November 27, 2003

SENTINIX Gives the Boot to Monitoring Woes

Bruce Knox writes "
SENTINIX gives the boot to monitoring woes by artfully using a collection of best of class free software products. Download the ISO image, burn the CD, boot, type om (UP) or omsmp (SMP) to chose an openMosix kernel, and type install.

The installation will walk you through formatting the new hosts hard drive and installing the software. (There is a great HowTo available from the project website.)

Reboot the system and it starts with openMosix running and the pre-configured network and service monitoring tools are started and working.

Where most CD distributions try to "do it all" or "do only one thing well", SENTINIX does just two.

Yes, two. But let us explain later. First, some details on SENTINIX.

Michel Blomgren leads the development of SENTINIX (perhaps you new it as Compledge Sentinel which was the predecessor of SENTINIX). Michel said, "SENTINIX is a Linux distribution designed for monitoring, auditing, intrusion detection, statistics and anti-spam. It is completely free; free to use, free to modify and free to distribute."

SENTINIX includes the following software, installed and pre-configured:
Nagios - Host, service and network monitoring (was NetSaint). http://Nagios.org
Nagat - Web based Nagios Administration Tool (written in PHP). http://sourceforge.net/projects/nagat/
Snort - Network Intrusion Detection System. http://www.snort.org/
SnortCenter - A web-based client-server management system written for Snort. http://users.pandora.be/larc/
ACID - Analysis Console for Intrusion Databases (ACID). http://www.cert.org/kb/acid/
Cacti - Network monitoring/graphing. http://www.raxnet.net/products/cacti/
RRDTool - Round Robin Database is a system to store and display time-series data. http://people.ee.ethz.ch/~oetiker/webtools/rrdtool //index.html
Nessus - Security scanner software which will audit remotely a given network. http://www.nessus.org/
Postfix - Fast, easy to administer, and secure, sendmail alternative. http://www.postfix.org/
MailScanner - Anti-Virus and Anti-Spam e-mail Filter. http://www.sng.ecs.soton.ac.uk/mailscanner/
SpamAssassin - A mail filter to identify spam. http://spamassassin.org/
plus MySQL, Apache, PHP, Perl, Python, openMosix, and more.

OK, that is a great collection, but this is on openMosix. Why is mail coming into the cluster? That is so different from the typical openMosix HPC cluster I had to ask:

bknox: "Michel, I know Nagios needs mail to send e-mail notices, but why are you putting a full mail system inside the cluster?"

michel: "Not inside a cluster; SENTINIX is the cluster!"

"As a sysadmin I have frequently seen the need to add more processing power as e-mail traffic increases. The e-mail server is suddenly overloaded and a solution is needed immediately. With the typical system design, this is never easy, it is always tedious and expensive, and it generally causes down time. So, you follow a period of poor system performance by one of system outage."

"But SENTINIX is on openMosix. You add a new computer to the network, boot it from the SENTINIX CD, and a node adds itself to the Cluster. In seconds the load is being taken up by the new "temporary" machine and the old server is back to running as intended."

bknox: "So, you are just using the built-in load leveling of openMosix with these standard e-mail filtering applications? And the results?"

michel: "Thats right, SpamAssassin and MailScanner are processing intensive, use modest IO, and the e-mail handling generates several forked processes. We thought that this would be great fit for openMosix and it is."

bknox: "OK, I know the theory. Processes automatically move to the available resources. But, the proof is in the results. What kind of test results have you seen?"

michel: "My tests are not rigorous or scientific, but sending a huge number of e-mails to a dual-processor (SMP) SENTINIX node plus one additional openMosix node will generally lower the workload on the dual-processor system and also finish the last e-mail more quickly (20-25% faster with no tuning or special consideration given to the cluster). I will share the details."

bknox: "SENTINIX is also monitoring the processors and services that can be seen on the network,but openMosix HPC clusters are typically well hidden behind a firewall. What if you move SENTINIX inside that HPC cluster?"

michel: "Sendmail was originally in the distro to handle outbound e-mail (Nagios alerts primarily). Then I choose Postfix instead and put MailScanner+SpamAssassin on top of that. With Nagios, you'll need an MTA otherwise Nagios won't send any alerts (unless one configures 'nail' to use SMTP only). But, the MailScanner+SpamAssassin suite should only be used if one intends to use the box as an e-mail gateway/proxy to filter out spam and e-mail viruses, otherwise, running Postfix alone will be sufficient to handle Nagios alerts and outbound e-mail. So, running inside an HPC cluster you just stop MailScanner and SpamAssassin."

bknox: "Matt, SENTINIX appears to compliment the type of monitoring done by your openMosixview?"

matt: "I just tested it {SENTINIX 1 BETA 01} . . . and I love it. SENTINIX is VERY easy to install and if you have some cluster-nodes fitting to the running openMosix kernel 2.4.22-openMosix-1, it is the BEST for monitoring those nodes."

michel: "I just re-ran my SENTINIX cluster test watching openMosixview display the process migration. I found that extremely useful; exactly what I needed."

michel: "In the SENTINIX 0.70.5 (beta 2) I have downgraded Linux from 2.4.22 to 2.4.21. Also, Beta 2 is now able to boot the 'omsmp' kernel from the CD, modprobe a NIC and configure eth0 using DHCP, then starting omdiscd, so one should be able to boot diskless nodes to add them to a SENTINIX cluster from the same installation CD. Stay tuned!"

Michel is looking for a few talented volunteers including beta testers, programmers, anti-spam specialists and Linux distribution experts.

Michel Blomgren is SENTINIX Project Manager http://sentinix.org mirror site at http://sentinix.34hack.net/

Download mirrors at http://sentinix.org/downloads.html or http://sentinix.34hack.net/downloads.html

Matthias Rechenburg is an openMosix developer and is the creator of openMosixview, a cluster-management GUI for openMosix-clusters. http://www.openmosixview.com/

Bruce Knox maintains the openMosix.org website including the openMosix Community webpage which now includes SENTINIX. http://openmosix.sourceforge.net/community.html The information above is edited from e-mails, mostly from questions used to clarify where SENTINIX fits into the openMosix Community. While this is not intended to be a transcript, it does fairly represent the conversations.

bknox: "I set out to present a convincing argument that SENTINIX does two things very well. I think I have shown that it does both Network Monitoring and Filtering very well. But then, SENTINIX can also monitor an openMosix cluster, so maybe it is actually three?"

openMosix is Copyright (c) 2002, 2003 by Moshe Bar.
http://www.openmosix.org

openMosix is a Linux kernel extension for single-system image (SSI) clustering that allows building a cluster from ordinary networked computers. Applications benefit without modification specifically for openMosix"

Click Here!