclient/do_tests -f /etc/uls/tests_daily12.conf >/dev/null 2>&1
{|
! tests5.conf
| Contains all calls to metric scripts that are executed every 5 minutes
|-
! tests15.conf
| Contains all calls to metric scripts that are executed every 15 minutes
|-
! tests_daily12.conf
| Contains all calls to metric scripts that are executed at around 12:00 h
|-
! tests_daily.conf
| Contains all calls to metric scripts that are executed at around 24:00 h
|}
-----
==== Metric Scripts ====
These scripts are provided to acquire metrics about
the current status and load of the server (=source).
-----
=== test_aide ===
:TODO:
-----
=== test_checkrc ===
(SLES11)
Configure the services in the file ''/etc/uls/checkrc.conf'', that you want to have checked.
# checkrc.conf
#
# Configuration file for test_checkrc
#
# List all system services that you want to have checked if they are running.
#
# Name Path to rc-script, it is called with parameter "status"
###########################################################################
cron /etc/init.d/cron
The return value of the rc-script is transferred to the ULS-server.
Normally, 0 indicates no error, the service is running, any other value indicates error.
In the ULS user interface (interactive webbrowser-based analysis),
it is displayed as (matching to the above example):
│
└──►
│
└──►System
│
└──►Checkrc | time stamp | cron |
| ---------------------|------|
| 2013-11-12 13:05:00 | 0 |
| 2013-11-12 13:00:00 | 0 |
| 2013-11-12 12:55:00 | 0 |
...
-----
=== test_conf_files ===
Do the configuration in ''/etc/uls/conf_files.conf'',
define the name pattern for configuration files
and send the matching files, each compressed with bzip2, to the ULS-server.
# conf_files.conf
#
# Configuration file for test_conf_files
#
# Files will be compressed by using bzip2 before being sent to ULS
#
# Format:
#
# section teststep list of pattern for file names including path
###########################################################################
apache configuration /etc/apache2/httpd.conf /etc/apache2/conf.d/*
In the ULS user interface (interactive webbrowser-based analysis),
it is displayed as (matching to the above example):
│
└──►
│
└──►apache
│
└──►configuration
| time stamp | httpd.conf/ | php5.conf/ | dokuwiki.conf.aus/ |
| --------------------|----------------|---------------|-----------------------|
| 2013-11-12 14:30:00 | httpd.conf.bz2 | php5.conf.bz2 | dokuwiki.conf.aus.bz2 |
...
You may check for changes in any of the files by monitoring for differences between consecutive files.
-----
=== test_crontabs ===
That script sends all crontabs (except /etc/crontab) as text to the ULS-server.
In the ULS user interface (interactive webbrowser-based analysis),
it is displayed as:
│
└──►
│
└──►System
│
└──►Crondir
│
└──►cron.d
| time stamp | oracle |
| ---------------------|--------------------------------------------------------------------------------|
| | # |
| 2013-11-11 22:06:00 | # 2013-06-05 16:39:05, oracle, make_scripts.pl (0.31) |
| | # |
| | # crontab for Oracle database orcl |
| | # |
| | # ----- |
| | # Monitoring script for Oracle |
| | 1,11,21,31,41,51 * * * * oracle /oracle/admin/orcl/oracle_tools/watch_oracle |
| | # |
| | # ----- |
| | # Hourly actions (e.g. backup of archived redo logs) |
| | 2 * * * * oracle /oracle/admin/orcl/oracle_tools/hourly |
| | # |
| | # ----- |
| | # Nightly jobs (database backup, removal of trace files, etc) |
| | 2 22 * * * oracle /oracle/admin/orcl/oracle_tools/nightly |
-----
=== test_disk_load ===
Gathers metrics about the load of each disk found to be in use on the system.
In the ULS user interface (interactive webbrowser-based analysis), it is displayed as:
│
└──►
│
└──►System
│
└──►Dev
│
└──►dm-0
| time stamp | rdps | wrps | rd_sec | wr_sec |
| | 1/s | 1/s | 1/s | 1/s |
| --------------------|------|------|--------|--------|
| 2013-11-12 00:00:00 | 0.06 | 4.80 | 0.61 | 38.43 |
| 2013-11-12 00:15:00 | 0.01 | 4.72 | 0.08 | 37.79 |
| 2013-11-12 00:30:00 | 0.00 | 3.90 | 0.00 | 31.20 |
│ ...
└──►dm-1
└──►sda2
...
-----
=== test_disk_space ===
Gathers the disk space usage of all partitions and of all nfs mounted
partitions if option **-n** is specified.
In the ULS user interface (interactive webbrowser-based analysis), it is displayed as:
│
└──►
│
└──►System
│
└──►Disk Space /data
| time stamp | Groesse | belegt | frei | %belegt |
| | GByte | GByte | GByte | % |
| 2013-11-12 00:00:00 | 19.93 | 13.72 | 6.21 | 69 |
| 2013-11-12 00:15:00 | 19.93 | 13.72 | 6.21 | 69 |
| 2013-11-12 00:30:00 | 19.93 | 13.72 | 6.21 | 69 |
| 2013-11-12 00:45:00 | 19.93 | 13.72 | 6.21 | 69 |
| 2013-11-12 01:00:00 | 19.93 | 13.72 | 6.21 | 69 |
│ ...
└──►Disk Space /home
└──►Disk Space /tmp
...
-----
=== test_eth_load ===
Acquire the network throughput on all found interfaces. Use option **-v** for more details.
In the ULS user interface (interactive webbrowser-based analysis), it is displayed as:
│
└──►
│
└──►System
│
└──►Net
│
└──►eth0
| time stamp | rxpck | txpck | rxbyt | txbyt |
| | 1/s | 1/s | 1/s | 1/s |
| --------------------|------|------|--------|--------|
| 2013-11-12 15:35:00 | 0.80 | 0.20 | 48.00 | 10.80 |
| 2013-11-12 15:40:00 | 1.12 | 0.57 | 509.03 | 67.71 |
| 2013-11-12 15:45:00 | 1.07 | 0.45 | 598.91 | 34.05 |
| 2013-11-12 15:50:00 | 1.23 | 0.53 | 699.30 | 39.95 |
| 2013-11-12 15:55:00 | 1.68 | 0.98 | 659.11 | 123.32 |
└──►eth1
...
-----
=== test_md ===
Check the status of multiple disks (md).
-----
=== test_mem ===
Gather metrics about the memory and swap usage. Use option **-v** for more details.
In the ULS user interface (interactive webbrowser-based analysis), it is displayed as:
└──►
└──►System
└──►Memory Swap
| time stamp | Mem total | Mem used | Mem free | Swap total | Swap used | Swap free |
| | MByte | MByte | MByte | MByte | MByte | MByte |
| --------------------|-----------|----------|----------|------------|-----------|-----------|
| 2013-11-12 00:00:00 | 3834 | 733 | 3100 | 4095 | 37 | 4058 |
| 2013-11-12 00:15:00 | 3834 | 733 | 3101 | 4095 | 37 | 4058 |
| 2013-11-12 00:30:00 | 3834 | 733 | 3100 | 4095 | 37 | 4058 |
...
-----
=== test_ping ===
ping a list of ip-addresses or hosts, send the measured response time to ULS.
Do the configuration in ''/etc/uls/test_ping.conf'',
define the ping destinations and expressions for the ULS logical structure.
# test_ping.conf
#
# Configuration for test_ping
#
# All are pinged and the response time
# is sent as value to ULS.
#
# pingdest : hostname or ip-address to be pinged
# ULS host : hostname that is used as source,
# `hostname` is used if a '.' is set.
# If nothing is set, is used.
# ULS detail : detail in ULS, default is
# ULS teststep: teststep in ULS, default: "Ping"
# ULS section : section in ULS, default: "System"
#
#
# pingdest [ULS host] [ULS detail] [ULS teststep] [ULS section]
# ---------------------------------------------------------------------
host001 .
host002 .
host003 .
In the ULS user interface (interactive webbrowser-based analysis),
it is displayed as (matching to the above example):
└──►
└──► System
└──► Ping
| time stamp | host001 | host002 | host003 |
| | ms | ms | ms |
|---------------------|---------|---------|---------|
| 2013-11-12 16:15:00 | 3.09 | 0.021 | 3.52 |
| 2013-11-12 16:10:00 | 0.675 | 0.608 | 0.620 |
| 2013-11-12 16:05:00 | 0.710 | 0.652 | 7.98 |
...
-----
=== test_proc ===
Determines the number of processes on the system.
In the ULS user interface (interactive webbrowser-based analysis), it is displayed as:
└──►
└──► System
└──► Process
| time stamp | Total | running | sleeping | stopped | zombie |
| --------------------|-------|---------|----------|---------|--------|
| 2016-11-12 16:15:00 | 189 | 0 | 189 | 0 | 0 |
| 2016-11-12 16:10:00 | 187 | 1 | 186 | 0 | 0 |
| 2016-11-12 16:05:00 | 186 | 0 | 186 | 0 | 0 |
...
-----
=== test_procmon ===
This is an advanced feature to monitor single processes, their used cpu time, memory and much more.
Do the configuration in ''/etc/uls/procmon.conf'',
you find a detailed description of what can be configured in the
configuration file. Be sure to start with a simple example :!:
...
#
# Name Sum-FLAGS PID-Flags [Line-Filter] [Teststep] [Section]
# (.|[cCdDeEfhM ([bCdDeEfhlLmMN
# RSTuVwWy]) RSsTtUuVwWy])
################################################################################################
.*kswapd0.* RSVdDeE
.*backup_redologs.sh.* bCtU
.*winbindd.* . cCo
.*winbindd.* acCmMsy
There will be a summary for all winbind processes
and specific metrics for each winbind process.
In the ULS user interface (interactive webbrowser-based analysis), it will be displayed as:
└──►
└──► System
└──► Process =>
└──► kswapd0
| time stamp | RES | Shared-Mem | Virt | io-Read | io-write |
| | MB | MB | MB | kB/s | kB/s |
| --------------------|-----|------------|------|---------|----------|
| 2017-04-04 16:15:00 | 0 | 0 | 0 | 0 | 0 |
| 2017-04-04 16:10:00 | 0 | 0 | 0 | 0 | 0 |
| 2017-04-04 16:05:00 | 0 | 0 | 0 | 0 | 0 |
...
└──► winbind
└──► winbind =>
| time stamp | Cpu | Num-Open-Files |
| | % | |
| --------------------|-----|----------------|
| 2017-04-04 16:15:00 | 0 | 29 |
| 2017-04-04 16:10:00 | 0 | 29 |
| 2017-04-04 16:05:00 | 0 | 29 |
...
-----
=== test_security ===
:TODO:
-----
=== test_tcp_connect ===
Similar to [[linux#test_ping]], but uses netcat to just establish a tcp
or udp connection to destination hosts.
Do the configuration in ''/etc/uls/test_tcp_connect.conf'',
define the ping destinations and expressions for the ULS logical structure.
-----
=== test_time_diff ===
Check time differences between the local time of the server compared to the time of another server.
You need to set up a reference time server.
:TODO:
Do the configuration in ''/etc/uls/time_diff.conf''.
-----
=== test_system_load ===
:TODO:
-----
==== Bash Scripts ====
These bash scripts are used in the [[linux#Metric Scripts]] and can also be
used to send arbitrary other values to the ULS-server. You can use it
to develop your own ULS-agent.
See the header information within the scripts for a detailed
explanation of the possible command line parameters. The general
command line parameters are explained [[linux#General Command Line Parameters|below]].
-----
=== General Command Line Parameters ===
See also [[uls:structure]]
{|
! parameter
! description
|-
| -c
| the character set of the values, can be "latin1" or "utf8"
|-
|
| domain, to which the source is related
|-
|
| hostname of the server/source that sends values to the ULS
|-
|
| section in the ULS logical data structure
|-
|
| teststep in the ULS logical data structure
|-
|
| detail (headers of the tables containing values) in the ULS logical data structure
|-
|
| value
|-
|
| unit of the value
|-
|
| date the value belongs to (YYYY-MM-DD)
|-
|