ClearOS Documentation

×

Warning

301 error for file:https://clearos.com/dokuwiki2/lib/exe/css.php?t=dokuwiki&tseed=82873f9c9a1f5784b951644363f20ef8

User Tools

Site Tools


Using a proxy to gather monitoring data in restrictive environments

In order to collect monitoring data, ClearGLASS needs UDP outbound traffic to port 25826 to be allowed on the server. Altough it is trivial to allow in firewalled servers or servers with pricate IP addesses, there are still cases where a restrictive server policy is in place or the server does not have access on a publicly available server like the one at monitor.ClearGLASS. To get around that, you can set up your own proxy server on the same network and route the monitoring data to ClearGLASS throught it. The implementation is straightforward, servers that are monitored send the data on the proxy server, which forwards it on monitor.ClearGLASS UDP port 25826.

Step 1: setting up the proxy server

We'll use a Linux server, with iptables rules that forward traffic it receives on UDP port 25826, to monitor.ClearGLASS port 25826. To set up rerouting, we just need to run the following commands:

sysctl net.ipv4.conf.eth0.forwarding=1;
iptables -t nat -A PREROUTING -p udp --dport 25826 -j DNAT --to-destination 54.183.41.39:25826;
iptables -t nat -A POSTROUTING -p udp --dport 25826 -j MASQUERADE;
iptables -A INPUT -p udp --dport 25826 -j ACCEPT;

It would be helpful to also add them on a file as /etc/rc.local as well, so they run after system reboots. The first command allows forwarding of traffic through the server, while the others forward traffic received on udp port 25826 to the ip of monitor.ClearGLASS 25826 . Iptables won't accept the hostname monitor.ClearGLASS and needs an ip address. To double check that you have the right IP, you can also ping monitor.ClearGLASS to get it.

Step 2: set the monitored servers to use the proxy server

With the proxy server in place we need to setup the monitoring adent to use that, instead of monitor.ClearGLASS. If you've already enabled monitoring for that server through ClearGLASS, the collectd monitoring agent should already have been installed.

Linux servers

We need to edit collectd.conf file and replace the ip on the network plugin with the ip of our proxy server (52.28.56.84 in our case)

root@ip-172-31-30-60:/home/ubuntu# cd /opt/mistio-collectd/
root@ip-172-31-30-60:/opt/mistio-collectd# vi collectd.conf

Replace the ip with the proxy one, and restart collectd:

LoadPlugin network 

    TimeToLive 128
    
        SecurityLevel Encrypt
        Username "c39f8e027e5f90baffbd762ef80ec6f0"
        Password "fdaed0af7d84ceb6" 
    
root@ip-172-31-30-60:/opt/mistio-collectd# /opt/mistio-collectd/collectd.sh restart

Now it will send the monitoring data on our proxy.

Windows servers

Edit file c:\program files\collectm\config\default.json, find the Network section and replace the hostname with the ip of your proxy. Save the file, and restart the CollectM service: From start button, select administration tools –> services, find CollectM, right click and select All Tasks: Restart. The monitoring data is now going to be sent to monitor.ClearGLASS through the proxy.

[image]

content/en_us/cg_setting-monitoring-through-a-proxy-server.txt · Last modified: 2018/03/14 06:33 by cjones

https://clearos.com/dokuwiki2/lib/exe/indexer.php?id=content%3Aen_us%3Acg_setting-monitoring-through-a-proxy-server&1544459748