My original plans were to have a separation between two different types of management and monitoring:
* run Nagios for monitoring, mostly focussing on unix-type hosts and with just basic checks for network equipment. Use check_mk for majority of configuration with added handcrafted checks. Drive the configuration from system lifecycle management, so that a VM will be added to monitoring via i.e. puppet right when it’s provisioned. integrate “my” Nagios with the one provided in OSSIM so I’ll have the OSSEC events in there, too.
* run JFFNMS (just for Fun Network management system) for the hard-core network management. Monitor both the network core (extreme networks / H3C), the linux-based bridges and the hatteras / actelis 2Base-TL gear. Pay the author where I need adjustments and can’t build them myself. Commit them back otherwise.
I’ll show you a few screenshots of check_mk with the new multisite gui, and I assume you’ll understand why I start wondering if I even need a separate NMS.
All overview features seem to be there, and the author Matthias Kettner (plus the Icinga people) also works hard to work around the daemonsbottlenecks that lurk in Nagios’ core and so far still pose a problem for running 1000s of checks per minute.
btw, the monitoring will be run as a failover setup, with the primary node being built right into my H3C MSR 30-60 router. Once I got the firmware to use it… but i already ranted about that. You can see the “Open Application Module” in the lower right slot of the router in the picture below.