@pony @valleyforge nagios but with only ping and ssh checks

@pony @valleyforge also icinga2 is the better nagios

@wolf480pl @valleyforge is this an endorsement i can pitch to my boss

@pony @valleyforge tbh I don't know if nagios has newer versiona that are good, but you could like test icinga2 and see if you like it.

When I'm home I can show you some examples of configuration, and screenshota and stuff, if you want.

@wolf480pl @valleyforge nah, i mean, i had an intern try the nagios, it didn't go as i hoped it would, but it felt viable

@pony @valleyforge I've only seen ages old nagios at previous job.

@wolf480pl @valleyforge lot of windows machines in the network too (and some HSM's with SNMP based something, or network switches), i mean, i imagine that having to do some agent/snmp setup isn't an absolute no-go, but it then at least needs a semi-automated way of identifiying and alerting me or whoever about non-agented/monitored hosts

@pony @wolf480pl @valleyforge what wolf480pl@mstdn.io
said and maybe arpwatch for any VLAN, just to be aware that "a new kid is on the block"

@pony @valleyforge well if there's.no agent running on a thing, you can only check stuff like ping, arp, are the ports that are supposed to be open open, etc. So ssh for linux thinga and idk rdp? for windows.

You could also run some agent on hypervisors and export VM data from there, at least stuff like cpu usage should be available.

Also, for physical servers you could check power status and sensors via IPMI.

@pony @valleyforge Also instead of nagios/icinga you coyld use sth more trendy like prometheus

@pony @valleyforge the advantage to that wouls be easier to find existing maintained plugins/integrations, the disadvantage is that it's trendy

@wolf480pl @valleyforge that's not horrible, node_exporter, because it's in go, can be just wrapped into a single static bin and run kinda everywhere, but i don't feel like i want that

@wolf480pl @pony @valleyforge icinga/nagios has a nice ecosystem of plugins with all pros and cons of a "community based" ecosystem (*hrm*)... Some guys here at $JOB diddled around with a full blown auto-discovery system for networks, but it's a lot of work and needs to be tailored at least somehwat. And a good monitoring system NEEDS MAINTENANCE unless you want to drown in false alarms... So, Ponys boss needs to be aware of needed manpower for ANY solution...

@rru142 @wolf480pl @valleyforge there will always have to be someone watching, the thing is for them to have something to watch, because right now, if i want to know things, i have to look at server oob managements to figure out health of the machines (like dead disks on their raids or hw), i have to run and analyze nmap scans, i can only semi-guess the operating systems or presence of updates and i have actually no idea about the history of anything and no way of tracking a person who created it and should either be forced to manage it or remove

@pony @valleyforge @wolf480pl
Monitoring would then be only be part of the solution. at $JOB we've been there and still are. One rule we have is, when some developers want to create their own machines, they have a "playpen network", can almost do what they want but are fully responsible for their stuff .
Anything that connects to "real development" is managed by an infrastructure team. And anything that connects to "production" is off limits for people that do not manage production machines.

@rru142 @valleyforge @wolf480pl in order for the "real development" to happen, that have to be a lot of things that work and no idiot should poke them without a reason, but i don't even have a network subnet worth subdividing tbh, lol

@pony @valleyforge @wolf480pl Ugh - well that is something you need to talk about with your boss then, me thinks. You need more subnets :-)

@rru142 @valleyforge @wolf480pl i got one /22, not sure i want to bother

but this is not a boss matter, this is the fucking it matter, i don't talk to them anymore, i get too angry when i do

@pony @valleyforge @wolf480pl /22 is OKish (don't know much about the requirements there, so take anything with a grain of salt...), our project networks are /29 or /28 mostly - and lot's of firewall rules... And yes, some project leaders have to learn "our" rules, but we learned as well from project leaders and if someone can explain well why he needs the exception to the rules and what understands the impilcations he can have it.
So you'll become (or are already) your own IT department then?

@rru142 @valleyforge @wolf480pl i actually want to become less of an IT department and use their services where possible, instead of doing every single crap myself, but we're talking people whom i asked about making few NS records so we can have own DNS servers in the network (which we really need as everything is HTTP based these days), or at very least making some A's I will ask for, and then just denied me, ...

@pony @valleyforge @wolf480pl OUCH! No good.

@rru142 @valleyforge @wolf480pl i just hate them at this point, everything they do feels openly hostile

@pony @valleyforge @wolf480pl Your boss is aware of that situation?

@rru142 @valleyforge @wolf480pl yes, i escalate things to her, but she's also a rather small boss in the grand scheme of things

@pony @valleyforge @wolf480pl *sigh*, I feel with you...

@wolf480pl @pony @valleyforge For network inventory there's still netdisco, it#s in its second incarnation, the first started in the stone ages of networking, it's still a good thing to have IMHO - does not care about servers though... (t. we have it still running at $JOB and it's monitoring a few hundred switches over the world...)
http://netdisco.org/

@wolf480pl @valleyforge yeah, if it could integrate with a libvirt-managed hypervisor (kvm+qemu which we are getting for most machines) on some level, that would be awesome

security yelled at me for having ipmi enabled on some hosts, lol