Disclaimer: I was provided with a review copy of this book free of charge by the publisher. Please rest assured that I haven’t let this colour my judgement.
If you’re looking for a book to help you configure the excellent systems monitoring software Cacti, then Cacti 0.8 Network Monitoring
The book starts off reasonably – it gives a clear guide to installing Cacti on a Debian system, and also installing Cacti from source. With any book of this nature there’s always the problem that there are so many different forms of Linux/Unix on which the application can be run – Cacti supports Linux, BSD, MacOS, Solaris – that you could fill a whole book just detailing the differing installation steps.
The next few chapters, in fact the bulk of the book, concerns the basic configuration of Cacti – adding devices to be monitored, arranging the graphs and user management. Again, the explanations here are competent if not exceptional.
I think it would have been beneficial if the book had contained at least some basic details on how to enable SNMP on some common devices that are likely to be monitored – perhaps a couple of lines of Cisco config, some details on installing and configuring net-snmpd possibly. Unfortunately the book covers none of this.
For the more advanced user, the book has a reasonable high-level overview of the SNMP protocol, but is rather short on the details of writing your own Cacti plugins. The topic is covered, but includes little more information than the help text displayed on screen within Cacti itself. For me, this was the biggest disappointment with the book.
Overall, the book is a reasonable purchase for those unfamiliar with Cacti, particularly given the lack of alternatives. Those hoping to find a guide to more advanced topics will be disappointed however, with more comprehensive information available in the Cacti documentation on-line.
If you’ve already got Nagios monitoring your SSL-enabled web server, then it’s very easy to make it also warn you when your SSL certificate is soon to expire.
Simple change your check_https command definition (in the file /etc/nagios-plugins/config/http.cfg on Debian/Ubuntu) to the following:
define command{
command_name check_https
command_line /usr/lib/nagios/plugins/check_http --ssl -C 14 -H '$HOSTADDRESS$' -I '$HOSTADDRESS$'
}
The ‘14′ in the command line is the number of days prior to expiry Nagios should warn you to renew the certificate – change as appropriate.
Now Nagios will produce a warning when your SSL certificate is close to renewal time, and show status CRITICAL if you let it expire anyway.
We’ve been using Varnish cache for some time, and I’ve been massively impressed by both its performance and flexibility. As part of a solution to help scale websites it’s unbeatable, especially with its support for ESI.
Anyway, we wanted to integrate monitoring of Varnish into the existing Cacti setup we have, and so I wrote a little plugin to do this. It’s loosely based on the code posted here but it’s more ‘inspired by’ rather than based upon.
It produces just one graph (above), which shows the number of requests/second, hits/second and misses/second.
Installation is pretty straightforward:
- Make the Varnish management daemon available to your Cacti machine (Make sure you lock down appropriately with iptables or similar, because there is no authentication for this interface)
- Copy get_varnish_stats.py to your cacti scripts directory (/usr/share/cacti/site/scripts in Debian/Ubuntu)
- Import the XML template via the Cacti interface
You can download the plugin here.
28
Why Tornado shows the future of Web Servers, but not for the reason you might think
0 Comments | Posted by admin in Speculation
There’s been a lot of discussion around the release of Tornado, the web server that powers FriendFeed, which was recently Open Sourced.
Most of this discussion revolves around the technical merits of Tornado; whether other platforms are quicker, or whether it’s too limited. Whilst interesting, I think that many of these discussions are rather missing the point.
What I find interesting about FriendFeed is that it was built primarily because of the requirements of the way the FriendFeed site works. To give an overview without getting too much into the technical details, the difference is in the way real-time data is updated.
The way pretty much every other website works with regards to updating data is to poll for updates at regular intervals. FriendFeed works differently; they create a connection to the server, and sit there waiting for an update. When an update does happen, it displays immediately, because there’s no need to wait for a polling update to run.
A website that works like this, with every user having a connection open waiting for an update, isn’t feasible to create when using a mainstream web server (Apache, Nginx, IIS), because they are designed with the older ‘open a connection, send the data, close the connection’ way of working in mind.
I expect that as desktop software dies out and everything moves to a web-based ’software-as-a-service’ approach it will become increasingly common that parts of the site will run on custom-written software. The days of the dominance of Apache are over, not because another better webserver daemon has come along, but because with increasingly complex webapps one size no longer fits all.
Many networks have hosts which aren’t directly accessible via SSH, but have to be connected to via another host. This can be a pain, especially when one wishes to use scp or sftp.
For a while now I’ve been using the following in my SSH .config file to allow me to SSH ‘directly’ to such hosts:
Host ultimate-destination-name ProxyCommand ssh -q intermediary-host nc %h %p $* HostName ultimate-destination-host
Where ‘ultimate-destination-name’ is the friendly name for the remote host – this probably shouldn’t be a hostname to avoid confusion, ‘intermediary-host’ is the Internet-accessible host to connect via, and ‘ultimate-destination-host’ is the local hostname/IP for the destination machine, ie what you’d type after ssh once logged into the intermediary host.
You’ll need netcat installed on the intermediary host for this to work.
Apart from the obvious advantage of being able to just type ’ssh foo’ to get straight to host foo, this method also allows you to use your local ssh keys without any sort of trust arrangement.
