greg haygood

I got Zenoss to gather messages from syslog today. Actually, I had it up a few days ago, but was having a problem that I finally resolved today. We already have a centralized syslog server in the data center using syslog-ng, so everything is hitting the monitor station. So logically it should be easy to feed the messages into Zenoss. But of course it never is. I ran into 2 problems:

I haven't yet figured out how to run custom commands/checks against monitored devices, but I did find the nice way Zenoss watches processes. You can define any string or regex to watch for, and Zenoss will use SNMP to find it in the process list. After the next modeling cycle, it will let you set triggers on the process to tell you if/when it restarts.

Today I figured out how to check the various stats that are gathered by Zenoss. Took me a little while to figure out just what it does out of the box, how to turn on the rest, and where to look to see the pretty graphs.

Zenoss announced the release of version 1.1 today. Of course there'd be a new version just 3 days after I installed it! Looks to be very easy: just download the tarball, unpack, and run install.sh. But when I tried that, it died on the version of the python setuptools on the system. The Sarge backports repository only has 0.6a9-0bpo1, while Zenoss 1.1 requires 0.6c1.

I may have finally found the perfect monitor solution for my network: Zenoss. I have been using Nagios + Cacti + Smokeping for quite a while now. It works, but it's not integrated, and for many services, I'm running 2-3 checks. Running those every 5-10 minutes generates a tremendous amount of traffic (during the last 2 weeks, the monitor station has caused 20% of all traffic crossing the primary firewall!). The closest all-in-one I'd found previously was OpenNMS, which is so difficult to really understand and manage well, and so didn't fit my needs.