NetEye 4 is based on Icinga 2. How can we monitor it? There are several options available; here I choose Icingabeat and test it.
Icingabeat is an Elastic Beat that fetches data from the Icinga 2 API and sends it directly to either Elasticsearch or Logstash. In my case, I wanted to send the information directly to Elasticsearch.
Beats are great for gathering data. They sit on servers, and then centralize data in Elasticsearch. And if it needs more processing muscle, Beats can also ship the data to Logstash for transformation and parsing. Beats gather logs and metrics from unique environments and document them with essential metadata from hosts, container platforms like Docker and Kubernetes, and cloud providers, before forwarding them on to the Elastic Stack.
The first step is to install Icingabeat. There are several different ways to do this, but I chose to install the package with yum.
After finishing the installation, I started to configure the file icingabeat.yml. I set different parameters like the hostname, port number, and login credentials of the Icinga API endpoint. In the same file, I set the parameter that tells Elasticsearch and Kibana to use the Elastic Stack 6.2 present in NetEye 4. I then used the NetEye 4 Log Manager that comes pre-installed when Search Guard is integrated. Search Guard is a security plugin for Elasticsearch and the entire Elastic Stack that offers encryption, authentication, authorization, auditing, logging, multi-tenancy and compliance features. Log Manager allowed me to verify that Elastic Stack, Search Guard and Icingabeat were properly integrated.
When I finished configuring that file, I started the icingabeat service. I then imported the dashboard for monitoring Icinga 2 following the documentation from the Icingabeat site:
Then I selected the Log Analytics module of NetEye, opened the new dashboard import with Icingabeat, and voilà!
Icingabeat Check Result
Icingabeat Status
Now I can explore data collection from Icingabeat with just a few clicks and analyze the status of any service. The data is stored in a new index icingabeat-* that was created during the installation and configuration of the dashboard. Then, with the power of Search Guard, I can select who can see the index (authorization) in NetEye by clicking on the Search Guard link. I can also select which users can access (authentication) this information, either with an internal user database or by attaching to Active Directory or some other LDAP service.
Clicking on the Search Guard link when logged in as the admin user of Search Guard shows the various functionalities implemented in the following screenshot:
Hi, I’m Franco and I was born in Monza. Over the last 20 years I worked for IBM in various roles. I started as a customer service representative (help desk operator), then I was promoted to Windows expert. In 2004 I changed again and was promoted to consultant, business analyst, then Java developer, and finally technical support and system integrator for Enterprise Content Management (FileNet). Several years ago I became fascinated by the Open Source world, the GNU\Linux operating system, and security in general. And so in the last 4 years during my free time I studied security systems and computer networks in order to extend my knowledge. I came across several open source technologies including the Elastic stack (formerly ELK), and started to explore them and other similar ones like Grafana, Greylog, Snort, Grok, etc. I like to script in Python, too. In addition to studying in my free time I dedicate myself to my family (especially my little daughter) and I like walking, reading, dancing and making pizza for friends and relatives.
Author
Franco Federico
Hi, I’m Franco and I was born in Monza. Over the last 20 years I worked for IBM in various roles. I started as a customer service representative (help desk operator), then I was promoted to Windows expert. In 2004 I changed again and was promoted to consultant, business analyst, then Java developer, and finally technical support and system integrator for Enterprise Content Management (FileNet). Several years ago I became fascinated by the Open Source world, the GNU\Linux operating system, and security in general. And so in the last 4 years during my free time I studied security systems and computer networks in order to extend my knowledge. I came across several open source technologies including the Elastic stack (formerly ELK), and started to explore them and other similar ones like Grafana, Greylog, Snort, Grok, etc. I like to script in Python, too. In addition to studying in my free time I dedicate myself to my family (especially my little daughter) and I like walking, reading, dancing and making pizza for friends and relatives.
The Cyber Apocalypse CTF is back with the 2022 edition. It’s a Jeopardy-style competition organized by Hack The Box and is open to everyone. Together as a security-focused guild (a concept taken from the Spotify model) we here at Würth Read More
The correct configuration and scheduling of downtime is an essential element of a monitoring system for several reasons: Mitigating notificationsProviding IT operations and Service Desk teams with timely information about when monitored systems may be subject to faults due to Read More
These days we live in a data-driven world, where the collection and analysis of data empowers not only companies but also individuals to plan future actions based on the information that is extracted. NetEye enables both the collection and analysis Read More
We fixed a bug for which the healthcheck 00400_local_neteye_target_services_are_disabled was failing on NetEye Satellites due to some services enabled by default on the NetEye Satellites. The healthcheck now does not control the state of such services on Satellites. For NetEye Read More
We fixed a bug for which the healthcheck 01220_telegraf_retention_policy_set was failing on NetEye Satellites. The healthcheck is now skipped on Satellites. For NetEye 4.22 we updated the following packages: icingaweb2-module-analytics, icingaweb2-module-analytics-autosetup to version 1.48.3-1