System self destructed overnight - need some guidance
-
Also, not not ever, ever enable the historical data "feature". (There's a giant warning about this.) And yeah, with johnpoz here, this does not happen overnight. The storage space can be monitored via SNMP and you can alert yourself accordingly on set thresholds.
-
Understood about it happening slowly, but pretty sure I would have noticed. I watch the Dashboard System Information panel religiously and the Disk Usage was no where near even 30% yesterday. I have the web console up on my screen (with the system info panel displayed) pretty much the entire time I'm around. Before today I had yet to see any of the MBUF/CPU/Memory/Disk Usage ever get above 25%.
I suppose I could have missed it though.
I did notice when I turned on the "Log packets matched from the default block rules in the ruleset" in the firewall rules settings that a crap ton of blocks started flying by. More than I have ever seen before. Seems unusual but I paid no mind at the time..
I did not have the historical data turned on in ntop btw.
Oh, also forgot to mention I left nmap running a scan on my lan when I left for the night. It was running from a machine on the lan, wouldn't think this could cause anything like this.
At any rate, I save my configuration routinely so worst case I just reinstall and reload the configuration file..
@doktornotor, what application is that a screenshot of?
-
"@doktornotor, what application is that a screenshot of?"
LibreNMS would be my guess ;) Dok had mention setting that up recently ;)
There are plenty of tools that can do it though. If your a windows shop look at prtg.. Its free for 100 sensors.. LibreNMS is just a fork of observium.. But there are shittons of monitoring tools that can provide you that sort of information via snmp.
-
"@doktornotor, what application is that a screenshot of?"
LibreNMS would be my guess ;) Dok had mention setting that up recently ;)
Yeah, that's LibreNMS. There're ready to use self-updating VMs available for download (Ubuntu 16 LTS or CentOS 7)
http://docs.librenms.org/Installation/Ubuntu-image/
http://docs.librenms.org/Installation/CentOS-image/ -
Yeah, that's LibreNMS.
Sorry to hijack the thread, but how do you find working with LibreNMS? I just implemented Zabbix here and while it is nice, it was a tremendous pain in the ass to set up, and doing anything custom was more effort than it was worth.
-
Question: In your opinion could the setting of "Log packets matched from the default block rules in the ruleset" cause the disk to fill up
No. The firewall log is circular. It never grows beyond its set limit.
-
"@doktornotor, what application is that a screenshot of?"
LibreNMS would be my guess ;) Dok had mention setting that up recently ;)
Yeah, that's LibreNMS. There're ready to use self-updating VMs available for download (Ubuntu 16 LTS or CentOS 7)
http://docs.librenms.org/Installation/Ubuntu-image/
http://docs.librenms.org/Installation/CentOS-image/Thanks, maybe this will work for me better instead of trying to get ELK to work..
-
ELK is more for syslog, vs monitoring of interface traffic, disk sizes, services, etc.
-
ELK is more for syslog, vs monitoring of interface traffic, disk sizes, services, etc.
I was referring to the fact it has a prebuilt VM as I can't get ELK to work for the life of me ???
-
@KOM:
Yeah, that's LibreNMS.
Sorry to hijack the thread, but how do you find working with LibreNMS? I just implemented Zabbix here and while it is nice, it was a tremendous pain in the ass to set up, and doing anything custom was more effort than it was worth.
Oh… well, that's about 10,000% easier for anything capable of SNMP, plus no damned agents, proxies etc. required. Adding the devices and getting loads of basic monitoring data, graphs and a list/dashboard with overview of stuff shouldn't take more than a couple of hours. After that, you can play with tuning things, like disabling irrelevant SNMP plugins for various types of devices, customized alerting, monitoring of services (plus possibly some "one-click" remediation procedures if required, did not have time for that yet). Does fairly good job with pretty much default configuration when it comes to categorizing devices and producing relevant graphs for those.
Quick shrinked screenshot of random stuff added to a testing LibreNMS instance:
An overview of a switch:
Anyway, we are totally OT here, LOL. ;D
-
Anyway, we are totally OT here, LOL.
They can sue us. Thanks for the info. Muchly appreciated.
-
Go ahead and thread jack, I don't mind. I'm going to install and learn this app so the knowledge is helpful…