Monitoring Linux Using SCOM 2007 R2

Monitoring Linux Using SCOM 2007 R2

  • Comments 20
  • Likes

SCOM 2007 R2 can help you with out of box functionality to monitor  Linux /Unix. With SCOM 2007 SP1 you need to get Management Pack from Quest/Jalasoft to name few partner who had developed MP to monitor Unix/Linux.

With the release of SCOM 2007 R2 Unix and Linux MP come along with product.

To Monitor Linux Server you can follow steps below…….

RunAs accounts that will be used by Operations Manager 2007 to install, and to monitor/manage the target Linux machines. For this, two user accounts are created:

· Non-privileged user, used to remotely monitor the Linux/Unix server.

· Privileged User, used to deploy the Unix/Linux agent, as well as to restart processes where privileged rights are required.

Creating a Non-Privileged UNIX User Run As Profile

1. In the Operations console, click Administration to open up the Administration space

2. Under the Run As Configuration node of the tree, click Profiles

clip_image002

3. In the Profiles pane, look for the Unix Action Account profile. Right-click on Unix Action Account and select Properties. This opens the Run As Profile Wizard

clip_image004

4. At the Introduction screen, click Next >

clip_image006

5. At the General Properties screen, click Next >

clip_image008

6. At the Run As Accounts screen, click Add... to create a new Run As Account. The Add a Run As Account dialog will open. NOTE: If you examine the list of current Run As accounts you will see none for UNIX/Linux, so we have to create one.

clip_image010

7. Click New... to open the Create Run As Account Wizard

clip_image012

At the Introduction screen, click Next >

clip_image014

9. Under the General Properties screen a. Select Basic Authentication from the Run As Account type drop-down list. b. Set the display name to "UNIX non-privileged account"

clip_image016

clip_image018

Click Next >

Provide Credential for Non Privileged Account

clip_image020

Click Next >

Under Distribution Security, select the More Secure... option.

clip_image022

When the creation is complete, you will see a warning message that the Run Account must be associated with an appropriate Run As profile. We will do this in just a moment. Click Close to return to the Add a Run As Account dialog

Click Select ... and choose Class... from the drop down.

clip_image024

In the Class Search dialog, enter Unix in the Filter By text box, and click Search

clip_image026

From the list of items returned from the search, select Unix Computer and click OK

clip_image028

Unix Computer now appears as the selected class against which the Run As Account will be applied. Click OK to close the Add a Run As Account dialog

clip_image030

You will now see the UNIX non-privileged account Run As Account just created within the list of accounts for this profile. Click Save.

clip_image032

We now have to associate the Run As account with the RMS management server. Click on the UNIX non-privileged account hyperlink to open the Run As Account properties.

clip_image034

Check to see you are in the Distribution tab.

Click Add

clip_image036

In the Option: drop down, select Show Management Servers and click Search.

Select RMS Server Name from the results, and click Add

clip_image038

Creating a Privileged UNIX User Run As Profile

In the Profiles pane, look for the Unix Privileged Account profile.

clip_image040

Right-click on Unix Privileged Account and select Properties. This opens the Run As Profile Wizard

At the Introduction screen, click Next >

clip_image042

At the General Properties screen, click Next >

clip_image044

At the Run As Accounts screen, click Add... to create a new Run As Account. The Add a Run As Account dialog will open.

clip_image046

clip_image048

Click New... to open the Create Run As Account Wizard

At the Introduction screen, click Next >

clip_image050

Select Basic Authentication from the Run As Account type drop-down list . Set the display name to "UNIX privileged account

clip_image052

Under the Account screen Set The credential for Privilege

clip_image054

Click Next >

Under Distribution Security, select the More Secure... option. Click Create.

clip_image056

When the creation is complete, you will see a warning message that the Run Account must be associated with an appropriate Run As profile. We will do this in just a moment. Click Close to return to the Add a Run As Account dialog.

clip_image058

Notice that the UNIX privileged account you just created now appears as the selected option in the drop down box.

clip_image060

Click Select ... and choose Class... from the drop down

clip_image062

In the Class Search dialog, enter Unix in the Filter By text box, and click Search

clip_image064

From the list of items returned from the search, select Unix Computer and click OK

clip_image066

clip_image068

You will now see the UNIX privileged account Run As Account just created within the list of accounts for this profile. Click Save.

clip_image070

clip_image072

We now have to associate the Run As account with the RMS management server. Click on the UNIX privileged account hyperlink to open the Run As Account properties

clip_image074

Check to see you are in the Distribution tab

clip_image076

Select RMS Server Name from the results, and click Add and Click OK

clip_image077

Open the Operations console with an account that is a member of the Operations Manager 2007 R2 Administrator profile

Select the Administration view.

At the bottom of the navigation pane, select the Discovery Wizard link.

In the Computer and Device Management Wizard, select Discovery Type, choose Unix/Linux Discovery Wizard, and then click Next.

clip_image079

On the Discovery Method page, click Add to specify criteria for discovering UNIX-based systems and Linux-based systems on your network.

On the Define discovery criteria page, type the credentials and necessary information to locate the computer you want to discover, and then click OK

clip_image081

clip_image083

Enable SSH

clip_image086

Click Discover to initiate system discovery

clip_image088

clip_image090

clip_image092

On the Discovery results page, in the Select the systems you want to manage: list, select the check box for the system or systems that you want to manage, or click Select All to include all discovered systems

If there are systems listed in the Select the systems you want to manage list on the Discovery results page that the wizard was unable to discover, you can click Details to get information about why the discovery failed. Correct the problem and repeat the discovery step

clip_image094

clip_image096

clip_image098

clip_image100

After you have selected the systems you want to manage, click Next to start the deployment, and to close the Discovery results page

On the Deployment complete page, the Computer and Device Management Wizard displays the agent deployment status in the Status menu.

clip_image102

Click Done to close the wizard.

IMPORT MP For Linux

clip_image104

Performance Monitoring by Using Default MP

clip_image106

clip_image108

clip_image110

Active Alert

clip_image112

Health Explorer

clip_image114

Performance Report

clip_image116

 

Cheers

Birojit

Comments
  • Where you say "Enable SSL" I think you mean Enable SSH.

  • Thanks Buddy... You are right it should be SSH.

    I have changed to SSH

  • HI,

    We have followed all the stpes mentioned But my linux server staus is comsole is showing as critical

    shall we need to create the same accoung in linux?

    Any quick help is really appreciated

  • If it is showing critical that mean SCOm is able to monitor your Linux Server.

    Go to monitoring->Active Alert-> Find the alert to check what has goner wrong on the server.

    Alternatively click on computer State View->Linux Server(Which is critical)in action tab click on heath explorer to drill down to exact problem.

    Check and let me know...

  • HI,

    Shall i need to create the run as account on Linux machine

    Because i have created basic a/c for as unix action & unix preveliged & assoviate them with run as profile

    Is their something missing on limux side as i m getting access deined error in active alerts

    i m new to the linux environment

    One more help required i have created one rule to fetch 644 event ( a/c locked out )for specific a/c  the rule is working fine as i m getting alerts abt a/c lockout them i have acreated 1 monitor which will check if the a/c is locked & in recover task i hv added the .vbs scirpt for unlocking the a/c the scipt run sucessfully but when i have added it to the monitor i have created it is only giving alert but not taking action

    can you please tell me which account this monitor is using so that i can give the appropriate access becasue i doubt it is access issue

  • two Account you need.

    1) Previledge Account eg:"root"

    2) Non Previledge Account eg somthing like user account in your linux box.

    If you are doing for test you can add both the account as "root"

  • Thanks for quick reply

    done the steps menioned by you now my linux machine is in helathy state

    But when i open the helath explorer cant see check mark to performance entity

  • Hi, have you ever tried to monitor a process on your linux server with SCOM R2?

    I used the Process Monitoring tab, created an object with the process to check and the targeted group ( with my linux server as the only member ). I see the monitor object being created but it never shows up on the MONITORING panel under Process State. Have any idea ?

  • Hi Olivier

    Thanks you for posting query. Please follow the article from Jeevan Bist Blog

    http://blogs.technet.com/jeevanbisht/archive/2009/08/29/unix-linux-process-service-monitoring-using-operations-manager-2007-r2.aspx

    Cheers

    Birojit

  • Thx for answering!

    The problem with the Unix service template is that it only shows the basename of the service

    For example i want to monitor a websphere server on Linux.

    The process is :

    /usr/WebSphere/AppServer/java/bin/java -Declipse.security -Dwas.status.socket=39880 -com.ibm.ws.runtime.WsServer /usr/WebSphere/AppServer/profiles/sldpw1/config ldpCell sldpw1 asAgileSoft

    SCOM only shows me this as a service :

    /usr/WebSphere/AppServer/java/bin/java

    which doesnt help me cause there is 6 process with the same basename and i want to monitor one in particular

    I think i need to customise my own management pack to do this cause i dont think SCOM can do it with the default pack

  • Hi There,

    Looking to have our MS server guys monitor my Linux Server using this, just wondering how to configure the Ops Manager Server to connect using SSH when the Linux Server uses Public / Private Keys?

    Is there somewhere within ops manager that I can provide either an OpenSSL or Putty Private Key File?

    Many thanks,

    Dash

  • Thanks for the document. I have managed to install the Linux agent working on my Red Hat servers.

    I had issues around getting the Runas accounts. The document says to distribute the action accounts to RMS servers. In my experience, I could get the monitoring working only after the accounts were distributed to the management server to which the client was pointing.

    Regards

  • I have two Linux server groups that use two different root passwords, how do I set that up?  I notice you target the Unix Computer Class which is all Unix servers.  Can I split that into two or more groups of Unix Servers?  (Thank you for that great post)

  • great work ......

  • Dear's

    i have scom 2007 r2 in my environiment with 24 red had linux clients.

    i just want to know how to configure monitors for memory utilization high.

    regards

    Naveed

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment