# Where should I start with performance/security monitoring???

## peaceful

I've just been put in charge of monitoring performance and security of a dozen (mostly Gentoo) servers.

I need to be able to monitor near-real-time performance as well as be able to pull up performance over the last week, month, year, etc.  This includes network performance (bandwidth, open connections, etc), CPU, Memory, etc.  I've never done any performance monitoring at all, so I'm at a loss as where to start.  I'd eventually like to end up with a nice dashboard with pretty charts and graphs that I can drill-down on.  I've got time and development resources so I can develop some of my own code if necessary, but I'd like to use existing stuff if it's good.

For security, I know about Tripwire.  I've also heard of port-sentry, for detecting port scans.  What else is there for monitoring the security of your Gentoo servers?

I'd love your real-world advice!

----------

## bunder

 *peaceful wrote:*   

> I need to be able to monitor near-real-time performance as well as be able to pull up performance over the last week, month, year, etc.  This includes network performance (bandwidth, open connections, etc), CPU, Memory, etc.  I've never done any performance monitoring at all, so I'm at a loss as where to start.  I'd eventually like to end up with a nice dashboard with pretty charts and graphs that I can drill-down on.  I've got time and development resources so I can develop some of my own code if necessary, but I'd like to use existing stuff if it's good.
> 
> 

 

real-time = conky, gkrellm

performance charts = mrtg

network monitoring = nagios (formerly netsaint)

hope this helps.

cheers

----------

## erik258

peaceful, i just want to let you know i'm watching this thread and hoping to learn something, so post away, if you feel like it.

----------

## lonex

For (nearly) real-time and daily, weekly, monthly, yearly performance reports, I've recently discovered cacti. Take a look at it on gentoo-wiki.com:

http://gentoo-wiki.com/Cacti

----------

## peaceful

As I'm monitoring servers at my datacenter remotely, I don't think conky or gkrellm will work.

mrtg, cacti, and especially nagios all look like would work well for performance monitoring.  I'll see how far I can get with those.  Too bad they all look like they use the same underlying charting tool, which doesn't make the prettiest graphs.  Aren't there any OSS svg graphing tools yet?

Any suggestions for security monitoring other than tripwire and port sentry?

----------

## Hideki

SVG graph  :Cool: 

Sounds neat, but for one, all these monitoring system takes hours to even get started to view the first front web interface...

Besides rrdtool in cacti doesn't look too ugly. Not really disappointed so far. Although SVG sounds like the right tool for graphing.

So, I hope those dozen networking monitoring tools start to become easy, or someone just make up a php/sql easy installation network monitoring system...

I'm getting tired of having them all run, taking me weeks to choose the right one out of the dozen, and taking the trouble to read all the long install doc and fighting with it...

Starting to make me think Nagios is one of the easier ones to configure  :Rolling Eyes:  which I still haven't really figured it out yet.

As for system integrity checker, have a look at AIDE. (<- google will get you there fast)

----------

## orvtech

would cacti be to heavy for my NSLU2 gentoo? 

```
Processor       : XScale-IXP42x Family rev 1 (v5b)

BogoMIPS       : 132.71

RAM               : 32Mb
```

or do you recommend another one for this system

----------

