system monitoring

I have been using LogWatch for a while now and I have been very impressed. It sends me a daily email (at about 3am) summarising the important parts of the logs that were generated throughout the day. It was actually LogWatch that tipped me off that something was not quite right when my server was compromised not long ago. Since then, I have been quite interesting in some system monitoring applications for linux so I can keep a close eye on what’s happening, so that if something bad happens again, I should know very quickly.

I had a poke around with LogWatch and found that it stores some configuration scripts in /etc/log.d/conf/services, and there are plenty of scripts there for a variety of services. I found that many of them were incorrectly set to monitor the wrong log files, and therefore were not sending me any information about them. I modified the httpd, amavis, openvpn and postfix to use the right logs, and I suddenly started getting information about these in my email. It can now tell me about how many spam emails it has dropped, how many emails have been sent and recieved and how many hits apache has had.

Another thing I have been playing with is Cacti, which is a PHP based SNMP monitoring tool. I was easily able to start monitoring simple things like the number of users currently logged in, available disk space, CPU load average and memory usage without any SNMP support, but once I recompiled both php and mod_php and installed net-snmp, then I was able to get all sorts of network interface statistics, which I find to be very informative. You can have a look at my stats here.

I’m also playing with Webalizer and Mailgraph to show me Apache and Postfix statistics. You can see them here and here.

Posted in Geek, Gentoo, Linux by Andy Botting at July 8th, 2005.

Leave a Reply

7 + six =