The Event Monitor Proyect

The Event monitor Proyect
Notification, Action-Based system for network, system and application monitoring

Abstract

Today, managing hetereogeneous systems its a hard task if you haven't the right tool. There are some solutions on the market (IT OpenView, Patrol) but this solutions are expensive, hard to learn, requires a big machine and, at last, the 90 % of the times you only use the event monitor (this funny screen that shows you the events). Fortunately, some free tools has been developed, like Big Brother, Over-CR, RADAR, etc.

This is a beta page. So if you want to contribute with a superb logo or document some part of the proyect, please drop some lines to the author. This proyect is in early stage of development, anyway, the main modules are ready an can be use to test the system

Tech Info

I think that monitoring tools must be very portable, easy to use and configure, and must use a wide and easy way of communication, so why not use TCP/IP ?. Some tools used SNMP for this, but I think that SNMP is big, slow and complex (it has some highlights, but I think that its like firing flies whith a 100 mm gun.

Another thing is the distribution. The clients (systems that are being monitored) only has the agents (a special process or script that talks to the server if it found some thing that its wrong) So we have a server on one machine, and agents on the monitored systems. This is not 100% true, see below.

So we have a monitoring tool, but how it can save the day ? A monitoring tool is only useful if you are 24 hours sitting in watching the tool. So we need some proactivity. By this you need some server (another process) running on managed nodes. With this you can launch actions on managed nodes automatically, so human presence its not required. See the basic model below.

The Event Monitor Proyect Basic Architecture

The tools

emsrvmsg
(Event Monitor Server Message) this server runs in the monitor machine and collects the messages send by agents. The servers adds a univocal ID to de message and stores it on a file (spool)
emsrvcmd
(Event Monitor Server Command). this servers runs in the monitored machine and listens for commands to be invoked in this machine. This allows proactive managing of the system (useful for routine task like erasing core files, etc). For more details, see features.
emtlog
(Event Monitor Transaction Logger) this tool has 2 uses, syncronize the spool file (this feature allows you have multiple console monitors running concurrently, it is useful by axample for using it with some operators), and delete a specified message (identified by its ID). the deleted message is stored into a historical file.
emconsole
(Event Monitor Console) this is the graphical console where the messages are show. It allows acknowledge the messages, sorting them, send mails, check for new messages, etc. See features for more details.
emputcmd
(Event Monitor Put Command) this tool it used mainly for send actions so a specified client machine. This allows proactive managing of the client system.
emputmsg
(Event Monitor Put message) this tools alows any script to send messages to a server message (monitor system). It has two versions, binary (you can use it in a script) and function library (the system gives you a library with some tools).

Features

Support for unlimited number of agents
Configurable almost anything: refresh rates, warning levels, etc. etc.
Proactive managing: send actions, perform automatically tasks. populate actions when some messages are received ...
Support for clusters (groups of machines, process, etc)
Heterogeneous network, operating system and archiquecture.
Notification via email
Multiple console monitors running simultaneously
Historical track of messages
Multiple ack of messages
Multiple level of warning
API provided
Portability granted
low load rate on monitored and console machine
Runs on user space -- no root privileges required execpt for emsrvcmd
Configuration by files or shell variables
fully customization
Security access for console
Security checks in emsrvcmd (to prevent unauthorized use)
Graphics, User Friendly environment
TCP/IP message-passing system
Buffering security on emputmsg to prevent network failures. This allows network breaks
Message counter notificator
User profiles
User access security
Status line
more ...

Monitors

emdskagt
(Event Monitor Disk Agent) a high-perfomance, C-written disk agent. Support file configuration, warning level, autoconfiguration, etc. This agent is up and running
emprcagt
(Event Monitor Process Agent) a high-perfomance, C-written process agent. Support keep alive, CPU time level, IO level, orphan detection, etc. Support CPU, and MEM usage.This agent is under development.
emkrnagt
(Event Monitor Kernel Agent) all the kernel logs are filtered and processed, this is useful to parse warnings and kernel (and hardware) faults. Under development.
emsrvagt
(Event Monitor Service Agent) the specified inet services are checked. Under development.
emnetagt
(Event Monitor Network Agent) Ensures network conectivity, test of lan adapters, etc. Under development.

Requeriments

Tck/tk 8 for emconsole only
TiX for emconsole only
C compiler (like gcc) for al the binaries and tools
GNU make to compile the makefiles
2 Mb of free space for the configuration files, binaries, doc, etc.
30 Mb or so for server instalation (this a safe value)
A unix box The software is developed on a linux box, a solaris box and a HP box
A little time to configure the system
More litte time to send your suggests, bugs and improvements

Screen Shots

Main logo emonitor.gif
Emconsole in action emconsole.gif
My desktop (solaris) desktop1.gif
My desktop (linux) desktop2.gif

Contact Info

So you want to contact with me ?, well, here you are my e-mail address. Fell free to tell me all your comments, bugs, patches, donations, etc etc etc (specially, all the corrections for my bad english). Mail me

Im a spanish student at 5th of Computer Sciences at Carlos III University of Madrid. Im graduated in Technical Eng. at the same University. I work in Santander Investment bank as full-time system administrator (dealing with HPs, SUNs, etc etc ...). My interest are Operating systems (focus on Linux, of course) and programming languages (C and C++ mainly) So if you want to know more about me, send me a e-mail !

Download

Here it is ! the Source code has been released. I hope you find it useful. For any question, send me an email at assman@gsyc.uc3m.es

Related Proyects

GNU and non commercial Proyects

Big Brother. A not GNU proyect but free. The first (I think). Very portable, web based interface. Only monitoring.
Over-CR. This proyect is a GNU network monitoring system.
RADAR. The GNU Realtime Action-Oriented Deterministic Automaton for Remediation. Based on SNMP traps.

Commercial proyects

OpenView. A very good-quality product by HP. Based on SNMP traps, it has a lot of agents and alows you integration of your applications. Its big, requires a very good machine and I think that the server side only runs on HP's machines
Patrol and Best/1. Another product for systems & network monitoring. It has a lot of agents for a lot of applications (say MqSeries, Oracle ...) very pretty software.

This software and its documentation is copyrighted 1998, 1999 by and released under the GNU GPL Version 2 All Graphics, code and HTML created using Gimp and Xemacs

Last modified 12:42 04/08/1999 MET