Difference between revisions of "Monitoring"

[unchecked revision][checked revision]
 
(48 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
__NOTOC__
 
MailStore only provides limited notification or monitoring features, but the status of the archiving processes can be monitored using external components.  
 
MailStore only provides limited notification or monitoring features, but the status of the archiving processes can be monitored using external components.  
  
= Email Notifications for Failed Archiving Processes =
+
== Using External Monitoring Software ==
  
At this time, MailStore Server's email notification feature only sends an email if the automatic creation of a new standard archive store fails.
+
=== MailStore Nagios/Icinga-Plugin ===
 +
The [[Media:Scripts.zip|Scripting-Package]] includes the <tt>check_mailstore.py</tt> plugin. The plugin checks the number of profiles run or the number of archived emails in a given period of time. At least MailStore Server 8 is required. Unless stated otherwise, the scripts are released under the terms an conditions of the [[wikipedia:MIT_License|MIT License]].
  
This article provides some helpful hints to administrators who would like to receive additional notifications regarding events on their MailStore server.  
+
==== Installation ====
 +
The [[Python API Wrapper Tutorial|Python API-Wrapper]] has to be installed. Depending on your distribution, you might have to install the <tt>python-argparse</tt> package.
  
== Notifications for Audit Events ==
+
The plugin connects to the [[MailStore Server Administration API]]. Therefore it must be enabled in the [[MailStore Server Service Configuration]].
  
One way for monitoring is the use of the MailStore auditing feature combined with the Windows task planner.
+
==== Usage ====
 +
A check that monitors the successful execution of profiles could be defined in Nagios/Icinga as follows:
  
Please keep in mind that this procedure negates the actual purpose of MailStore's auditing feature. Therefore, verify if the trigger parameters are still configured correctly after each update of the MailStore Server.
+
define command {
 +
        command_name check_mailstore
 +
        command_line /usr/local/lib/nagios/plugins/check_mailstore.py --host $ARG1$ --username $ARG2$ --password $ARG3$ -s since:$ARG4$ --status $ARG5$ -c $ARG6$ -w $ARG7$ --search $ARG8$
 +
        }
  
<p class="msnote">To be able to configure activation triggers in Windows, Windows Vista/7/2008/2008 R2 is needed. They are not available in Windows 2000/XP/2003.</p>
+
The appropriate service definition might look like this:
  
=== Activating Auditing Features ===  
+
define service {
* Open MailStore Client as administrator.
+
        host_name                      mailstoreserver
* Click on ''Administrative Tools'' > ''Compliance'' > ''Auditing''.
+
        service_description            MailStore Succeeded Profiles
* Activate the user activity ''ProfileRunArc''.
+
        check_command                  check_mailstore!mailstoreserver!admin!sUp3rs3CcR6ET3!1H!succeeded!8!10!profiles
 +
        use                            generic-service
 +
        }
 +
 
 +
This test checks whether there were more then 10 tasks executed successfully (--status succeeded) during the last hour (-s since:1H).
 +
 
 +
<p class="msnote">'''Notice:''' When monitoring an SPE instance you have to use the service provider's admin credentials which is used to log in into the SPE Management Console.</p>
 +
 
 +
==== Parameters ====
 +
The plugin supports the following parameters.
 +
 
 +
--help<nowiki>|</nowiki>--h
 +
 
 +
Displays the help page.
 +
 
 +
--host HOST
 +
 
 +
Hostname or IP address of the MailStore Server.
 +
 
 +
--port PORT
 +
 
 +
TCP port on which the MailStore Administration API accepts connections. Default is ''8463''.
 +
 
 +
--username USERNAME<nowiki>|</nowiki>--user USERNAME
 +
 
 +
Username to log on to MailStore Server. This must be a MailStore administrator.
 +
 
 +
--password PASSWORD<nowiki>|</nowiki>--pass PASSWORD
 +
 
 +
The user's password.
 +
 
 +
--start STARTTIME<nowiki>|</nowiki>-s STARTTIME
 +
 
 +
Specifies the start time of the check period. The start time has to be given in the format YYYY-mm-ddTHH:MM:SS (eg 2013-01-01T00:00:00). The ''-end'' parameter has to be given.
 +
As alternative a time period can be given with the format ''since:XY'', where X is a number and Y is one of the following letters: Y (year), m (month), d (day), H (hour), M (minute) S (second). Example ''-s since: 90M'' (last 90 minutes).
 +
 
 +
--end ENDTIME<nowiki>|</nowiki>-e ENDTIME
 +
 
 +
Specifies the end time of the period. The format is YYYY-mm-ddTHH:MM:SS (eg 2013-02-28T23:59:59). When using ''since'' in ''--start'', this parameter is not required.
 +
 
 +
--timezone TIMEZONE
 +
 
 +
MailStore Server stores dates in UTC time. The output of the plugin can be adjusted with this parameter. By default, ''$local'' is used. This corresponds to the time zone setting of the operating system of MailStore Server. Using the API command [[Administration API - Function Reference#GetTimeZones|GetTimeZones]] the possible values ​​can be shown. In most cases, this parameter is not required.
 +
 
 +
--machinename MACHINENAME
 +
 
 +
Filters the results by ''MACHINENAME''. This is useful when the results of local profiles of different computers are monitored.
 +
 
 +
--filteruser USERNAME
 +
 
 +
Filters the results by ''USERNAME''. This is useful when the results of profiles of different users are monitored.
 +
 
 +
--profile PROFILE
 +
 
 +
Filters the results by archiving profile. The ID of an archiving profile must be given. The ID of a profile can be retrieved with the API method [[Administration API - Function Reference#GetProfiles|GetProfiles]]. Alternatively you can select the profile in MailStore Client and press Ctrl+Shift+P to get the raw profile details.
 +
 
 +
--status STATUS
 +
 
 +
Filters the results by STATUS. Possible values ​​are ''succeeded'', ''failed'', ''cancelled'', ''disconnected'', ''threadAbort'', ''completedWithWarnings'' and ''completedWithErrors''. The status can be negated by prepending a ''#''. Default is ''succeeded''. Use ''#all'', if you want the results of all profiles, regardless of the status.
 +
 
 +
--search [profiles<nowiki>|</nowiki>emails]
 +
 
 +
Specifies whether to check on the number of returned profiles or the number of mails archived. Default is ''profiles''.
 +
 
 +
--warning WARNING<nowiki>|</nowiki>-w WARNING
 +
 
 +
The warning threshold.
 +
 
 +
--critical CRITICAL<nowiki>|</nowiki>-c CRITICAL
 +
 
 +
The critical threshold.
 +
 
 +
--compare COMPARE
 +
 
 +
Specifies how the values ​​of WARNING and CRITICAL will be compared with the amount of results. Possible values ​​are ''lt'', ''le'', ''eq'', ''ge'', ''gt'' (lesser than, lesser than or equal, equal, greater than or equal, greater than). Default is ''le'' (lesser than or equal).
  
Now, after archiving profiles have been executed, corresponding entries are made in the event log.
+
--DEBUG
  
=== Checking the Windows Event Logs Manually ===
+
If given, the matching results will be printed to standard output. This is only useful for debugging purpose.
  
* Open the ''Event Viewer'' of your Windows system.
+
==== Other examples ====
* Click on ''Event Viewer (local)'' > ''Windows Protocols'' > ''Applications''.
+
check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 20 -w 22 --search profiles --status="succeeded" --compare lt
* Search for events of source ''MailStore Server Auditing''.
 
  
If errors occurred while executing the profile, the event level is ''Error'', if execution was successful, the level is ''Information''.
+
Status is critical if lesser (--compare lt) than 20 (-c 20) profiles (--search profiles) have ended successfully (--status "succeeded") within the last day (-s "since:1d"). A warning is issued when lesser than 22 successful profiles have been found.
  
=== Creating Notifications ===
+
check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 5 -w 2 --search profiles --status="#succeeded" --compare gt
  
The Windows task scheduler can link tasks to an event. This is used to send an email at the event ''Archiving Failed''.
+
Status is critical if more (--compare gt) than 5 (-c 5) profiles (--search profiles) have NOT ended successfully (--status "#succeeded") within the last day (-s "since:1d"). A warning is issued when more than 2 unsuccessful profiles have been found.
  
* Open the ''Task Scheduler'' of your Windows system.
+
check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 5 -w 20 --search emails --profile 7
* Create a new folder, e.g. ''MailStore Auditing'' in the ''Task Scheduler Library''.
 
* Create a task via ''Actions'' > ''Create Task''. Please note that you will not ''Create a Simple Task''.
 
*: [[File:Monitoring_notify_00.png|450px|center]]
 
* Enter a meaningful name.
 
* Select the option ''Run whether user is logged on or not''.
 
* Under ''Configure for'', select at least ''Windows Vista or Windows Server 2008''. Otherwise the trigger ''On Event'' is not available.
 
* Click on the ''Triggers'' tab.
 
* Click on ''New''.
 
* Under ''Start Task'' select the value ''On Event''.
 
* Under ''Settings'' activate the option ''User Defined'' and click on ''New Event Filter''.
 
*: [[File:Monitoring_notify_01.png|450px|center]]
 
* Under ''Event Level'' place a checkmark next to ''Error''.
 
* Select ''Via Source'' and under ''Sources'' place a checkmark next to ''MailStore Server Auditing''.
 
* Click on ''OK'' to save the settings.
 
*:'''Please note:''' The criteria for user-defined settings are stored as XML data. Unfortunately, the ''Edit Trigger'' dialog is unable to convert these XML data back into GUI elements. Subsequent manipulation of the trigger is only possible in XML. If this is not desired, the trigger must be deleted and recreated.
 
* Change to the ''Actions'' tab.
 
* Click on ''New...''.
 
* In the ''Action'' field select ''Send Email''.
 
* Fill out all fields in the ''Settings'' section.
 
*: '''Please note:''' The ''SMTP-Server'' specified must allow the MailStore Server computer to send emails without prior login. If this is not desired or possible, please use a locally installed SMTP server (Feature: Windows SMTP ) and enter the data needed for sending emails in your environment.
 
* You may be asked for your user password. It is needed for executing the task if you are not logged in.
 
  
= Using External Monitoring Software =
+
Status is critical if less than 5 (-c 5) emails (--search emails) were archived within a day by the the profile with the ID 7" (--profile 7). A warning is issued when less than 20 emails were archived.
  
If you are already using monitoring software, such as Nagios/Icinga, Zabbix or HP OpenView, in your network, we recommend monitoring the results of the Windows task planner.
+
=== Monitoring of licenced users ===
 +
The ''check_mailstorelicence''-script from the [[Media:Scripts.zip|scripting-pakage]], can be used to monitor the existing users in MailStore with Nagios/Icinga. No external arguments can be used, all configuration has to be done inside the file. If you synchronize your users from an external source, and more users than free licences should be created in one step, this monitoring will not holler, because it checks the existing users only and not the users that shall be created.
  
== Example: Nagios/Icinga with NSClient++ ==
+
Command-Definition:
  
This example requires that in section ''[NRPE]'' of the file ''NSC.ini'' the parameter ''allow_arguments=1'' is set. An alternative, and safer in public environments, is to define an alias under section ''[External Alias]]''.
+
define command {
 +
        command_name check_mailstorelicence
 +
        command_line /usr/local/lib/nagios/plugins/check_mailstorelicence.py --host $ARG1$ --password $ARG2$ --licensed $ARG3$ --warning $ARG4$ --critical $ARG5$
 +
        }
 +
 
 +
=== Nagios/Icinga with NSClient++ ===
 +
If you are already using monitoring software, such as Nagios/Icinga, Zabbix or HP OpenView, in your network, we recommend monitoring the results of the Windows task scheduler.
 +
 
 +
This example requires that in section ''[NRPE]'' of the file ''NSC.ini'' the parameter ''allow_arguments=1'' is set. An alternative, and safer in public environments, is to define an alias under section <tt>External Alias]]</tt>.
  
 
Under Nagios/Icinga the corresponding service check looks like this:
 
Under Nagios/Icinga the corresponding service check looks like this:
Line 76: Line 144:
 
</pre>
 
</pre>
  
The service check puts out a list of all scheduled tasks in the Windows task planner whose exit code is unequal to zero. If there is more than one event, the check status ''Critical'' is set. The return contains a list of all tasks with exit codes unequal to zero and their exit codes.
+
The service check puts out a list of all scheduled tasks in the Windows task scheduler whose exit code is unequal to zero. If there is more than one event, the check status ''Critical'' is set. The return contains a list of all tasks with exit codes unequal to zero and their exit codes.
 
 
 
 
  
 
[[de:Monitoring]]
 
[[de:Monitoring]]
 +
[[en:Monitoring]]

Latest revision as of 10:52, 29 January 2018

MailStore only provides limited notification or monitoring features, but the status of the archiving processes can be monitored using external components.

Using External Monitoring Software

MailStore Nagios/Icinga-Plugin

The Scripting-Package includes the check_mailstore.py plugin. The plugin checks the number of profiles run or the number of archived emails in a given period of time. At least MailStore Server 8 is required. Unless stated otherwise, the scripts are released under the terms an conditions of the MIT License.

Installation

The Python API-Wrapper has to be installed. Depending on your distribution, you might have to install the python-argparse package.

The plugin connects to the MailStore Server Administration API. Therefore it must be enabled in the MailStore Server Service Configuration.

Usage

A check that monitors the successful execution of profiles could be defined in Nagios/Icinga as follows:

define command {
       command_name check_mailstore
       command_line /usr/local/lib/nagios/plugins/check_mailstore.py --host $ARG1$ --username $ARG2$ --password $ARG3$ -s since:$ARG4$ --status $ARG5$ -c $ARG6$ -w $ARG7$ --search $ARG8$
       }

The appropriate service definition might look like this:

define service {
       host_name                       mailstoreserver
       service_description             MailStore Succeeded Profiles
       check_command                   check_mailstore!mailstoreserver!admin!sUp3rs3CcR6ET3!1H!succeeded!8!10!profiles
       use                             generic-service
       }

This test checks whether there were more then 10 tasks executed successfully (--status succeeded) during the last hour (-s since:1H).

Notice: When monitoring an SPE instance you have to use the service provider's admin credentials which is used to log in into the SPE Management Console.

Parameters

The plugin supports the following parameters.

--help|--h

Displays the help page.

--host HOST

Hostname or IP address of the MailStore Server.

--port PORT

TCP port on which the MailStore Administration API accepts connections. Default is 8463.

--username USERNAME|--user USERNAME

Username to log on to MailStore Server. This must be a MailStore administrator.

--password PASSWORD|--pass PASSWORD

The user's password.

--start STARTTIME|-s STARTTIME

Specifies the start time of the check period. The start time has to be given in the format YYYY-mm-ddTHH:MM:SS (eg 2013-01-01T00:00:00). The -end parameter has to be given. As alternative a time period can be given with the format since:XY, where X is a number and Y is one of the following letters: Y (year), m (month), d (day), H (hour), M (minute) S (second). Example -s since: 90M (last 90 minutes).

--end ENDTIME|-e ENDTIME

Specifies the end time of the period. The format is YYYY-mm-ddTHH:MM:SS (eg 2013-02-28T23:59:59). When using since in --start, this parameter is not required.

--timezone TIMEZONE

MailStore Server stores dates in UTC time. The output of the plugin can be adjusted with this parameter. By default, $local is used. This corresponds to the time zone setting of the operating system of MailStore Server. Using the API command GetTimeZones the possible values ​​can be shown. In most cases, this parameter is not required.

--machinename MACHINENAME

Filters the results by MACHINENAME. This is useful when the results of local profiles of different computers are monitored.

--filteruser USERNAME

Filters the results by USERNAME. This is useful when the results of profiles of different users are monitored.

--profile PROFILE

Filters the results by archiving profile. The ID of an archiving profile must be given. The ID of a profile can be retrieved with the API method GetProfiles. Alternatively you can select the profile in MailStore Client and press Ctrl+Shift+P to get the raw profile details.

--status STATUS

Filters the results by STATUS. Possible values ​​are succeeded, failed, cancelled, disconnected, threadAbort, completedWithWarnings and completedWithErrors. The status can be negated by prepending a #. Default is succeeded. Use #all, if you want the results of all profiles, regardless of the status.

--search [profiles|emails]

Specifies whether to check on the number of returned profiles or the number of mails archived. Default is profiles.

--warning WARNING|-w WARNING

The warning threshold.

--critical CRITICAL|-c CRITICAL

The critical threshold.

--compare COMPARE

Specifies how the values ​​of WARNING and CRITICAL will be compared with the amount of results. Possible values ​​are lt, le, eq, ge, gt (lesser than, lesser than or equal, equal, greater than or equal, greater than). Default is le (lesser than or equal).

--DEBUG

If given, the matching results will be printed to standard output. This is only useful for debugging purpose.

Other examples

check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 20 -w 22 --search profiles --status="succeeded" --compare lt

Status is critical if lesser (--compare lt) than 20 (-c 20) profiles (--search profiles) have ended successfully (--status "succeeded") within the last day (-s "since:1d"). A warning is issued when lesser than 22 successful profiles have been found.

check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 5 -w 2 --search profiles --status="#succeeded" --compare gt

Status is critical if more (--compare gt) than 5 (-c 5) profiles (--search profiles) have NOT ended successfully (--status "#succeeded") within the last day (-s "since:1d"). A warning is issued when more than 2 unsuccessful profiles have been found.

check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 5 -w 20 --search emails --profile 7

Status is critical if less than 5 (-c 5) emails (--search emails) were archived within a day by the the profile with the ID 7" (--profile 7). A warning is issued when less than 20 emails were archived.

Monitoring of licenced users

The check_mailstorelicence-script from the scripting-pakage, can be used to monitor the existing users in MailStore with Nagios/Icinga. No external arguments can be used, all configuration has to be done inside the file. If you synchronize your users from an external source, and more users than free licences should be created in one step, this monitoring will not holler, because it checks the existing users only and not the users that shall be created.

Command-Definition:

define command {
       command_name check_mailstorelicence
       command_line /usr/local/lib/nagios/plugins/check_mailstorelicence.py --host $ARG1$ --password $ARG2$ --licensed $ARG3$ --warning $ARG4$ --critical $ARG5$
       }

Nagios/Icinga with NSClient++

If you are already using monitoring software, such as Nagios/Icinga, Zabbix or HP OpenView, in your network, we recommend monitoring the results of the Windows task scheduler.

This example requires that in section [NRPE] of the file NSC.ini the parameter allow_arguments=1 is set. An alternative, and safer in public environments, is to define an alias under section External Alias]].

Under Nagios/Icinga the corresponding service check looks like this:

define service {
        use                             generic-service
        host_name                       mailstore.mydomain.tld
        service_description             Scheduled Tasks
        check_command                   check_nrpe!CheckTaskSched!filter="exit_code ne 0" "syntax=%title%: %exit_code%" "crit=>0"
}

The service check puts out a list of all scheduled tasks in the Windows task scheduler whose exit code is unequal to zero. If there is more than one event, the check status Critical is set. The return contains a list of all tasks with exit codes unequal to zero and their exit codes.