Fractal Nagios:Using Nagios XI, Core, Log Server,

Network Analyzer, Reactor, Fusion, and Incident Manager to monitor itself.

You can do it!!

Eric Loyd • eric@bitnetix.com@EricLoyd • @Bitnetix

Who is Eric? What is Bitnetix?• Eric is the Founder and CEO of Bitnetix Incorporated and SmartVox

– 2014 Nagios MVP award winner

– Runner-up of the 2015 Nagios Log Server dashboard contest

– Presenter at #NagiosCon12, 13, 14, and now #NagiosCon15

• IT/network consulting and VoIP services• Over 25 Years in IT and management at places like

– Rochester Institute of Technology

– Eastman Kodak

– Frontier Communications / Global Crossing

• Bitnetix started its tenth year in July of 2015• Have been using Nagios since 2004

What is “Fractal Nagios?”

Nagios Log

Server

Nagios XI

Fusion

Reactor

Network Analyzer

Incident Manager

Log Server

What do Each of these do?Nagios XI

• Monitors

• Alerts

• Escalates

• Monitors

• Alerts

• Escalates

Fusion

• Ties together multiple XI and Core instances

• Ties together multiple XI and Core instances

Network Analyzer

• Bandwidth

• Source

• Dest

• Ports

• Bandwidth

• Source

• Dest

• Ports

Reactor

• Like an event handler on steroids

• Like an event handler on steroids

Incident Manager

• Tickets

• Incidents

• Callbacks

• Escalations

• Tickets

• Incidents

• Callbacks

• Escalations

Log Server

• System logs

• Applications

• Security

• System logs

• Applications

• Security

There is some overlap, but we are going to look at an experiment:

Use all this stuff to monitor itself.

Nagios XI (or Core)

• Monitors hosts and services

– Active checks directly or via agents

– Passive checks sent by remote machines

• Alerts when something goes wrong/right

• Executes event handlers to try to fix things

• Escalates when nothing gets fixed

Nagios Reactor

• Advanced automation management

– Think “event handlers” on steroids

• Event chains, reusable blocks, etc.

• Can be used for systems administration, deployment, updates, etc.

• Notification and reporting tools

Nagios Log Server

• Accepts logs/events from systems

• Organizes them into searchable indexes

• Provides dashboards, reports, and alerts

• Easily integrates Unix or Windows event logs with application and server logs

Nagios Network Analyzer

• Accepts NetFlow/sFlow information from routers, switches, and servers

• Provides intrusion detection, network usage, bandwidth monitoring, and alerting

• Reporting capabilities

Nagios Incident Manager

• “Ticketing” system on steroids

• Provides semi-RESTful API to create, list, edit, and delete tickets and callbacks

• Reporting and trending capabilities

Nagios Fusion

• Sort of a dashboard for separate Nagios XI and Core instances

• Easily move through server heirarchy

• Create dashboards

– Show only what’s important

– Drill down to connect to specific servers

PIAT: Monitoring

Nagios XI/Core Monitors Everything

PIAT: Logging

PIAT: NetFlow

PIAT: Events

PIAT: Alerts

Fractal Nagios:

Questions?Comments?

http://bitnetix.com/NW2015

Eric Loyd • eric@bitnetix.com@EricLoyd • @Bitnetix