Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save ZEROF/0788330c5babab067140a0effbb56676 to your computer and use it in GitHub Desktop.
Save ZEROF/0788330c5babab067140a0effbb56676 to your computer and use it in GitHub Desktop.
Monitoring Unbound with Munin

Monitoring unbound installation with Munin

sudo apt install munin munin-node munin-plugins-extra

Activate unbound plugins:

ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_class
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_flags
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_opcode
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_rcode
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_by_type
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_histogram
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_hits
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_memory
ln -s /usr/share/munin/plugins/unbound_munin_ /etc/munin/plugins/unbound_munin_queue

Add this to munin node configuration - nano /etc/munin/plugin-conf.d/munin-node :

[unbound*]
user root
env.statefile /var/lib/munin-node/plugin-state/unbound-state
env.unbound_conf /etc/unbound/unbound.conf
env.unbound_control /usr/sbin/unbound-control
env.spoof_warn 1000
env.spoof_crit 100000

Unbound configuration

Generate certs:

unbound-control-setup

Add remote control

nano /etc/unbound/unbound.conf (add in the end)

# monitoring
statistics-interval: 300
extended-statistics: yes
# set to yes if graphing tool needs it
statistics-cumulative: yes
#Enable remote control
remote-control:
   control-enable: yes
   control-interface: 127.0.0.1
   control-port: 9999
   control-use-cert: no
   server-key-file: "/etc/unbound/unbound_server.key"
   server-cert-file: "/etc/unbound/unbound_server.pem"
   control-key-file: "/etc/unbound/unbound_control.key"
   control-cert-file: "/etc/unbound/unbound_control.pem"

Stop/Start everything

systemctl stop munin
systemctl stop munin-node
systemctl stop unbound

systemctl start munin
systemctl start munin-node
systemctl start unbound

Check if everything is working:

unbound-control stats

If you want to check time to time your stats online (without sexy TLS and when you need)

Upgrade pip and install http module (as normal user, not root) /usr/bin/python3 -m pip install --upgrade pip

pip install http

python -m http.server -d /var/cache/munin/www/ or python3 -m http.server -d /var/cache/munin/www/

Or if you are docker lover:

mkdir munin-webserver && cd munin-webserver

nano docker-compose.yml and copy this

services:
  web:
    image: python:3.12.5
    volumes:
      - /var/cache/munin/www:/web
    ports:
      - "8000:80"
    working_dir: /web
    command: bash -c "python3 -m http.server -d /web 80 2>&1"

Start docker container:

docker-compose up -d

To stop container:

docker-compose down

And go to yourpublicip:8000

@ZEROF
Copy link
Author

ZEROF commented Jun 8, 2023

Disable Munin plugin

Some plugins are active by default, personally I don't need them. To disable them I didn't found simple way, but renaming plugin files and restarting munin-node did the trick.

mv /etc/munin/plugins/exim_mailstats /etc/munin/plugins/exim_mailstats.bak

systemctl restart munin-node

It will take few min before removed plugin stats are removed from munin dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment