search

mikaku / Monitorix

Monitorix is a free, open source, lightweight system monitoring tool.
https://www.monitorix.org
GNU General Public License v2.0
1.12k stars 167 forks source link

Make "Serv Graph" adjustable #115

Closed IzzySoft closed 2 years ago

IzzySoft commented 9 years ago

Is it possible to adjust the "Serv Graph", which currently seems to be fixed to "those 7 services"? In my case, it makes absolutely no sense for it to list FTP, Samba, Telnet, Fax, and CUPS, as those services are not running on the machine (we could argue about Telnet in general, and I'd say the majority won't have it) – so only 2 out of 7 services (SSH, Fail2Ban) make sense to me at all. I'd rather like to replace the other 5 by something more useful (e.g. Apache, MySQL, Dovecot/Postfix (best combined as "Mail" – but if not possible, separate is OK as well), NTP).

If that already can be done via the config, the "default setup" should be placed into the config file explicitly – if not, it would be a feature-request to make it possible. If it's something requiring a bit longer, I'd vote to at least replace Telnet/Fax by something more common, e.g. Apache/MySQL.

jose1711 commented 3 years ago

I second that request. At this moment too many things are hard-wired into serv.pm. Like it expects you to configure writing SSH and FTP logs into the same secure_log file, uses service list or regular expressions for matching the lines in log files.

It would be great if this graph offers similar level of customization as ambsens.pm or lmsens.pm. So something like:

<serv>
  <list>
    service0 = SSH
    service1 = Fail2Ban
    service2 = Mail
  </list>
  <log_file>
    service0 = /var/log/secure
    service1 = /var/log/fail2ban.log
    service2 = systemd:postfix
  </log_file>
  <regex>
    service0 = "sshd\[.* Accepted "
    service1 = "  fail2ban.actions.* Ban "
    service2 = "mail processed"
  </regex>
  <desc>
  </desc>
  graphs_per_row = 3
  rigid = ..
  limit = ..
</serv>

Please note a suggested systemd: prefix which could do something like (not an actual code):

if cursor undefined:
  cursor => journalctl --no-pager -u SERVICE_NAME --show-cursor | tail -1
else:
  lines, cursor => journalctl -u SERVICE_NAME --after-cursor="$cursor" --show-cursor
  loop $lines as line:
    if $line matches: increase count
WarmChocolateCake commented 2 years ago

Just adding a +1

Does anyone use a Fax anymore? :)

IzzySoft commented 2 years ago

Me, actually – and ugh, this is my issue from 7 years ago? I don't even remember it anymore… But then, my Fax is rather a hardware one (integrated with my printer) :rofl:

mikaku commented 2 years ago

7 years? what a shame :sweat_smile:

OK, based on the idea of @jose1711, I'm working on this:

<serv>
        <list>
                0 = SSH, ProFTPD, TELNET, Samba, Fax, CUPS, Fail2ban
                1 = UW-IMAP, UW-POP3, Dovecot-IMAP, Dovecot-POP3
                2 = SMTP
        </list>
        <desc>
                SSH = file:/var/log/secur, "^%b %e", "sshd\[.*\]: Accepted "
                ProFTPD = 1, file:/var/log/secure, "%b %e", "START: ftp" + " proftpd\[.*Login successful." + "\"PASS .*\" 230"
#               vsftpd = file:/var/log/secure, "%b %e", "OK LOGIN:"
#               Pure-FTPd = file:/var/log/secure, "%b %e", "\[INFO\] .*? is now logged in"
                TELNET = file:/var/log/secure, "^%b %e", "START: telnet"
                Samba = exec:/root/bin/samba.sh, "", ""
                Fax = file:/var/spool/hylafax/etc/xferfaxlog, "^%m/%d/%y", "SEND"
                CUPS = file:/var/log/cups/page_log, "\[%d/%b/%Y:", ""
                Fail2ban = file:/var/log/fail2ban.log, "^%Y-%m-%d", " fail2ban.actions .* Ban "
                UW-IMAP = file:/var/log/imap, "%b %d", " imapd\[.* Login user="
                UW-POP3 = file:/var/log/imap, "%b %d", " ipop3d\[.* Login user="
                Dovecot-IMAP = file:/var/log/imap, "%b %d", " imap-login: .* Login: "
                Dovecot-POP3 = file:/var/log/imap, "%b %d", " pop3-login: .* Login: "
                SMTP = file:/var/log/imap, "^%b %e", 
        </desc>
        ...

As you can see, it will permit to have unlimited number of graphs. The format and layout of the graphs will be similar to du.pm module. In this example, the layout will consist of 3 graphs.

Each service will have associated a logfile (in the first parameter) as prefixed by file:. If a service depends on the output of a program instead or it depends on multiple logfiles, then you can use the prefix exec: to execute an external script that creates the desired combined output.

The second parameter is the date format in the logfile which accepts the format of a regular expression. The third parameter is an unlimited number of different regular expressions separated by the sign plus (+) that will be used when counting matches.

Hopefully with this modification we will have a graph that will cover almost all situations.

mikaku commented 2 years ago

OK, I've made a complete rewrite of this old module and now you are able to track an unlimited number of services, values, or whatever you want.

The default version of this graph will keep the same .rrd structure so you won't lose your historical data. But you will lose it as soon as you change the number of groups defined, as always. The following graph is the new default after applying the changes:

serv_new

The following is the current (old graph) at the same time:

serv_old

As you can see, it keeps the same old values (all in the same graph though), and the only difference is that it uses lines instead of areas. You can have up to 16 different values per group (or graph), and you can define unlimited number of graphs.

Its configuration is like this:

<serv>
    <list>
        Default = SSH, FTP, TELNET, IMAP, Samba, Fax, CUPS, POP3, SMTP, Spam, Virus, Fail2ban
    </list>
    <desc>
        SSH = file:/root/log/secure, "^%b %e", "sshd\[.*\]: Accepted "
        FTP = file:/root/log/secure, "%b %e", "START: ftp" + " proftpd\[.*Login successful." + "\"PASS .*\" 230"
        FTP = file:/root/log/secure, "%b %e", "OK LOGIN:"
        FTP = file:/root/log/secure, "%b %e", "\[INFO\] .*? is now logged in"
        TELNET = file:/root/log/secure, "^%b %e", "START: telnet"
        Samba = exec:/root/bin/samba.sh, "", ""
        Fax = file:/root/spool/hylafax/etc/xferfaxlog, "^%m/%d/%y", "SEND"
        CUPS = file:/root/log/cups/page_log, "\[%d/%b/%Y:", ""
        Fail2ban = file:/root/log/fail2ban.log, "^%Y-%m-%d", " fail2ban.actions .* Ban "
        IMAP = file:/root/log/imap, "%b %d", " imapd\[.* Login user="
        POP3 = file:/root/log/imap, "%b %d", " ipop3d\[.* Login user="
        IMAP = file:/root/log/imap, "%b %d", " imap-login: .* Login: "
        POP3 = file:/root/log/imap, "%b %d", " pop3-login: .* Login: "
        SMTP = file:/root/log/maillog, "^%b %e", i:"to=.*stat(us)?=sent"
        Spam = file:/root/log/maillog, "^%b %e", "MailScanner.*Spam Checks:.*Found.*spam messages" + "amavis\[.* SPAM"
        Spam = file:/root/log/maillog, "^%b %e", "spamd: identified spam"
        Virus = file:/root/log/maillog, "^%b %e", "MailScanner.*Virus Scanning:.*Found.*viruses" + "amavis\[.* INFECTED|amavis\[.* BANNED"
        Virus = file:/root/log/messages, "^%b %e", " clamd\[.* FOUND$"
    </desc>
...

You can have multiple definitions of the same service, so you are able to combine similar services into one single metric. And if this is not enough for you, just use the prefix exec: and Monitorix will run a script which its output will be used as the log file.

Also, you might want to isolate some values to a different graphs, but then you'll sacrifice the historical data:

serv_mult

Its configuration is like this:

<serv>
    <list>
        Default = SSH, FTP, TELNET, Samba, Fax, CUPS, Fail2ban
        IMAP/POP3 = IMAP, POP3
        SMTP = SMTP, Spam, Virus
    </list>
    <desc>
        **same as above**
    </desc>
...

I'll appreciate any feed back on this.