System users are much happier when they know what to expect. Leaving them in the dark is frustrating and usually counterproductive. If their systems administrator is well informed about the state of the system, users reach a much higher comfort level. By implementing monitoring tools, the systems administrator will have a detailed understanding of the state of the machines and also receive notification of problems before users start pounding on the door or ringing the phone.
In this month's column, I'll look at two tools that help systems administrators know the state of their facilities and notify them when there's a state change: NetSaint and MRTG. They are both free, widely used, and respected, but there are many more sites that would benefit from their use. This column describes the functionality of the tools, requirements for using them, how to implement them, and their use, abuse, and limitations.
NetSaint Network Monitor (www.netsaint.org) is a host and network-monitoring software package with configurable alarm mechanisms, including email and pager support. The monitor is written in C on Linux but is relatively easy to port to other platforms and has CGI scripts to integrate NetSaint with a Web server for Web access to status and history information.
NetSaint is currently in Beta release 6 of the 0.0.6 release and is freely available for download. It's released under the GNU General Public License, making it free for use with some limitations.
Extensive documentation, release notes, and FAQ information are available, as is a known bugs list. In fact, the current manual is 175 pages long. The builders of NetSaint obviously believe in full disclosure, which benefits its users. NetSaint requires some effort and study to implement and understand, but the effort is well worth the power it gives you and the money you save by not buying a similar commercial package.
The NetSaint sidebar shows a complete NetSaint build. Once built and installed, NetSaint runs as a daemon or process on the monitored machines. The most difficult part of implementing NetSaint is determining what you want to monitor, how you want to be alerted, and translating that into configuration files. The installation process actually installs the configuration files and, if you examine the sample configuration files and manuals, you'll find the options and configuration file commands.
There are several configuration files, including commands, in which commands are defined, resource, for storing sensitive information such as passwords, nscgi, which configures NetSaint for monitoring via a Web server, hosts, in which monitored entities are defined, and netsaint, the master configuration file that pulls all of them together.
Those configuration files allow for a great amount of flexibility. You can define groups of hosts, routers, switches, and so on, and give rules for monitoring each of those groups, as well as break out individual entities for special treatment. For alerting, you can define time frames and give separate alert methodologies, depending on the time. For example, you could have email sent to yourself during standard working hours and pages sent to a coworker during nights and weekends. The reverse is also possible, but I don't recommend it. On the whole, the depth of monitoring isn't great.
You can monitor the amount of free hard disk space and CPU use -- the same types of things that standard Solaris commands will do. The advantage, of course, is that NetSaint will run them for you, parse the results, and compare that to thresholds. If the thresholds are exceeded, an alert is triggered. NetSaint offers many additional features, including use of multiple monitoring hosts for redundancy, automatic log file rotation, an event-handler feature that can trigger an activity if an alarm occurs, and an external command interface that allows configuration changes without editing configuration files.
One area where NetSaint goes beyond standard Unix commands is daemon monitoring. NetSaint can connect to a given port and have a discussion with the answering daemon. Obvious uses include ping for network availability, SMTP for email operation, and HTTP for simple Website status determination.
More complex monitoring can be added by writing your own plug-in or using the existing ones. Fortunately, NetSaint development is very active, and there's a wide variety of plug-ins and add-on tools at the NetSaint download page(www.netsaint.org/download/).
Use, abuse, and limitations
Before you spend time implementing NetSaint, reading the manuals, and trying to understand its use, visit the live demo running on the NetSaint Website. It gives a very good feel for how NetSaint works, how it can be used, and what types of activities it can perform for you. That free tool has some serious power and can keep you in close touch with all the systems that are under your control.
NetSaint isn't a capacity-planning tool, and it does not replace programs such as BMC's Best-1. While it does trend tracking, it simply records state changes rather than performance characteristics. It'll show how often a disk space alarm triggered over the past month, but not the actual disk space use over the past month, limiting the feasibility of using NetSaint instead of commercial monitoring tools such as BMC Patrol and CA Unicenter. However, if good, accurate, flexible monitoring is your primary need, NetSaint should be at the top of your evaluation list.
The Multi-Router Traffic Grapher (MRTG) can monitor and graph your network links using Simple Network Management Protocol (SNMP) information from network devices to acquire and plot the information. The output is in the form of HTML code and GIF images, and it can be used for live, continuous monitoring of network traffic. Like NetSaint, it's written to be portable, in C and Perl, and it runs on Unix platforms as well as on NT. Also like NetSaint, it's widely used by administrators who need to know about problems before they happen or at least when they are happening.
MRTG is available for free under the GNU license. Check out the MRTG main site for detailed feature and download information.
For a preview of the power of MRTG, you can check out an example. It doesn't appear to be a live demonstration, but it shows the type of output that MRTG can generate.
Fortunately for the free source community, MRTG uses three other free source libraries to implement its features. Unfortunately for users, you'll have to download and build those other libraries before you can build and use MRTG, and you'll need recent versions of GCC and PERL installed. Luckily, the versions that come with Solaris 8 appear to be recent enough. (See Resources for links to the three libraries.)
Check out the MRTG sidebar for an example of a full build of all the tools.
Use, abuse, and limitations
MRTG is very straightforward. Point
<font face="Courier">cgfmaker</font>at a SNMP-enabled network device, and it grabs the information from the device, creating a configuration file for MRTG. Config files can also be crafted by hand for more complex needs. The configuration file is then read by MRTG, which reads information from the targets, creates a graph of it, and includes many options for time ranges, intervals, interfaces, ports, and so on. It's unlikely that MRTG will replace HP OpenView anytime soon but, for a free network capture traffic and display tool, it can't be beat.
Danger, Will Robinson
Thanks to David Strom for the following Solaris issue:
Oh, here's a FYI: do NOT use "sys-unconfig" on a Solaris 8 system -- it is badly broken and will really hose up the system info, and there's no fix yet, just a partial patch. What a bad thing to break in a new OS release!
Here's another viewer note about useful IPSEC hands-on experience:
Just finished reading your most delightful article in this month's Unix Insider (those Aironet cards sound very cool; not a lot seems to be happening here in Australia, unfortunately). I notice that you were concerned about the lack of information on making Windows 2000 IPSEC talk to Solaris 8 IPSEC. You may find the following useful as we at Centrelink are just going through that exercise.
All the best, David L. Garrard
Finally, there's a useful Solaris-oriented search site available: www.searchsolaris.com. It's full of recent news, and it provides a Solaris-specific search engine that (it claims) has access to over 2,000 prescreened Solaris-specific sites. I find it hard to believe that there are 2,000 such sites, but the search seems very effective and the content useful. Worth checking out...
Thanks to Jesse St. Laurent for input to this column.
<font face="Courier">gd</font>, a basic graph-drawing library, is available at: http://www.boutell.com/gd/
<font face="Courier">libpng</font>, which is used by
<font face="Courier">gd</font>to produce PNG graphics files: http://www.libpng.org/pub/png/
<font face="Courier">libpng</font>download is available at: http://www.libpng.org/pub/png/libpng.html
<font face="Courier">zlib</font>, used to compress the graphics files, is available at: http://www.info-zip.org/pub/infozip/zlib/