Using a proxy to gather monitoring data in restrictive environments
In order to collect monitoring data, ClearGLASS needs UDP outbound traffic to port 25826 to be allowed on the server. Altough it is trivial to allow in firewalled servers or servers with pricate IP addesses, there are still cases where a restrictive server policy is in place or the server does not have access on a publicly available server like the one at monitor.ClearGLASS. To get around that, you can set up your own proxy server on the same network and route the monitoring data to ClearGLASS throught it. The implementation is straightforward, servers that are monitored send the data on the proxy server, which forwards it on monitor.ClearGLASS UDP port 25826.
Step 1: setting up the proxy server
We'll use a Linux server, with iptables rules that forward traffic it receives on UDP port 25826, to monitor.ClearGLASS port 25826. To set up rerouting, we just need to run the following commands:
iptables -t nat -A PREROUTING -p udp --dport 25826 -j DNAT --to-destination 18.104.22.168:25826;
iptables -t nat -A POSTROUTING -p udp --dport 25826 -j MASQUERADE;
iptables -A INPUT -p udp --dport 25826 -j ACCEPT;
It would be helpful to also add them on a file as /etc/rc.local as well, so they run after system reboots. The first command allows forwarding of traffic through the server, while the others forward traffic received on udp port 25826 to the ip of monitor.ClearGLASS 25826 . Iptables won't accept the hostname monitor.ClearGLASS and needs an ip address. To double check that you have the right IP, you can also ping monitor.ClearGLASS to get it.
Step 2: set the monitored servers to use the proxy server
With the proxy server in place we need to setup the monitoring adent to use that, instead of monitor.ClearGLASS. If you've already enabled monitoring for that server through ClearGLASS, the collectd monitoring agent should already have been installed.
We need to edit collectd.conf file and replace the ip on the network plugin with the ip of our proxy server (22.214.171.124 in our case)
root@ip-172-31-30-60:/home/ubuntu# cd /opt/mistio-collectd/
root@ip-172-31-30-60:/opt/mistio-collectd# vi collectd.conf
Replace the ip with the proxy one, and restart collectd:
root@ip-172-31-30-60:/opt/mistio-collectd# /opt/mistio-collectd/collectd.sh restart
Now it will send the monitoring data on our proxy.
Edit file c:\program files\collectm\config\default.json, find the Network section and replace the hostname with the ip of your proxy. Save the file, and restart the CollectM service:
From start button, select administration tools –> services, find CollectM, right click and select All Tasks: Restart. The monitoring data is now going to be sent to monitor.ClearGLASS through the proxy.