Slashdot Mirror

• Nagios: For availability monitoring. When a service or host goes down, we know about it. Was put in place when we discovered one of our pairs of firewalls (hot standby) had silently failed over because of a faulty hdd, and we hadn't noticed it for 2 days.
• Cacti: For throughput and performance monitoring. Makes pretty little graphs. The best thing about it is that it helps bypass the complex configuration of rrdtool by using templates. Documentation on creating new, non-standard graphs could use some work.

Both tools give us a much better view of our network, and what our various devices are doing.

1. Nagios: monitors your servers/services, amails, pages, sends a carrier pigeon when one goes down.

2. Logwatch: Logwatch is something that should be used by every Unix/Linux SA everywhere. It gives you a daily snapshot of events in your logs

3. Mon: Nice, simple, easy. If your webserver goes down, your secondary can bring up a virtual ip a couple of seconds later. No more annoying three am phone calls

4. Snort/ACID: lets me know if a virus breaks out, or if there are stupid script kiddies trying to brute force their way in.

5. Nessus: run it early, run it often. Figure out any holes you have in your security, and make sure you fix them.

There's more, but you should really do some of your own homework.

While I haven't had the pleasure of working with any of these $10M install of a network management suite, I've been able to accomplish much of what you talk about using an assortment of the following open source tools:

OpenNMS
cfengine
nagios

Granted, none of these have real slick guis, and there is a bit of a learning curve to get over before you master them. However, for somebody who knows how to use the above tools, it's amazing the number of machines can be administered by one person.

Nagios

with Linux as the OS

Kernel! And anyway, does the fact you're using GNU/Linux or *BSD actually make a difference to this?

This tool will be really cool when you plug it into your Network Management System.

*receive SMS at 1830 Saturday*
"Awwww shit...the Exchange server's down....but Pizza will arrive on site when I do!"

Instead of jumping right in and converting boxes over to Linux and FreeBSD I quietly received permission to build a couple of FreeBSD servers out of PCs slated for the recycle bin.

Reciently I was involved in some meetings to look at network and server monitoring tools which included Deep Metrix's IP Monitor and Ipswitch's What's Up Gold. Both are pretty "entry level" but we only needed to monitor 25 servers for (mostly) non mission-critical reasons.

I took it on my own to install Nagios on one of my "play" servers over a long weekend. The following Monday I pulled the people together from the previous meetings and showed them what Nagios and FreeBSD could do...monitor everything they had defined as being critical to be monitored and send notifications via a TAP gateway to our IT pager.

Everyone was thrilled, the cost was about 8 hours of my time (they gave me a freebie day off!) and there was no MSFT tax paid.

Now that open source solutions have a) proven themselves in our organization and b) reduced some of our IT costs management is much more interested and much more flexible in investigating and implementing alternative solutions.

As long as Microsoft keeps charging us an arm and a leg for the privledge of implementing their systems (and sometimes they do have a better tool, I can admit that) Linux will have a strong ally in cost-concious managers everywhere if we can tone down the rabid fandom that scares a lot of "normal" people away!

Be polite and political about Linux and alternatives in your organization, and just show what it can do and you'll find people are more receptive to the idea!

Anyone familiar with projects like VOCP? I've gotten my share of fax-spam and am tired of dealing with it, actually. I'd like to prevent others from being able to send me voice mail, fax, etc, if their ID comes up as unknown number, or matches a list of companies I don't want to call me.
I've also considered using Nagios to automate fax (or voice calls with a sound card) status reports and the like. Lots of possibilities here worth looking into.

That is what I use Nagios and Cacti.

The RRD home page has links to TONS of other tool sthat make use of it and SNMP.

How is it there is an article about a homebrew N.O.C. that doesn't mention Nagios?

just put nagios on top of your usual tools (logcheck, tripwire), set alerts by some SMS gateway and use the WAP interface.

Chances are your current mobile phone can handle WAP and, for the work, a lightweight laptop handy (1-1.5 kg) is much better, IMHO, than any PDA/Phone.

Also, if it's a small problem, the WAP interface will let you discover it in a few clicks.

Nagios. Simple as that. You won't regret it.

We use NAGIOS to monitor our ISP network of 125+ machines and nearly 600 independent services. Completely customizable with plug-in modules to monitor anything you like.
I remember an older one called Big Brother that was a little lighter weight.

At work here we use a combination of two things to monitor our servers. First is Nagios (previously NetSaint). Nagios is good because it can do very basic checks from just pinging a server to see if it's up (and network routers, switches, firewalls, printers, etc...) to actually checking to see if a certain service is up. Such as requesting a webpage to make sure that your HTTP server is running, or making an SMTP or FTP request to check that those services respond too. (it also does more, but there's no use in listing them all here.) We have nagios setup to send out pages whenever a server is reported as going down.

Also what we use is just a simple implimentation of SNMP plus Cricket (an interface for MRTG) to graph the SNMP data over time. That tells us things like CPU load, memory + swap usage, and a number of other things. Both products work pretty well and they give us a very good idea as to what is going on with our servers and such. And on the bright side, they're free! The only cost you need is the hardware to run them on.

And if you really wanted to get fancy, you could always try something like Smoke Ping which tells you the latency to your servers over time. It'll report the average time for a ping reply, plus a graph of how far away from the norm a ping is. Works great for if you want to see things like if a server's network response time slows down at various points of the day, or during heavy CPU load and things like that. It's a very nice product, and it sits on MRTG just like Cricket does, so you don't even need a separate box for it.

We have had great success with Nagios. We even wrote custom plugins to monitor certain other aspects of our custom system (in PHP, no less).

S

Nagios - I'll say it again.

how about nagios?

That's easy, use nagios. It what I use and it's great. For the holes it doesn't fill, go try out mrtg. :-)

Nagios is a great server monitoring system and seems to have what you need.

Its meant for Linux but works under most *NIX variants

I haven't used it but it seems like Nagios is what you want. It's GPL and is supposedly very powerful.

Have you heard of Nagios?

Nagios might be what you're looking for. Cheers.

Money is indeed a very good reason, or rather, the lack of it. It impels those of us working in UK government departments (or local government, in my case) to adopt free and open source solutions simply so we can do our work effectively. MRTG, Nagios, KiXtart, and SysInternal's PSTools are all tools in my arsenal, and because they were free I just went and used them. No management financial decisions were needed, so a lack of budget couldn't get in the way of us doing our job properly.

The problem is that many in IT in the UK Civil Service (why do thay call it that, it's neither civil nor a service these days?) wear their Microsoft / Oracle / whatever they were brought up on blinkers, and feel / are way out of their depth when it comes to IT which involves more than point and click.

What the Office of Government Commerce is trying to remind Central and Local Government is that their solutions should be cost-effective.

For too long those in central and local government here have have taken tax incomes for granted. It's not like the real world where if you screw up your business goes under. The money flows in no matter how wasteful you are. It's worse than that, actually, for if you do a good job and shrink your expenditure, your budgets get cut, whilst habitual overspenders get their budgets increased. Crazy, huh?

Sometimes services can lock up to the point where they are not functioning without closing down the port. Something slightly more thurough like nagios should do nicely. ie: Does a simple http request and confirms the reply is ok.

I had thought of using Knoppix as an "appliance" distribution - I hadn't considered Apache, I was thinking for things like Squid, NTOP, Nagios, etc. Config information could be held on a floppy or flash drive.

Matt

I belive that you're thinking of Netsaint...aren't you?

It's now called Nagios :-)

NAGIOS is an opensource network monitoring system, they have some links on their site for ethernet connected temperature probe devices.

NAGIOS is an opensource network monitoring system, they have some links on their site for ethernet connected temperature probe devices.

If you want to roll your own: http://quozl.netrek.org/ts/

I bought the kit for the one on the second link and it works great.

I had good experience with the following tools: cacti
It's based on RRD the successor of MRTG (not much developed anymore, but still a good tool). Thanks Tobi btw.
OpenNMS is a really powerful realtime monitoring tool
Nagios also...
Don't forget snort for your IDS needs and add acidlab for good visualization of snort's results.

Nope. SATAN was a vulnerability probing tool that came out of SGI quite a while back. SAINT was based on it (at least in function, I don't know if the code was based on it). They have nothing to do with Nagios.

The previous version of Nagios was called Netsaint, but they changed the name to Nagios because of possible trademark problems with WebSAINT, which is a web based tool that uses SAINT.

From the notice at the bottom of netsaint.org: NetSaint is not affiliated with World Wide Digital Security, Inc. (WWDSI); Richard S. Carson and Associates, Inc; and the marks WEB SAINT, SAINT, SAINTWRITER, SAINTEXPRESS, and SAINTBASIC owned by Richard S. Carson and Associates, Inc.

And I may as well mention that Nagios/Netsaint is a really great tool and I highly recommend it. It won't, however, keep you up to date on "suspicious" activity - it's mostly for just making sure that your server and any services that run on it are going.

Nagios rocks my socks. Does everything most commercial apps do, and it's free. Rock solid too.

You could use the same technique used in an older article to light the LEDs. I couldn't speak to the cost, though.

I would use hollow frosted plastic or glass globes over a solid encasing, but that's mostly personal choice.

This would be a pretty cool project. If your interface is capable of handling multiple balls, you could make add-ons for software like Nagios to show the status of various servers in simple colors.

For no good reason, I came up with this, too:

You could make your indicator a Ping-Pong ball, which is both connected and powered by an RJ-45 cable. This way you could route the output from your software to any wall-jack in an office (pre-planned, though) and make simple indicators available almost anywhere with pre-existing wiring.

Mon is what I use. It is very extensible, but also is fairly good out of the box. I monitor ~90 servers (many in remote data centers) with no problems. I write all sorts of monitors that are run on the remote servers via ssh. It is open source, and free.

Nagios seems to be good as well, although I haven't used it myself.

Surprised that no one has mentioned Nagios. Used to be called Netsaint. We've used it to monitor about 10 servers for about 3 years now. It's good for monitoring almost anything about your hardware you can think of, as long as you have the ability to get back the extended information from your motherboard (temperature, etc). It's open source, with many plugins & writing plugins for it is very simple.

Just to clarify for other readers, he's asking about the Compaq health and wellness drivers which are binary only kernel modules and daemons that monitor things like the power supplies, temperature, if the case was opened, the speed and health of every fan in the system as well as things like memory errors and the state of the hard drives. They provide information that things like Nagios and Big Brother won't be aware of because the information isn't in /proc without these drivers.

That being said, you'd do well to subscribe to the Compaq and Linux mailing list. There are some solutions to getting those Compaq drivers working with versions of Red Hat that are newer than what Compaq supports. I haven't had the time to try any of the suggestions out on one of our servers yet.

Also, since everyone else is thinking you want application monitoring, I'd recommend Nagios.

I think you can probably get the same end result with the projects mentioned above, but you might check out Nagios. It has a nice web interface and provides a wide array of monitoring options.

Why, the aisle will fill with products to fix the deficiencies in Linux. It already exists in virtual form in sites like freshmeat or linux.org.

not really, instead we will go to freshmeat and sourceforge etc and get the fix for free. (thus the isle will be empty) and that was the parent posts point. linux changes bussiness's plans. no more need for 80 gagillion file system cleaning utils, or program uninstallers or system monitoring tools , or the like. they are already out there and are free and work great. hell symantec (as pointed out by someone else) was using Nagios to monitor some stuff. (could be seen on the screen.) and guess what ? its OSS. HERE !

granted some mindless retail whores will go any buy norton works for linux. even if it is just lm-sensors , top, fsck etc in a box. but thats not my problem.

of course it would be helpful if i linked it right ... now wouldnt it.

better ?
must remember http:// DOH !!

Um, just hire one of the consultants to fix your odd problem - it's the same crap you'd go through with every big commercial tool.

Well then you should try Nagios (Used to be Netsaint). Does all sorts of monitoring and 2D maps of systems (and their status) or a 3D VRML map! Doesn't do histograms though... In all seriousness though, it really is a neat piece of software and very handy.

If you haven't checked into nagios yet, you owe it to yourself to do so. Now. It's a monitoring application that can take action on problems. That's the first step to automating things in the datacenter. It's open-source, and it's highly useful, if a little tricky to get working.

I moved out of a group running a lot of big Sun machines (I set up an E10K for them) because of managerial issues. Before I left, we had a budget item for about $250,000 to set up a monitoring and job-scheduling application. It was going to take *another* Sun box to run, and we were being told that it would take 3 months to get it all set up and configured.

With Nagios, I can do everything we they were talking about implementing. I spent 3 weeks, and it cost me nothing. I employed a dual PII 266 that was collecting dust. (I also used an old P166 as a dedicated kiosk for showing the web page.) My boss and my co-workers think it's great. I'm dying to show it to my old group...

Aside: Is there any open source software that manages session affinity yet?

Indeed, and knowing OpenView is an administration nightmare on its own doesn't give me a lot of confidence in N1 and the like. Just give me nagios and I'll run my network just fine.

No artificial intelligence or learning is involved in the system, but just specifying it does get the job done (and probably in a more straightforward and predicatable way than a neural network or somesuch).

You're required to specify hours for contacts, as well. Eg., the on-call pager only gets messages outside of office hours, individual sysadmin pagers only get messages during office hours, etc. The contact settings are broken down by host and service, too, so, for instance, you can have it so the Oracle DBA won't get a page when a host goes down, but the unix admin will.

I've only been using nagios for a few weeks, but I've been really impressed with it. All the shortcomings I saw with other monitoring systems are fixed. The dependencies keep me from getting 20 pages when a router goes down. check_by_ssh allows me to have an individual key for each thing I want to check on a host (such as load), without running any additional daemons - and without giving the monitoring system a shell on the system. Events allow me to get information from the time of the alert - such as by running top on a host with high load, or traceroute for an abnormally high ping response time. Scheduled maintenence windows allow me to simply visit a web page, and set a maintenance time for something, and all the alarms don't go off during maintenance.

Inheritance in the template-based configuration files allows you to specify all the basics for a host or service in a single place, too, so you only need a few lines to specify the actual host or service to be checked. Since the host names can be separated by commas in the definition, it doesn't take lots of repetition for a number of similar machines.

In other words, I wouldn't call it low-end any more. :)

Having a software package determine for me what servers aren't worth my attention after a certain time seems a little risky to me. I'd much rather explicitly tell a piece of software not to bug me in the middle of the night if such-and-such goes down than have it try to guess whether I should be bothered.

Nagios has been working perfect for me. Tell it that you don't care if the porn site you host on your employers' equiptment goes down between the hours of 1am and 7am and it'll leave you alone till then. I've also heard good things about Big Brother, but haven't tried it.

One area where open-source is doing great is in monitoring projects, such as Big Brother, NetSaint , Nagios, and others. I'm curious as to why you went with a commercial product instead of a free (as in beer and speech) one.

The GPL violations are most likely just the straw that finally broke him. The other reasons you cite are probably at the core of the problem.

As the creator/developer of NetSaint (soon to be Nagios, I can understand where his frustration comes from. I've gone through several periods where I feel like just throwing in the towel and calling it quits. During those times I usually take 2 or 3 months to stop development, not respond to email, etc. and just relax. After a few months time I feel like starting up again at full swing. Granted, I've got a load of email and coding to catch up on (or to redirect to /dev/null) when I return, but its the only thing that has kept me going this far. For me I've always returned because:

• I felt I still had unfinished business in the project (TODO lists never die)
• I felt I had invested too much time in the project to simply quit and leave it all behind
• I didn't want to leave all the users out in the cold
• etc...

It also helps to develop an attitude of *not* wanting to help people at a certain point. If people are not reading the docs and always coming to me for help, I discard their support requests. References to the docs and mailing lists must be in a dozen places, but people just don't care to try things on their own. The only way you can survive in the long run is to leave these people to their own helplessness and concentrate on what you feel is important. If you loose sight of that, you're done for. Bad attitude, I know, but a necessary evil I think.

I realize that people always say that because a project is released under the GPL that others will step in and pick it up. I tend to question this attitude. People often don't realize what they're getting into when starting or taking over a project. I would guess most developers of popular GPL packages never thought their apps would require the amount of work that they do. Besides, having a mob of coders trying to have their way at making architecture decisions never got a project very far. Its a better bet that several forks of the project will emerge, each with a small number of leaders. Remember, meetings don't become more meaningful if you add more PHBs.