On 2/9/10 2:16 PM, "Justin Lloyd" <jll...@digitalglobe.com> wrote: > Syslog-ng is what we've historically used for centralized logging and > I'll be revamping it with v3 later this year. Combined with a > logwatching tool, it makes a powerful combination with an snmp-based > monitoring tool. Intuitively, I like better the idea of remote > monitoring of Cfengine cf-execd processes and promise repairs via SNMP, > though I seem to recall Mark not being the biggest fan of SNMP. If I'm > recalling that correctly, I think there'd be a small chance of SNMP > integration.
I hate SNMP because it has "Simple" in the name and isn't, but I still admit it's useful at times. It's possible a lot of "integration" may not be required to reap some benefit. If you have a monitoring system and snmpd running on your hosts (and cfengine pushing out snmpd.conf), SNMP can return the host's process table... getting status (PID, CPU, mem, etc) for each cf* process remotely from your monitoring hosts. This is straight-forward, but you could combine a few of the discussed techniques with SNMP to go further... One example: -- Local process (cron, policy, part of monitoring) parses logs -- Local process houses logic to translate log events to monitoring speak -- snmpd.conf gets relevant "extend" e.g extend cfengine_stats /bin/cat /some/file (Keep logic out of the extends, so execution is fast.) -- Monitoring host does usual SNMP polling of cfengine_stats Our monitoring team does checks like this for other apps today, so I know it's possible. I'm just not a SNMP guru, so can't provide more detail. > OTOH, perhaps centralized log monitoring is sufficient. It will take > implementation, testing, and experience to determine this, I think. In general, having a few systems with some overlap isn't always bad (the infamous onion)... One can fail, and you still get alerted. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
