BB to the latest Xymon - Input Wanted
Our organization if currently trying to decide which direction to go for our new monitoring system (Xymon, Nagios, Zabbix or other open source products). We have been using BB for several years and have found it adaquate for our needs, but it has some drawbacks that we want to rectify (graphing, snmp for routers and switches etc).
I set up a small test site some time ago with Xymon 4.2.3 and used some of our custom BB scripts with it. Everything seemed to work fine and it seems to satisfy the graphing issue one the Xymon client gets installed on the client systems. It appears, at least for now that Devmon is the best choice for SNMP with Xymon?
Part of the argument for going with Xymon is the ease in which we can use our custom BB scripts. Looking at the latest 4.3 Xymon version if appears that many of the file names have changed from the 4.2.3 version (bb-hosts, config files etc.). All that said, here are few concerns that have been brought up, any comments would be appreciated:
Can the 4.3 (future stable version) easily run our existing BB scripts. I know 4.2.3 can, but was curious about 4.3 and the file name changes. Looking at the latest BB to Xymon doc it seems that it should be ok. Just looking for comfirmation.
We like that Xymon has a nice way to monitor log files for certain events and unauthorized ports being opened, are there any issues with system performance when monitoring log files for a "lot" of events. I know a lot could mean many things, but has anyone run into performance issues?
Is Devmon still the recommended way to use SNMP with Xymon? Are there plans to incorporate SNMP into future releases? Some here want to use Cacti.
In the test 4.2.3 server system I added some hosts in the hobbits-clients.cfg file with some PROC, PORT (to look for unauthorized listeners), and LOG rules. With only a few hosts, it became apparent that this file will become huge very quickly and somewhat unruly. Is there a better way to handle this? It seems that a site with 100+ or 1000+ hosts all having an entry in the hobbits-clients.cfg on the Xymon server the file will be unmanageable. Maybe I'm not doing this correctly, since I set this test up fairly quickly?
Thanks for the input.
In <1291753910.9867.1409147123 at webmail.messagingengine.com> bb at buglecreek.com writes:
- Can the 4.3 (future stable version) easily run our existing BB scripts. I know 4.2.3 can, but was curious about 4.3 and the file name changes. Looking at the latest BB to Xymon doc it seems that it should be ok. Just looking for comfirmation.
The intention certainly is to try not to break BB scripts. So if something breaks I will certainly look at fixing it, unless the script is so heavily dependant on BB stuff that it will be really difficult to support (but in that case it probably wouldn't work with the older Hobbit versions).
So the bottom line is: If it works with 4.2.3, then it should also work with 4.3.0. Only requirement is that you use the upgrade-script to setup all of the symlinks so the old filenames are still available.
- We like that Xymon has a nice way to monitor log files for certain events and unauthorized ports being opened, are there any issues with system performance when monitoring log files for a "lot" of events. I know a lot could mean many things, but has anyone run into performance issues?
The problem I've seen is that log files can be huge, and even though the Xymon client only transfers the last 30 minutes of logentries this can be quite a hefty chunk of data to send across the net every 5 minutes. Not to mention that it is stored in RAM on the Xymon server. This can usually be remedied with some aggressive filtering in the client-local.cfg file.
- Is Devmon still the recommended way to use SNMP with Xymon? Are there plans to incorporate SNMP into future releases? Some here want to use Cacti.
Devmon is a very capably solution for monitoring of SNMP devices. It is the recommended solution for this, and probably will be for quite some time.
- In the test 4.2.3 server system I added some hosts in the hobbits-clients.cfg file with some PROC, PORT (to look for unauthorized listeners), and LOG rules. With only a few hosts, it became apparent that this file will become huge very quickly and somewhat unruly. Is there a better way to handle this? It seems that a site with 100+ or 1000+ hosts all having an entry in the hobbits-clients.cfg on the Xymon server the file will be unmanageable. Maybe I'm not doing this correctly, since I set this test up fairly quickly?
You need to look into the "include" and "directory" statements in hobbit-clients.cfg (now: analysis.cfg). My current setup has about 500 hosts configured in hobbit-clients.cfg, but that file only has a directory /etc/hobbit/clients.d line, and then the actual configuration is kept in a number of files located in that directory. This makes it easy to manage even a large number of files, since you can split the configuration into logical chunks.
The same technique can be used for all of the other Xymon configuration files, by the way.
Regards, Henrik
participants (2)
-
bb@buglecreek.com
-
henrik@hswn.dk