OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: which monitoring do you use (on OpenBSD)

From: Jason Dixon (jasondixongroup.net)
Date: Tue Aug 10 2010 - 17:05:51 CDT


On Tue, Aug 10, 2010 at 01:11:41PM -0700, James Peltier wrote:
>
> Being as I have never used Reconnoiter or Circonus, would you care to elaborate
> as to where these products "suck less" then Nagios or other solutions? I am
> looking into replacing out very aged monitoring system now and Nagios is the one
> that seems to stand out the most, although Zabbix and Munin look good in their
> own rights.

Theo Schlossnagle (our CEO and the architect of Reconnoiter) answers it
pretty well in his talk from OSCON (requires flash, sorry).

http://omniti.com/video/noit-oscon-demo
 
In my words, Reconnoiter was designed to overcome a lot of the
performance and design problems native in Nagios and Cacti. It does a
lot of the things that either of those do, although it was designed
foremost as a highly scalable metrics collection "engine". Like Nagios,
the types of checks it can perform is virtually limitless. Unlike
Nagios, it is highly performant by design. Checks are deployed across
scout "agents" in your network, giving you both perspective and
non-persective collection points.

The web UI in Reconnoiter is adequate. One of its really nice features
is the cli console, allowing you to configure checks and metrics in an
environment familiar to Cisco admins. That said, the bread-and-butter
in Reconnoiter is the sort of graphs which you can create and recreate
with ease. Unlike trending tools like Cacti, you can easily correlate
dissimilar metrics in a single graph, with just a few clicks. Stack
sets, composite datapoints and RPN conversion of source and display
values are just a few of the other features that are easy to implement
within Reconnoiter.

> Guidance is always appreciated. :)

Reconnoiter is not for everyone. It's a very powerful system, but it's
not intended to be a drop-in replacement for other ECA/Trending systems.
It takes time and effort to get value out of it, but it offers some
Capacity Planning and Root Cause Analysis capabilities that aren't
available or usable in the alternatives.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/