[nycbug-talk] Nagios or...?
Charles Sprickman
spork at bway.net
Mon Jun 2 23:04:50 EDT 2008
I shall top-post my reply to myself...
Short story:
-ZenOSS looks interesting, I may keep it around and slowly populate it
with more devices and services and see if it grows on me.
-Nagios 3 seems like it will be much quicker to setup and I don't have to
fiddle with any custom plugins I've created (temperature sensors for the
$35 sensor kits, UPS status, various snmp-y router things). I can re-use
more of the existing config than I thought.
Long story:
I'm always a little bit leery about any open source projects that have
both a free/"community" edition as well as a paid/"enterprise" edition. I
understand people have to eat and all, but I'm just not comfortable with
it unless the project is really well-established. ZenOSS does look good
and it's more advanced than Nagios. The web-driven config might drive me
batty, but I'm not sure that's the only way to configure it - the manual
is huge and I've only been hunting through there briefly.
ZenOSS is also terribly Linux-biased; just installing it on FreeBSD is
more of a pain in the ass than is necessary. They bundle in their own
dependencies (Python, mysql libs, graphics libs, rrdtool, the whole mess)
and build those. To build on FreeBSD (and likely other things non-linux)
you have to let the lengthy build process bomb and then google for errors
and find really old posts from other *BSD users pointing out bad linker
flags, including the wrong headers, etc. - these answers are generally in
their own forums, but some of the answers sit there for release after
release and only get integrated into FAQs but not fixed in the actual
software. The monitoring also omits all *BSDs but does of course include
Windows and even Solaris hosts (ie: presets for various snmp items, power
management stuff, etc.).
As I said, I will continue to fiddle with it and see what I come up with -
it will take a long time to replicate what I should be able to do with
nagios with an hour here or there.
Nagios 3 still looks very much like Nagios 1. Same web interface, but it
seems like the config model has gotten better and even easier to script.
There still seems to be talk of replacing the cgi's with php at some point
in the future. I like that not because I'm a huge fan of php, but because
I know enough of it to be able to hack it up - something I can't do with
cgi's written in C. No graphing built-in, but I'm just starting to figure
out which of the add-on packages is most apropos. The only thing I'm
currently after with graphing is to have something to refer to after some
event - being able to look at trends is always very helpful when
troubleshooting. Of course ZenOSS does have very nice graphing out of the
box.
That's about it... One other thing I'd like to share is how I setup a
test environment for this stuff. Everything I monitor is pretty well
locked-down with host-based firewalls. I did not want to put ZenOSS nor a
newer Nagios on the same host that's currently monitoring everything -
cleaning up dependencies that were installed for testing, trying to get
two different versions of Nagios working side-by-side, and the general
confusion that could ensue was not something I wanted to deal with. I
also didn't want to start changing cisco access-lists and firewall rules
on a bunch of hosts to allow another host in for monitoring. Solution
(yo, Ike!): Jails!
I put a jail on my monitoring host and installed both new packages there.
That solved all the above problems. The jail is NAT'd, so requests from
the jail appear to come from the utility box. The jail environment is
clean so I can keep track of what exactly has been installed and there's
no conflicts with existing software. Here's just a few snippets of the pf
rules to make the NAT magic happen:
# 192.168.2.1 is the jail IP
# test jail nat
nat on $ext_if inet proto { tcp, udp, icmp } from 192.168.2.1/32 to any ->
x.x.x.x # ext. IP
# two redirects to get to ZenOSS and Nagios web interfaces
rdr on $ext_if proto tcp from any to x.x.x.x port 8080 ->
192.168.2.1 port 8080
rdr on $ext_if proto tcp from any to x.x.x.x port 8090 ->
192.168.2.1 port 80
# rules to allow the redirected traffic
pass in quick on $ext_if proto tcp from <admin> to any port 8080 flags
S/SA keep state
pass in quick on $ext_if proto tcp from <admin> to any port 8090 flags
S/SA keep state
Quick and dirty, but it works.
Thanks again for all the input!
Charles
On Wed, 28 May 2008, Charles Sprickman wrote:
> Hi all,
>
> I've still got some old (1.x) Nagios installs that basically work, but
> have become a bit quirky. I started looking for info on upgrading and it
> seems like the easiest path they've got is to start from scratch on the
> new version. Since even that is a fair bit of work, I'm wondering what
> else is out there that's comparable.
>
> Quite some time ago I installed Zabbix and it was a good example of what I
> do not want. It was pretty much web-only config which was an extremely
> inefficient way to enter more than a handful of devices.
>
> Something that would integrate graphing of some monitored items, ability
> to export usage stats on some monitored services to billing, and some
> pre-made/clonable templates for common devices/services would be my
> pie in the sky solution. :)
>
> Thanks,
>
> Charles
>
> ___
> Charles Sprickman
> NetEng/SysAdmin
> Bway.net - New York's Best Internet - www.bway.net
> spork at bway.net - 212.655.9344
>
> _______________________________________________
> talk mailing list
> talk at lists.nycbug.org
> http://lists.nycbug.org/mailman/listinfo/talk
>
More information about the talk
mailing list