Icinga2 configuration distributed monitoring

Hi Team,

First of all I am new to icinga.

I have couple of questions
Mainly looking for Network monitoring(SNMP)

1.Can we have a HA setup like this ? Install 2 standalone servers, each using its own local database. Slave will sync configuration and database from master server every few minutes or hours.

  1. Is it possible for Icinga to receive and analyses system logs and show alert if there’s a system error ? Is it possible to export the filtered syslog results to a text / excel file ? How long can we keep the syslog if the daily log size is 1GB?

Is it possible for Icinga to receive and analyses security logs e.g. IPS, IDS, AV and show alert if there’s an intrusion ?

I already read the docs but may be i missed some part.
Any help is appreciated
Thanks

First of all I am new to icinga.

Welcome :slight_smile:

1.Can we have a HA setup like this ? Install 2 standalone servers, each
using its own local database. Slave will sync configuration and database
from master server every few minutes or hours.

In what way is that “HA”?

A DB which is a few hours out of date, for a real-time monitoring system, is
not a good design.

If you want HA, you should set up DB replication (using DB tools, not anything
like rsync), which works in real time and genuinely contributes to the H in
HA.

  1. Is it possible for Icinga to receive and analyses system logs and show
    alert if there’s a system error ?

Provided you can find or write (it’s not hard, you can do it in any language
you like) a plugin which does the analysis you need to indicate “a system
error”, then yes. Bear in mind that all Nagios plugins can be used directly
with Icinga.

Is it possible to export the filtered syslog results to a text / excel file ?

That would not be a job for Icinga - it sounds like you need a decent pre-
processor for the type of analysis you’re looking for.

How long can we keep the syslog if the daily log size is 1GB?

Well, a one Terabyte disk is pretty basic these days, and that would give you
just about 3 years. Multiply by Tbytes and/or disks for more.

  1. Is it possible for Icinga to receive and analyses security logs e.g. IPS,
    IDS, AV and show alert if there’s an intrusion ?

Yes, this would count as a “passive service check”.

I already read the docs but may be i missed some part.

I hope you found at least the following:

https://icinga.com/docs/icinga2/latest/doc/06-distributed-monitoring/
#high-availability-master-with-agents

https://icinga.com/docs/icinga2/latest/doc/05-service-monitoring/
#log-monitoring

https://icinga.com/docs/icinga2/latest/doc/05-service-monitoring/
#new-checkcommand

https://www.monitoring-plugins.org/doc/guidelines.html

https://exchange.nagios.org/directory/Plugins

https://icinga.com/docs/icinga2/latest/doc/08-advanced-topics/
#external-check-results

Regards,

Antony.

1 Like

Hi @Pooh
Thanks for the reply also for sharing the docs

A little bit of confusion after reading the docs & forum topics

I tried the setup with 2 masters with separate DB .Want to use director way

When i running node wizard on master2 should i run it as agent setup? then i need to edit the zones.conf manually?

Regards

1 Like

If you want to have 2 Master and 2 DB - you need to do enable_ha=false
Also preferably you may want to do 2 webs as well - as web connects to DB.

In Two master 1 will be config master. So the director should be installed to corresponding
Web1 -> DB1 <- Master1
---------------------- ^
---------------------- |
---------------------- v
Web2 -> DB2 <- Master2

You may want to look at similar question I had when I started my journey with icinga

1 Like