[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [monit] monitoring remote host udp
From: |
Martin Pala |
Subject: |
Re: [monit] monitoring remote host udp |
Date: |
Tue, 18 Nov 2008 20:40:05 +0100 |
On Nov 18, 2008, at 9:58 AM, Emil Natan wrote:
Hello,
1. I'm trying to monitor name service on remote host via udp/tcp (53).
This is authoritative only server (that's why I do not use the dns
check) so the check looks like:
check host ns.example.org with address 192.168.0.1
if failed port 53 type udp then alert
alert address@hidden
if failed port 53 type tcp then alert
alert address@hidden
The tcp check works as expected. The udp check works only when the
reason for the failure is on the monitoring host (when I block udp 53
out of the box in iptables). If the reason for the failure is on the
monitored host (or in the middle) I do not get any alerts. Using
sniffer
I see the packets sent every specified interval. I understand how udp
works and that it is hard/impossible to monitor it, but I hope I'm
missing something and I do not need to use the workaround using
external
scripts to monitor the service and monit monitoring the output of
these
scripts.
The generic UDP connection check without protocol specification sends
the datagram to the server and checks that no ICMP error is returned.
Without the knowledge of application protocol it's impossible to
conduct more specific test with connection-less UDP protocol. The
generic TCP connection check is much better since the result of TCP
handshake is reliable indication.
The UDP tests work thus much better when you specify the particular
protocol since monit then knows what the server should response even
though there is no connection established between the client and server.
For example in case of DNS this works well (if the DNS server is able
to provide the NS record of DNS root servers):
if failed port 53 type udp protocol dns then alert
2. I'm I right that the monitoring host starts the above check with
sending ICMP packet(s) although it was not specified and if yes, how
can
I change this behavior.
Monit doesn't send any ICMP packets if it wasn't specified.
Martin