Monitoring Linux Using SCOM 2007 R2

  • Article

SCOM 2007 R2 can help you with out of box functionality to monitor Linux /Unix. With SCOM 2007 SP1 you need to get Management Pack from Quest/Jalasoft to name few partner who had developed MP to monitor Unix/Linux.

With the release of SCOM 2007 R2 Unix and Linux MP come along with product.

To Monitor Linux Server you can follow steps below…….

RunAs accounts that will be used by Operations Manager 2007 to install, and to monitor/manage the target Linux machines. For this, two user accounts are created:

· Non-privileged user, used to remotely monitor the Linux/Unix server.

· Privileged User, used to deploy the Unix/Linux agent, as well as to restart processes where privileged rights are required.

Creating a Non-Privileged UNIX User Run As Profile

1. In the Operations console, click Administration to open up the Administration space

2. Under the Run As Configuration node of the tree, click Profiles

clip_image002

3. In the Profiles pane, look for the Unix Action Account profile. Right-click on Unix Action Account and select Properties. This opens the Run As Profile Wizard

clip_image004

4. At the Introduction screen, click Next >

clip_image006

5. At the General Properties screen, click Next >

clip_image008

6. At the Run As Accounts screen, click Add... to create a new Run As Account. The Add a Run As Account dialog will open. NOTE: If you examine the list of current Run As accounts you will see none for UNIX/Linux, so we have to create one.

clip_image010

7. Click New... to open the Create Run As Account Wizard

clip_image012

At the Introduction screen, click Next >

clip_image014

9. Under the General Properties screen a. Select Basic Authentication from the Run As Account type drop-down list. b. Set the display name to "UNIX non-privileged account"

clip_image016

clip_image018

Click Next >

Provide Credential for Non Privileged Account

clip_image020

Click Next >

Under Distribution Security, select the More Secure... option.

clip_image022

When the creation is complete, you will see a warning message that the Run Account must be associated with an appropriate Run As profile. We will do this in just a moment. Click Close to return to the Add a Run As Account dialog

Click Select ... and choose Class... from the drop down.

clip_image024

In the Class Search dialog, enter Unix in the Filter By text box, and click Search

clip_image026

From the list of items returned from the search, select Unix Computer and click OK

clip_image028

Unix Computer now appears as the selected class against which the Run As Account will be applied. Click OK to close the Add a Run As Account dialog

clip_image030

You will now see the UNIX non-privileged account Run As Account just created within the list of accounts for this profile. Click Save.

clip_image032

We now have to associate the Run As account with the RMS management server. Click on the UNIX non-privileged account hyperlink to open the Run As Account properties.

clip_image034

Check to see you are in the Distribution tab.

Click Add

clip_image036

In the Option: drop down, select Show Management Servers and click Search.

Select RMS Server Name from the results, and click Add

clip_image038

Creating a Privileged UNIX User Run As Profile

In the Profiles pane, look for the Unix Privileged Account profile.

clip_image040

Right-click on Unix Privileged Account and select Properties. This opens the Run As Profile Wizard

At the Introduction screen, click Next >

clip_image042

At the General Properties screen, click Next >

clip_image044

At the Run As Accounts screen, click Add... to create a new Run As Account. The Add a Run As Account dialog will open.

clip_image046

clip_image048

Click New... to open the Create Run As Account Wizard

At the Introduction screen, click Next >

clip_image050

Select Basic Authentication from the Run As Account type drop-down list . Set the display name to "UNIX privileged account

clip_image052

Under the Account screen Set The credential for Privilege

clip_image054

Click Next >

Under Distribution Security, select the More Secure... option. Click Create.

clip_image056

When the creation is complete, you will see a warning message that the Run Account must be associated with an appropriate Run As profile. We will do this in just a moment. Click Close to return to the Add a Run As Account dialog.

clip_image058

Notice that the UNIX privileged account you just created now appears as the selected option in the drop down box.

clip_image060

Click Select ... and choose Class... from the drop down

clip_image062

In the Class Search dialog, enter Unix in the Filter By text box, and click Search

clip_image064

From the list of items returned from the search, select Unix Computer and click OK

clip_image066

clip_image068

You will now see the UNIX privileged account Run As Account just created within the list of accounts for this profile. Click Save.

clip_image070

clip_image072

We now have to associate the Run As account with the RMS management server. Click on the UNIX privileged account hyperlink to open the Run As Account properties

clip_image074

Check to see you are in the Distribution tab

clip_image076

Select RMS Server Name from the results, and click Add and Click OK

clip_image077

Open the Operations console with an account that is a member of the Operations Manager 2007 R2 Administrator profile

Select the Administration view.

At the bottom of the navigation pane, select the Discovery Wizard link.

In the Computer and Device Management Wizard, select Discovery Type, choose Unix/Linux Discovery Wizard, and then click Next.

clip_image079

On the Discovery Method page, click Add to specify criteria for discovering UNIX-based systems and Linux-based systems on your network.

On the Define discovery criteria page, type the credentials and necessary information to locate the computer you want to discover, and then click OK

clip_image081

clip_image083

Enable SSH

clip_image086

Click Discover to initiate system discovery

clip_image088

clip_image090

clip_image092

On the Discovery results page, in the Select the systems you want to manage: list, select the check box for the system or systems that you want to manage, or click Select All to include all discovered systems

If there are systems listed in the Select the systems you want to manage list on the Discovery results page that the wizard was unable to discover, you can click Details to get information about why the discovery failed. Correct the problem and repeat the discovery step

clip_image094

clip_image096

clip_image098

clip_image100

After you have selected the systems you want to manage, click Next to start the deployment, and to close the Discovery results page

On the Deployment complete page, the Computer and Device Management Wizard displays the agent deployment status in the Status menu.

clip_image102

Click Done to close the wizard.

IMPORT MP For Linux

clip_image104

Performance Monitoring by Using Default MP

clip_image106

clip_image108

clip_image110

Active Alert

clip_image112

Health Explorer

clip_image114

Performance Report

clip_image116

 

Cheers

Birojit

Comments

  • Anonymous
    January 01, 2003
    Hi Olivier Thanks you for posting query. Please follow the article from Jeevan Bist Blog http://blogs.technet.com/jeevanbisht/archive/2009/08/29/unix-linux-process-service-monitoring-using-operations-manager-2007-r2.aspx Cheers Birojit

  • Anonymous
    January 01, 2003
    If it is showing critical that mean SCOm is able to monitor your Linux Server. Go to monitoring->Active Alert-> Find the alert to check what has goner wrong on the server. Alternatively click on computer State View->Linux Server(Which is critical)in action tab click on heath explorer to drill down to exact problem. Check and let me know...

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Hi, Resolved the above. (I have a SCOM 2007 R2 CU 7 setup. I tried to discover a Suse Enterprise Linux Server 11 SP3 and it errors stating "No installable agent is available". ) I did the following.

  1. "No installable agent is available": To resolve this, install the SystemCenterOperationsManager2007-R2-KB973583-X64-ENU.MSI and import the MPs again. This was done because the the "scx-1.0.4-252.sles.11.x64.rpm" was missing under the folder C:Program FilesSystem Center Operations Manager 2007AgentManagementUnixAgents www.microsoft.com/.../details.aspx
  2. After installing the above and importing the MPs again, I came across another error. "The WinRM client received an HTTP status code of 501 from the remote WS-Management service". To resolve this, I had to un-install KB2585542 and follow the instructions mentioned in the link. After reboot, it discovered without any issue. operatingquadrant.com/.../opsmgr-unixlinux-heartbeat-failures-after-applying-kb2585542 Hope this helps. Regards, Anoop

  • Anonymous
    January 01, 2003
    Hi, I have a SCOM 2007 R2 CU 7 setup. I tried to discover a Suse Enterprise Linux Server 11 SP3 and it errors stating "No installable agent is available". I have imported all the latest available management packs (SCOM 2007 R2 MPs for UNIX and Linux Operating Systems). Not sure what the issue is. Is Suse Enterprise Linux Server 11 SP3 supported? Regards, Anoop

  • Anonymous
    February 02, 2010
    Where you say "Enable SSL" I think you mean Enable SSH.

  • Anonymous
    February 06, 2010
    Thanks Buddy... You are right it should be SSH. I have changed to SSH

  • Anonymous
    April 25, 2010
    HI, We have followed all the stpes mentioned But my linux server staus is comsole is showing as critical shall we need to create the same accoung in linux? Any quick help is really appreciated

  • Anonymous
    April 27, 2010
    HI, Shall i need to create the run as account on Linux machine Because i have created basic a/c for as unix action & unix preveliged & assoviate them with run as profile Is their something missing on limux side as i m getting access deined error in active alerts i m new to the linux environment One more help required i have created one rule to fetch 644 event ( a/c locked out )for specific a/c  the rule is working fine as i m getting alerts abt a/c lockout them i have acreated 1 monitor which will check if the a/c is locked & in recover task i hv added the .vbs scirpt for unlocking the a/c the scipt run sucessfully but when i have added it to the monitor i have created it is only giving alert but not taking action can you please tell me which account this monitor is using so that i can give the appropriate access becasue i doubt it is access issue

  • Anonymous
    April 28, 2010
    The comment has been removed

  • Anonymous
    May 12, 2010
    Hi, have you ever tried to monitor a process on your linux server with SCOM R2? I used the Process Monitoring tab, created an object with the process to check and the targeted group ( with my linux server as the only member ). I see the monitor object being created but it never shows up on the MONITORING panel under Process State. Have any idea ?

  • Anonymous
    May 13, 2010
    Thx for answering! The problem with the Unix service template is that it only shows the basename of the service For example i want to monitor a websphere server on Linux. The process is : /usr/WebSphere/AppServer/java/bin/java -Declipse.security -Dwas.status.socket=39880 -com.ibm.ws.runtime.WsServer /usr/WebSphere/AppServer/profiles/sldpw1/config ldpCell sldpw1 asAgileSoft SCOM only shows me this as a service : /usr/WebSphere/AppServer/java/bin/java which doesnt help me cause there is 6 process with the same basename and i want to monitor one in particular I think i need to customise my own management pack to do this cause i dont think SCOM can do it with the default pack

  • Anonymous
    November 04, 2010
    Hi There, Looking to have our MS server guys monitor my Linux Server using this, just wondering how to configure the Ops Manager Server to connect using SSH when the Linux Server uses Public / Private Keys? Is there somewhere within ops manager that I can provide either an OpenSSL or Putty Private Key File? Many thanks, Dash

  • Anonymous
    December 16, 2010
    Thanks for the document. I have managed to install the Linux agent working on my Red Hat servers. I had issues around getting the Runas accounts. The document says to distribute the action accounts to RMS servers. In my experience, I could get the monitoring working only after the accounts were distributed to the management server to which the client was pointing. Regards

  • Anonymous
    July 08, 2011
    I have two Linux server groups that use two different root passwords, how do I set that up?  I notice you target the Unix Computer Class which is all Unix servers.  Can I split that into two or more groups of Unix Servers?  (Thank you for that great post)

  • Anonymous
    October 15, 2011
    great work ......

  • Anonymous
    December 13, 2011
    The comment has been removed

  • Anonymous
    March 23, 2012
    The comment has been removed

  • Anonymous
    April 17, 2012
    Hi Birojit, Its me naushad u r old friend, Realy i appreciate  your blog, i have issue while deploying agent to linux machine, can u pls help me on this....

  • Anonymous
    August 22, 2013
    Hi, I have SCOM 2007 R2 with CU7. When I try to discover a Suse Linux Enterprise Server 11 SP 3, it fails stating "No installable agent is available". I have imported all the required Management Packs for Linux. Is Suse Linux Enterprise Server 11 SP 3 supported?

  • Anonymous
    August 10, 2015
    Helpful article

  • Anonymous
    August 10, 2015
    Helpful article

  • Anonymous
    August 10, 2015
    Helpful article