Last active
January 6, 2024 21:41
-
-
Save ZEROF/0788330c5babab067140a0effbb56676 to your computer and use it in GitHub Desktop.
Monitoring Unbound with Munin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Munin monitoring unbound installation | |
sudo apt install munin munin-node munin-plugins-extra | |
Activate unbound plugins: | |
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_class | |
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_flags | |
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_opcode | |
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_rcode | |
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_type | |
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_histogram | |
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_hits | |
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_memory | |
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_queue | |
Add this tu munin node configuration - nano /etc/munin/plugin-conf.d/munin-node : | |
[unbound*] | |
user root | |
env.statefile /var/lib/munin-node/plugin-state/unbound-state | |
env.unbound_conf /etc/unbound/unbound.conf | |
env.unbound_control /usr/sbin/unbound-control | |
env.spoof_warn 1000 | |
env.spoof_crit 100000 | |
Unbound configuration | |
Generate certs: | |
unbound-control-setup | |
Add remote control | |
nano /etc/unbound/unbound.conf (add in the end) | |
# monitoring | |
statistics-interval: 300 | |
extended-statistics: yes | |
# set to yes if graphing tool needs it | |
statistics-cumulative: yes | |
#Enable remote control | |
remote-control: | |
control-enable: yes | |
control-interface: 127.0.0.1 | |
control-port: 9999 | |
control-use-cert: no | |
server-key-file: "/etc/unbound/unbound_server.key" | |
server-cert-file: "/etc/unbound/unbound_server.pem" | |
control-key-file: "/etc/unbound/unbound_control.key" | |
control-cert-file: "/etc/unbound/unbound_control.pem" | |
Stop/Start everything | |
systemctl stop munin | |
systemctl stop munin-node | |
systemctl stop unbound | |
systemctl start munin | |
systemctl start munin-node | |
systemctl start unbound | |
Check if everything is working: | |
unbound-control stats | |
If you want to check time to time your stats online (without sexy TLS and when you need) | |
Upgrade pip and install http module (as normal user, not root) | |
/usr/bin/python3 -m pip install --upgrade pip | |
pip install http (on debian 11 and Ubuntu 20 you will maybe need to use pip3) | |
python -m http.server -d /var/cache/munin/www/ or python3 -m http.server -d /var/cache/munin/www/ | |
Or if you are docker lover: | |
mkdir munin-webserver && cd munin-webserver | |
nano docker-compose.yml and copy this | |
version: '3' | |
services: | |
web: | |
image: python:3.12 | |
volumes: | |
- /var/cache/munin/www:/web | |
ports: | |
- "8000:80" | |
working_dir: /web | |
command: bash -c "python3 -m http.server -d /web 80 2>&1" | |
Start docker container: | |
docker-compose up -d | |
To stop container: | |
docker-compose down | |
And go to yourpublicip:8000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Disable Munin plugin
Some plugins are active by default, personally I don't need them. To disable them I didn't found simple way, but renaming plugin files and restarting munin-node did the trick.
mv /etc/munin/plugins/exim_mailstats /etc/munin/plugins/exim_mailstats.bak
systemctl restart munin-node
It will take few min before removed plugin stats are removed from munin dashboard.