SNMP & Syslog

D'Agger · 11-11-2014 12:34pm #1

Hi all,

I'm in the middle of doing a server overview and part of this is setting up SNMP monitoring.

I'm just looking to get a discussion going on what people are using and how the have it setup for their own business needs.

As it stands I have two SNMP servers setup for test - Nagios & Observium. I'm finding Observium much easier to use and navigate around than Nagios, however I constantly hear that Nagios is the better tool - perhaps somebody could suggest some changes that make Nagios better, if so I'd appreciate it.

I've also been looking into Logging software as part of our IS framework implementation. I'm looking at Splunk but I'm aware of two things:

1) It's free but logs are capped at 500mb per day
2) It capable of pulling in an outrageous amount of data/logs

I'm looking to test Splunk at home on my home environment but if anybody has any experience with the software and how you can tweak it to show you exactly what you want - I'd appreciate it. My concern is that I'll end up pulling in data I don't need that will use up my daily 500mb, along with this - my worry is not knowing what to do with the logs or how to interpret them.

To that end - does anybody have any how-to articles or advice with regard to setting up server logging & Observium/Nagios

Kinet1c · 11-11-2014 5:34pm

Splunk is awesome if it's setup correctly. For best performance it'll need to have the logs written to the hddon the server as opposed to a virtual disk or San. We use it in work (24/7, high transaction volume business) and it's great at pinpointing exactly when the breakage has begun.

On phone so no links to nagios stuff but will try get some for you later.

D'Agger · 11-11-2014 5:42pm

Kinet1c wrote: »

Splunk is awesome if it's setup correctly. For best performance it'll need to have the logs written to the hddon the server as opposed to a virtual disk or San. We use it in work (24/7, high transaction volume business) and it's great at pinpointing exactly when the breakage has begun.

On phone so no links to nagios stuff but will try get some for you later.

That'd be great cheers Kinet1c

Part of my wondering about Splunk is down to the fact that our business isn't high volume, monitoring websites, storage constantly.

I want to use it for pinpointing of critical logs on servers that might be having issues. I'm wondering if it'll be overkill or can it be tailored down so to speak, for my minimal needs.

Splunk seems to be a ferrari when all I need is a bike to pop to the shops

Deliverance XXV · 16-11-2014 12:31am

Worst thing I've found is the docs for some of the free products are really poor.

Currently trialling out PRTG (10 free sensors) and it is really impressive with very little effort/configuration required. You can have it autodiscover sensors (CPU, Memory, HDD, ping, jitter, uptime, traffic, etc) but if you are scanning a large LAN then results can be huge. I have it set up to primarily monitor traffic from various sources. It takes a small bit of effort to get to grips with the UI but after a while it works well. If you have a decent budget for this then PRTG will work well.

Kinet1c · 16-11-2014 1:07am

D'Agger wrote: »

That'd be great cheers Kinet1c

Part of my wondering about Splunk is down to the fact that our business isn't high volume, monitoring websites, storage constantly.

I want to use it for pinpointing of critical logs on servers that might be having issues. I'm wondering if it'll be overkill or can it be tailored down so to speak, for my minimal needs.

Splunk seems to be a ferrari when all I need is a bike to pop to the shops

Sorry meant to get back to you, deadlines have kept me away.

Are you talking about 10s, 100s or 1000s of servers? We're at 1000s of servers and get good use out of it for the production stack. An alternative to splunk is loggly but pumping your logs to the cloud may be a pain and possibly against corporate/industry policy.

Can't find the guide I used in my nagios lab originally but this these seem to be pretty decent: http://xmodulo.com/install-configure-nagios-linux.html and http://www.unixmen.com/install-and-configure-nagios-in-centos-6-4-rhel-6-4/

D'Agger · 19-11-2014 5:04pm

Cheers man.

Currently we have under 200 servers - mixed between physical and virtual

Splunk is absolutely overkill based on looking at it a bit closer. However, I've taken a look at setting up an ELK stack i.e. Logstash, elasticsearch and kibana on a dedicated server i.e. not pumping logs to the cloud.

There seems to be plenty of documentation on it online so looking into it more and more. Will most likely try this on a Ubuntu server - certainly cheaper and Kibana looks lovely!

D'Agger · 27-01-2015 1:46pm

Hey all, just giving this a bump as I've finally gotten around to setting time aside for SNMP checkups and properly configuring a solution to use full time.

Does anybody have any documentation worth sharing on Observium?

I'm trying to update the login screen to have a company logo rather than the rodent/weird logo at the current login screen, additionally I'm looking into the map and how to change it to one for IRL with server locations showing up on it rather than the default map of the world, where Ireland is tiny.

Will give Nagios a look over too if Observium is taking too much time to configure, so to that end, anybody with tips for setting up Nagios would be welcome

SNMP & Syslog

Comments