http://www.gsyc.inf.uc3m.es/~assman/em/

The Event monitor Project
Notification, Action-Based system for network, system and application monitoring 



Abstract


Today, managing hetereogeneous systems its a hard task if you haven't the right tool. There are some solutions on the market (IT OpenView, Patrol)
but this solutions are expensive, hard to learn, requires a big machine and, at last, the 90 % of the times you only use the event monitor (this funny
screen that shows you the events). Fortunately, some free tools has been developed, like Big Brother, Over-CR, RADAR, etc.

This is a beta page. So if you want to contribute with a superb logo or document some part of the project, please drop some lines to the author. This
project is in early stage of development, anyway, the main modules are ready an can be use to test the system



Tech Info


I think that monitoring tools must be very portable, easy to use and configure, and must use a wide and easy way of communication, so why not use
TCP/IP ?. Some tools used SNMP for this, but I think that SNMP is big, slow and complex (it has some highlights, but I think that its like firing flies
whith a 100 mm gun. 

Another thing is the distribution. The clients (systems that are being monitored) only has the agents (a special process or script that talks to the
server if it found some thing that its wrong) So we have a server on one machine, and agents on the monitored systems. This is not 100% true, see
below. 

So we have a monitoring tool, but how it can save the day ? A monitoring tool is only useful if you are 24 hours sitting in watching the tool. So we need
some proactivity. By this you need some server (another process) running on managed nodes. With this you can launch actions on managed nodes
automatically, so human presence its not required. See the basic model below. 


      The Event Monitor Project Basic Architecture


The tools 


emsrvmsg
(Event Monitor Server Message) this server runs in the monitor machine and collects the messages send by agents. The servers adds a univocal ID to
de message and stores it on a file (spool) 

emsrvcmd (Event Monitor Server Command). this servers runs in the monitored machine and listens for commands to be invoked in this machine. This allows
proactive managing of the system (useful for routine task like erasing core files, etc). For more details, see features. 

emtlog (Event Monitor Transaction Logger) this tool has 2 uses, syncronize the spool file (this feature allows you have multiple console monitors running
concurrently, it is useful by axample for using it with some operators), and delete a specified message (identified by its ID). the deleted message is
stored into a historical file. 

emconsole (Event Monitor Console) this is the graphical console where the messages are show. It allows acknowledge the messages, sorting them, send mails,
check for new messages, etc. See features for more details. 

emputcmd (Event Monitor Put Command) this tool it used mainly for send actions so a specified client machine. This allows proactive managing of the client
system. 

emputmsg (Event Monitor Put message) this tools alows any script to send messages to a server message (monitor system). It has two versions, binary (you
can use it in a script) and function library (the system gives you a library with some tools). 




Features


Support for unlimited number of agents 
Configurable almost anything: refresh rates, warning levels, etc. etc. 
Proactive managing: send actions, perform automatically tasks. populate actions when some messages are received ... 
Support for clusters (groups of machines, process, etc) 
Heterogeneous network, operating system and archiquecture. 
Notification via email 
Multiple console monitors running simultaneously 
Historical track of messages 
Multiple ack of messages 
Multiple level of warning 
API provided 
Portability granted 
low load rate on monitored and console machine 
Runs on user space -- no root privileges required execpt for emsrvcmd 
Configuration by files or shell variables 
fully customization 
Security access for console 
Security checks in emsrvcmd (to prevent unauthorized use) 
Graphics, User Friendly environment 
TCP/IP message-passing system 
Buffering security on emputmsg to prevent network failures. This allows network breaks 
Message counter notificator 
User profiles 
User access security 
Status line 
more ... 




Monitors


emdskagt
(Event Monitor Disk Agent) a high-perfomance, C-written disk agent. Support file configuration, warning level, autoconfiguration, etc. This agent is up
and running 
emprcagt
(Event Monitor Process Agent) a high-perfomance, C-written process agent. Support keep alive, CPU time level, IO level, orphan detection, etc.
Support CPU, and MEM usage.This agent is under development. 
emkrnagt
(Event Monitor Kernel Agent) all the kernel logs are filtered and processed, this is useful to parse warnings and kernel (and hardware) faults. Under
development. 
emsrvagt
(Event Monitor Service Agent) the specified inet services are checked. Under development. 
emnetagt
(Event Monitor Network Agent) Ensures network conectivity, test of lan adapters, etc. Under development. 




Requeriments


Tck/tk 8 for emconsole only 
TiX for emconsole only 
C compiler (like gcc) for al the binaries and tools 
GNU make to compile the makefiles 
2 Mb of free space for the configuration files, binaries, doc, etc. 
30 Mb or so for server instalation (this a safe value) 
A unix box The software is developed on a linux box, a solaris box and a HP box 
A little time to configure the system 
More litte time to send your suggests, bugs and improvements 




Screen Shots


Main logo emonitor.gif 
Emconsole in action emconsole.gif 
My desktop (solaris) desktop1.gif 
My desktop (linux) desktop2.gif 




Contact Info


So you want to contact with me ?, well, here you are my e-mail address. Fell free to tell me all your comments, bugs, patches, donations, etc etc etc
(specially, all the corrections for my bad english). Mail me 

Im a spanish student at 5th of Computer Sciences at Carlos III University of Madrid. Im graduated in Technical Eng. at the same University. I work in
Santander Investment bank as full-time system administrator (dealing with HPs, SUNs, etc etc ...). My interest are Operating systems (focus on
Linux, of course) and programming languages (C and C++ mainly) So if you want to know more about me, send me a e-mail ! 




Download


Here it is ! the Source code has been released. I hope you find it useful. For any question, send me an email at assman@gsyc.uc3m.es 




Related Projects


GNU and non commercial Projects 

Big Brother. A not GNU project but free. The first (I think). Very portable, web based interface. Only monitoring. 
Over-CR. This project is a GNU network monitoring system. 
RADAR. The GNU Realtime Action-Oriented Deterministic Automaton for Remediation. Based on SNMP traps. 

Commercial projects 

OpenView. A very good-quality product by HP. Based on SNMP traps, it has a lot of agents and alows you integration of your applications. Its big,
requires a very good machine and I think that the server side only runs on HP's machines 
Patrol and Best/1. Another product for systems & network monitoring. It has a lot of agents for a lot of applications (say MqSeries, Oracle ...) very
pretty software. 




This software and its documentation is copyrighted 1998, 1999 by and released under the GNU GPL Version 2 All Graphics, code and HTML created using
Gimp and Xemacs 

Last modified 12:42 04/08/1999 MET