(More) Intelligent Network Monitors?

Genady asks: "Maybe I'm getting old. I've been looking around lately at all the little scripts I've created to watch log files, drive space, web pages, general SysAdmin stuff really. It's really a mis-mash of stuff I've written and aquired over the years. I've used the higher end enterprise management frameworks, as well as lower end apps like NetSaint. My problem with these has always been lack of intelligence. Does anyone know of a project to do monitoring/alerting coupled with some artificial intelligence that can learn that I don't care about particular servers after a certain time of day?"

Silver Bullet

[Lando]

Sounds as if your looking for a silver bullet, probably won't find one... Monitoring takes a lot of work to refine your criteria.

There are open source programs that to a bit, but personally one of the best programs I found when I was in the business was ACE-SNMP, it's been sold back to the original developer and can now be found at http://www.snmx.com/Download/

I'm not sure of the pricing and other restrictions, enterprise license and all, but I believe he was trying to market it to general customers as well.

Re:Silver Bullet

[DSL-Admin]

I know where you can find a program like that... It's called College Graduate v.2.0.0.2, this program is fresh off the board, while not as intelligent as a skilled Admin, it is crammed full of book information, ready and eager to work for peanuts, and it already doesn't have a life, so making it work 24x7 isn't a new thing. This program can't wait to be given a 24hr Pgr and alert status so it can brag to the other McDonalds burger flipping programs.. For more information, check out your local IT College today, and jump on board.

Re:Silver Bullet

[DSL-Admin]

Ok, I seem to be getting comments from friends that didn't get the joke.. What it means is, for him to go hire some new college grad to help him out and make him think he's got a lot of importance other than just being a watchdog.. No offense to the original post. I actually would like a more intelligent monitor software... sorry for the misunderstanding

Net Monitor

[Bernaps]

Big Brother is an excelent Software for this. Can be found at www.bb4.com [bb4.com] and lots of extension are found at www.deadcat.net [deadcat.net]

Re:

[account_deleted]

Comment removed based on user account deletion

obvious:

[Noodlenose]

C3PO: he's charming, intelligent, can speak over a million languages and converter dialects...

Offtopic?

[hackwrench]

What? Are you saying that C3PO can't serve as a intellegent network monitor? Have you seen the specs for that thing?

that sounds dangerous

[iosphere]

Having a software package determine for me what servers aren't worth my attention after a certain time seems a little risky to me. I'd much rather explicitly tell a piece of software not to bug me in the middle of the night if such-and-such goes down than have it try to guess whether I should be bothered.

Nagios [nagios.org] has been working perfect for me. Tell it that you don't care if the porn site you host on your employers' equiptment goes down between the hours of 1am and 7am and it'll leave you alone till then. I've also heard good things about Big Brother [bb4.com], but haven't tried it.

Re:that sounds dangerous

[grammar nazi]

"Does anyone know of a project to do monitoring/alerting coupled with some artificial intelligence that can learn that I don't care about particular servers after a certain time of day?"

What about crond? It comes installed on most systems and if integrated with your scripts, it will work wonders.

OpenNMS

[LarryRiedel]

OpenNMS [opennms.org] has some pretty good builtin functionality, and tries to make it easy to plugin more intelligence.

Larry

nagios

[ninjaz]

Nagios [nagios.org], which is the continuation of netsaint, requires you to specify in the host definition the time periods for which you want notification. Eg., you can have a period called 24x7, which is always, or officehours, which is only 8-5 Monday-Friday, etc.

No artificial intelligence or learning is involved in the system, but just specifying it does get the job done (and probably in a more straightforward and predicatable way than a neural network or somesuch).

You're required to specify hours for contacts, as well. Eg., the on-call pager only gets messages outside of office hours, individual sysadmin pagers only get messages during office hours, etc. The contact settings are broken down by host and service, too, so, for instance, you can have it so the Oracle DBA won't get a page when a host goes down, but the unix admin will.

I've only been using nagios for a few weeks, but I've been really impressed with it. All the shortcomings I saw with other monitoring systems are fixed. The dependencies keep me from getting 20 pages when a router goes down. check_by_ssh allows me to have an individual key for each thing I want to check on a host (such as load), without running any additional daemons - and without giving the monitoring system a shell on the system. Events allow me to get information from the time of the alert - such as by running top on a host with high load, or traceroute for an abnormally high ping response time. Scheduled maintenence windows allow me to simply visit a web page, and set a maintenance time for something, and all the alarms don't go off during maintenance.

Inheritance in the template-based configuration files allows you to specify all the basics for a host or service in a single place, too, so you only need a few lines to specify the actual host or service to be checked. Since the host names can be separated by commas in the definition, it doesn't take lots of repetition for a number of similar machines.

In other words, I wouldn't call it low-end any more. :)

AI training pain

[SEWilco]

" No artificial intelligence or learning is involved in the system, but just specifying it does get the job done (and probably in a more straightforward and predictable way than a neural network or somesuch)."

Defining such rules is probably a lot easier than having to simulate or live through thousands of failures of each subsystem just so you can train the AIs.

Re:AI training pain

[Jeppe Salvesen]

Another property of Neural Nets and Genetic Algorithms is that the end user don't fully understand "why" something happened. In credit card fraud detection, there is now a shift towards rule based technology. Sure, the Neural Net flags a lot of suspicious transactions, but you gotta be a veritable Sherlock Holmes to figure out why. Same probably applies or will apply to a lot of AI applications. Throwing technology at a problem is not enough - it should be the right technology.

Start sharing _YOUR_ scripts!

[Gruturo]

I also keep writing tons of little shell scripts, I also recently built a little, ugly-but-reliable monitoring system which alerts me should a box go down in the middle of the night. I'm also try coding a few dependencies and hierarchical relations into it (if the nearest router goes down, don't complain about stuff past it, it'll obviously be unreachable too)

Maybe you already wrote that 2 years ago!
Why don't we start making available the stuff we've already done?

Anyway, a bit of karma whoring for meeee tooo :-)
Have a look at mon [kernel.org], a nice package directly off kernel.org, which is sooo nice that I'm actually scrapping my script in favour of it!

Shameless Plug JFFNMS

[szysz]

You could try JFFNMS [sourceforge.net] Just for Fun Network Management System

If the feature you want it's not there yet, you can create it easily.

Someone bored today? give it a try : )

Compaq Insight Manager

[Drakino]

Compaq Insight Manager allows you to set times of day for different pagers/e-mail addresses, allowing you to either ignore problems at night, or have a second/third(and so on) admin set up.

CIM can be integrated into non CPQ enviornments as well, though it takes a bit of work. It's all free though (as in beer, not speech).

Spong!

[mwr]

Spong [sf.net] (demo) [monsters.org] works for me. Runs on pretty well any Perl 5 installation, some support for NT, and it's reasonably easy to extend.

Oh, and the degree of customization possible on "who gets notified about which services on which machines at what time, and at what severity" is truly mind-boggling. Or perhaps I boggle easily.

Freshwater

[Scaba]

I'm not sure it's exactly what you're looking for, but you could check out SiteScope [freshwater.com].

They are out there, for a price.

[FreeLinux]

You say that you have used some of the larger enterprise frame works but, you don't mention which ones. If you have a large, very large budget, I would recommend you look at Unicenter TNG [ca.com] from Computer Associates [ca.com].

Unicenter TNG is an Enterprise Management System, which is different than a network management system. Unicenter TNG allows you to monitor, control and automatically respond to events in your enterprise from a failed router to a single process that is about to have difficulty. It is infinitely configurable to manage and respond to events in very intelligent and or complex manners. It has agents called Neugents that actually learn from events in your environment and become increasingly intelligent, ultimately able to predict failures and when they will occur, well in advance of the actual failure. These events can then be responded to automatically, which prevents the failure from actually occuring.

Unicenter TNG can manage almost anything, literally. It can monitor logs or other files, manage hardware, manage protocols, backups, authentication, virus control, security and firewalls, manage databases or individual processes, or even manage complex business processes and jobs across the enterprise. It operates on a very wide range of platforms and can schedule and control individual jobs across all of those platforms.

Having said all that, CA also offers, for free, the Unicenter TNG Framework [ca.com]. This is the core processing engine of Unicenter but without the agents or options. It runs on most any platform and a Linux version is available. In fact, it use to come with the Suse distro, though I am not certain that it still does. With a fair bit of work and if you write a few of your own agents (the agent SDK is also free) you could give your scripts a level of intelligence that is just amazing.

Re:They are out there, for a price.

[Anonymous Coward]

I wouldn't use TNG ... we tried it at work, to replace monitoring based on shell scripts etc, it was unreliable, put a high load on the system compared with other monitoring packages, (even when just using basic functionality), and caused more problems than it picked up, (This is on AIX, HPUX and NT). We are currently in the process of removing it off of our servers...

Netcool - not OSS

[Anonymous Coward]

Netcool [micromuse.com] does a lot of what you describe. It is often used to correlate events received by a framework such as HP OpenView. It can probe everything from SNMP devices to telephone switches. It takes a while to set up and tune, but then it is easy to maintain. It also costs mucho dinero.

MON?

[Roadmaster]

Maybe you've already tried mon [kernel.org], but except for the "learning" part, it's pretty smart about when to send an alert and when to keep it to itself (according to what you've defined in the config file), plus it has a nice interface for acknowledging and disabling watches, and can be interfaced to just about anything; I bet all your little scripts can be integrated into mon's monitor/alert system with little work. Right now, mon alerts me when servers stop responding, when the router's interfaces are down, or when there's a power failure. All the alerts are sent by e-mail , however, it also pages me if the power fails AND if it's earlier than 11 PM (don't want it to wake me up).

Also, since the config file is pretty easy and can use M4 to define time periods and addresses to send alerts to, I guess it wouldn't be so hard to write some kind of thingy to update M4 definitions according to its own observations of what you give a damn (or not) about.

Demarc PureSecure

[PsndCsrV]

Demarc PureSecure [demarc.com] was one software suite I looked at about a year ago. It's free for personal use, fee for commercial use. I'm not sure how their prices compare to other software packages, but it would be worth looking at. It's being marketed as a Total Intrusion Detection System, and monitors Snort logs, log files, disk space/usage, open ports, and more.

Re:Demarc PureSecure

[checkitout]

Yeah, I've been using PureSecure at home and at work for quite a while. The screenshots [demarc.com] are what really peaked my interest, and being able to actually test it before buying it sold my manager on it. I've worked with a lot of IDS systems/front ends, and their's is by far the nicest. When I tried the older one it was kinda a chore to install, but the newest one has a badass installer that made things a snap. Not exactly Artificial Intelligence tho.

BMC Patrol

[rerunn]

Expensive, clunky, hard to learn but once you have it setup and config'd properly, it works really good. They have KM (knowledge modules) for just about every platform and application.

Try here:

• http://www.bmc.com/products/proddocview/0,2832,1 9052_19429_23143_7113,00.html