In this post I’ll describe a concrete use case of the Tornado Map Modifier that will enable us to cover in a single rule many cases in both a user-friendly and performance-friendly way. This feature of Tornado allows us to avoid a common anti-pattern: the repetition of rules with minimal differences. This anti-pattern creates a…
Read MoreHow can we allow a Tornado administrator to successfully track down the flow of an event through Filters, Rules and Actions of Tornado, when Tornado is processing thousands of events per second? Tornado administrators can have a hard time reading Tornado logs to understand where for example an action error comes from. Take this log…
Read MoreSIEM Module We fixed a bug in SIEM Module which prevents Kibana to generate reports. For NetEye 4.17 we updated the following packages: elasticsearch elasticsearch-autosetup elasticsearch-neteye-config elasticsearch-xpack-license filebeat filebeat-autosetup filebeat-neteye-config kibana kibana-autosetup kibana-neteye-config logstash logstash-autosetup logstash-neteye-config logstash-neteye-config-autosetup to version 7.10.1_neteye3.22.1-1. Tornado Module We fixed a bug in Tornado which prevented, in cluster installations, the configuration…
Read MoreTornado is an event-driven engine that substitutes the previous engine called Eventhandler. Its use in NetEye is becoming ubiquitous, and this is just the start! One of its main uses in the NetEye ecosystem is to trigger status changes within Icinga (this in turn will usually send emails to stakeholders). However, understanding exactly what is…
Read MoreAs a NetEye user I might want to install a Remote Host Agent that belongs to a Zone that can’t communicate directly with the Master. So to be able to do this, we decided to use Tornado and NATS. Linking with Patrick’s article in this article I’ll explain how to configure them. What we want…
Read MoreIn my previous post I showed you how to make your own alerts on NetEye SIEM by using the Elastic Watcher and Alerts and Actions features. But if we work in production environments, what we really need is an alert that can go directly to NetEye’s Monitoring Overview. How can we manage SIEM alerts and…
Read MoreWe introduced an interesting new feature into NetEye starting in version 4.13 that permits integrating vSphereDB with Tornado. By being able to process vSphereDB Events and Alarms with Tornado rules and actions, you can for example use vSphereDB to dynamically monitor Virtual Machines and Hosts. Architecture Finding a way to send Alarms and Events stored…
Read MoreThe new complex event processing engine Tornado has been evolving quite quickly during the last few NetEye releases. As you might imagine after reading the latest Neteye 4.15 release notes, Tornado Editor is becoming very powerful and users will find a comfortable UI for configuring Tornado filters and rules. For me, interacting with Tornado had…
Read MoreWhen implementing monitoring with Icinga2 you will soon reach the point where you will have to install Agents in order to monitor your infrastructure in-depth. Here the Icinga2 Agent provides concepts to access information about and the properties of an operating system over a secure remote connection. In an enterprise environment consisting of thousands of…
Read MoreDuring one of my last customer assignments, I migrated the NetEye Event Handler Trap rules to Tornado. Since many customers use the event handler in a similar way, I’d like to explain here the creation of these rules in Tornado. In the following I’ll briefly explain the following use case: Passive service checks have been…
Read MoreKentix MultiSensor is a device which includes many sensors for use in monitoring server and IT rooms. The sensor only needs to be connected to your network (PoE is required) and to have SNMP configured through its web interface. The LAN version we used in this test monitors: Temperature Humidity Dewpoint Fire (carbon monoxide) Motion…
Read MoreBetween one trial run and another, in these summer days I’ve also taken my time to deepen the theme on the interaction between NetEye 4 and ticketing systems. For my tests I chose the Jira Service Desk Cloud, and I must honestly say that the result achieved was satisfactory 🙂 As a method of integration…
Read MoreUntil the NetEye 4.10 release, the Tornado module inside NetEye handled communications between its components (the Tornado Collectors and the Tornado Engine) via direct, clear-text TCP connections. On local systems, this configuration does not represent a limitation, since in this case there is no requirement to verify the identity of the peer (it is always…
Read MoreIn this blog post I will describe a potential use of Tornado to monitor events in near real-time, while keeping historical information about the received events. Use Case Often as a user I want to collect data from different sources, e.g. Windows events, and then according to some simple rules set the status of some…
Read MoreBefore I tell you about one of my latest customer requirements, I would like to briefly explain what our NetEye Tornado module is. In our user guide you will see it written that Tornado is the successor to NetEye’s Event Handler. It is a plugin-based, stateless, scalable rule matching engine written in Rust, based on…
Read More