Esta pagina se ve mejor con JavaScript habilitado

Monitorización Dovecot mediante Prometheus

 ·  🎃 kr0m

En este manual veremos como monitorizar un servidor Dovecot mediante Prometheus, si no hemos realizado la instalación base de Prometheus primero seguiremos la guía básica de instalación de Prometheus y Grafana.

Dovecot soporta de forma nativa Prometheus , tan solo debemos indicarle que métricas collectar y exponerlas. En el fichero de ejemplo hay algunas métricas predefinidas pero si necesitamos algo mas custom siempre podemos definir nuestros propios filtros en base a los eventos que nos interesen.

Copiamos el fichero de configuración de ejemplo:

cp /usr/local/etc/dovecot/example-config/conf.d/10-metrics.conf /usr/local/etc/dovecot/conf.d/

Lo editamos descomentando las métricas que nos interesen y bindeando el exporter:

vi /usr/local/etc/dovecot/conf.d/10-metrics.conf

##
## Statistics and metrics
##

# Dovecot supports gathering statistics from events.
# Currently there are no statistics logged by default, and therefore they must
# be explicitly added using the metric configuration blocks.
#
# Unlike old stats, the new statistics do not require any plugins loaded.
#
# See https://doc.dovecot.org/configuration_manual/stats/ for more details.

##
## Example metrics
##

metric auth_success {
  filter = event=auth_request_finished AND success=yes
}

metric auth_failures {
  filter = event=auth_request_finished AND NOT success=yes
}

metric imap_command {
  filter = event=imap_command_finished
  group_by = cmd_name tagged_reply_state
}

metric smtp_command {
  filter = event=smtp_server_command_finished
  group_by = cmd_name status_code duration:exponential:1:5:10
}

metric mail_delivery {
  filter = event=mail_delivery_finished
  group_by = duration:exponential:1:5:10
}

##
## Prometheus
##

# To allow access to statistics with Prometheus, enable http listener
# on stats process. Stats will be available on /metrics path.
#
# See https://doc.dovecot.org/configuration_manual/stats/openmetrics/ for more
# details.

service stats {
  inet_listener http {
    port = 9900
  }
}

##
## Event exporting
##

# You can also export individual events.
#
# See https://doc.dovecot.org/configuration_manual/event_export/ for more
# details.

#event_exporter log {
#  format = json
#  format_args = time-rfc3339
#  transport = log
#}
#
#metric imap_commands {
#  exporter = log
#  filter = event=imap_command_finished
#}

Reiniciamos el servicio:

service dovecot restart

Comprobamos que las estadísticas estén disponibles:

doveadm -f table stats dump

metric_name                                 field    count sum      min   max     avg      median stddev    %95
auth_success                                duration 465   10970083 8590  4012952 23591.58 9032   185546.82 35838
auth_failures                               duration 2     38825    18776 20049   19412.50 19412  636.50    20049
imap_command                                duration 1665  518972   14    11284   311.69   78     421.10    939
imap_command_CAPABILITY                     duration 462   31614    14    164     68.43    70     14.82     82
imap_command_CAPABILITY_OK                  duration 462   31614    14    164     68.43    70     14.82     82
imap_command_STATUS                         duration 643   367999   40    2189    572.32   794    392.68    944
imap_command_STATUS_OK                      duration 643   367999   40    2189    572.32   799    391.79    942
imap_command_LOGOUT                         duration 465   30326    34    1010    65.22    59     73.59     81
imap_command_LOGOUT_OK                      duration 465   30326    34    1010    65.22    59     73.59     81
imap_command_SELECT                         duration 13    25457    1430  4348    1958.23  1622   772.33    4348
imap_command_SELECT_OK                      duration 13    25457    1430  4348    1958.23  1622   772.33    4348
imap_command_UID_STORE                      duration 4     3096     423   1169    774.00   752    351.44    1169
imap_command_UID_STORE_OK                   duration 4     3096     423   1169    774.00   752    351.44    1169
imap_command_UID_COPY                       duration 2     18987    7703  11284   9493.50  9493   1790.50   11284
imap_command_UID_COPY_OK                    duration 2     18987    7703  11284   9493.50  9493   1790.50   11284
imap_command_UID_EXPUNGE                    duration 2     2358     1170  1188    1179.00  1179   9.00      1188
imap_command_UID_EXPUNGE_OK                 duration 2     2358     1170  1188    1179.00  1179   9.00      1188
imap_command_UNSELECT                       duration 2     55       27    28      27.50    27     0.50      28
imap_command_UNSELECT_OK                    duration 2     55       27    28      27.50    27     0.50      28
imap_command_LSUB                           duration 20    5795     263   341     289.75   284    24.80     340
imap_command_LSUB_OK                        duration 20    5795     263   341     289.75   284    24.80     340
imap_command_LIST                           duration 20    22584    1054  1211    1129.20  1140   47.57     1192
imap_command_LIST_OK                        duration 20    22584    1054  1211    1129.20  1140   47.57     1192
imap_command_NAMESPACE                      duration 20    504      19    33      25.20    26     3.53      29
imap_command_NAMESPACE_OK                   duration 20    504      19    33      25.20    26     3.53      29
imap_command_UID_FETCH                      duration 7     4106     375   745     586.57   560    122.82    745
imap_command_UID_FETCH_OK                   duration 7     4106     375   745     586.57   560    122.82    745
imap_command_UID_SORT                       duration 3     1886     407   1031    628.67   448    284.98    1031
imap_command_UID_SORT_OK                    duration 3     1886     407   1031    628.67   448    284.98    1031
imap_command_STORE                          duration 1     1472     1472  1472    1472.00  1472   0.00      1472
imap_command_STORE_OK                       duration 1     1472     1472  1472    1472.00  1472   0.00      1472
imap_command_EXPUNGE                        duration 1     2733     2733  2733    2733.00  2733   0.00      2733
imap_command_EXPUNGE_OK                     duration 1     2733     2733  2733    2733.00  2733   0.00      2733
smtp_command                                duration 10    45256    36    22283   4525.60  98     7287.04   22283
smtp_command_LHLO                           duration 2     197      93    104     98.50    98     5.50      104
smtp_command_LHLO_250                       duration 2     197      93    104     98.50    98     5.50      104
smtp_command_LHLO_250_duration_11_100       duration 1     93       93    93      93.00    93     0.00      93
smtp_command_LHLO_250_duration_101_1000     duration 1     104      104   104     104.00   104    0.00      104
smtp_command_MAIL                           duration 2     147      68    79      73.50    73     5.50      79
smtp_command_MAIL_250                       duration 2     147      68    79      73.50    73     5.50      79
smtp_command_MAIL_250_duration_11_100       duration 2     147      68    79      73.50    73     5.50      79
smtp_command_RCPT                           duration 2     23115    832   22283   11557.50 11557  10725.50  22283
smtp_command_RCPT_250                       duration 2     23115    832   22283   11557.50 11557  10725.50  22283
smtp_command_RCPT_250_duration_10001_100000 duration 1     22283    22283 22283   22283.00 22283  0.00      22283
smtp_command_RCPT_250_duration_101_1000     duration 1     832      832   832     832.00   832    0.00      832
smtp_command_DATA                           duration 2     21711    9656  12055   10855.50 10855  1199.50   12055
smtp_command_DATA_250                       duration 2     21711    9656  12055   10855.50 10855  1199.50   12055
smtp_command_DATA_250_duration_1001_10000   duration 1     9656     9656  9656    9656.00  9656   0.00      9656
smtp_command_DATA_250_duration_10001_100000 duration 1     12055    12055 12055   12055.00 12055  0.00      12055
smtp_command_QUIT                           duration 2     86       36    50      43.00    43     7.00      50
smtp_command_QUIT_221                       duration 2     86       36    50      43.00    43     7.00      50
smtp_command_QUIT_221_duration_11_100       duration 2     86       36    50      43.00    43     7.00      50
mail_delivery                               duration 2     17310    7875  9435    8655.00  8655   780.00    9435
mail_delivery_duration_1001_10000           duration 2     17310    7875  9435    8655.00  8655   780.00    9435

Comprobamos manualmente desde el servidor prometheus que se pueda acceder a las métricas:

curl http://drwho:9900/metrics

# HELP process_start_time_seconds Timestamp of service start
# TYPE process_start_time_seconds gauge
process_start_time_seconds 1634630406
# HELP dovecot_build Dovecot build information
# TYPE dovecot_build info
dovecot_build_info{version="2.3.15",revision="0503334ab1"} 1
# HELP dovecot_auth_success Total number of all events of this kind
# TYPE dovecot_auth_success counter
dovecot_auth_success_total 424
# HELP dovecot_auth_success_duration_seconds Total duration of all events of this kind
# TYPE dovecot_auth_success_duration_seconds counter
dovecot_auth_success_duration_seconds_total 10.410648
# HELP dovecot_auth_failures Total number of all events of this kind
# TYPE dovecot_auth_failures counter
dovecot_auth_failures_total 2
# HELP dovecot_auth_failures_duration_seconds Total duration of all events of this kind
# TYPE dovecot_auth_failures_duration_seconds counter
dovecot_auth_failures_duration_seconds_total 0.038825
# HELP dovecot_imap_command Total number of all events of this kind
# TYPE dovecot_imap_command counter
dovecot_imap_command_total{cmd_name="CAPABILITY"} 422
dovecot_imap_command_total{cmd_name="CAPABILITY",tagged_reply_state="OK"} 422
dovecot_imap_command_total{cmd_name="STATUS"} 591
dovecot_imap_command_total{cmd_name="STATUS",tagged_reply_state="OK"} 591
dovecot_imap_command_total{cmd_name="LOGOUT"} 424
dovecot_imap_command_total{cmd_name="LOGOUT",tagged_reply_state="OK"} 424
dovecot_imap_command_total{cmd_name="SELECT"} 10
dovecot_imap_command_total{cmd_name="SELECT",tagged_reply_state="OK"} 10
dovecot_imap_command_total{cmd_name="UID STORE"} 4
dovecot_imap_command_total{cmd_name="UID STORE",tagged_reply_state="OK"} 4
dovecot_imap_command_total{cmd_name="UID COPY"} 2
dovecot_imap_command_total{cmd_name="UID COPY",tagged_reply_state="OK"} 2
dovecot_imap_command_total{cmd_name="UID EXPUNGE"} 2
dovecot_imap_command_total{cmd_name="UID EXPUNGE",tagged_reply_state="OK"} 2
dovecot_imap_command_total{cmd_name="UNSELECT"} 2
dovecot_imap_command_total{cmd_name="UNSELECT",tagged_reply_state="OK"} 2
dovecot_imap_command_total{cmd_name="LSUB"} 19
dovecot_imap_command_total{cmd_name="LSUB",tagged_reply_state="OK"} 19
dovecot_imap_command_total{cmd_name="LIST"} 19
dovecot_imap_command_total{cmd_name="LIST",tagged_reply_state="OK"} 19
dovecot_imap_command_total{cmd_name="NAMESPACE"} 19
dovecot_imap_command_total{cmd_name="NAMESPACE",tagged_reply_state="OK"} 19
dovecot_imap_command_total{cmd_name="UID FETCH"} 6
dovecot_imap_command_total{cmd_name="UID FETCH",tagged_reply_state="OK"} 6
dovecot_imap_command_total{cmd_name="UID SORT"} 3
dovecot_imap_command_total{cmd_name="UID SORT",tagged_reply_state="OK"} 3
dovecot_imap_command_count 1523
# HELP dovecot_imap_command_duration_seconds Total duration of all events of this kind
# TYPE dovecot_imap_command_duration_seconds counter
dovecot_imap_command_duration_seconds_total{cmd_name="CAPABILITY"} 0.028821
dovecot_imap_command_duration_seconds_total{cmd_name="CAPABILITY",tagged_reply_state="OK"} 0.028821
dovecot_imap_command_duration_seconds_total{cmd_name="STATUS"} 0.336554
dovecot_imap_command_duration_seconds_total{cmd_name="STATUS",tagged_reply_state="OK"} 0.336554
dovecot_imap_command_duration_seconds_total{cmd_name="LOGOUT"} 0.027861
dovecot_imap_command_duration_seconds_total{cmd_name="LOGOUT",tagged_reply_state="OK"} 0.027861
dovecot_imap_command_duration_seconds_total{cmd_name="SELECT"} 0.020084
dovecot_imap_command_duration_seconds_total{cmd_name="SELECT",tagged_reply_state="OK"} 0.020084
dovecot_imap_command_duration_seconds_total{cmd_name="UID STORE"} 0.003096
dovecot_imap_command_duration_seconds_total{cmd_name="UID STORE",tagged_reply_state="OK"} 0.003096
dovecot_imap_command_duration_seconds_total{cmd_name="UID COPY"} 0.018987
dovecot_imap_command_duration_seconds_total{cmd_name="UID COPY",tagged_reply_state="OK"} 0.018987
dovecot_imap_command_duration_seconds_total{cmd_name="UID EXPUNGE"} 0.002358
dovecot_imap_command_duration_seconds_total{cmd_name="UID EXPUNGE",tagged_reply_state="OK"} 0.002358
dovecot_imap_command_duration_seconds_total{cmd_name="UNSELECT"} 0.000055
dovecot_imap_command_duration_seconds_total{cmd_name="UNSELECT",tagged_reply_state="OK"} 0.000055
dovecot_imap_command_duration_seconds_total{cmd_name="LSUB"} 0.005519
dovecot_imap_command_duration_seconds_total{cmd_name="LSUB",tagged_reply_state="OK"} 0.005519
dovecot_imap_command_duration_seconds_total{cmd_name="LIST"} 0.021440
dovecot_imap_command_duration_seconds_total{cmd_name="LIST",tagged_reply_state="OK"} 0.021440
dovecot_imap_command_duration_seconds_total{cmd_name="NAMESPACE"} 0.000478
dovecot_imap_command_duration_seconds_total{cmd_name="NAMESPACE",tagged_reply_state="OK"} 0.000478
dovecot_imap_command_duration_seconds_total{cmd_name="UID FETCH"} 0.003364
dovecot_imap_command_duration_seconds_total{cmd_name="UID FETCH",tagged_reply_state="OK"} 0.003364
dovecot_imap_command_duration_seconds_total{cmd_name="UID SORT"} 0.001886
dovecot_imap_command_duration_seconds_total{cmd_name="UID SORT",tagged_reply_state="OK"} 0.001886
dovecot_imap_command_duration_seconds_sum 0.470503
# HELP dovecot_smtp_command Histogram
# TYPE dovecot_smtp_command histogram
dovecot_smtp_command_bucket{cmd_name="LHLO",status_code="250",le="0.000010"} 0
dovecot_smtp_command_bucket{cmd_name="LHLO",status_code="250",le="0.000100"} 1
dovecot_smtp_command_bucket{cmd_name="LHLO",status_code="250",le="0.001000"} 2
dovecot_smtp_command_bucket{cmd_name="LHLO",status_code="250",le="0.010000"} 2
dovecot_smtp_command_bucket{cmd_name="LHLO",status_code="250",le="0.100000"} 2
dovecot_smtp_command_bucket{cmd_name="LHLO",status_code="250",le="+Inf"} 2
dovecot_smtp_command_sum{cmd_name="LHLO",status_code="250"} 0.000197
dovecot_smtp_command_count{cmd_name="LHLO",status_code="250"} 2
dovecot_smtp_command_bucket{cmd_name="MAIL",status_code="250",le="0.000010"} 0
dovecot_smtp_command_bucket{cmd_name="MAIL",status_code="250",le="0.000100"} 2
dovecot_smtp_command_bucket{cmd_name="MAIL",status_code="250",le="0.001000"} 2
dovecot_smtp_command_bucket{cmd_name="MAIL",status_code="250",le="0.010000"} 2
dovecot_smtp_command_bucket{cmd_name="MAIL",status_code="250",le="0.100000"} 2
dovecot_smtp_command_bucket{cmd_name="MAIL",status_code="250",le="+Inf"} 2
dovecot_smtp_command_sum{cmd_name="MAIL",status_code="250"} 0.000147
dovecot_smtp_command_count{cmd_name="MAIL",status_code="250"} 2
dovecot_smtp_command_bucket{cmd_name="RCPT",status_code="250",le="0.000010"} 0
dovecot_smtp_command_bucket{cmd_name="RCPT",status_code="250",le="0.000100"} 0
dovecot_smtp_command_bucket{cmd_name="RCPT",status_code="250",le="0.001000"} 1
dovecot_smtp_command_bucket{cmd_name="RCPT",status_code="250",le="0.010000"} 1
dovecot_smtp_command_bucket{cmd_name="RCPT",status_code="250",le="0.100000"} 2
dovecot_smtp_command_bucket{cmd_name="RCPT",status_code="250",le="+Inf"} 2
dovecot_smtp_command_sum{cmd_name="RCPT",status_code="250"} 0.023115
dovecot_smtp_command_count{cmd_name="RCPT",status_code="250"} 2
dovecot_smtp_command_bucket{cmd_name="DATA",status_code="250",le="0.000010"} 0
dovecot_smtp_command_bucket{cmd_name="DATA",status_code="250",le="0.000100"} 0
dovecot_smtp_command_bucket{cmd_name="DATA",status_code="250",le="0.001000"} 0
dovecot_smtp_command_bucket{cmd_name="DATA",status_code="250",le="0.010000"} 1
dovecot_smtp_command_bucket{cmd_name="DATA",status_code="250",le="0.100000"} 2
dovecot_smtp_command_bucket{cmd_name="DATA",status_code="250",le="+Inf"} 2
dovecot_smtp_command_sum{cmd_name="DATA",status_code="250"} 0.021711
dovecot_smtp_command_count{cmd_name="DATA",status_code="250"} 2
dovecot_smtp_command_bucket{cmd_name="QUIT",status_code="221",le="0.000010"} 0
dovecot_smtp_command_bucket{cmd_name="QUIT",status_code="221",le="0.000100"} 2
dovecot_smtp_command_bucket{cmd_name="QUIT",status_code="221",le="0.001000"} 2
dovecot_smtp_command_bucket{cmd_name="QUIT",status_code="221",le="0.010000"} 2
dovecot_smtp_command_bucket{cmd_name="QUIT",status_code="221",le="0.100000"} 2
dovecot_smtp_command_bucket{cmd_name="QUIT",status_code="221",le="+Inf"} 2
dovecot_smtp_command_sum{cmd_name="QUIT",status_code="221"} 0.000086
dovecot_smtp_command_count{cmd_name="QUIT",status_code="221"} 2
# HELP dovecot_mail_delivery Histogram
# TYPE dovecot_mail_delivery histogram
dovecot_mail_delivery_bucket{le="0.000010"} 0
dovecot_mail_delivery_bucket{le="0.000100"} 0
dovecot_mail_delivery_bucket{le="0.001000"} 0
dovecot_mail_delivery_bucket{le="0.010000"} 2
dovecot_mail_delivery_bucket{le="0.100000"} 2
dovecot_mail_delivery_bucket{le="+Inf"} 2
dovecot_mail_delivery_sum 0.017310
dovecot_mail_delivery_count 2
# EOF

Damos de alta un nuevo scrape:

vi /usr/local/etc/prometheus.yml

  - job_name: 'dovecot_exporter'
    scrape_interval: 30s
    static_configs:
      - targets:
        - drwho:9900
        labels:
          scrape_interval: 30s

NOTA: Si cambiamos el intervalo de scrape es importante hacerlo también en la etiqueta scrape_interval ya que se utiliza en las querys de las gráficas de Grafana.

Debemos tener en cuenta que este exporter NO pide autenticación por lo tanto debemos restringir el acceso mediante firewall o bindear el exporter a localhost e instalar algún servidor web como Nginx para que pida credenciales y actúe como intermediario. En caso de tratarse de una jail en modo bridge no tendremos interfaz de loopback, por lo tanto debemos bindear las stats a otro puerto, bindear Nginx en el 9900 y restringir por firewall el acceso al puerto de las stats para que solo se pueda acceder desde la ip local. En el scrape deberíamos definir las credenciales.

Reiniciamos el servicio:

service prometheus restart

Cargamos en Grafana la siguiente dashboard

Si te ha gustado el artículo puedes invitarme a un RedBull aquí