Monitoring OS X Servers with Observium – Part 1: SNMP

I know not many shops use OS X servers any more, but we do – so here’s a how to on getting Observium to draw pretty, pretty graphs of your Apple boxes. This guide applies to both the Community and Professional editions.

Note: I’m going to do this walk through assuming you are running OS X 10.10 “Yosemite.” 10.11 has a feature called System Integrity Protection – tl;dr it means we can’t write to /usr/bin/ or /usr/lib. The instructions below will work just fine for any version of OS X before 10.11, there are just a few steps that are slightly extraneous. If you need to configure SNMP on 10.11, the only change is that snmpconf will walk you through the instructions differently – see an updated post with more information here if you get stuck.

In this post I will detail how to set up the SNMP daemon so Observium can poll information about the server.

Open up a terminal window (Applications -> Utilities -> Terminal). We’ll create a basic SNMP configuration using the snmpconf tool – it is interactive and will prompt you for the various options.

sudo snmpconf -i -g basic_setup

When prompted which files to read in, “all” is a sensible default. I definitely recommend configuring the system MIB group – the location field should be the physical address of where the server is located. This will let Observium plot it on a map. Contact information can be a common alerting email inbox / list or your own, depending on your setup.

I recommend you skip configuring the sysServices.0 OID unless you really know what you’re doing.

Access control is our next thing – we want to ensure that we protect the information that SNMP will expose. We’ll use SNMPv2 because it is the simplest (if you need encryption between your servers and the Observium host, use SNMPv3). Say “no” to both SNMPv3 access options, “no” to SNMPv2 read-write, and “yes” to SNMPv2 read-only. Generate a random string for the community name:

openssl rand -base64 16

Make sure you note the string for later, you’ll need it to add the device to Observium. The configuration tool will then ask what network resources should be able to access the SNMP daemon with this community. Input either the IP of your Observium server, or a range if you are using multiple SNMP pollers on different IPs. I don’t recommend leaving it open to your whole network, especially if the server is on the public internet. Press return to give no restrictions on OID access. After you’ve configured that read only community, say no to creating more. You can say no to configuring trap setup as well as no to the option asking if you want to configure the agent’s ability to monitor “other aspects of your system” – for a basic setup, this isn’t needed.

There’s now a shiny new snmpd.conf file sitting in the current directory! On versions of OS X before 10.11, the configuration tool will automatically move the file to /usr/share/snmp/snmpd.conf. On 10.11, you will need to manually copy the file –

sudo mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak

sudo cp snmpd.conf /etc/snmp/

Finally, we’ll restart the SNMP daemon by unloading and re-loading the launchd job:

sudo launchctl unload /System/Library/LaunchDaemons/
sudo launchctl load /System/Library/LaunchDaemons/

You’re now ready to add the device to Observium in the usual way – select SNMP v2c and input the string as the community name, input the hostname, and that’s it! The next time your discovery and poller runs, you’ll have gorgeous looking graphs started.

To learn how to configure the Observium Agent, read on to Part 2!