Difference between revisions of "Monitoring"

[unchecked revision][checked revision]
 
(44 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 +
__NOTOC__
 
MailStore only provides limited notification or monitoring features, but the status of the archiving processes can be monitored using external components.  
 
MailStore only provides limited notification or monitoring features, but the status of the archiving processes can be monitored using external components.  
  
= Using External Monitoring Software =
+
== Using External Monitoring Software ==
  
If you are already using monitoring software, such as Nagios/Icinga, Zabbix or HP OpenView, in your network, we recommend monitoring the results of the Windows task scheduler.
+
=== MailStore Nagios/Icinga-Plugin ===
 +
The [[Media:Scripts.zip|Scripting-Package]] includes the <tt>check_mailstore.py</tt> plugin. The plugin checks the number of profiles run or the number of archived emails in a given period of time. At least MailStore Server 8 is required. Unless stated otherwise, the scripts are released under the terms an conditions of the [[wikipedia:MIT_License|MIT License]].
 +
 
 +
==== Installation ====
 +
The [[Python API Wrapper Tutorial|Python API-Wrapper]] has to be installed. Depending on your distribution, you might have to install the <tt>python-argparse</tt> package.
 +
 
 +
The plugin connects to the [[MailStore Server Administration API]]. Therefore it must be enabled in the [[MailStore Server Service Configuration]].
  
== Example: Nagios/Icinga with NSClient++ ==
+
==== Usage ====
 +
A check that monitors the successful execution of profiles could be defined in Nagios/Icinga as follows:
  
This example requires that in section ''[NRPE]'' of the file ''NSC.ini'' the parameter ''allow_arguments=1'' is set. An alternative, and safer in public environments, is to define an alias under section ''[External Alias]]''.
+
define command {
 +
        command_name check_mailstore
 +
        command_line /usr/local/lib/nagios/plugins/check_mailstore.py --host $ARG1$ --username $ARG2$ --password $ARG3$ -s since:$ARG4$ --status $ARG5$ -c $ARG6$ -w $ARG7$ --search $ARG8$
 +
        }
  
Under Nagios/Icinga the corresponding service check looks like this:
+
The appropriate service definition might look like this:
  
<pre>
+
define service {
define service {
+
        host_name                      mailstoreserver
 +
        service_description            MailStore Succeeded Profiles
 +
        check_command                  check_mailstore!mailstoreserver!admin!sUp3rs3CcR6ET3!1H!succeeded!8!10!profiles
 
         use                            generic-service
 
         use                            generic-service
         host_name                      mailstore.mydomain.tld
+
         }
        service_description            Scheduled Tasks
+
 
        check_command                  check_nrpe!CheckTaskSched!filter="exit_code ne 0" "syntax=%title%: %exit_code%" "crit=>0"
+
This test checks whether there were more then 10 tasks executed successfully (--status succeeded) during the last hour (-s since:1H).
}
+
 
</pre>
+
<p class="msnote">'''Notice:''' When monitoring an SPE instance you have to use the service provider's admin credentials which is used to log in into the SPE Management Console.</p>
 +
 
 +
==== Parameters ====
 +
The plugin supports the following parameters.
 +
 
 +
--help<nowiki>|</nowiki>--h
 +
 
 +
Displays the help page.
 +
 
 +
--host HOST
 +
 
 +
Hostname or IP address of the MailStore Server.
 +
 
 +
--port PORT
 +
 
 +
TCP port on which the MailStore Administration API accepts connections. Default is ''8463''.
 +
 
 +
--username USERNAME<nowiki>|</nowiki>--user USERNAME
 +
 
 +
Username to log on to MailStore Server. This must be a MailStore administrator.
 +
 
 +
--password PASSWORD<nowiki>|</nowiki>--pass PASSWORD
 +
 
 +
The user's password.
 +
 
 +
--start STARTTIME<nowiki>|</nowiki>-s STARTTIME
 +
 
 +
Specifies the start time of the check period. The start time has to be given in the format YYYY-mm-ddTHH:MM:SS (eg 2013-01-01T00:00:00). The ''-end'' parameter has to be given.
 +
As alternative a time period can be given with the format ''since:XY'', where X is a number and Y is one of the following letters: Y (year), m (month), d (day), H (hour), M (minute) S (second). Example ''-s since: 90M'' (last 90 minutes).
 +
 
 +
--end ENDTIME<nowiki>|</nowiki>-e ENDTIME
 +
 
 +
Specifies the end time of the period. The format is YYYY-mm-ddTHH:MM:SS (eg 2013-02-28T23:59:59). When using ''since'' in ''--start'', this parameter is not required.
 +
 
 +
--timezone TIMEZONE
 +
 
 +
MailStore Server stores dates in UTC time. The output of the plugin can be adjusted with this parameter. By default, ''$local'' is used. This corresponds to the time zone setting of the operating system of MailStore Server. Using the API command [[Administration API - Function Reference#GetTimeZones|GetTimeZones]] the possible values ​​can be shown. In most cases, this parameter is not required.
 +
 
 +
--machinename MACHINENAME
 +
 
 +
Filters the results by ''MACHINENAME''. This is useful when the results of local profiles of different computers are monitored.
 +
 
 +
--filteruser USERNAME
 +
 
 +
Filters the results by ''USERNAME''. This is useful when the results of profiles of different users are monitored.
 +
 
 +
--profile PROFILE
 +
 
 +
Filters the results by archiving profile. The ID of an archiving profile must be given. The ID of a profile can be retrieved with the API method [[Administration API - Function Reference#GetProfiles|GetProfiles]]. Alternatively you can select the profile in MailStore Client and press Ctrl+Shift+P to get the raw profile details.
 +
 
 +
--status STATUS
 +
 
 +
Filters the results by STATUS. Possible values ​​are ''succeeded'', ''failed'', ''cancelled'', ''disconnected'', ''threadAbort'', ''completedWithWarnings'' and ''completedWithErrors''. The status can be negated by prepending a ''#''. Default is ''succeeded''. Use ''#all'', if you want the results of all profiles, regardless of the status.
 +
 
 +
--search [profiles<nowiki>|</nowiki>emails]
 +
 
 +
Specifies whether to check on the number of returned profiles or the number of mails archived. Default is ''profiles''.
 +
 
 +
--warning WARNING<nowiki>|</nowiki>-w WARNING
 +
 
 +
The warning threshold.
 +
 
 +
--critical CRITICAL<nowiki>|</nowiki>-c CRITICAL
 +
 
 +
The critical threshold.
 +
 
 +
--compare COMPARE
 +
 
 +
Specifies how the values ​​of WARNING and CRITICAL will be compared with the amount of results. Possible values ​​are ''lt'', ''le'', ''eq'', ''ge'', ''gt'' (lesser than, lesser than or equal, equal, greater than or equal, greater than). Default is ''le'' (lesser than or equal).
  
The service check puts out a list of all scheduled tasks in the Windows task scheduler whose exit code is unequal to zero. If there is more than one event, the check status ''Critical'' is set. The return contains a list of all tasks with exit codes unequal to zero and their exit codes.
+
--DEBUG
  
= Email Notifications for Failed Archiving Processes =
+
If given, the matching results will be printed to standard output. This is only useful for debugging purpose.
  
At this time, MailStore Server's email notification feature only sends an email if the automatic creation of a new standard archive store fails.
+
==== Other examples ====
 +
check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 20 -w 22 --search profiles --status="succeeded" --compare lt
  
This article provides some helpful hints to administrators who would like to receive additional notifications regarding events on their MailStore server.  
+
Status is critical if lesser (--compare lt) than 20 (-c 20) profiles (--search profiles) have ended successfully (--status "succeeded") within the last day (-s "since:1d"). A warning is issued when lesser than 22 successful profiles have been found.
  
== Notifications for Audit Events ==
+
check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 5 -w 2 --search profiles --status="#succeeded" --compare gt
  
One way for monitoring is the use of the MailStore auditing feature combined with the Windows task planner.
+
Status is critical if more (--compare gt) than 5 (-c 5) profiles (--search profiles) have NOT ended successfully (--status "#succeeded") within the last day (-s "since:1d"). A warning is issued when more than 2 unsuccessful profiles have been found.
  
Please keep in mind that this procedure negates the actual purpose of MailStore's auditing feature. Therefore, verify if the trigger parameters are still configured correctly after each update of the MailStore Server.
+
check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 5 -w 20 --search emails --profile 7
  
<p class="msnote">To be able to configure activation triggers in Windows, Windows Vista/7/2008/2008 R2 is needed. They are not available in Windows 2000/XP/2003.</p>
+
Status is critical if less than 5 (-c 5) emails (--search emails) were archived within a day by the the profile with the ID 7" (--profile 7). A warning is issued when less than 20 emails were archived.
  
=== Activating Auditing Features ===  
+
=== Monitoring of licenced users ===
* Open MailStore Client as administrator.
+
The ''check_mailstorelicence''-script from the [[Media:Scripts.zip|scripting-pakage]], can be used to monitor the existing users in MailStore with Nagios/Icinga. No external arguments can be used, all configuration has to be done inside the file. If you synchronize your users from an external source, and more users than free licences should be created in one step, this monitoring will not holler, because it checks the existing users only and not the users that shall be created.
* Click on ''Administrative Tools'' > ''Compliance'' > ''Auditing''.
 
* Activate the user activity ''ProfileRunArc''.
 
  
Now, after archiving profiles have been executed, corresponding entries are made in the event log.
+
Command-Definition:
  
=== Checking the Windows Event Logs Manually ===
+
define command {
 +
        command_name check_mailstorelicence
 +
        command_line /usr/local/lib/nagios/plugins/check_mailstorelicence.py --host $ARG1$ --password $ARG2$ --licensed $ARG3$ --warning $ARG4$ --critical $ARG5$
 +
        }
  
* Open the ''Event Viewer'' of your Windows system.
+
=== Nagios/Icinga with NSClient++ ===
* Click on ''Event Viewer (local)'' > ''Windows Protocols'' > ''Applications''.
+
If you are already using monitoring software, such as Nagios/Icinga, Zabbix or HP OpenView, in your network, we recommend monitoring the results of the Windows task scheduler.
* Search for events of source ''MailStore Server Auditing''.
 
  
If errors occurred while executing the profile, the event level is ''Error'', if execution was successful, the level is ''Information''.
+
This example requires that in section ''[NRPE]'' of the file ''NSC.ini'' the parameter ''allow_arguments=1'' is set. An alternative, and safer in public environments, is to define an alias under section <tt>External Alias]]</tt>.
  
=== Creating Notifications ===
+
Under Nagios/Icinga the corresponding service check looks like this:
  
The Windows task scheduler can link tasks to an event. This is used to send an email at the event ''Archiving Failed''.
+
<pre>
 +
define service {
 +
        use                            generic-service
 +
        host_name                      mailstore.mydomain.tld
 +
        service_description            Scheduled Tasks
 +
        check_command                  check_nrpe!CheckTaskSched!filter="exit_code ne 0" "syntax=%title%: %exit_code%" "crit=>0"
 +
}
 +
</pre>
  
* Open the ''Task Scheduler'' of your Windows system.
+
The service check puts out a list of all scheduled tasks in the Windows task scheduler whose exit code is unequal to zero. If there is more than one event, the check status ''Critical'' is set. The return contains a list of all tasks with exit codes unequal to zero and their exit codes.
* Create a new folder, e.g. ''MailStore Auditing'' in the ''Task Scheduler Library''.
 
* Create a task via ''Actions'' > ''Create Task''. Please note that you will not ''Create a Simple Task''.
 
*: [[File:Monitoring_notify_00.png|450px|center]]
 
* Enter a meaningful name.
 
* Select the option ''Run whether user is logged on or not''.
 
* Under ''Configure for'', select at least ''Windows Vista or Windows Server 2008''. Otherwise the trigger ''On Event'' is not available.
 
* Click on the ''Triggers'' tab.
 
* Click on ''New''.
 
* Under ''Start Task'' select the value ''On Event''.
 
* Under ''Settings'' activate the option ''User Defined'' and click on ''New Event Filter''.
 
*: [[File:Monitoring_notify_01.png|450px|center]]
 
* Under ''Event Level'' place a checkmark next to ''Error''.
 
* Select ''Via Source'' and under ''Sources'' place a checkmark next to ''MailStore Server Auditing''.
 
* Click on ''OK'' to save the settings.
 
*:'''Please note:''' The criteria for user-defined settings are stored as XML data. Unfortunately, the ''Edit Trigger'' dialog is unable to convert these XML data back into GUI elements. Subsequent manipulation of the trigger is only possible in XML. If this is not desired, the trigger must be deleted and recreated.
 
* Change to the ''Actions'' tab.
 
* Click on ''New...''.
 
* In the ''Action'' field select ''Send Email''.
 
* Fill out all fields in the ''Settings'' section.
 
*: '''Please note:''' The ''SMTP-Server'' specified must allow the MailStore Server computer to send emails without prior login. If this is not desired or possible, please use a locally installed SMTP server (Feature: Windows SMTP ) and enter the data needed for sending emails in your environment.
 
* You may be asked for your user password. It is needed for executing the task if you are not logged in.
 
  
 
[[de:Monitoring]]
 
[[de:Monitoring]]
 +
[[en:Monitoring]]

Latest revision as of 10:52, 29 January 2018

MailStore only provides limited notification or monitoring features, but the status of the archiving processes can be monitored using external components.

Using External Monitoring Software

MailStore Nagios/Icinga-Plugin

The Scripting-Package includes the check_mailstore.py plugin. The plugin checks the number of profiles run or the number of archived emails in a given period of time. At least MailStore Server 8 is required. Unless stated otherwise, the scripts are released under the terms an conditions of the MIT License.

Installation

The Python API-Wrapper has to be installed. Depending on your distribution, you might have to install the python-argparse package.

The plugin connects to the MailStore Server Administration API. Therefore it must be enabled in the MailStore Server Service Configuration.

Usage

A check that monitors the successful execution of profiles could be defined in Nagios/Icinga as follows:

define command {
       command_name check_mailstore
       command_line /usr/local/lib/nagios/plugins/check_mailstore.py --host $ARG1$ --username $ARG2$ --password $ARG3$ -s since:$ARG4$ --status $ARG5$ -c $ARG6$ -w $ARG7$ --search $ARG8$
       }

The appropriate service definition might look like this:

define service {
       host_name                       mailstoreserver
       service_description             MailStore Succeeded Profiles
       check_command                   check_mailstore!mailstoreserver!admin!sUp3rs3CcR6ET3!1H!succeeded!8!10!profiles
       use                             generic-service
       }

This test checks whether there were more then 10 tasks executed successfully (--status succeeded) during the last hour (-s since:1H).

Notice: When monitoring an SPE instance you have to use the service provider's admin credentials which is used to log in into the SPE Management Console.

Parameters

The plugin supports the following parameters.

--help|--h

Displays the help page.

--host HOST

Hostname or IP address of the MailStore Server.

--port PORT

TCP port on which the MailStore Administration API accepts connections. Default is 8463.

--username USERNAME|--user USERNAME

Username to log on to MailStore Server. This must be a MailStore administrator.

--password PASSWORD|--pass PASSWORD

The user's password.

--start STARTTIME|-s STARTTIME

Specifies the start time of the check period. The start time has to be given in the format YYYY-mm-ddTHH:MM:SS (eg 2013-01-01T00:00:00). The -end parameter has to be given. As alternative a time period can be given with the format since:XY, where X is a number and Y is one of the following letters: Y (year), m (month), d (day), H (hour), M (minute) S (second). Example -s since: 90M (last 90 minutes).

--end ENDTIME|-e ENDTIME

Specifies the end time of the period. The format is YYYY-mm-ddTHH:MM:SS (eg 2013-02-28T23:59:59). When using since in --start, this parameter is not required.

--timezone TIMEZONE

MailStore Server stores dates in UTC time. The output of the plugin can be adjusted with this parameter. By default, $local is used. This corresponds to the time zone setting of the operating system of MailStore Server. Using the API command GetTimeZones the possible values ​​can be shown. In most cases, this parameter is not required.

--machinename MACHINENAME

Filters the results by MACHINENAME. This is useful when the results of local profiles of different computers are monitored.

--filteruser USERNAME

Filters the results by USERNAME. This is useful when the results of profiles of different users are monitored.

--profile PROFILE

Filters the results by archiving profile. The ID of an archiving profile must be given. The ID of a profile can be retrieved with the API method GetProfiles. Alternatively you can select the profile in MailStore Client and press Ctrl+Shift+P to get the raw profile details.

--status STATUS

Filters the results by STATUS. Possible values ​​are succeeded, failed, cancelled, disconnected, threadAbort, completedWithWarnings and completedWithErrors. The status can be negated by prepending a #. Default is succeeded. Use #all, if you want the results of all profiles, regardless of the status.

--search [profiles|emails]

Specifies whether to check on the number of returned profiles or the number of mails archived. Default is profiles.

--warning WARNING|-w WARNING

The warning threshold.

--critical CRITICAL|-c CRITICAL

The critical threshold.

--compare COMPARE

Specifies how the values ​​of WARNING and CRITICAL will be compared with the amount of results. Possible values ​​are lt, le, eq, ge, gt (lesser than, lesser than or equal, equal, greater than or equal, greater than). Default is le (lesser than or equal).

--DEBUG

If given, the matching results will be printed to standard output. This is only useful for debugging purpose.

Other examples

check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 20 -w 22 --search profiles --status="succeeded" --compare lt

Status is critical if lesser (--compare lt) than 20 (-c 20) profiles (--search profiles) have ended successfully (--status "succeeded") within the last day (-s "since:1d"). A warning is issued when lesser than 22 successful profiles have been found.

check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 5 -w 2 --search profiles --status="#succeeded" --compare gt

Status is critical if more (--compare gt) than 5 (-c 5) profiles (--search profiles) have NOT ended successfully (--status "#succeeded") within the last day (-s "since:1d"). A warning is issued when more than 2 unsuccessful profiles have been found.

check_mailstore.py --host 192.168.0.1 --username admin --password sUp3rs3CcR6ET3 -s "since:1d" -c 5 -w 20 --search emails --profile 7

Status is critical if less than 5 (-c 5) emails (--search emails) were archived within a day by the the profile with the ID 7" (--profile 7). A warning is issued when less than 20 emails were archived.

Monitoring of licenced users

The check_mailstorelicence-script from the scripting-pakage, can be used to monitor the existing users in MailStore with Nagios/Icinga. No external arguments can be used, all configuration has to be done inside the file. If you synchronize your users from an external source, and more users than free licences should be created in one step, this monitoring will not holler, because it checks the existing users only and not the users that shall be created.

Command-Definition:

define command {
       command_name check_mailstorelicence
       command_line /usr/local/lib/nagios/plugins/check_mailstorelicence.py --host $ARG1$ --password $ARG2$ --licensed $ARG3$ --warning $ARG4$ --critical $ARG5$
       }

Nagios/Icinga with NSClient++

If you are already using monitoring software, such as Nagios/Icinga, Zabbix or HP OpenView, in your network, we recommend monitoring the results of the Windows task scheduler.

This example requires that in section [NRPE] of the file NSC.ini the parameter allow_arguments=1 is set. An alternative, and safer in public environments, is to define an alias under section External Alias]].

Under Nagios/Icinga the corresponding service check looks like this:

define service {
        use                             generic-service
        host_name                       mailstore.mydomain.tld
        service_description             Scheduled Tasks
        check_command                   check_nrpe!CheckTaskSched!filter="exit_code ne 0" "syntax=%title%: %exit_code%" "crit=>0"
}

The service check puts out a list of all scheduled tasks in the Windows task scheduler whose exit code is unequal to zero. If there is more than one event, the check status Critical is set. The return contains a list of all tasks with exit codes unequal to zero and their exit codes.