Installing N2 from packages

For Debian/Ubuntu, add a line like:

deb http://opensource.cloudvps.com/packages/n2/deb/etch n2 main
to /etc/apt/sources.list. Replace etch with your Ubuntu or Debian codename. Check the repository to see the supported distributions.

For yum-supporting distributions like CentOS and Fedora, add a block like:

[n2]
name=n2
baseurl=http://opensource.cloudvps.com/packages/n2/rpm/centos-5/x86_64/
gpgcheck=0
to /etc/yum.conf. Check the repository to see the supported distributions and architectures.

Installing n2 From source

If you build from source, n2txd needs the following for a working installation:

For n2txd (transmitter)
  • A unix account called 'n2'
  • A configuration file /etc/n2/n2txd.conf containing at least one server with key.
For n2rxd (receiver)
  • A unix account called n2
  • A fitting directory structure in /var/state/n2 owned by the n2 user: /var/state/n2/current /var/state/n2/events /var/state/n2/log /var/state/n2/ping
  • A configuration file /etc/n2/n2rxd.conf
For n2view (webinterface)
  • A unix account called 'n2'
  • The grace library (see downloads)
For n2notify (for email notification))
  • A unix account called 'n2'
  • The grace library (see downloads)

Configuring the system

Let's take a look at the confguration for a simple case: We have a machine on 10.0.0.1 that will act as the n2rxd node and a host on 10.0.0.2 that we want to monitor.

Configfile format

The configuration file format used by n2 is cisco-style formatted configfile, so the exclamation marks (!) denote a comment line.

Generate shared secret

Before configuring the systeem you will need to generate a key that is used as shared secret between the transmitter and the receiver, please make this a good random long string:

openssl rand -base64 9 hNhfy9172ozR

This will be used in the 'key' parameter in both the n2txd and n2rxd configuration files.

n2txd

On 10.0.0.2, the minimal working /etc/n2/n2txd.conf would look like this:

ip bind address 10.0.0.2 server 10.0.0.1 port 4444 key hNhfy9172ozR !

There are more things you can do, though. Here are some more elaborate configuration options:

ip bind address 10.0.0.2 ! ! Omit logged in user information ! encoding-options no logins ! ! Omit tcp port information ! encoding-options no tcpstat ! ! Only look at specific network interfaces ! interface-list eth0 eth2 ! ! Only look at specific disk devices ! iodev-list hda hdb ! ! set a different match-criterium for the smtp service matching ! service-match smtp procname coolsmtpd user root port 25 ! ! define a custom service to watch ! service-match user2 procname keepalived


n2rxd

On 10.0.0.1, /etc/n2/n2rxd.conf looks like this:

ip bind address 10.0.0.1 port 4444 log type malformed log file /var/log/n2/n2rxd.log ! monitor-group 10.0.0.0 0.0.0.255 key hNhfy9172ozR rtt-warning 5 rtt-alert 20 ! host-group servers description My servers member host 10.0.0.2 !

For a more eleborate example of the n2rxd.conf file see this example in our HG repo.

A monitor-group is a collection of hosts that share a common set of trigger values. Monitor-groups may be super- or subsets of other monitor-groups with more specific settings. The acl mask is in cisco notation (0.0.0.255 is a /24, 0.0.255.255 is a /16 and 0.0.0.0 is a single host).

A monitor-group should minimally define a key. It can also contain trigger values. Any triger values you leave undefined will be inherited from a monitor-group higher up, back to the defaults defined in the configuration. Here are the value you can define:

  • rtt-warning, rtt-alert: Minimum trigger levels for the icmp ping replies caught by the n2ping process.
  • loadavg-warning, loadavg-alert: The 1 minute system load-average, expressed as an integer value.
  • loss-warning, loss-alert: Packet-loss in percent.
  • cpu-warning, cpu-alert: Total cpu usage in percent.
  • ram-warning, ram-alert: Free RAM memory (with caches/buffers excluded) in megabytes.
  • swap-warning, swap-alert: Free swap memory in megabytes.
  • netin-warning, netin-alert, netout-warning, netout-alert Network traffic in/out in kilobits/s.

A host-group binds multiple hosts together in the n2view interface. It is a purely organizational structure that has no other impact on how data for the host is collected.

n2view

To grant yourself access to the n2view web interface, you will need to add an account:

htpasswd -c /etc/n2/n2view.passwd admin

n2view - Restrict what nodes users can see

You can restrict users in n2view.passwd to a limited set of IPs they can view by adding a comma-separated list as an extra column, so if your n2view.passwd looks like this:

admin:BnDRMPnzlg6Sw steve:ZYn1BF.Narv02

then restricting steve to only watch 10.0.0.2 would look like this:

admin:BnDRMPnzlg6Sw steve:ZYn1BF.Narv02:10.0.0.2

There's no need to reload the n2view service for this, the next time steve logs in his access will be restricted.

Command Line Tools

The n2rxd package comes with a number of command line tools that allow you to get information about a monitored host, either for convenience or to enable further scripting.

n2hstat

The n2hstat tool fetches a current or historical snapshot of a specific host. It can return results in human readable form and as an XML document. Usage:

  n2hstat [-x] <ip> [HH:MM [YYYYMMDD]]

The -x flag triggers XML output. If no time and date are specified, the current record is fetched.

n2history

This tool prints an ASCII graph for a specific host, value and timestamp. Usage:

  n2history <ip> <value> <timespan>

The value is one of: cpu, load, netin, netout, rtt, diskio, ram, swap, totalmem, nproc. The timespan is one of: hour, day, week, month.

n2pgrep

This tool can be used to hunt for spotted processes in a host's records. It can't find processes that don't show up in the 'top' output seen at any given time, but it can still be useful in spotting anomalies. Usage:

  n2pgrep <ip> <datespec> <field> <querystring> [mincpu <cpuperc>]

The datespec is either a date in YYYYMMHH format or the literal strings 'today' or 'yesterday'. The field is one of: user, pid, name. The querystring is either the user name, the pid or the process name. The tool will print out all matches. If you specify a mincpu, the output will be further filtered by only showing processes using a minimum specified amount of cpu time.