Simple monitoring

[Update: May 9, 2019]

This page explains the network monitoring service “Simple Monitoring“.

Overview

Simple Monitoring monitors network communication. (ping, tcp), apps (http, smtp, etc.), and billing amounts based on billing information within SAKURA Cloud. When communi-cation is lost or the threshold exceeded, customers will be notified by any means possible.

Service specification details are as follows.

Hint

*For the Billing Amount Alert function, please refer to “ Billing alert . ” For the effective period of the SSL Certificate Alert function, please refer to “ Alert for the effec-tive period of the SSL certificate .”

Compatible protocol for network monitoring

Protocols that can be established to monitor monitoring methods, targets, setting options and existence of the response time recording function are as follows

Attention

IPv6 monitoring is not supported. Monitoring targets are designated by FQDN with a registered IPv4 address or A record.

Protocol Monitoring method Setting option Response time record
ping Send a ping to a designated monitoring target, to confirm network accessibility.
tcp Confirm TCP connectivity to the designated monitoring destination port. Ÿ Port number (*)
http The efficacy of a response code can be confirmed through the http connection to the des-ignated monitoring target/port number’s specified path. Port number
(Port number 80 when omitted)
Path (*)
Response code (*)
https The efficacy of a response code can be confirmed through the http connection to the des-ignated monitoring target/port number’s specified path. Ÿ Port number
(Port number 443 when omitted)
Path (*)
Response code (*)
dns A query will be sent to a designated monitoring target with a designated FQDN. If an option is specified, there will be confirmation of whether the response is as expected. ●Query FQDN (*)
●Expected value
*Also support Punycode settings starting with xn–.
ssh TCP connection to the specified monitoring destination / port number is established with confirmation of response from the SSH server. ŸPort number
(Port number 22 when omitted)
smtp TCP connection to the specified monitoring destination / port number is established with confirmation of response to the SMTP command. Ÿ Port number
(Port number 25 when omitted)
pop3 TCP connection to the specified monitoring destination / port number is established with confirmation of POP3 command response. Ÿ Port number
(Port number 110 when omitted)
snmp UDP connection to port number 161 of a designated monitoring target confirms whether designated community name and response to queries with OID are as expected. Ÿ Community name (*)
SNMP version (*)
OID (*)
Expected value (*)
×

Interval of network monitoring

  • It is possible to set in one minute increments from 1 to 60 through Check Interval (Minutes) “
  • Notifications are issued at initial detection of Server Down and again, after recovery.
  • Downed monitoring targets will be assessed at specified intervals. A recovery notifica-tion will be sent when status returns to normal. If the situation remains unchanged, down notifi-cation will continue every 2 hours.

Notifying method

The following notification methods are compatible.

Email A notification will be sent to all registered emergency contact email addresses.
If there is no registered emergency contact, a notification will be sent to the registered e-mail address associated with the member ID.
Slack/Discord Supports Incoming WebHooks of Slack and Discord .
*The only URLs that can be specified are the Webhook URLs (https://hooks.slack.com/services/*, https://discordapp.com/api/webhooks/*, etc.) of each service.
*As Webhook notifications sent by simple monitoring use Slack compatibility settings, it is nec-essary to Add “/slack” to the end of the Webhook URL generated at the Discord and specify `related settings .

Attention

If notification to the specified Slack/Discord Webhook URL notification destination fails, notification will be automatically deactivated. (If Email is set as the notification destina-tion in addition to Slack/Discord, only notifications to Slack/Discord are deactivated. If only Slack/Discord is set as the notification destination (Email is not set), monitoring itself is deac-tivated.)
When deactivated, deactivation status and unnotified content will be relayed to the emergency contact email address or to the registered email address associated with the member ID.

Monitoring network

The simple monitoring service conducts monitoring from the following networks.

27.133.139.32/28

必要に応じ、監視対象までの経路で上記ネットワークからのアクセスを許可する設定を行ってください(「4. iptablesで監視サーバからの接続を許可する」の項目でiptablesの設定例を掲載しています)。

Network monitoring fee.

Fees are calculated according to monitoring targets. Under certain conditions, network monitoring is offered free of charge.

Network monitoring where fees do not apply. When the monitoring target is an IPv4 address and global IP address provided by our services (SAKURA VPS, SAKURA dedicated server, etc.)
Network monitoring where fees apply. Monitoring target is FQDN
Global IP address is provided by another company.
Use of SSL Certificate Expiration Alert function.

Setting method

After login screen authentication, click the Simple Monitoring button on the home screen.

At the control panel, select Simple Monitoring from the menu on the left.

*As simple monitoring functions independently of zones like GSLB and DNS, the same Settings screen will be displayed regardless of the selected zone.

The Simple Monitoring screen with a list of currently set simple monitoring will be displayed. To add new monitoring, click Add.

The Add Monitoring screen will appear. Enter the required fields.

Item Content
Monitoring target (*) Set monitoring targets with IP addresses or FQDN.
*FQDN without an IPv6 address or an A record cannot be registered.
Monitoring method (*) Select a monitoring method from http, https, ping, and tcp.
Host header Set a host header.
*Displayed only when http or https is set as the monitoring method.
Path (*) Set a path for acquiring an HTTP response code.
*Displayed only when http or https is set as the monitoring method.
User name (BASIC authentication) (*) Set authentication user name for monitoring of the BASIC authentication area.
*Displayed only when http or https is set as the monitoring method.
Password (BASIC authentication) (*) Set authentication password for monitoring of the BASIC authentication area.
*Displayed only when http or https is set as the monitoring method.
Response code (*) Specify an HTTP response code, which will become normal when connected to a path designated in the Path input field.
*Displayed only when http or https is set as the monitoring method.
SNI (*) Set a host header.
*Displayed only when http or https is set as the monitoring method.
Port number Specify a port number to be monitored.
*Displayed only when tcp, http, https, ssh, smtp or pop3 is set as the monitoring method.
*Required for tcp.
Expected value Set a value for determining normalcy of response from a monitoring target.
*Displayed only when dns/snmp is set as the monitoring method.
Community name/SNMP version/OID (*) OID is queried using the monitoring target’s designated community name / SNMP ver-sion.
*Displayed only when snmp is set as the monitoring method.
Check interval (minutes) (*) Set the check interval for monitoring within a range of 1 to 60 min
Enabled/disabled (*) Select whether to enable or disable monitoring.
Notification ●Notification destination
Select either Email or Slack/Discord as the notification destination.
*If Slack/Discord is selected, the input field for Webhook URL will be displayed below. Enter the notification Webhook URL.
●Email type
You can choose either text or HTML email format. In HTML format, notifications will be dis-played graphically (See “3. Example of notification”).
Explanation Enter a description for the specified monitoring.
Tag Add a tag to specified monitoring. (As with list screens of servers and disks you can use tags to refine your search in the Monitoring List screen.)
Icon Add an icon to the specified monitoring. (The Monitoring List screen will be dis-played.)

() represents a necessary item.

When input is complete, select Create on the bottom right. Added monitoring items will be reflected in a List screen that displays specified monitoring items and their status’ (enabled or disabled, down state detected).

By enabling the checkbox at the left of the monitoring items list, you can carry out De-tails (display Details screen), Switch Status (switch between enable/disable), and Delete (delete a monitoring item) operations via the buttons at the top of the list or pop-up menu. (If multiple monitoring items are selected, they can have their status’ switched or be deleted simultanously.)

Detailed information of a monitoring item will be displayed on the details screen by double-clicking the select item or the details button.

Here, operations can be conducted through menus and buttons displayed at the top and explanations, tags, and icons can be changed with the Edit button located at the bottom right of the screen.

Example of notification

Examples of notification from a monitoring server are as follows.

Email

Written notification (text) when PING monitoring is detected as down

From: noreply@sakura.ad.jp
To: 通知先設定メールアドレス
Subject:  【さくらのクラウドシンプル監視】 (監視対象) ping ダウン検知

※ このメッセージは自動送信されています。

さくらのクラウドシンプル監視サービスです。
下記の監視においてアラートを検知しました。

リソースID:      11280003XXXX
監視対象:        監視対象
説明:          監視対象の説明
状態:          ダウン
プロトコル:       ping

検知日時:        2016-01-25 15:11:01
ログ:          CRITICAL - (監視対象): rta nan, lost 100%

Written notification (HTML) when PING monitoring is detected as down

Written notification (text) when PING monitoring is restored

From: noreply@sakura.ad.jp
To: 通知先設定メールアドレス
Subject: 【さくらのクラウドシンプル監視】 (監視対象) ping アップ検知

※ このメッセージは自動送信されています。

さくらのクラウドシンプル監視サービスです。
下記の監視においてアラートを検知しました。

リソースID:      11280003XXXX
監視対象:        監視対象
説明:          監視対象の説明
状態:          アップ
プロトコル:       ping

検知日時:        2016-01-25 15:12:09
ログ:          OK - 153.120.167.127: rta 21.659ms, lost 0%

Written notification (HTML) when PING monitoring is restored

Slack/Discord

Example of Slack notification when PING monitoring is detected as down

Example of notification at the time of recovery

Authorizes connection from a monitoring server with iptables

This is an example of iptables settings for authorizing connection from a target server network of the simple monitoring service.

Example of description of /etc/sysconfig/iptables

Example: Authorizes ICMP communication from the simple monitoring service monitor-ing server network and the communication to port number TCP80.

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [44:6739]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s <監視元ネットワークアドレス> -p icmp -j ACCEPT
-A INPUT -s <監視元ネットワークアドレス> -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

*For <Monitoring network address>, specify 27.133.139.32/28.

Example of settings with the iptables command

Example: Authorize ping from the monitoring server network of the simple monitoring service.

# iptables -A INPUT -s <監視元ネットワークアドレス> -p icmp -j ACCEPT

msgstr “Example: Authorize tcp monitoring to a random port number.

# iptables -A INPUT -s <監視元ネットワークアドレス> -p tcp -m tcp --dport <ポート番号> -j ACCEPT

*For <Monitoring network address>, specify 27.133.139.32/28.
*In addition to the above, the default operation of the INPUT and FORWARD chains must be set to DROP.

# iptables -P INPUT DROP
# iptables -P FORWARD DROP

Example: Authorize ICMP communication and the communication to port TCP80 exclu-sively from the monitoring server network of the simple monitoring service.

# iptables -P INPUT DROP
# iptables -P FORWARD DROP
# iptables -A INPUT -s <監視元ネットワークアドレス> -p icmp -j ACCEPT
# iptables -A INPUT -s <監視元ネットワークアドレス> -p tcp -m tcp --dport 80 -j ACCEPT
# /etc/init.d/iptables save

*For <Monitoring network address>, specify 27.133.139.32/28.

Check response time

Response time will displayed by selecting the Activity tab in a monitoring item’s Details screen.

A response time graph can be operated like Activity graph of a server or a disk.

Note

*Response time data storage period is 1 year.
*With longer check intervals (e.g., 60 min), checks will be indicated with a marker.

Alert function for the SSL certificate expiration date

This following describes SSL Certificate Expiration Date Alert, which monitors the expiration date of the SSL certificate for any FQDN providing HTTPS service and notifies you of impending expiration.

Overview

  • Due to FQDN designation, this service provided with a fee, regardless whether a target monitoring host is installed inside or outside the SAKURA Internet.
  • You will be alerted when the number of remaining days of the effective period specified by the monitoring target’s SSL certificate falls below the designated mark (1 to 9,999).
  • The monitoring interval is 6 hours, and the re-notification interval is 24 hours (Monitor-ing intervals cannot be changed.)
  • Only SSL certificates used for HTTPS are monitored (FTPS, POP3S, etc. cannot be monitored)
  • Compatible with SNI, the SSL certificate of a monitoring target is limited to the FQDN-designated domain.

Setting method

From the Simple Monitoring Creation screen, select SSL Certificate Expiration Date with the Monitoring Target radio button. In the lower fields, enter the target host name (FQDN), the alert threshold for the number of remaining days of the effective period, as well as other setting values shared with other monitoring items. Click Create.

*In order to confirm that the certificate expiration date can be obtained normally, we recommend testing the alert by inputting “9999,” or any value exceeding the current certificate’s number of days of the effective period.

Notification text

The following is an example of notification:

Email

From: noreply@sakura.ad.jp
To: 通知先設定メールアドレス
Subject: 【ダウン検知】 (監視対象) sslcertificate

※ このメッセージは自動送信されています。

さくらのクラウドシンプル監視サービスです。
下記の監視においてアラートを検知しました。

リソースID:        1128000XXXXX
監視対象:          監視対象
説明:              監視対象の説明
状態:              ダウン
プロトコル:        sslcertificate
有効残日数閾値:    設定した有効残日数

検知日時:          2017-10-02 22:12:45
ログ:              CRITICAL - only 140 day(s) left for this certificate. end date is 2018/2/28 14:59:00 GMT.

Slack/Discord

Example of Slack notification

Regarding API documents

As with other functions, simple monitoring can be performed using API.. For details, please refer to the API document.