Book Image

Zenoss Core Network and System Monitoring

By : Michael Badger
Book Image

Zenoss Core Network and System Monitoring

By: Michael Badger

Overview of this book

<p>For system administrators, network engineers, and security analysts, it is essential to keep a track of network traffic. At some point it will be necessary to read the network traffic directly instead of monitoring application level details. Network security audits, debug network configurations, and usage patterns analyzing can all require network traffic monitoring. This task can be achieved by using network monitoring software, or network sniffers, that sniff the traffic and display it on your computer on the network. <br /><br />Zenoss is an enterprise network and systems management application written in Python/Zope that provides an integrated product for monitoring availability, performance, events and configuration across layers and across platforms. Zenoss provides an AJAX-enabled web interface that allows system administrators to monitor availability, inventory/configuration, performance, and events. Whether you monitor five devices or a thousand devices, Zenoss provides a scalable solution for you.<br /><br />This book will show you how to work with Zenoss and effectively adapt Zenoss for a System and Network monitoring.&nbsp; Starting with the Zenoss basics, it requires no existing systems management knowledge, and whether or not you can recite MIB trees and OIDs from memory is irrelevant. Advanced users will be able to identify ways in which they can customize the system to do more, while less advanced users will appreciate the ease of use Zenoss provides.<br /><br />The book contains step-by-step examples to demonstrate Zenoss Core’s capabilities. The best approach to using this book is to sit down with Zenoss and apply the examples found in these pages to your system.</p>

Related Content you might be interested in

Current Title:

Small book image
Zenoss Core Network and System Monitoring
Michael Badger
Jun, 2008 | 280 pages
No titles found
Table of Contents (20 chapters)
Zenoss Core Network and System Monitoring
Zenoss Core Network and System Monitoring
Credits
Credits
Foreword
Foreword
About the Author
About the Author
Acknowledgement
Acknowledgement
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
Introduction
Introduction
What is Zenoss?
Zenoss Inc.
Summary
2
System Architecture
System Architecture
User Layer
Data Layer
Collection Layer
Summary
3
Installation and Set up
Installation and Set up
Server Specifications
Zenoss Dependencies
Server Setup
Summary
4
The Zenoss User Interface
The Zenoss User Interface
Welcome to Zenoss
Summary
5
Device Management
Device Management
Add Devices
Device Status
Device Administration
Model Devices
Device zProperties
Summary
6
Status and Performance Monitors
Status and Performance Monitors
Available Monitors
Component Status
Performance Graphs
Performance Templates
Summary
7
Event Management
Event Management
Monitor Syslog Messages
Monitor Windows Event Logs
Event Console
Event Classes
Event Manager
Working with Events
Event De-Duplication
Summary
8
System Reports
System Reports
Report Overview
Device Reports
Event Reports
Graph Reports
Multi-Graph Reports
Performance Reports
User Reports
Summary
9
Settings and Administration
Settings and Administration
Alerting Rules
User Management
System Settings
Commands
Menus
Portlets Permission
Zenoss Daemons
Maintenance Windows
Add MIBs
Back Up and Restore
Update Zenoss Core
Summary
10
Extend Zenoss
Extend Zenoss
ZenPacks
Plug-ins
Email Reports
Email Events
Access Zenoss Objects Database with zendmd
Summary
11
Technical Support
Technical Support
Troubleshoot Zenoss
Community Support
Commercial Support
Summary
Event Attributes
Event Attributes
TALES and Device Attributes
TALES and Device Attributes

Appendix A. Event Attributes

Each Zenoss event includes several attributes to describe the details of an event; however, not all fields are populated for each event. The event fields defined in this table can be found in the log for an event, which is accessible from the Event Console. We can also configure our event views to display events using these fields via the Event Manager. We cover the Event Console and event views in Chapter 7.

The event fields are valid attributes that we can substitute in our Python statements via TALES expressions. Appendix B lists some of the device attributes that we can use with TALES.

Event Field

Description

dedupid

Identifies the event so that Zenoss can deduplicate events. Takes the form of device | component | eventClass | eventKey | severity.

evid

A unique identifier for the event.

device

Specifies the device attached to the event.

component

The Zenoss daemon reporting the event.

eventClass

The event class the event maps to.

eventKey

A user-defined way to map events. Event keys can be sequenced to aid the event class mapping of events from a common source to different event classes.

summary

Summary of the event.

message

Message body for the event. May be the same as summary.

severity

An Numeric representation of the event:

5 = Critical

4 = Error

3 = Warning

2 = Info

1 = Debug

0 = Clear

eventState

Numeric representation of the event state:

0 = New

1 = Acknowledged

2 = Suppressed

eventClassKey

Maps the event to an event class.

eventGroup

Event source group: for example, syslog, Process, ping.

stateChange

Time stamp when the event state changed.

firstTime

Time stamp when the event first occurred.

lastTime

Time stamp when the event last occurred.

count

The total number of times the event has occurred based on the dedupid.

prodState

The production state of the device. The Zenoss defaults are:

1000 = Production

500 = Pre-Production

Test = 400

Maintenance = 300

Decommissioned = -1

suppid

If the event is suppressed, this is the ID of the suppressing event.

manager

The fully qualified domain name of the event collector that generated the event.

agent

Reports the Zenoss daemon responsible for generating the event.

DeviceClass

The device class.

Location

The location organizer assigned to the device.

Systems

The system organizer assigned to the device.

DeviceGroups

The group organizer assigned to the device.

ipAddress

The IP address of the device.

facility

The syslog subsystem that generated the event (for example, cron, mail, lpr, auth, authpriv, daemon, ftp, kern, mark, news, syslog, user, uucp, local0 through local7).

priority

The priority of the syslog event.

ntevid

The Event ID field of the Windows NT event log.

ownerid

The ID number of the event owner.

clearid

The ID number of the event that cleared this event.

DevicePriority

The priority as assigned in the device's Edit page:

5 = Highest

4 = High

3 = Normal

2 = Low

1 = Lowest

0 = Trivial

eventClassMapping

The event class mapping used to evaluate and map the event.

Previous Section
End of Chapter
Next Chapter