BB to the latest Xymon - Input Wanted 🔗 link

Our organization if currently trying to decide which direction to go for
our new monitoring system (Xymon, Nagios, Zabbix or other open source
products).  We have been using BB for several years and have found it
adaquate for our needs, but it has some drawbacks that we want to
rectify (graphing, snmp for routers and switches etc).  

I set up a small test site some time ago with Xymon 4.2.3 and used some
of our custom BB scripts with it.  Everything seemed to work fine and it
seems to satisfy the graphing issue one the Xymon client gets installed
on the client systems.  It appears, at least for now that Devmon is the
best choice for SNMP with Xymon?  

Part of the argument for going with Xymon is the ease in which we can
use our custom BB scripts.  Looking at the latest 4.3 Xymon version if
appears that many of the file names have changed from the 4.2.3 version
(bb-hosts, config files etc.).  All that said, here are few concerns
that have been brought up, any comments would be appreciated:

1. Can the 4.3 (future stable version) easily run our existing BB
scripts.  I know 4.2.3 can, but was curious about 4.3 and the file name
changes.  Looking at the latest BB to Xymon doc it seems that it should
be ok.  Just looking for comfirmation.

2. We like that Xymon has a nice way to monitor log files for certain
events and unauthorized ports being opened, are there any issues with
system performance when monitoring log files for a "lot" of events.  I
know a lot could mean many things, but has anyone run into performance
issues?

3. Is Devmon still the recommended way to use SNMP with Xymon?  Are
there plans to incorporate SNMP into future releases?  Some here want to
use Cacti.

4. In the test 4.2.3 server system I added some hosts in the
hobbits-clients.cfg file with some PROC, PORT (to look for unauthorized
listeners), and LOG rules.  With only a few hosts, it became apparent
that this file will become huge very quickly and somewhat unruly.  Is
there a better way to handle this?  It seems that a site with 100+ or
1000+ hosts all having an entry in the hobbits-clients.cfg on  the Xymon
server the file will be unmanageable.  Maybe I'm not doing this
correctly, since I set this test up fairly quickly?


Thanks for the input.

In <user-eee1d3064079@xymon.invalid> user-adff70a40333@xymon.invalid writes:

The intention certainly is to try not to break BB scripts. So if
something breaks I will certainly look at fixing it, unless the
script is so heavily dependant on BB stuff that it will be really
difficult to support (but in that case it probably wouldn't work
with the older Hobbit versions).

So the bottom line is: If it works with 4.2.3, then it should also
work with 4.3.0. Only requirement is that you use the upgrade-script
to setup all of the symlinks so the old filenames are still available.

The problem I've seen is that log files can be huge, and even though
the Xymon client only transfers the last 30 minutes of logentries
this can be quite a hefty chunk of data to send across the net every
5 minutes. Not to mention that it is stored in RAM on the Xymon server.
This can usually be remedied with some aggressive filtering in the
client-local.cfg file.

Devmon is a very capably solution for monitoring of SNMP devices.
It is the recommended solution for this, and probably will be for
quite some time.

You need to look into the "include" and "directory" statements in
hobbit-clients.cfg (now: analysis.cfg). My current setup has about 500
hosts configured in hobbit-clients.cfg, but that file only has a
   directory /etc/hobbit/clients.d
line, and then the actual configuration is kept in a number of files
located in that directory. This makes it easy to manage even a large
number of files, since you can split the configuration into logical
chunks.

The same technique can be used for all of the other Xymon configuration
files, by the way.


Regards,
Henrik