[Freeipa-users] Re: zabbix for monitoring FreeIPA server?

Wed, 19 Sep 2018 04:33:09 -0700 

Hi Tony,


I'm monitoring using the following userparameter (basically run "ipactl status" 
and grep out lines which are known good so only errors are returned):


UserParameter=ipa.status,sudo /usr/sbin/ipactl status 2>&1 | egrep -v "(INFO\: 
The ipactl command was successful$|: RUNNING$)"


ipactl needs root access so I have a file in /etc/sudoers.d/zabbix with these 
lines to allow the zabbix user to sudo the ipactl status command only without a 
password:


## Allow zabix to query ipa status
Defaults:zabbix !requiretty
zabbix ALL = (root) NOPASSWD: /usr/sbin/ipactl status

The final challenge I had was selinux which I had to create a custom rule for 
(but most people seem to just disable selinux).


Then just create a trigger to alert if the returned value contains any 
characters. eg this matches on any char apart from whitespace:

{Custom Template IPA Server:ipa.status.regexp([^\s],1200)}=1


If anyone else has a better way to do this I'd be interested to hear it.


Regards,

Neal.




________________________________
From: Tony Brian Albers via FreeIPA-users <freeipa-users@lists.fedorahosted.org>
Sent: 24 August 2018 10:50
To: freeipa-users@lists.fedorahosted.org
Cc: Tony Brian Albers
Subject: [Freeipa-users] zabbix for monitoring FreeIPA server?

Hi guys,

Anyone got this working?

And if so, how did you do it?

I know I can monitor the components separately, but if you know of
anything that can do it easier I'd be happy to know about it.

/tony
--
--
Tony Albers
Systems administrator, IT-development
Royal Danish Library, Victor Albecks Vej 1, 8000 Aarhus C, Denmark.
Tel: +45 2566 2383 / +45 8946 2316
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/WGYZNKOBXBHHVCGA66GTFVDOG3WJOG5T/

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to