Using M3 to take System Monitors to the Next Level

Custom M3 Based Linux Login MonitorMonitis provides built in functionality to monitor a wide variety of system statistics as well as the ability to create custom system monitors.  Monitis Monitor Manager, or M3 for short, allows you to take these custom monitors even further by providing you with a simple framework to use the incredible power of regular expressions to pull and format literally any kind of data and automatically send it over the wire to your Monitis dashboard.

M3’s configuration file is very straight forward, but still it still manages to provide you with unparalleled control over exactly what data is sent to Monitis.  This allows you to rapidly create any variety of monitor without needing to dig into the API documentation.

You can learn about the basics and background of M3 in the M3 monitoring framework article.  This should be sufficient to get you started if you want to dive right in, but if you’re still on the fence or want to see some more use cases of how Monitis can make your life easier, then read on!

Benefits of M3 Systems Monitoring

The biggest benefit you’ll see with M3 is of course the ability to have nearly complete control over what fragments of data are sent to your Monitis monitors.  Monitors are not limited to whole fields and you have the ability to pick and choose if output is relevant and should be logged.

This shouldn’t overshadow how quick it is to bring new system monitors online with M3.  A few small lines of XML are all that is required to wield the kind of control that M3 provides and creating these lines is only going to be limited by how fast you can type out the regular expressions!

Additionally, because M3 is already built to interface with the Monitis API, there’s almost no work to be done beforehand to ensure that you’re sending the information to your Monitis account in the proper format.  M3 takes care of it with no intervention.

Revisiting Linux User Login Monitoring with M3

The following is a very simple example that doesn’t harness the full power of regular expressions but does show nicely how quickly M3 can get a monitor up and running.  Consider the user login tracking monitor.  This works well but requires more than a few steps to create.  With M3, the process is of course greatly sped up and you have much finer grained control over the data.  For the example’s sake, we’ll say we are only interested in logging the username and IP address of the logins.

We’ll need to create the configuration file for M3 to pull the data from.  Here’s the simple example I used, with some unnecessary bits removed:

   <monitor name="Login on %HOSTNAME%">
           <exectemplate>last -i | head -n1</exectemplate>
           <metric name="Username">
           <metric name="IP Address">

Though it may look complex, the only things I had to enter here that were anything (beyond simple bookkeeping applicable to any monitor!) were the command to run and the regex itself.  I was able to create this monitor and log the first entry in a matter of about 90 seconds.  Of course, we’d still need to modify PAM to run M3 to collect the data after login before this actually became functional.

We could also use regex to match and capture multiple fields and feed them along to Monitis.  For example, if we wanted to also monitor login times, we’d create the metric in the XML file and use something like this for the regex:

<metric name="Login Time">

This will then log the system time at login to a field called ‘Login Time’ with a value of something like ‘Jan 1 04:16’.

More Potential Systems or Application Monitoring Use Cases

M3’s flexibility and speed also make it a great candidate for tactical use.  You could use it to help troubleshoot application latency issues by monitoring and tracking bits of particular logged slow queries from MySQL or you might include a call to M3 at the end of an application server’s startup script to monitor details about the occurrence.  M3 monitors could be created to take snapshots of critical IO activity as well as file system attributes when troubleshooting or evaluating load.

The possibilities for implementing M3 in your environment are as varied as can be imagined, but you can be confident that M3 is almost certainly ready to tackle whatever challenge you can throw its way!

See also

M3 – Monitis Monitor Manager

Monitis (M3) & Nagios – a very simple integration