On 15.11.2013 13:02, Volker Janzen wrote:
Hi,
On Wed, 6 Nov 2013 16:28:53 +0100, Jerry Lundström
<[email protected]> wrote:
You can monitor the ods-enforcerd and ods-signerd processes, use the
"ods-signer running" and there should be a pid file somewhere (depend
on the OS or if you compiled yourself).
according to some more research I decided not to use the PID file, I'm
now checking if there is one process running for enforcer and one for
signer on the opendnssec user. Is it possible that there is more than
one process (e.g. forked worker processes)?
I used this NRPE configuration:
command[check_ods_enforcerd]=/usr/lib/nagios/plugins/check_procs -c 1:1
-u 104 -C ods-enforcerd
command[check_ods_signerd]=/usr/lib/nagios/plugins/check_procs -c 1:1
-u 104 -C ods-signerd
You can also monitor the
syslog for the STATS line from ods-signerd and errors. The Enforcer
will run once an hour (or as often you configured it) and you could
monitor that output and that you get that each hour.
I think the STATS lines will not appear often enough to see if there is
really activity. But I see output from ods-enforcerd every hour. This
might be a way to start.
It depends on what you want to monitor: the enforces runs as configured
(eg: <Enforcer><Interval>PT3600S</Interval>...)
The STATS lines can be used monitor the ods-signerd, if your zone file
gets updated quite often.
We also use a cron jobs which regularly does:
#/usr/sbin/ods-signer running
Engine running.
If the enging is not running, the signer is restarted.
We also monitor the serial of the unsigned and signed zone files. If the
unsigned serial is higher, this means that the signer did not signed the
new zone. As we update the zone a few times a day, this is an indirect
indication if the signer is running.
regards
Klaus
_______________________________________________
Opendnssec-user mailing list
[email protected]
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
