This
Skylar One supports three protocols to monitor Linux devices:
- SNMP
- SSH
- Syslogs
SNMP and Linux are used to proactively poll the device periodically to collect information, while Syslog asynchronously receives logs from the device. Syslog can be used with SNMP or SSH, but you cannot use both SNMP and SSH together.
ScienceLogic recommends using SSH along with Syslog, as that provides the most comprehensive and secure monitoring.
The following sections provide an overview of Secure Shell (SSH) and the "Linux Base Pack" PowerPack.
Use the following menu options to navigate the Skylar One user interface:
- To view a pop-out list of menu options, click the menu icon (
). - To view a page containing all of the menu options, click the Advanced menu icon (
).
What is SSH?
Secure Shell (SSH) is a network protocol that enables users to securely access a command-line shell on a remote computer or server over an unsecured network. SSH provides strong encryption and authentication capabilities, making it an ideal method for securely administering commands or transferring data between a client and server.
To make SSH even more secure, you can use SSH keys instead of a simple password to log in to a server. SSH keys consist of two long strings of characters, called a public/private key pair, that are much less susceptible than passwords are to brute force attacks. The public key is placed on the server you want to access, while the private key resides on the client. When you use SSH to log in to the server from the client, the key pair is used to authenticate the session.
In Skylar One, some Dynamic Applications of type "Snippet" use SSH to communicate with a remote device. To use these Dynamic Applications, you must define an SSH credential. This credential specifies the hostname or IP address of the system you want to monitor, the port number used to access that system, and the private key used for authentication.
The default TCP port for SSH servers is 22.
What Does the Linux Base Pack PowerPack Monitor?
To monitor Linux systems with SSH using Skylar One, you must install the "Linux Base Pack" PowerPack. This PowerPack enables you to discover, model, and collect data about Linux systems.
The "Linux Base Pack" PowerPack includes:
- Dynamic Applications that discover and collect configuration and performance data for Linux systems
- Internal collection Dynamic Applications for Linux systems
- Event policies and corresponding alerts that are triggered when Linux systems meet certain status criteria
- Device classes for each type of Linux system monitored
- A run book action and an automation policy to assign the proper device classes to Linux systems
- A device template for discovering Linux devices
The "Linux Base Pack" PowerPack is equipped with an alert to detect stale file systems. If you receive an exit code 124 when running the command timeout 3 df -kPT, an alert will be triggered to warn you of a stale file system.
Installing or Upgrading the Linux Base Pack PowerPack
To monitor Linux systems with SSH, you must import and install the latest version of the "Linux Base Pack" PowerPack.
Before upgrading to version 114 of the "Linux Base Pack" PowerPack, ScienceLogic recommends that you disable (uncheck) the Enable Selective PowerPack Field Protection setting on the Behavior Settings page (System > Settings > Behavior) to ensure that the Dynamic Application updates from this version are applied correctly. Be advised that, if you have certain customized fields relating to event policies and Dynamic Applications that are included in this PowerPack, disabling this setting will cause those customized fields to be overwritten when you upgrade the PowerPack.
Before you upgrade, you should check the thresholds for zombie processes and load average. The load average is compared to the threshold based on the normalized data per CPU.
To upgrade the "Linux Base Pack" PowerPack, perform the following steps:
-
Familiarize yourself with the Known Issues for this release in the current version's Release Notes.
-
If you have not done so already, upgrade your Skylar One system to the minimum version or later release required for the version of the PowerPack you are upgrading to.
-
If you are upgrading from a previous version of the PowerPack, disable all Linux devices by doing one of the following:
-
Go to the Devices page, select all Linux devices from the list, click the button, select Change Collection State, and then select Disable (toggled off).
-
Go to the Device Manager page (Devices > Classic Devices, or Registry > Devices > Device Manager in the classic user interface), select all Linux devices from the list, click the Select Action menu, select Change Collection State, select Disable, and then click .
-
-
Download the latest version of the "Linux Base Pack" PowerPack the PowerPacks page on the ScienceLogic Support Center (Skylar One > PowerPacks).
-
Go to the PowerPack Manager page (System > Manage > PowerPacks) in Skylar One.
-
Click the menu and choose Import PowerPack.
-
When prompted, import the "Linux Base Pack" PowerPack.
-
Click the button. Wait for about five minutes to ensure the virtual environment is created.
-
If you disabled your Linux devices in step 3, re-enable all Linux devices by doing one of the following:
-
Go to the Devices page, select all Linux devices from the list, click the button, select Change Collection State, and then select Enable (toggled on).
-
Go to the Device Manager page (Devices > Classic Devices, or Registry > Devices > Device Manager in the classic user interface), select all Linux devices from the list, click the Select Action menu, select Change Collection State, select Enable, and then click .
-
Interface discovery runs nightly; therefore, interfaces will not immediately appear until that process runs. If you would like to manually run nightly discovery, use SSH to access your Data Collector and run the following command:
sudo -u s-em7-core /opt/em7/bin/python /opt/em7/backend/discover_update.py
After installing the PowerPack, if you are upgrading from versions 102, 103, or 104 of the "Linux Base Pack" PowerPack, you must delete some Dynamic Applications that were included in those earlier versions and replaced by other Dynamic Applications in later versions of the PowerPack. If these old Dynamic Applications are left enabled, they can drastically reduce the number of Linux devices supported by a Data Collector.
To remove these older Dynamic Applications from the "Linux Base Pack" PowerPack:
- Go to the PowerPack Manager page (System > Manage > PowerPacks).
- Locate the "Linux Base Pack" PowerPack and click its wrench icon (
). - In the PowerPack Properties page, in the Navbar on the left side, select Dynamic Applications.
- In the Embedded Dynamic Applications page, click the delete icon (
) for the following Dynamic Applications, if they exist:
- Linux: File System Performance
- Linux: IC Availability
- Linux: Interface Performance
- Linux: Network Configuration
- Linux: Performance Cache (Deprecated)
- Linux: TCP Services Configuration
- The content will be removed from the PowerPack and will now appear in the bottom pane.
Deleting the Dynamic Applications will remove all historical data from your devices. If you need to retain their historical data, then you must at a minimum disable the Dynamic Applications. However, the "Linux: Performance Cache" Dynamic Application must be deleted.
Linux Distributions Supported by the Linux Base Pack PowerPack
The "Linux Base Pack" PowerPack supports the following distributions:
| Distribution | Supported Versions |
|---|---|
|
Ubuntu |
23 22 20 |
|
CentOS |
8 7 |
|
Red Hat Linux Enterprise |
9 8 7 |
|
Oracle Linux Server |
9 8 7 |
|
Debian GNU Linux |
12 11 10 9 |
|
Fedora Server |
39 38 37 36 35 |
|
Amazon Linux |
Amazon Linux 2 Amazon Linux |
|
SUSE Linux Enterprise Server |
15 12 |
|
Rocky Linux |
9 8 |