Pandora FMS wins open-source monitoring shootout

Our first template was configured to report some basic SNMP information along with static information like BIOS and Windows version. Pandora FMS can collect information by using basic TCP probes, SNMP, WMI or by deploying its own agents, which are available for most Linux and Windows operating systems.

The recon tasks are supposed to run automatically, but since ours did not appear at first to cooperate, we ran it manually against our modest-size test network. This completed in just a minute or two. The default network view is a tactical dashboard view which was well organized with green, orange and red color codes to indicate the level of severity of any problems.

Other views include a group view and a tree view that both show operation by type of node (server, workstation, router etc). From most of the top-level displays you can drill down to view more detailed information about a node.

Custom agents are available for Linux, Android and Windows. These are installed with an executable for Windows and the appropriate install files for various flavors of Linux. We installed both a workstation and a server agent, which were quick to install. Except for adding the Pandora FMS server IP address, there were no other setup options.

Once installed, we added the two nodes to the console and applied various modules to start collecting data. As soon as these were saved, we could see the agent reporting in, alerting us to potential problems, such as the HTTP service not running on one of our servers. At this point the agent also started collecting performance data such as CPU, memory and network usage statistics.

Next we created a couple of alerts that would send us an email when certain thresholds were met. For testing purposes we created an alert that would tell us if our workstation CPU load exceeded 50%, this was easily triggered and we received an email with detail about the alert. In addition to sending emails, the alert feature can take actions such as restarting the agent and logging the events to the database. Custom alert scripts can also be created using a built-in wizard. Remote configuration via agent is not available in the open source version.

The on-screen reporting was generally adequate, although we wish there were some additional external reporting options. The on-screen HTML reports can be printed and there is an XML export that provides some raw data that could be processed using third-party tools. We did like the custom reporting feature with thresholds for SLAs. We note that the commercial version of Pandora FMS has additional reporting features, including a more powerful report builder and the ability to export to PDF.

For mobile monitoring there is a FMS console app available for both Android and iOS. The search feature is nice. Has some nice network tools built-in like traceroute and we especially liked the ability to check to see if SNMP for a certain community was available on a node. The online documentation is good, and we liked how it is organized into compact quick guides where you don’t have to wade through 500 pages just to figure out how to configure one basic feature.

We found Pandora FMS to be a mature product with a lot of nice features. From a capacity standpoint, the vendor claims to have customers who monitor upwards of 10,000 nodes, although we did not put this claim to the test. The granularity of what can be monitored is very good. After a few days of use we found the search feature to be helpful in navigating. One minor gripe we have is that the left navigation bar only shows icons and not a mouse over tip tool, which is used extensively elsewhere. Right-clicking does provide additional dropdowns.

For additional features and support, there are several commercial versions and offerings available with starting prices around $2,750.

Zabbix

We installed Zabbix Version 3.2 on an Ubuntu server with a MySQL backend database. The server is available for several Linux flavors, Mac OS X, but not Windows. Agents are available for most versions of common operating systems, e.g. Linux, Windows and Mac OS X.

In addition to providing its own data collection agents, Zabbix employs traditional monitoring methods such as SNMP and availability checking using TCP/IP and other protocols such as JMX and IPMI.

+ MORE: +

Although Zabbix can be managed at the command prompt, we predictably chose the browser-based front end. After logging in, a dashboard displays some of the common items you would expect -- overall system status, open alarms, pending tasks and graphs. To customize the dashboard you can drag and drop the various sections around on the screen and also add/remove other sections depending on what is monitored. The layout was efficient with most of the navigation at the top and the rest of the screen available for monitoring details.

To get things rolling we decided to manually add a ‘host’ as Zabbix refers to network entities that are monitored. This is accomplished from a configuration page where only a bare minimum is needed to get started. You basically just add the IP address or name of the host, the group you wish to add the host to (this is required) and you’re set. You can also configure the method to use; agent, SNMP, JMX or IPMI, all with pre-defined fields for entering the information applicable to each. With our host set up for SNMP, we needed to create an ‘item’.

An item is essentially a single metric, such as CPU load, to be monitored. Items are added from a separate configuration page that provides detailed information to be entered, depending on the type of item being added. Our first item was just a simple ICMP ping to see if one of our servers was responding (it was).

In order to get more granularity in our data collection, we decided to install a couple of agents. As previously mentioned, agents are available for both Linux and Windows. Similar to agents for the other products in the test, the Zabbix agent runs like a service. A configuration file is needed to launch the agent, but our installation package did not include one (even if the user manual says it is supposed to).

We eventually located one online. It should also be mentioned that there are third-party installers available that create the needed configuration file. The configuration file includes a number of parameters that can be tweaked. To get started only a few of these need to be modified, such as the Zabbix server IP address and the name of the host to be monitored.

Finally, we ran a network discovery to see which hosts it would discover. In order to run a discovery, we needed to specify what to check for, such as SNMP or Zabbix agents broadly or specific services such as FTP, HTTP and SMTP. The server was able to locate almost 100 different hosts and services running on our test network. There is good granularity in setting up rules, regardless of method.

Zabbix has good built-in reporting capabilities for on-screen reporting. The reporting views are customizable and flexible, but we did not find any way to print reports to a PDF or export data to view in a third-party viewer. In addition to displaying any network issues on-screen, Zabbix can send problem notifications via several predefined methods such as email or text message. Administrators can also create custom scripts or use third-party methods such as Jabber for notification.

Zabbix is a solid network monitoring product with several features we like, including the detailed configuration templates and customizable dashboards. The agents have a small footprint; we measured about 1MB of memory usage and less than 1% of CPU utilization. One item of particular interest for VMware environments is that Zabbix provides a variety of VMware parameters like cluster status and hypervisor performance metrics.

We liked the online user manual, which can be saved as a PDF for offline use. Paid technical support options are available, ranging from a basic option to an all-inclusive 24/7 coverage plan.

Summary

The suitability of one product over another is dependent upon many variables (such as platform and resources) that vary widely between organizations. With open source, good management practices are a must. It is important to do a little background research on the vendor. If you have a crack coder or two, ask them to review the source code, and if possible compile the source code yourself. This is the safest approach. If the vendor warns against this, it is probably a red flag.

The judicious use of open source products can save thousands of dollars, but open source offerings typically lack vendor support and may be prone to frequent upgrades which could disrupt operations. Community support may be patchy or slow to respond. Some organizations will be better served by opting for a paid subscription with ready access to reliable customer service.

Perschke is a web and database developer with 15+ years of industry experience. You can reach her atsusan@arcseven.com.