Loading ...
Sorry, an error occurred while loading the content.

19363Re: [ttlug] Its alive.

Expand Messages
  • Stephen Sankarsingh
    Jun 5, 2013
    • 0 Attachment
      I only ever read the first line of an email but I went back and read the
      other lines after my last response and realized that I missed most of your
      concerns. See rest of replies below please.


      On Wed, Jun 5, 2013 at 3:46 PM, Falina Baksh <bakshfalina@...> wrote:

      > **
      >
      >
      > Spunk is actually sounding quite decent for log analysis.
      >
      > Currently I have my Cisco devices reporting to a syslog server and I was
      > considering writing some reporting scripts for email alerts, however if i
      > can have something to do this out if box that would be more sustainable in
      > my absence.
      >
      > The syslog server would eventually be responsible for logging from all of
      > the servers in the infrastructure.
      >
      > Correction: The Splunk server would eventually be responsible for logging
      from all of the servers in the infrastructure.


      > All of the existing servers that I met here are windows based, I only
      > brought up a second Linux server this week so it will be a high learning
      > curve for the other staff.
      >
      > There's a syslog server for windows, never used it for anything but if you
      have Windows servers you can:
      http://www.kiwisyslog.com/products/kiwi-syslog-server/product-overview.aspx
      Alternatively, Splunk can handle EventViewer logs, not sure how it does it
      since I never had to deal with that problem.
      http://docs.splunk.com/Documentation/Splunk/5.0.2/Data/MonitorWindowsdata



      > My backup plan if I fail to find an existing "wheel" for easy
      > administration is to write a php frontend along the lines of webmin for
      > easy configuration of any scripts and config files that need to work with,
      > not really looking forward to that though.
      >
      Above my head, I'm no programmer and am limited to simple scripting.


      > I really hate implementing things that don't get used or fall off the
      > wagon once I step away from a project, I'm trying to avoid that as much as
      > possible.
      >
      I used to have time for that before :(


      > Sent from my iPhone
      >
      >
      > On Jun 5, 2013, at 3:12 PM, Stephen Sankarsingh <stephentnt@...>
      > wrote:
      >
      > > Cacti is easier to configure than MRTG, though I still wouldn't consider
      > it
      > > n00b friendly. It's rock solid though and I had a server running it for
      > > many years without any issues. The main thing it's missing is alerts, I
      > > have a feeling that integrated with Zabbix you wouldn't have that
      > problem.
      > > If you're familiar with Nagios and are looking for cacti-like
      > functionality
      > > then Zabbix is looking good. If you're looking for management friendly
      > > reports then Splunk does that. I have never had to draw graphs or pie
      > > charts etc with Splunk but I know the functionality is there. With the
      > > commercial version you can define roles and allow only certain people to
      > > view, create or edit searches/reports/alerts etc. With the free version
      > any
      > > reports/searches/alerts you create will be viewable and editable etc by
      > > anyone who has access to Splunk's interface.
      > >
      > > Splunk is like google for text files, you can create searches that look
      > for
      > > key words or even entire transactions and make alerts/reports out of
      > those.
      > > It's agnostic too and doesn't really care where the log comes from. You
      > can
      > > "teach" it to understand new log formats so that it understands the logs
      > in
      > > your custom application whereas most others can only understand logs
      > > created by a known application such as syslog or secure or messages or
      > > eventlog etc.
      > >
      > > A lot of the stuff Splunk does you can probably do with some combination
      > of
      > > awk, grep and sed but your n00bs wouldn't know how to do that right? If
      > you
      > > had to teach a new person about all the scripts you wrote to do what
      > Splunk
      > > does in a search bar you would be wasting a lot of time and effort. If
      > you
      > > had to go back and make changes to your scripts so that it does something
      > > slightly different you would also be wasting time.
      > >
      > > Splunk is sexy. If I wore panties, I would throw them at Splunk!
      > >
      > >
      > >
      > >
      > > On Wed, Jun 5, 2013 at 2:38 PM, Falina Baksh <bakshfalina@...>
      > wrote:
      > >
      > >> **
      >
      > >>
      > >>
      > >> I used nagios in the past for host and service monitoring and it works
      > >> quite well, but I would like to setup something that's easy for anti-cli
      > >> n00b co-workers to configure and add devices to use when I'm not around
      > and
      > >> not have to hear the "I don't really know how to use that / it's not
      > >> working" excuses and a little less hair pulling for extracting reports
      > in a
      > >> management friendly format.
      > >>
      > >> Mrtg worked perfectly as well for bandwidth graphing but again
      > >> configuration isn't n00b friendly.
      > >>
      > >> Ideally I'm looking for something that could be easily administered,
      > cacti
      > >> is looking good but I've been hearing a lot about zabbix as well.
      > >>
      > >> Thanks,
      > >>
      > >> Falina
      > >>
      > >> Sent from my iPhone
      > >>
      > >> On Jun 5, 2013, at 11:32 AM, Stephen Sankarsingh <stephentnt@...>
      > >> wrote:
      > >>
      > >>> What kind of monitoring?
      > >>>
      > >>> You have Nagios for services, people tend to like it but I don't.
      > Splunk
      > >>> for any type of text log file and Cacti for bandwidth. Splunk is best
      > of
      > >>> class imo, and they have a free version if you don't mind not being
      > able
      > >> to
      > >>> set a password and being limited to 500MB uncompressed data. Splunk is
      > so
      > >>> awesome that it makes logging/alerting fun. You can create your own
      > >> custom
      > >>> logs out of the real logs with a script then feed that into Splunk so
      > >> that
      > >>> you stay within the 500MB limit. I have over 40 devices sending logs in
      > >> one
      > >>> form or another to Splunk on a server which is under specced for the
      > role
      > >>> and am not close to the 500MB/day limit. If someone logs into my
      > >> firewall,
      > >>> or one of my databases experiences an error level event or a new file
      > >>> appears on my sftp server or a file system somewhere is above a
      > >> particular
      > >>> threshold I will know in under 2 minutes. Splunk makes logging and
      > >> alerting
      > >>> proactive instead of reactive. All sysadmins should be using it.
      > >>>
      > >>>
      > >>> On Wed, Jun 5, 2013 at 11:13 AM, Falina Baksh <bakshfalina@...>
      > >> wrote:
      > >>>
      > >>>> **
      > >>
      > >>>>
      > >>>>
      > >>>> Fabric sounds interesting, will check it out.
      > >>>>
      > >>>> What do you guys favor for monitoring?
      > >>>>
      > >>>> I'm feeling like stepping away from nagios and trying some of the
      > other
      > >>>> tools e.g zabbix claims to do give you nagios+mrtg in one package.
      > >>>>
      > >>>> Rgds,
      > >>>> Falina
      > >>>>
      > >>>> Sent from my iPhone
      > >>>>
      > >>>> On Jun 4, 2013, at 12:29 PM, Stephen Sankarsingh <
      > stephentnt@...>
      > >>>> wrote:
      > >>>>
      > >>>>> Sucks when all you guys talk about is Linux desktops and the desktop
      > >>>> sucks
      > >>>>> so hard. Any interesting applications? Recently, I've been using
      > >>>> something
      > >>>>> called Fabric. Fabric + ssh-keys allows you to run commands on remote
      > >>>>> servers from your local machine. I've used it to start consolidating
      > my
      > >>>>> sysadmin and (sql) reporting scripts. This way all my scripts and
      > crons
      > >>>> are
      > >>>>> on a single server instead of spread out across 2-3 dozen servers.
      > >> Makes
      > >>>>> for some kickass automation options leaving you with more time to do
      > >>>>> nothing :)
      > >>>>>
      > >>>>> Doing nothing should be every sysadmin's goal.
      > >>>>>
      > >>>>> /Stephen
      > >>>>>
      > >>>>> On Tue, Jun 4, 2013 at 12:19 PM, Lawrence, Rellon
      > >>>>> <rellonlawrence@...>wrote:
      > >>>>>
      > >>>>>> Mint might not be the best now.
      > >>>>>> Ubuntu has only 8MTS life except for LTS and mint has no upgrade
      > path.
      > >>>>>> Fresh system every 8 mts
      > >>>>>>
      > >>>>>> On Tuesday, June 4, 2013, Richard Jobity wrote:
      > >>>>>>
      > >>>>>>> **
      > >>>>>>>
      > >>>>>>>
      > >>>>>>> MINT!
      > >>>>>>>
      > >>>>>>> MINT~!
      > >>>>>>>
      > >>>>>>> -----Original Message-----
      > >>>>>>> From: TTLUG@yahoogroups.com <javascript:_e({}, 'cvml',
      > >>>>>>> 'TTLUG%40yahoogroups.com');> [mailto:TTLUG@yahoogroups.com
      > >>>> <javascript:_e({},
      > >>>>>> 'cvml', 'TTLUG%40yahoogroups.com');>]
      > >>>>>>> On Behalf Of Wendell Clarke
      > >>>>>>> Sent: Tuesday, 04 June 2013 09:08 AM
      > >>>>>>> To: TTLUG@yahoogroups.com <javascript:_e({}, 'cvml',
      > >>>>>>> 'TTLUG%40yahoogroups.com');>
      > >>>>>>> Subject: Re: [ttlug] Its alive.
      > >>>>>>>
      > >>>>>>> I updating with every chance I get. Still stuck with one problem
      > and
      > >>>>>>> hoping an update fixes it soon.
      > >>>>>>> On Jun 4, 2013 8:58 AM, "browwwsers1996" <allan@...
      > >>>> <javascript:_e({},
      > >>>>>> 'cvml', 'allan%40browwwsers.com');>>
      > >>>>>>> wrote:
      > >>>>>>>
      > >>>>>>>> **
      > >>>>>>>>
      > >>>>>>>>
      > >>>>>>>> Hello all,
      > >>>>>>>>
      > >>>>>>>> Have not been here for a while.
      > >>>>>>>>
      > >>>>>>>> Hope you are all busy updating 13.04 like I am.
      > >>>>>>>>
      > >>>>>>>> Allan
      > >>>>>>>>
      > >>>>>>>>
      > >>>>>>>>
      > >>>>>>>
      > >>>>>>> [Non-text portions of this message have been removed]
      > >>>>>>>
      > >>>>>>> ------------------------------------
      > >>>>>>>
      > >>>>>>> Help build TTLUG by forwarding this to anyone who is interested in
      > >>>> the
      > >>>>>>> subject matter or would otherwise benefit from joining the mailing
      > >>>> list.
      > >>>>>>>
      > >>>>>>> Trinidad and Tobago Linux Users Group
      > >>>>>> http://groups.yahoo.com/group/ttlug
      > >>>>>>> To subscribe, send an email to_______
      > >>>> TTLUG-subscribe@yahoogroups.com<javascript:_e({},
      > >>>>>> 'cvml', 'TTLUG-subscribe%40yahoogroups.com');>To unsubscribe, send
      > an
      > >>>>>> email to_____
      > >>>>>>> TTLUG-unsubscribe@yahoogroups.com <javascript:_e({}, 'cvml',
      > >>>>>>> 'TTLUG-unsubscribe%40yahoogroups.com');> List owner/moderator
      > >>>> Richard
      > >>>>>>> Jobity__ TTLUG-owner@yahoogroups.com <javascript:_e({}, 'cvml',
      > >>>>>>> 'TTLUG-owner%40yahoogroups.com');> Yahoo! Groups Links
      > >>>>>>>
      > >>>>>>>
      > >>>>>>>
      > >>>>>>
      > >>>>>>
      > >>>>>> [Non-text portions of this message have been removed]
      > >>>>>>
      > >>>>>>
      > >>>>>>
      > >>>>>> ------------------------------------
      > >>>>>>
      > >>>>>> Help build TTLUG by forwarding this to anyone who is interested in
      > the
      > >>>>>> subject matter or would otherwise benefit from joining the mailing
      > >>>> list.
      > >>>>>>
      > >>>>>> Trinidad and Tobago Linux Users Group
      > >>>> http://groups.yahoo.com/group/ttlug
      > >>>>>> To subscribe, send an email to_______
      > TTLUG-subscribe@yahoogroups.com
      > >>>>>> To unsubscribe, send an email to_____
      > >>>> TTLUG-unsubscribe@yahoogroups.com
      > >>>>>> List owner/moderator Richard Jobity__ TTLUG-owner@yahoogroups.com
      > >>>>>> Yahoo! Groups Links
      > >>>>>>
      > >>>>>>
      > >>>>>>
      > >>>>>>
      > >>>>>
      > >>>>> [Non-text portions of this message have been removed]
      > >>>>>
      > >>>>>
      > >>>>
      > >>>> [Non-text portions of this message have been removed]
      > >>>>
      > >>>>
      > >>>>
      > >>>
      > >>>
      > >>> [Non-text portions of this message have been removed]
      > >>>
      > >>>
      > >>>
      > >>> ------------------------------------
      > >>>
      > >>> Help build TTLUG by forwarding this to anyone who is interested in the
      > >>> subject matter or would otherwise benefit from joining the mailing
      > list.
      > >>>
      > >>> Trinidad and Tobago Linux Users Group
      > >> http://groups.yahoo.com/group/ttlug
      > >>> To subscribe, send an email to_______ TTLUG-subscribe@yahoogroups.com
      > >>> To unsubscribe, send an email to_____
      > TTLUG-unsubscribe@yahoogroups.com
      > >>> List owner/moderator Richard Jobity__ TTLUG-owner@yahoogroups.com
      > >>> Yahoo! Groups Links
      > >>>
      > >>>
      > >>>
      > >>
      > >>
      > >>
      > >
      > >
      > > [Non-text portions of this message have been removed]
      > >
      > >
      > >
      > > ------------------------------------
      > >
      > > Help build TTLUG by forwarding this to anyone who is interested in the
      > > subject matter or would otherwise benefit from joining the mailing list.
      > >
      > > Trinidad and Tobago Linux Users Group
      > http://groups.yahoo.com/group/ttlug
      > > To subscribe, send an email to_______ TTLUG-subscribe@yahoogroups.com
      > > To unsubscribe, send an email to_____ TTLUG-unsubscribe@yahoogroups.com
      > > List owner/moderator Richard Jobity__ TTLUG-owner@yahoogroups.com
      > > Yahoo! Groups Links
      > >
      > >
      > >
      >
      >
      >


      [Non-text portions of this message have been removed]
    • Show all 20 messages in this topic