A Poor Man's Munin Node to Monitor "Hostile" UNIX Servers
Munin is a nice monitoring system. Simple but quite effective. It's main selling point is the UNIX-esque simplicity of the architecture. You can just create a new plugin in a matter of minutes to monitor whatever you can imagine.
There is even a comprehensive collection of plugins ready to use (admittedly of various quality).
Various platform are supported
Usually the main issue is the MuninNode, an agent (daemon) that runs on the server to be monitored, since it is responsible of translating the request of the munin server (the one with the graphs) to the various plugins, build-ins or external. The ease of installing this agent depends on the OS and the access you have on the server :
For Windows you can install munin-node-win32.
Unix (with root access)
For Unix when you are root, usually there is a package ready to install in your distribution, or from the source.
Others (Hostile servers)
On hostile servers, you don't usually have a root access and no easy acces to a compiler.
I wrote pmmn (Poor Man's Munin Node), a little vanilla Perl script that emulates the core functionality of the real munin-node script, but without having to install many Perl CPAN modules.
It has also a nice functionality : it is possible to communicate via stdin/stdout instead of a TCP port. This way it is very easy to monitor hosts that are behind a firewall without opening (and monitoring) many tunnels.
Installation of pmmn
Suppose you have access to the server via a supervision user (let's say supusr). Installation of pmmn is quite easy : just copy the files somewhere on the disk where you have access, for example (/home/supusr).
Just launch the server with -p 4949 and declare it in the munin.conf file on your munin-server. This solution is quite equivalent to a regular munin-node installation.
Same as the TCP, but you have to create a TCP tunnel via SSH to be able to reach the munin-node.
It is a mix between port forwarding via inetd and the Tunnel-based previously discussed.
You first have to established a key-based SSH authentication without passphrase (you will not be there to type it) from supusr on the inet server (usually the munin-node one) to the user supusr on the server to be monitored.
For example, to monitor server1 and server2, in the file /etc/inetd.conf, you have to add lines :
7001 stream tcp nowait supusr /usr/bin/ssh -- supusr@server1 /home/suprusr/pmmn/pmmn.pl 7002 stream tcp nowait supusr /usr/bin/ssh -- supusr@server2 /home/suprusr/pmmn/pmmn.pl
Then, in the munin.conf file of the MuninServer, you just have to declare the new nodes :
[server1] address localhost port 7001 [server2] address localhost port 7002
The MuninServer will now set up a stdin/stdout SSH tunnel transparently and launch the pmmn server when needed. You are now free to write plugins like if a real munin-node where installed. The only restriction is that y ou don't have a root access, so you are limited in the information you may collect.