emonitor description.
15c06ad883c1a0a4141023920aacb71a5605bada59fa44c0f19044cfc9ebde4b
http://www.gsyc.inf.uc3m.es/~assman/em/
The Event monitor Project
Notification, Action-Based system for network, system and application monitoring
Abstract
Today, managing hetereogeneous systems its a hard task if you haven't the right tool. There are some solutions on the market (IT OpenView, Patrol)
but this solutions are expensive, hard to learn, requires a big machine and, at last, the 90 % of the times you only use the event monitor (this funny
screen that shows you the events). Fortunately, some free tools has been developed, like Big Brother, Over-CR, RADAR, etc.
This is a beta page. So if you want to contribute with a superb logo or document some part of the project, please drop some lines to the author. This
project is in early stage of development, anyway, the main modules are ready an can be use to test the system
Tech Info
I think that monitoring tools must be very portable, easy to use and configure, and must use a wide and easy way of communication, so why not use
TCP/IP ?. Some tools used SNMP for this, but I think that SNMP is big, slow and complex (it has some highlights, but I think that its like firing flies
whith a 100 mm gun.
Another thing is the distribution. The clients (systems that are being monitored) only has the agents (a special process or script that talks to the
server if it found some thing that its wrong) So we have a server on one machine, and agents on the monitored systems. This is not 100% true, see
below.
So we have a monitoring tool, but how it can save the day ? A monitoring tool is only useful if you are 24 hours sitting in watching the tool. So we need
some proactivity. By this you need some server (another process) running on managed nodes. With this you can launch actions on managed nodes
automatically, so human presence its not required. See the basic model below.
The Event Monitor Project Basic Architecture
The tools
emsrvmsg
(Event Monitor Server Message) this server runs in the monitor machine and collects the messages send by agents. The servers adds a univocal ID to
de message and stores it on a file (spool)
emsrvcmd (Event Monitor Server Command). this servers runs in the monitored machine and listens for commands to be invoked in this machine. This allows
proactive managing of the system (useful for routine task like erasing core files, etc). For more details, see features.
emtlog (Event Monitor Transaction Logger) this tool has 2 uses, syncronize the spool file (this feature allows you have multiple console monitors running
concurrently, it is useful by axample for using it with some operators), and delete a specified message (identified by its ID). the deleted message is
stored into a historical file.
emconsole (Event Monitor Console) this is the graphical console where the messages are show. It allows acknowledge the messages, sorting them, send mails,
check for new messages, etc. See features for more details.
emputcmd (Event Monitor Put Command) this tool it used mainly for send actions so a specified client machine. This allows proactive managing of the client
system.
emputmsg (Event Monitor Put message) this tools alows any script to send messages to a server message (monitor system). It has two versions, binary (you
can use it in a script) and function library (the system gives you a library with some tools).
Features
Support for unlimited number of agents
Configurable almost anything: refresh rates, warning levels, etc. etc.
Proactive managing: send actions, perform automatically tasks. populate actions when some messages are received ...
Support for clusters (groups of machines, process, etc)
Heterogeneous network, operating system and archiquecture.
Notification via email
Multiple console monitors running simultaneously
Historical track of messages
Multiple ack of messages
Multiple level of warning
API provided
Portability granted
low load rate on monitored and console machine
Runs on user space -- no root privileges required execpt for emsrvcmd
Configuration by files or shell variables
fully customization
Security access for console
Security checks in emsrvcmd (to prevent unauthorized use)
Graphics, User Friendly environment
TCP/IP message-passing system
Buffering security on emputmsg to prevent network failures. This allows network breaks
Message counter notificator
User profiles
User access security
Status line
more ...
Monitors
emdskagt
(Event Monitor Disk Agent) a high-perfomance, C-written disk agent. Support file configuration, warning level, autoconfiguration, etc. This agent is up
and running
emprcagt
(Event Monitor Process Agent) a high-perfomance, C-written process agent. Support keep alive, CPU time level, IO level, orphan detection, etc.
Support CPU, and MEM usage.This agent is under development.
emkrnagt
(Event Monitor Kernel Agent) all the kernel logs are filtered and processed, this is useful to parse warnings and kernel (and hardware) faults. Under
development.
emsrvagt
(Event Monitor Service Agent) the specified inet services are checked. Under development.
emnetagt
(Event Monitor Network Agent) Ensures network conectivity, test of lan adapters, etc. Under development.
Requeriments
Tck/tk 8 for emconsole only
TiX for emconsole only
C compiler (like gcc) for al the binaries and tools
GNU make to compile the makefiles
2 Mb of free space for the configuration files, binaries, doc, etc.
30 Mb or so for server instalation (this a safe value)
A unix box The software is developed on a linux box, a solaris box and a HP box
A little time to configure the system
More litte time to send your suggests, bugs and improvements
Screen Shots
Main logo emonitor.gif
Emconsole in action emconsole.gif
My desktop (solaris) desktop1.gif
My desktop (linux) desktop2.gif
Contact Info
So you want to contact with me ?, well, here you are my e-mail address. Fell free to tell me all your comments, bugs, patches, donations, etc etc etc
(specially, all the corrections for my bad english). Mail me
Im a spanish student at 5th of Computer Sciences at Carlos III University of Madrid. Im graduated in Technical Eng. at the same University. I work in
Santander Investment bank as full-time system administrator (dealing with HPs, SUNs, etc etc ...). My interest are Operating systems (focus on
Linux, of course) and programming languages (C and C++ mainly) So if you want to know more about me, send me a e-mail !
Download
Here it is ! the Source code has been released. I hope you find it useful. For any question, send me an email at assman@gsyc.uc3m.es
Related Projects
GNU and non commercial Projects
Big Brother. A not GNU project but free. The first (I think). Very portable, web based interface. Only monitoring.
Over-CR. This project is a GNU network monitoring system.
RADAR. The GNU Realtime Action-Oriented Deterministic Automaton for Remediation. Based on SNMP traps.
Commercial projects
OpenView. A very good-quality product by HP. Based on SNMP traps, it has a lot of agents and alows you integration of your applications. Its big,
requires a very good machine and I think that the server side only runs on HP's machines
Patrol and Best/1. Another product for systems & network monitoring. It has a lot of agents for a lot of applications (say MqSeries, Oracle ...) very
pretty software.
This software and its documentation is copyrighted 1998, 1999 by and released under the GNU GPL Version 2 All Graphics, code and HTML created using
Gimp and Xemacs
Last modified 12:42 04/08/1999 MET