If, like us, you use an HSM to store your DNSSEC key material you may know that it is important to monitor memory usage in your HSM; with a typical DNSSEC key management scheme you may have as many as 5 keys active per signed domain. This can be a burden on your HSM, especially if it has a limited amount of storage like ours do. To automate this monitoring, we have created a little tool called “p11memmon”. It can be integrated as a Nagios check and monitors the amount of available memory through the PKCS #11 interface of your HSM. The tool can give a warning when memory saturation reaches a certain limit (75% is the default setting) and reports a critical status if the memory saturation exceeds a maximum limit (90% by default).
We’ve made this tool available in open source, you can download it here. The source includes a specification file that you can use to build an RPM package.