General information
Each instance of Univention Corporate Server (UCS) comes with a preconfigured set of monitoring checks. These Univention monitoring checks are partly based on the “monitoring-plugins” package, partly they are Univention’s own development in order to be able to execute UCS-specific checks (cf. https://github.com/univention/univention-corporate-server/tree/5.0-1/nagios).
UCS 4.x offered the possibility to optionally install a Nagios server on a UCS system, which then automatically queried the preconfigured monitoring checks of all UCS systems in the domain. This is not possible with UCS 5.x anymore, because the Nagios server integration was discontinued. However, the monitoring checks are still available and should be used with the monitoring server solution of your choice.
Querying the monitoring checks
All checks are Nagios compatible and can either be executed locally on the UCS system or queried via NRPE (port 5666). For querying via NRPE, the querying server must be enabled via the corresponding UCR variable:
nagios/client/allowedhosts: 10.0.0.15
This variable limits the hosts which can access the NRPE service. The hosts need to
be specified through their hostname or with an IP address. If the variable is unset,
the master domain controller is used. Multiple entries need to be separated by
commas.
The NRPE daemon must be restarted after changing the UCR variable:
systemctl restart nagios-nrpe-server.service
The query of such a check via NRPE from the monitoring server can look like this for example:
root@mon01:~# /usr/lib/nagios/plugins/check_nrpe -H 10.0.0.100 -c UNIVENTION_REPLICATION
OK: replication complete (nid=11976 lid=11976)
In the above examples, the querying monitoring server mon01 has the IP address 10.0.0.15 and the queried monitoring client (the UCS system with the local checks) has the IP address 10.0.0.100.
Available checks
All checks are located in /usr/lib/nagios/plugins/. The following list is not guaranteed to be complete. Additional services and apps might add their own monitoring checks and plugins.
The following checks are present on every UCS system and must be checked:
| NRPE Command Name | actually executed check |
|---|---|
| UNIVENTION_DISK_ROOT | check_disk -w '25%' -c '10%' -p '/' |
| UNIVENTION_DNS | check_dns -H www.univention.de |
| UNIVENTION_JOINSTATUS | check_univention_joinstatus_suidwrapper |
| UNIVENTION_LDAP_AUTH | check_univention_ldap_suidwrapper |
| UNIVENTION_LISTENER_MDB_MAXSIZE | check_univention_slapd_mdb_maxsize_suidwrapper -l -w 75 -c 90 |
| UNIVENTION_LOAD | check_load --percpu --warning='3,2,1' --critical='6,4,2' |
| UNIVENTION_NSCD2 | check_univention_nscd_suidwrapper |
| UNIVENTION_PACKAGE_STATUS | check_univention_package_status |
| UNIVENTION_REPLICATION | check_univention_replication -n 10 -w 50 -c 100 |
| UNIVENTION_SMTP2 | check_univention_smtp |
| UNIVENTION_SSL | check_univention_ssl_certificate -w 40 -c 20 |
| UNIVENTION_SWAP | check_swap -w '40%' -c '20%' |
Load, SWAP, and disk space may also be more effectively covered by other check mechanisms of your monitoring solution. Please note, that the default check for disk space only covers the root partition (/).
The following checks are also available and should be checked on the UCS systems with the roles domain controller master (primary directory node), domain controller backup (backup directory node) and domain controller slave (replica directory node):
| NRPE Command Name | actually executed check |
|---|---|
| UNIVENTION_SLAPD_MDB_MAXSIZE | check_univention_slapd_mdb_maxsize_suidwrapper -w 75 -c 90 |
The following checks are also available and must be checked on the UCS systems that also act as Samba Active Directory domain controllers (e.g. UCS@school school server):
| NRPE Command Name | actually executed check |
|---|---|
| UNIVENTION_S4CONNECTOR | check_univention_s4_connector_suidwrapper |
| UNIVENTION_SAMBA_REPLICATION | check_univention_samba_drs_failures_suidwrapper |