On Thu, Aug 21, 2008 at 10:35 PM, Les Mikesell <lesmikesell@xxxxxxxxx> wrote: > Adam Hough wrote: > >> My only beef with OpenNMS is that it is a polling type monitoring >> system which is fine for say network gear but I would rather have a >> client/server setup for servers that I want to monitor. > > Polling is the best way to know if a service is actually working, but > OpenNMS also listens for SNMP traps, syslog messages, or xmlrpc events if > you want to send things to it. So I have seen polling systems fail to properly diagnose a s system(s) when said system(s) would be under very heavy load (like say a process using almost all available resources) but the they system was just to slow to actually respond to the poll request. The monitoring system (Nagios) would mark the system as just down. With a client/server system it gives you a better chance of figuring out that you are running out of memory then the polling system. > >> OpenNMS from >> >> what I can tell still does not give me the flexibility that I want or >> need that I get from other system such as Hobbit (BB) or Nagios. > > Example? Stock SNMP will report most of the usual stuff (interface > bandwidth/errors, memory/disk/cpu use, etc.) and there are ways to extend it > to other values. But when I was using Big Brother as a monitoring server we were able to easily right scripts to extend information that was reported to the monitoring server. We were able to use to scripts to moniter database operations for some of our users so they would know how many and what ones were running. We were able to use the monitor to look for hardware problems (AIX/pseries) and dump the log of the hardware reporting to the monitoring server. We were able to monitor when backups were running on the system and if they have been running for an unusually long time. See below as I have never tried to configure SNMP other then to get the basic system information, but I think it would be much harder to setup SNMP to do some of those tasks then just having to write a simple script in bash, korn, perl, or python. > >> Though I will admit I had not know all that much about snmp other then >> to make sure that it is turned off on systems I install to give bots >> one less attack point if they make it past my iptable rules in some >> manner. > > Don't turn read access off, just use a hard-to-guess community string. > Usually you would block inbound access at your internet firewalls anyway. My machines live on a university network which are notoriously unsafe. Further more since I deal with systems devoted to research so I have to allow (ssh) access to the machines from from other universities all over the world. I cannot trust my public networks and can only trust my non-routeable networks to the extent that no user has used a easy to guess password. Coupled with the fact that SNMP had a history of security issues though with SNMPv3 they have actually added security from what I have read. Running SNMP just seems like an unnecessary risk when you can have your monitored systems pushing data to the monitor server(s) and just have to secure the monitor server(s). > > -- > Les Mikesell > lesmikesell@xxxxxxxxx > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list