The new complex event processing engine Tornado has been evolving quite quickly during the last few NetEye releases. As you might imagine after reading the latest Neteye 4.15release notes, Tornado Editor is becoming very powerful and users will find a comfortable UI for configuring Tornado filters and rules.
For me, interacting with Tornado had already started at the early stages when the set of features Tornado had were far away from what you see today.
Because of this I think it’s time that I shared my experience and unified everything I learned into a set of configurations and rules you could use as a starting point for your own first Tornado experience!
The samples provided represent a collection of filters and rules to collect events for very common channels:
Email
SNMP Traps
HTTP Webhooks
For each of these channels a first generic rule archives all incoming events for later analysis. In addition, rule samples are provided that forward your matching events to monitoring in Icinga 2. The so-called “executors” are:
icinga2, to process a check result on an existing object within Icinga2
director, an action to generate a monitoring object within the Director
smart monitoring check result, a new executor which acts like “icinga2”, but with the ability to dynamically generate a host or service object if not already defined.
Importing the sample rules into your Tornado environment
The sample rules here are published on the public github repository “neteye4” where you can find the rules in JSON format within the folder ./monitoring/tornado/tornado_sample_rules/.
As there is no possibility to import those files via the user interface, you must clone the repository and copy the files into the drafts/ folder used by the Tornado Editor.
Some advice: Changing files within the drafts/ folder can potentially destroy your existing configuration. Please perform the following steps only on a clean Tornado environment!
A guide to manually installing those rules can be found on Github in the README. To speed things up there’s even a script for automated setup: calling run_setup.sh with parameter tornado performs the copy operation for you.
I hope you find the provided configuration samples useful for your first contact with Tornado and that you have fun exploring the possibilities of event processing with Tornado!
After my graduation in Applied Computer Science at the Free University of Bolzano I decided to start my professional career outside the province. With a bit of good timing and good luck I went into the booming IT-Dept. of Geox in the shoe district of Montebelluna, where I realized how a big IT infrastructure has to grow and adapt to quickly changing requirements. During this experience I had also the nice possibility to travel the world, while setting up the various production and retail areas of this company. Arrived at Würth Phoenix I started developing on our monitoring solution NetEye. Today, in my position as Consulting an Project Manager I am continuously heading to implement our solutions to meet the expectation of your enterprise customers.
Author
Patrick Zambelli
After my graduation in Applied Computer Science at the Free University of Bolzano I decided to start my professional career outside the province. With a bit of good timing and good luck I went into the booming IT-Dept. of Geox in the shoe district of Montebelluna, where I realized how a big IT infrastructure has to grow and adapt to quickly changing requirements. During this experience I had also the nice possibility to travel the world, while setting up the various production and retail areas of this company. Arrived at Würth Phoenix I started developing on our monitoring solution NetEye. Today, in my position as Consulting an Project Manager I am continuously heading to implement our solutions to meet the expectation of your enterprise customers.
We fixed a bug in Tornado which cause skipping of the default master tenant filter if no satellite is configured. For NetEye 4.22 we updated the following packages: tornado, tornado-autosetup, tornado-common, tornado-neteye-config, tornado-dto, tornado-rsyslog-collector to version 1.18.5-1
We fixed a bug in Tornado which cause skipping of the default master tenant filter if no satellite is configured. For NetEye 4.23 we updated the following packages: tornado, tornado-autosetup, tornado-common, tornado-neteye-config, tornado-dto, tornado-rsyslog-collector to version 1.19.3-1
In our previous post we discussed how to handle RD users using CMDO, focusing on the scripts needed to obtain a unique identifier for each users in the RD Farm. In this post I want to focus on how to Read More
Today my objective is to collect the performance metrics from various NetEye Icinga checks and write them out to Elasticsearch so I can apply Machine Learning (ML) algorithms to identify potential anomalies. This is a task that's not possible with Read More
With NetEye 4.22 we released a feature awaited for years: the ability to reach the Elasticsearch API externally, thanks to our NGINX proxy under NetEye. This new feature brings with it a lot of use cases, but what was turning Read More