zenoss event management paper

Download Zenoss Event Management Paper

Post on 03-Oct-2014

541 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

Zenoss Event ManagementVersion 3September 2009 Updated January 2010 Jane Curry Skills 1st Ltd www.skills-1st.co.uk

JaneCurry Skills1stLtd 2CedarChase Taplow Maidenhead SL60EU 01628782565 jane.curry@skills1st.co.uk

1

Skills1stLtd

13December2010

SynopsisThispaperisintendedasanintermediateleveldiscussionoftheZenosseventsystem. ItassumesthatthereaderisalreadyfamiliarwiththeZenossEventConsoleandwith basicnavigationaroundtheZenossGraphicalUserInterface(GUI).Itlooksinsome detailatthearchitecturebehindtheZenosseventsystemthedaemonsandhowthey areinterrelatedanditlooksatthestructureofaZenosseventandtheeventlifecycle. ZenosscanreceiveeventsfrommanysourcesinadditiontoZenossitself.Eventsfrom Windows,UnixsyslogsandSimpleNetworksManagementProtocol(SNMP)TRAPsare allexaminedindetail. TheprocessbywhichanincomingeventistransformedintoaparticularZenosseventis knownaseventmappingandhasanumberofdifferentpossibletechniquesfor performingthatconversion.Thesewillallbeexploredalongwiththecreationofnew eventclasses. OnceaneventhasbeenreceivedandclassifiedbyZenoss,automationmayberequired. AlertingbyemailandpagerarediscussedasistheabilitytorunanyscriptasanEvent Command. ThispaperwaswrittenusingZenoss2.4.1. ThepaperisacompaniontexttotheZenossEventManagementWorkshop.

NotationsThroughoutthispaper,texttobytyped,filenamesandmenuoptionstobeselected,are highlightedbyitalics;importantpointstotakenoteofareshowninbold.

2

Skills1stLtd

13December2010

Table of Contents1Introduction..........................................................................................................................5 2Zenosseventarchitecture....................................................................................................5 2.1EventConsole...............................................................................................................5 2.2EventdatabasetablesandtheEventManager.........................................................9 2.3Eventlifecycle............................................................................................................13 2.3.1Eventgeneration.................................................................................................15 2.3.2Applicationofdevicecontext..............................................................................16 2.3.3Eventclassmapping...........................................................................................17 2.3.4Applicationofeventcontext...............................................................................18 2.3.5Eventtransforms.................................................................................................18 2.3.6Databaseinsertions............................................................................................19 2.3.7Resolution............................................................................................................20 2.3.8Ageingoutevents................................................................................................21 3EventsgeneratedbyZenoss..............................................................................................21 3.1zenping........................................................................................................................22 3.2zenstatus.....................................................................................................................23 3.3zenwin..........................................................................................................................23 3.4zenprocess...................................................................................................................24 3.5zenperfsnmp................................................................................................................24 3.6Availabilitymonitoringdaemonsanddevicestatuspages.....................................24 4Syslogevents......................................................................................................................25 4.1Configuringsyslog.confandsyslogng.conf..............................................................26 4.2Zenossprocessingofsyslogmessages.......................................................................27 5ZenossprocessingofWindowseventlogs.........................................................................34 6EventMapping...................................................................................................................35 6.1Workingwitheventclassesandeventmappings....................................................36 6.2Rulesineventmappings............................................................................................39 6.3Regexineventmappings...........................................................................................40 6.4Otherelementsofeventmappings...........................................................................41 7Eventtransforms...............................................................................................................42 7.1UsingzendmdtorunPythoncommands..................................................................44 7.1.1ReferencinganexistingZenosseventforuseinzendmd.................................44 7.1.2Usingzendmdtounderstandeventattributes.................................................45 7.1.3Usingzendmdtounderstandeventmethods....................................................47 7.2Transformexamples...................................................................................................48 7.2.1CombininguserdefinedfieldsfromRegexwithtransform.............................48 7.2.2Applyingeventanddevicecontextinrelationtotransforms..........................49 8ZenossandSNMP..............................................................................................................51 8.1SNMPintroduction.....................................................................................................51 8.2ZenossSNMParchitecture........................................................................................52 8.2.1Thezentrapdaemon............................................................................................52 3 Skills1stLtd 13December2010

8.3InterpretingMIBs......................................................................................................55 8.3.1zenmibexample...................................................................................................55 8.3.2AfewcommentsonimportingMIBswithZenoss.............................................58 8.4TheMIBbrowserZenPack.........................................................................................62 8.5MappingSNMPevents..............................................................................................62 8.5.1SNMPeventmappingexample..........................................................................63 9EventCommands...............................................................................................................68 9.1Creatingeventcommands..........................................................................................68 9.2Debuggingeventcommands......................................................................................70 10Events,Alerts&ProductionStatus...............................................................................74 10.1Alertingrulesforemailandpaging........................................................................74 10.2Otheralertingpossibilities......................................................................................76 10.3TheeffectofdeviceProductionStatus....................................................................78 11Conclusions.......................................................................................................................79 12AppendixAzendmdcommandsusefulwithevents......................................................81

4

Skills1stLtd

13December2010

1 IntroductionZenossisanOpenSource,multifunctionsystemsandnetworkmanagementtool.There isafree,Coreoffering(whichdoesseemtohavemostthingsyouneed),anda chargeableoffering,Enterprise,whichhasextraaddongoodiessuchashighavailability configurations,distributedmanagementservers,rolebasedaccessandvarioussupport contractswhichincludesomeeducationandconsultancy.Foracomparisonofthefee alternatives,tryhttp://www.zenoss.com/product/pricing. Zenossoffersconfigurationdiscovery,includinglayer3topologymaps,availability monitoring,problemmanagementandperformancemanagement.Itisdesignedaround theITILconceptofaConfigurationManagementDatabase(CMDB),theZenoss StandardModel.ZenossisbuiltusingthePythonbasedZopewebapplicationserver andusestheobjectorientedZopeObjectDatabase(ZODB)astheCMDB,usedtostore Pythonobjectsandtheirstates.ZenossusesZEO,asalayerbetweenZopeandthe ZODB. TherelationalMySQLdatabaseisusedtoholdcurrentandhistoricalevents. PerformancedataisheldinRoundRobinDatabase(RRD)files. ThedefaultprotocolsformonitoringaretypicallyagentlesstheSimpleNetwork Managementprotocol(SNMP),WindowsManagementInstrumentation(WMI)and collectingeventsfromsyslogs.Itisalsopossibletomonitordevicesusingtelnet,sshand touseNagiosplugins. ZenossprovidesagoodGettingStartedwithZenossdocumentalongwithaZenoss AdministrationGuideandaZenossDeveloper'sGuide;youcangetthesefromhttp:// www.zenoss.com/community/docs.ThereisalsoawealthofinformationontheZenoss websitebutitisratherdiffusedbetweenFAQs,HowTos,aWikiandcontributionstothe variousforums.AusefulbookisavailablefromPACKTPublishing,ZenossCore NetworkandSystemMonitoringbyMichaelBadger,whichprovidesmuchofthesame informationastheZenossAdministrationGuidebutinamuchclearerformatwith plentyofscreenshots. ThispaperisanattempttoexpandontheeventinformationintheAdministration Guidebydrawingonmyownexperienceandthecollectedwisdomofthecommunity contributions.

2 Zenoss event a

Recommended

View more >