Guidance to Survive Monitoring

While working in the monitoring field for a long time, here are some rules I try to follow when requirements go awry. Rule #1: Only create an alert when human interaction is required When you setup a monitoring, it tends to get noisy very quickly. The problem is, people want to know everything and want to monitor everything. You tend to build a system which sends you a lot of alarms and you will get alarm fatique. Continue reading

He's dead, Jim

If you operate networks there is a big chance you had to deal with SNMP - the Simple Network Management Protocol. If you ever wondered where it came from, it started with a big bang. On October 27, 1980, there was an unusual occurrence on the ARPANET. For a period of several hours, the network appeared to be unusable, due to what was later diagnosed as a high priority software process running out of control. Continue reading

Monitoring Websites with OpenNMS

Monitoring websites is a common requirement. Using OpenNMS to monitor websites can be done by using the built in HTTP/HTTPS based monitors. While a “Node” can be pretty much everything in a network, the internal model to monitor something is pretty old-fashioned and static. Monitoring a service requires to assign a service to an IP address. This article describes a pattern how you can monitor web sites with low maintenance and without the need to maintain for each website a monitor which is cumbersome in maintenance. Continue reading

Authenticate OpenNMS Horizon with FreeRADIUS

Centralized authentication is a core service as soon you have a network with more than 3 computers. This article is about how to authenticate a OpenNMS Horizon 22.0.2 using RADIUS provided by a FreeRADIUS service. In this example the FreeRADIUS server is configured to provide 3 users. A dictionary is configured which returns 2 roles, ROLE_USER and ROLE_ADMIN which can be used to decide which security role is assigned in the OpenNMS Horizon Web UI. Continue reading

Authenticate OpenNMS Horizon with Active Directory on Windows Server 2016

Centralized authentication is a core service as soon you have a network with more than 3 computers. This article is about how to authenticate a OpenNMS Horizon 22.0.1 against an Active Directory provided on a Microsoft Windows Server 2016. I’ll focus here on the Active Directory and Spring configuration parts, securing the connection with LDAPS and using self-signed certificates in Java is another topic and not covered here. In this example the domain is called labmonkeys. Continue reading

Build OpenNMS with Docker

Being able to compiling an Open Source project is important. You can change the code, so you should also able to build it. Why is there a dedicated Docker image for the build environment? The dependencies running a pre-build OpenNMS Horizon distribution and compiling from source are different. To build OpenNMS Horizon you need Apache Maven and to compile JICMP, JRRD you need a C compiler environment. This is nothing you want to carry when you just want to run OpenNMS Horizon. Continue reading

Hipster vs. Microsoft

This week was great, Microsoft bought GitHub! All the Hipsters went crazy and a lot of open source people move now their repos to GitLab. There is even a Hashtag #movingtogitlab floating around. The GitLab importer showed significant peaks when the news broke out. What the hell happened? GitHub is the new SourceForge GitHub was cool, it made Git to shine. GitHub was the platform to collaborate on software development in public and helped to make Git the de-facto standard as a free and decentralized version control system. Continue reading

Scanning for SNMP communities

Adding devices into monitoring system is easy. Getting all the right SNMP communities for them is harder. People don’t give you the right community string or forget to open firewall ports. If you have to test a lot of IP’s against various IP addresses you can use nmap and a community list file as an input. Be aware you talk about permission to run this test otherwise somebody can get angry when you try to brute-force community strings against their devices. Continue reading