cf-monitord
cf-monitord
is the monitoring daemon for CFEngine. It samples probes defined
in policy using measurements
type promises and attempts to learn the normal
system state based on current and past observations. Current estimates are made
available as special variables (e.g.
$(mon.av_cpu)
) to cf-agent
, which may use them to inform
policy decisions.
cf-monitord
keeps the promises made in common
and monitor
bundles, and is
affected by common
and monitor
control bodies.
Notes:
cf-monitord
always considers the classmonitor
to be defined.
Command reference
--help , -h - Print the help message
--debug , -d - Enable debugging output
--verbose , -v - Output verbose information about the behaviour of cf-monitord
--dry-run , -n - All talk and no action mode - make no changes, only inform of promises not kept
--version , -V - Output the version of the software
--no-lock , -K - Ignore system lock
--file , -f value - Specify an alternative input file than the default. This option is overridden by FILE if supplied as argument.
--log-level , -g value - Specify how detailed logs should be. Possible values: 'error', 'warning', 'notice', 'info', 'verbose', 'debug'
--inform , -I - Print basic information about changes made to the system, i.e. promises repaired
--diagnostic , -x - Activate internal diagnostics (developers only)
--no-fork , -F - Run process in foreground, not as a daemon
--histograms , -H - Ignored for backward compatibility
--tcpdump , -T - Interface with tcpdump if available to collect data about network
--color , -C value - Enable colorized output. Possible values: 'always', 'auto', 'never'. If option is used, the default value is 'auto'
--timestamp , -l - Log timestamps on each line of log output
Standard measurements:
The cf-monitord
service monitors a number of variables as standard on Unix
and Windows systems. Windows is fundamentally different from Unix and
currently has less support for out-of-the-box probes.
- users: Users logged in
- rootprocs: Privileged system processes
- otherprocs: Non-privileged process
- diskfree: Free disk on / partition
- loadavg: % kernel load utilization
- netbiosns_in: netbios name lookups (in)
- netbiosns_out: netbios name lookups (out)
- netbiosdgm_in: netbios name datagrams (in)
- netbiosdgm_out: netbios name datagrams (out)
- netbiosssn_in: netbios name sessions (in)
- netbiosssn_out: netbios name sessions (out)
- irc_in: IRC connections (in)
- irc_out: IRC connections (out)
- cfengine_in: CFEngine connections (in)
- cfengine_out: CFEngine connections (out)
- nfsd_in: nfs connections (in)
- nfsd_out: nfs connections (out)
- smtp_in: smtp connections (in)
- smtp_out: smtp connections (out)
- www_in: www connections (in)
- www_out: www connections (out)
- ftp_in: ftp connections (in)
- ftp_out: ftp connections (out)
- ssh_in: ssh connections (in)
- ssh_out: ssh connections (out)
- wwws_in: wwws connections (in)
- wwws_out: wwws connections (out)
- icmp_in: ICMP packets (in)
- icmp_out: ICMP packets (out)
- udp_in: UDP dgrams (in)
- udp_out: UDP dgrams (out)
- dns_in: DNS requests (in)
- dns_out: DNS requests (out)
- tcpsyn_in: TCP sessions (in)
- tcpsyn_out: TCP sessions (out)
- tcpack_in: TCP acks (in)
- tcpack_out: TCP acks (out)
- tcpfin_in: TCP finish (in)
- tcpfin_out: TCP finish (out)
- tcpmisc_in: TCP misc (in)
- tcpmisc_out: TCP misc (out)
- webaccess: Webserver hits
- weberrors: Webserver errors
- syslog: New log entries (Syslog)
- messages: New log entries (messages)
- temp0: CPU Temperature core 0
- temp1: CPU Temperature core 1
- temp2: CPU Temperature core 2
- temp3: CPU Temperature core 3
- cpu: %CPU utilization (all)
- cpu0: %CPU utilization core 0
- cpu1: %CPU utilization core 1
- cpu2: %CPU utilization core 2
- cpu3: %CPU utilization core 3
- microsoft_ds_out: Samba/MS_ds name sessions (out)
- www_alt_in: Alternative web service connections (in)
- www_alt_out: Alternative web client connections (out)
- imaps_in: encrypted imap mail service sessions (in)
- imaps_out: encrypted imap mail client sessions (out)
- ldap_in: LDAP directory service service sessions (in)
- ldap_out: LDAP directory service client sessions (out)
- ldaps_in: LDAP directory service service sessions (in)
- ldaps_out: LDAP directory service client sessions (out)
- mongo_in: Mongo database service sessions (in)
- mongo_out: Mongo database client sessions (out)
- mysql_in: MySQL database service sessions (in)
- mysql_out: MySQL database client sessions (out)
- postgres_in: PostgreSQL database service sessions (in)
- postgres_out: PostgreSQL database client sessions (out)
- ipp_in: Internet Printer Protocol (in)
- ipp_out: Internet Printer Protocol (out)
- io_reads: Number of I/O reads
- io_writes: Number of I/O writes
- io_readdata: Aggregate mount of data read across all devices
- io_writtendata: Aggregate amount of data written across all devices
- mem_total: Total system memory
- mem_free: Free system memory
- mem_cached: Size of disk cache
- mem_swap: Total swap size
- mem_freeswap: Free swap size
Slots with a higher number are used for custom measurement promises in CFEngine Enterprise.
These values collected and analyzed by cf-monitord
are transformed
into agent variables in the $(mon.
name)
context.
Note: There is no way for force a refresh of the monitored data.
Data storage
cf-monitord
records data in $(sys.statedir)
(typically /var/cfengine/state
).
cf_observations.lmdb
nova_measures.lmdb
ts_key
env_data
cf_incoming.<service id>
cf_outgoing.<service id>
cf_state.lmdb
history.lmdb
Statistical Classes
cf-monitord
automatically defines classes based on the observation of the data
is has collected. Classes defined are named for the measurement id (the promise
handle in the case of custom measurement promises) with prefixes and or suffixes
depending on the measurement.
The following suffixes may be used when defining classes:
_high
:: The last measurement seemed high. It was greater than the average of all time and also greater than the recent average. This could indicate that the measured value is experiencing a "spike" or trending in a positive direction._low
:: The last measurement was low. It was lower than the average of all time and also lower than the recent average. This could indicate that the measured value is experiencing a "dip" or trending in a negative direction._normal
:: The value was neither high nor low, (as per how those are described above)._ldt
:: A leap (step) detected, meaning a distinct (significant) change in the average._dev1
:: The last measurement was at least 1 standard deviation higher/lower than the average._dev2
:: The last measurement was at least 2 standard deviations higher/lower than the average. These classes are persistently defined for a number of minutes._anomaly
:: The last measurement was at least 3 standard deviations than the average. These classes are persistently defined for a number of minutes._microanomaly
:: The last measurement was at least 2 standard deviations higher than the average.
The following prefixes may be used when defining classes:
entropy_
::
Note: These suffixes and prefixes may be combined, resulting in a class like rootprocs_high
, loadavg_high_ldt
, cpu1_high_dev3
, and entropy_postgresql_out_low
.
Control Promises
Settings describing the details of the fixed behavioral promises
made by cf-monitord
. The system defaults will be sufficient for
most users. This configurability potential, however, will be a key
to developing the integrated monitoring capabilities of CFEngine.
body monitor control
{
#version => "1.2.3.4";
forgetrate => "0.7";
tcpdump => "false";
tcpdumpcommand => "/usr/sbin/tcpdump -i eth1 -n -t -v";
}
forgetrate
Description: Decimal fraction [0,1] weighting of new values over old in 2d-average computation
Configurable settings for the machine-learning algorithm that tracks system behavior. This is only for expert users. This parameter effectively determines (together with the monitoring rate) how quickly CFEngine forgets its previous history.
Type: real
Allowed input range: 0,1
Default value: 0.6
Example:
body monitor control
{
forgetrate => "0.7";
}
histograms
Deprecated: Ignored, kept for backward compatibility
cf-monitord
now always keeps histograms information, so this
option is a no-op kept for backward compatibility. It used to cause
CFEngine to learn the conformally transformed distributions of
fluctuations about the mean.
Type: boolean
Default value: true
Example:
body monitor control
{
histograms => "true";
}
monitorfacility
Description: Menu option for syslog facility
Type: (menu option)
Allowed input range:
LOG_USER
LOG_DAEMON
LOG_LOCAL0
LOG_LOCAL1
LOG_LOCAL2
LOG_LOCAL3
LOG_LOCAL4
LOG_LOCAL5
LOG_LOCAL6
LOG_LOCAL7
Default value: LOG_USER
Example:
body monitor control
{
monitorfacility => "LOG_USER";
}
tcpdump
Description: true/false use tcpdump if found
Interface with TCP stream if possible.
Type: boolean
Default value: false
body monitor control
{
tcpdump => "true";
}
tcpdumpcommand
Description: Path to the tcpdump command on this system
If this is defined, the monitor will try to interface with the TCP stream and monitor generic package categories for anomalies.
Type: string
Allowed input range: "?(/.*)
Example:
body monitor control
{
tcpdumpcommand => "/usr/sbin/tcpdump -i eth1";
}