Linux Monitoring under System Center 2012 (R2)
How the Server communicate with the Linux Computer?
In System Center 2012 – Operations Manager, the management server uses two protocols to communicate with the Linux computer
- Secure Shell (SSH) Used for installing, upgrading, and removing agents.
- Web Services for Management (WS-Management) Used for all monitoring operations and include the discovery of agents that were already installed.
The protocol that is used depends on the action or information that is requested on the management server. All actions, such as agent maintenance, monitors, rules, tasks, and recoveries, are configured to use predefined profiles according to their requirement for an unprivileged or privileged account.
Configure Linux Client DNS Settings and DNS Suffix Settings
It's important, that the Linux Server DNS (Forward and reverse) are configured correctly!
To do this create a DNS Host A or AAAA entry in your Windows DNS enviroment.
It's important to select the option "Create associated pointer (PTR) record.
The next step is to define the DNS Suffix on your Linux Server.
To add a DNS suffix you have to create the file tail in /etc/resolvconf/resolv.conf.d
- vi /etc/resolvconf/resolv.conf.d/tail
and add the Line
- search domainname
If this is done restart the Network Service
- service networking restart
Install Linux Client from System Center Operations Manager Console.
First you have to create a user (like scomacc) on your Linux System: sudo adduser scomacc
Make it passwordless by using“sudo visudo”, and adding the following line
scomacc ALL=(ALL) NOPASSWD: ALL at the end.
Press Ctrl + X, and press Y when asked to save
Now you can use these account to set up a run as account in SCOM
In SCOM there are three different Accounts which are used to configure and Monitor Linux/Unix Accounts:
- UNIX/Linux Action Account.
SCOM Desc: This account is used for privilege UNIX and Linux Access.
Used for doing Standard monitoring operations.
- UNIX/Linux Agent Maintenance Account.
SCOM Desc: This account is used for privileged maintenance operations for UNIX and Linux agents. Without this account agent maintenance operations will not work.
Used for agent maintenance (reinstall etc.)
- UNIX/Linux Privileged Account.
SCOM Desc: This account is used for accessing protected UNIX and Linux resources and actions that require high privileges. Without this account some rules, diagnostics and recoveries will not work.
Used for ccessing protected resources and actions that require high privileges.
You can define for each account a seperate user or (in my solution) one account for all operations.
Define UNIX/Linux Accounts
Add User "Linux Low Priv Account" and define it in the "UNIX/Linux Action Account" Profile.
Add User "Linux High Priv Account" and define it in the "UNIX/Linux Privileged Account" Profile.
Add User "Linux Maint Account" and define it in the "UNIX/Linux Agent Maintenance Account" Profile
Start Linux Discovery Wizard
Bevor you can start the Discovery Wizard, it's important that all required Management Packs are imported.
In this Case the following Management Packs need to Import:
- Linux Operating System Library
You can find it on the install CD (Folder ManagementPacks).
Start the Discovery Wizard for Linux/Unix Systems
Define the Discovery criteria with the "Add" Button. For Linux Systems the best practice is to define a seperate Resource Pool with minimum 2 Management Server.
Define the User or Zertifikate to install the Agent (Set credentials)
It's important if your System use an "Elevation" like sudo or su you have to select the Option "This Account does not have privileged Access"
And now you can discover and install the Agent on the Server.
After a few minutes you can see the Server State into the Monitoring\Unix/Linux Computers Tab