The new complex event processing engine Tornado has been evolving quite quickly during the last few NetEye releases. As you might imagine after reading the latest Neteye 4.15release notes, Tornado Editor is becoming very powerful and users will find a comfortable UI for configuring Tornado filters and rules.
For me, interacting with Tornado had already started at the early stages when the set of features Tornado had were far away from what you see today.
Because of this I think it’s time that I shared my experience and unified everything I learned into a set of configurations and rules you could use as a starting point for your own first Tornado experience!
The samples provided represent a collection of filters and rules to collect events for very common channels:
Email
SNMP Traps
HTTP Webhooks
For each of these channels a first generic rule archives all incoming events for later analysis. In addition, rule samples are provided that forward your matching events to monitoring in Icinga 2. The so-called “executors” are:
icinga2, to process a check result on an existing object within Icinga2
director, an action to generate a monitoring object within the Director
smart monitoring check result, a new executor which acts like “icinga2”, but with the ability to dynamically generate a host or service object if not already defined.
Importing the sample rules into your Tornado environment
The sample rules here are published on the public github repository “neteye4” where you can find the rules in JSON format within the folder ./monitoring/tornado/tornado_sample_rules/.
As there is no possibility to import those files via the user interface, you must clone the repository and copy the files into the drafts/ folder used by the Tornado Editor.
Some advice: Changing files within the drafts/ folder can potentially destroy your existing configuration. Please perform the following steps only on a clean Tornado environment!
A guide to manually installing those rules can be found on Github in the README. To speed things up there’s even a script for automated setup: calling run_setup.sh with parameter tornado performs the copy operation for you.
I hope you find the provided configuration samples useful for your first contact with Tornado and that you have fun exploring the possibilities of event processing with Tornado!
After my graduation in Applied Computer Science at the Free University of Bolzano I decided to start my professional career outside the province. With a bit of good timing and good luck I went into the booming IT-Dept. of Geox in the shoe district of Montebelluna, where I realized how a big IT infrastructure has to grow and adapt to quickly changing requirements. During this experience I had also the nice possibility to travel the world, while setting up the various production and retail areas of this company. Arrived at Würth Phoenix I started developing on our monitoring solution NetEye. Today, in my position as Consulting an Project Manager I am continuously heading to implement our solutions to meet the expectation of your enterprise customers.
Author
Patrick Zambelli
After my graduation in Applied Computer Science at the Free University of Bolzano I decided to start my professional career outside the province. With a bit of good timing and good luck I went into the booming IT-Dept. of Geox in the shoe district of Montebelluna, where I realized how a big IT infrastructure has to grow and adapt to quickly changing requirements. During this experience I had also the nice possibility to travel the world, while setting up the various production and retail areas of this company. Arrived at Würth Phoenix I started developing on our monitoring solution NetEye. Today, in my position as Consulting an Project Manager I am continuously heading to implement our solutions to meet the expectation of your enterprise customers.
Do you ever need to reboot or do maintenance on your Windows Server? Then if the server is monitored by NetEye, you'll surely want to mark it in downtime so as not to have notifications sent out for problems arising Read More
Currently, deploying an Icinga 2 Agent on a Linux system can be intricate, given the substantial variations in the process across different releases or OS families. For instance: The repository definition differs for each OS version and family User and Read More
Tornado is a CEP "Complex Event Processor" that receives reports of events from data sources such as monitoring and email, matches them against preconfigured rules, and executes the actions associated with those rules. Some vendors provide static notification systems that Read More
Scenario Veeam Backup & Replication product is widely used for backuping virtual machines, primary hosted on VMware vSphere infrastructure. It could also backup physical machines through dedicated agents. It’s very important to keep the backup status monitored: it would be Read More
Most physical NetEye servers have an SMS Gateway attached in order to send CRITICAL notifications via an SMS message, since this will work even when the main network is down. However, sometimes you just want to send messages to your Read More