GA_logo_and_strapline_smal_new2It has been nearly 3 years when I attended the 6th TF-NOC meeting in Dublin, presenting Icinga to all NREN participants (research and education networking organisations). At that time I was working at ACOnet at the University of Vienna which slightly changed into NETWAYS and Nuremberg later that year. After-all this task force is community/developer friendly so I was allowed to follow their actions, discussions and upcoming meetings. At last years OSMC Ernst Heiri from SWITCH was asking if I could spare some time to come present the latest Icinga 2 development in Stuttgart this year.

Well, time goes by, and then there was a discussion on open source log collection & monitoring tools going on, where I’ve stepped into remarking the things we’ve talked about in the Icinga 2 & Graylog talk at OSMC 2014, and much more. Considering that I also know a little Logstash from my Icinga 2 training sessions, attending the 12th TF-NOC meeting for an in-depth Icinga 2 presentation and also sharing my ideas on log monitoring in open panels was pure fun.

There are changes in terms of naming going on – Terena & Dante joined forces under the Géant Association, while the Task Force (TF) is being migrated to a Special Interest Group (SIG). Therefore this meeting was in the end called “SIG NOC meeting“. Apart from the confusing stuff (my presentation slides show the wrong logo ;)) I’ve got the opportunity to talk about Icinga 2 nearly 2 hours.

The presentation catches up with plenty of things you might already know but is rather long-ish with ~80 slides. It also required me to do some heavy re-factoring of the Icinga Vagrant boxes used for the demo (no more custom VM as seen 3 years ago!). The feedback on the talk was awesome, and also shed some light into NREN network operators (NOC teams) and their problems. Multi-path dependencies, network topology scan & simulation or even Shibboleth as auth provider for Icinga Web 2 were those to mention, next to discussions on existing issues or just some real-life hints.

During the two days one thing was clear – integration of tools in your existing stack is more important than ever. While changes might happen slowly, one should consider evaluating how the tool does fit into the environment, including interfaces and apis for data exchange (take for instance, Icinga 2 + Puppet + Logstash + Graphite). On another note: How to deal with alerts and connect that to the ticket systems – where the RT integration in Icinga Web 2 proofed itself as a pretty good idea :) Or – why would one need Rackview, HP Openview and Icinga, how about only using one tool (Icinga)?

The meeting was pretty much Splunk dominated in terms of logs and their presentation was more of a sales one – they didn’t see my Icinga 2 presentation before which emphasizes on the integration part. Logstash/ELK and Graylog are far beyond Splunk in my humble opinion – at least from what I’ve seen during the meeting. Adding my own knowledge on several aspects on combining log monitoring with other tools (even the fancy sflow-to-elasticsearch project) from my managed service colleagues at NETWAYS worked out pretty well. I am confident that the participants will consider a closer look deeply into Icinga 2 as well as ELK / Graylog in the future.

It really was a pleasure being there, I am looking forward to future meetings – and even more NRENs already using Icinga 2 :-)