Monitoring your network with Observium

Polling Observium Unix agent with SSH

Polling Observium Unix agent with SSH

Polling Observium Unix agent with SSH

In this How-To i will tell you how to receive the polling data from the UNIX agent: observium_agent over SSH. Especially if you need to monitor remote machines like amazon ec2 instances or other virtual machines the unix agent xinetd solutions which the project delivers seems not the securest way.



On Observium host:

  • php ssh2 module: libssh2-php
  • patchset for:

On target host:

  • snmpd daemon
  • /opt/observium/scripts/observium_agent goes to /usr/bin/
  • /opt/observium/scripts/agent-local goes to target dir see Wiki


Prepare your Target Host

apt-get install snmpd

See config example in:/opt/observium/snmpd.conf.example
And follow the steps as described in UNIX Agent Wiki expect the xinetd part!


Prepare your Observium Server

apt-get install libssh2-php


What we now have to do is to modify the php code of the unix agent.
The easiest way doing this is to grab my patchset for the latest svn (tested with Revision: 4167) trunk.

Get it from this: link and unpack it into a directory of your choice.

unpack the archive:

tar xvzf observium.agent_.patch_.tar.gz

and apply the patch diffs to your php code:

patch -p0 <

Create an authentication key for your remote SSH connection

mkdir /opt/observium/.ssh
ssh-keygen -t dsa -f /opt/observium/.ssh/id_dsa

and hit enter twice.

Set permissions of the ssh folder and transfer your pub key to the remote host:

chmod -R 0400 /opt/observium/.ssh
ssh-copy-id -i /opt/observium/.ssh/

Check if SSH auth via newly created auth key works:

ssh -i /opt/observium/.ssh/id_dsa


Important notice:
Think about how to make the key files and run of the observium_agent
on remote machine more secure by adding an independent user, change access privileges, use of sudo e.g if you are planing to run the observium server on public ip.

Finally we add the SSH Port from your listening remote machine to the config.php

For example:

vi /opt/observium/config.php

and apply this line in the config:

$config['unix-agent']['port'] = 22;

and the polling via secure shell is ready to run.

Final note: I’m aware of that my code is not perfect and probably buggy in special cases. So i would appreciate any suggestions for improvement!


One thought on “Polling Observium Unix agent with SSH”

  1. Also, on your target webserver (or whatever) host, once keys are working correctly, add this to /etc/ssh/sshd_config:

    PasswordAuthentication no

    This adds a lot of security against brute force attacks on port 22.


Leave a Reply