[Opendnssec-user] Monitoring OpenDNSSEC

Fri Nov 15 12:02:35 UTC 2013

Hi,

On Wed, 6 Nov 2013 16:28:53 +0100, Jerry Lundström
<jerry at opendnssec.org> wrote:
> You can monitor the ods-enforcerd and ods-signerd processes, use the
> "ods-signer running" and there should be a pid file somewhere (depend
> on the OS or if you compiled yourself).

according to some more research I decided not to use the PID file, I'm
now checking if there is one process running for enforcer and one for
signer on the opendnssec user. Is it possible that there is more than
one process (e.g. forked worker processes)?

I used this NRPE configuration:

command[check_ods_enforcerd]=/usr/lib/nagios/plugins/check_procs -c 1:1
-u 104 -C ods-enforcerd
command[check_ods_signerd]=/usr/lib/nagios/plugins/check_procs -c 1:1
-u 104 -C ods-signerd

> You can also monitor the
> syslog for the STATS line from ods-signerd and errors. The Enforcer
> will run once an hour (or as often you configured it) and you could
> monitor that output and that you get that each hour.

I think the STATS lines will not appear often enough to see if there is
really activity. But I see output from ods-enforcerd every hour. This
might be a way to start.

Can you tell me which string is contained in all error messages to seek
for? E.g. ERROR or something like that?

> I'm unsure what you want to monitor here, if there is a problem with
> the HSM then the Enforcer and/or Signer will report that to the
> syslog. There is "ods-hsmutil test " that you might be able to run
> once a day or something but it does not guarantee that the repository
> works when it needs to later on.

Okay I see, so I should have a look at the error messages mentioned
above.

> Hope this helps some.

Yes, this helped me to start.

Regards,
    Volker