Deel 1: (Open source) Monitoring tools in alle maten en gewichten [18:00 tot 19:30]
In deze sessie probeert Jan Guldentops op basis van zijn 20 jaar ervaring uit te leggen wat een monitoring oplossing in theorie zou moeten kunnen, waar u het kan toepassen en waar u moet op letten bij de selectie van een monitoring oplossing.
We overlopen de verschillende oplossingen op de markt ( open source, close source, hosted services, etc.) Daarna gaan we dieper in op de open source nagios oplossing en hoe wij bij BA deze geintegreerd hebben in ons eigen monitoringsysteem. Daarna geven we een korte demo van dit monitoringsysteem in een aantal verschillende omgevingen en hoe ver u kan gaan in het naar uw hand zetten van de oplossing.
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Proactive monitoring tools or services - Open Source
1. Proactieve Monitoring
Open ICT infrastructuur monitoring solutions
Gentbrugge, 22 october 2014
Jan Guldentops ( j@ba.be )
BA N.V. ( http://www.ba.be )
2. Who am I?
● Jan Guldentops (° 1973)
● Historian by education, ICT Infrastructure builder by vocation,
Security guy by accident
● Open Source fundamentalist after houres (LPI, RHCE, RHCSA,
VSP, VTSP, ...)
● Focus on planning, building, security and maintening network,
storage,server and cloud infrastructures
● Hands on guy with 20 years of practical experience
– Testlab
– MacGuyver Projects
● Founding Partner of Better access (°1996) and BA (°2003)
5. Why monitor ?
● Permanently keeping an eye on all aspects of your infrastructure
● network, storage, security, servers, applications, power, etc.
● Seeing the status questionis in one blink of the eye
● being able to alert the right people in case of problems
● Work proactively
● Detecting problems before they become critical
● knowing somethings wrong before the phone rings...
● Historical reporting
● knowing when, where and what problems arrive can help you locate typical
problems and resolve them
● Did we keep our SLA ? Did our supplier keep his SLA ?
● The numbers tell the tale ! ( Meten is weten / Le mètre à ruban )
6. Lots of monitoring solutions
Open Source
Netsaint, Big Brother, OpenNms
Nagios / Icinga
Commercial Open Source
Zabbix, Centreon, Groundworks
Closed source solutions
PRTG, Whatsupgold, Intermapper
Scom ( Yes even Microsoft enters this space!)
“Enterprise”
HP, Tivoli, BMC, Netiq, etc.
Cloud oplossingen aka Monitoring as a service
Cloudprovider, Telco, etc.
9. Why nagios ?
● OPEN !!!!!!!!
● Mature: almost 12 years of development went into it
● It has a big, living community and ecosystem
● Nagiosexchange
● Nagios plugin community
● Easy to adapt to specialized needs and monitoring possibilities
● e.g. I have a customer who uses it to monitor all the aspects of his automated
carwash setup.
● It scales to pretty big infrastructures
● Multi monitoring nodes
● Failover, etc.
● Last but not least: it works !
10. Problem with nagios ?
● Nagios is like linux -> Everybody can built his own version of it
● Core Nagios ( version 2.0 or 3.0 )
● Enterprise version : Nagios XI
● Open Monitoring Distribution / Check_mk
● Groundwork
● Op5
● Centreon
● Forking: ICINGA
● Big collection of loose development / packages
● Steep learning curve
11. BA Monitoring Distro
● BA decided to standardise to our own distro
● 100% open source
● Delivered as a physical or virtual appliance
(Ready2run)
● Treasure chest of all the available tools, checks,
templates, example configs
● Based on Check_MK / OMD
● Updatable / supportable
16. Checks : analysing central
logfiles
● Logging all system messages to a central
syslog
● Analyse the logfiles and create alerts
● custom scripts
● Look for anomalies
● Splunk...
● Check backuplogs
● Etc.
17. Checks : virtual machines
● Compatible with most virtualisation products
● Can monitor the vms through
– hypervisor / vcenter
● SNMP
● Same way as you check bare metal servers :
– Check_mk
– Nrpe / NCSA
– Remote ssh
18. Checks: services
● Check if a service is still running
● Through check plugins
● There are quite a number of checks available
● Use the community : http://nagiosplugins.org
● Write them yourself in perl, python or another
interpreter language
19. Checks: Infrastructure
● Power / UPS
● SNMP
● Serial cable
● custom software from supplier
● Environmental: Temperature / humidity-sensors
● Lots of check sensors available
● Work usually by SNMP
● Videosecurity
● Access control systems
20. Checks: special projects
● Security: Hostbased IDS
● Scans of your network and the connected hosts
( NMAP / MACtable / etc. )
● What's new in the network ?
● Spam blacklist check
● Check certificates
● Rogue snapshot check
● Licentiemanagement
21. Visualisation
● DASHBOARD
● Techies and non-techies
● Webinterface
● Mobile
– Mobile HTML5
– Jnag mobile apps for Android, Iphone, Ipad
● Nagvis
– allows you to project status on custom images
– Full customization possible!
27. Alarming
● Once something goes wrong you want to alert the right people
● Alertgroups
● Alertgroups can be combined with the right timings
● Alerts can be given by :
● E-mail
● SMS
● Semadigit
● Social media ( twitter )
● Jabber ( Instant Messaging )
● RSS
● Special stuff :
● Integrate in ticketingsystem
● webservices
● hardware ( IO, lights, etc. )
● Automated stuff ( run scripts )
28. Reporting
● Historical data of what happened
● Every checks has a status than can be kept
for later analysis
● Can be used for :
● SLA
● Resource planning
● Troubleshooting
29. Use it as a tool
● Modus operandi :
● Acknowledge problems
● Shedule downtime
● Put the right relations between monitored entities
● Don't alert for everything and all the time !
● Integrate with other tools :
● Ticketingsystem
– OTRS, Omnitracker, Topdesk ( Work-in-progres)
● Dispatch
● Integrate documentation systems
● Inventory
30. Monitoring isn't always right
● Check is only so intelligent as you make it!
● False positives or negatives
● Problems with :
● Network Latency
● Load on the monitoringserver
● Load on the monitored appliance
● Monitoring infrastructure is a great target for
hackers!
31. New possibilities
● SIEM – Security Incident and Event Management
● Aanval integration with Nagios is under development
● Devops
● DevOps is the practice of operations and development engineers
participating together in the entire service lifecycle, from design
through the development process to production support.
● DevOps is also characterized by operations staff making use many
of the same techniques as developers for their systems work.
● Application Performance Monitoring
● Automonitoring
● Automagically privisioning monitoring in yiour systems