23. 12. 2020 Patrick Zambelli NetEye

Tornado – Getting in Action with Sample Rules

The new complex event processing engine Tornado has been evolving quite quickly during the last few NetEye releases. As you might imagine after reading the latest Neteye 4.15 release notes, Tornado Editor is becoming very powerful and users will find a comfortable UI for configuring Tornado filters and rules.

For me, interacting with Tornado had already started at the early stages when the set of features Tornado had were far away from what you see today.

Because of this I think it’s time that I shared my experience and unified everything I learned into a set of configurations and rules you could use as a starting point for your own first Tornado experience!

When starting with Tornado you can easily follow some of the useful guides released by my colleague Tobias Goller describing how to match incoming SNMP Traps. A great point to start is the project introduction and reference guide published on Github.

The samples provided represent a collection of filters and rules to collect events for very common channels:

  • Email
  • SNMP Traps
  • HTTP Webhooks

For each of these channels a first generic rule archives all incoming events for later analysis. In addition, rule samples are provided that forward your matching events to monitoring in Icinga 2. The so-called “executors” are:

  • icinga2, to process a check result on an existing object within Icinga2
  • director, an action to generate a monitoring object within the Director
  • smart monitoring check result, a new executor which acts like “icinga2”, but with the ability to dynamically generate a host or service object if not already defined.
Importing the sample rules into your Tornado environment

The sample rules here are published on the public github repository “neteye4” where you can find the rules in JSON format within the folder ./monitoring/tornado/tornado_sample_rules/.

As there is no possibility to import those files via the user interface, you must clone the repository and copy the files into the drafts/ folder used by the Tornado Editor.

Some advice: Changing files within the drafts/ folder can potentially destroy your existing configuration. Please perform the following steps only on a clean Tornado environment!

A guide to manually installing those rules can be found on Github in the README. To speed things up there’s even a script for automated setup: calling run_setup.sh with parameter tornado performs the copy operation for you.

I hope you find the provided configuration samples useful for your first contact with Tornado and that you have fun exploring the possibilities of event processing with Tornado!

Patrick Zambelli

Patrick Zambelli

Project Manager at Würth Phoenix
After my graduation in Applied Computer Science at the Free University of Bolzano I decided to start my professional career outside the province. With a bit of good timing and good luck I went into the booming IT-Dept. of Geox in the shoe district of Montebelluna, where I realized how a big IT infrastructure has to grow and adapt to quickly changing requirements. During this experience I had also the nice possibility to travel the world, while setting up the various production and retail areas of this company. Arrived at Würth Phoenix I started developing on our monitoring solution NetEye. Today, in my position as Consulting an Project Manager I am continuously heading to implement our solutions to meet the expectation of your enterprise customers.

Author

Patrick Zambelli

After my graduation in Applied Computer Science at the Free University of Bolzano I decided to start my professional career outside the province. With a bit of good timing and good luck I went into the booming IT-Dept. of Geox in the shoe district of Montebelluna, where I realized how a big IT infrastructure has to grow and adapt to quickly changing requirements. During this experience I had also the nice possibility to travel the world, while setting up the various production and retail areas of this company. Arrived at Würth Phoenix I started developing on our monitoring solution NetEye. Today, in my position as Consulting an Project Manager I am continuously heading to implement our solutions to meet the expectation of your enterprise customers.

Leave a Reply

Your email address will not be published.

Archive