From owner-freebsd-questions@freebsd.org Thu May 19 02:40:12 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6B52BB4064E for ; Thu, 19 May 2016 02:40:12 +0000 (UTC) (envelope-from gregory.orange@calorieking.com) Received: from pandora.au.calorieking.net (mail.au.calorieking.net [115.70.179.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1517411A6 for ; Thu, 19 May 2016 02:40:11 +0000 (UTC) (envelope-from gregory.orange@calorieking.com) Received: from pandora.au.calorieking.net (localhost [127.0.0.1]) by pandora.au.calorieking.net (Postfix) with ESMTP id 1F194D0 for ; Thu, 19 May 2016 10:39:55 +0800 (WST) X-Virus-Scanned: amavisd-new at calorieking.com Received: from pandora.au.calorieking.net ([127.0.0.1]) by pandora.au.calorieking.net (mail.au.calorieking.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k5De97jurjXN for ; Thu, 19 May 2016 10:39:52 +0800 (WST) Received: from [192.168.2.118] (freia.ne1.au.calorieking.net [192.168.2.118]) by pandora.au.calorieking.net (Postfix) with ESMTPSA id 1A3F77F for ; Thu, 19 May 2016 10:39:52 +0800 (WST) Subject: Re: multiple questions re: bridge, managing multiple systems, etc To: freebsd-questions@freebsd.org References: From: Gregory Orange Message-ID: <573D2777.1040105@calorieking.com> Date: Thu, 19 May 2016 10:39:51 +0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 May 2016 02:40:12 -0000 Hi Ty, On 19/05/16 09:15, Littlefield, Tyler wrote: > First, I'm curious what all of you prefer for health monitoring. I was > looking at Nagios, but if there's something else I'm all ears. > Second, I need a solution that will allow me to monitor logs for > anything out of the oardenary (if this is possible) and notify me, > rather than sending the daily logs every day. > Third, I need to know when updates are available to BSD and when > packages are vulnorable. I'd also like to hear about ideas for both of these things. We're experimenting with the ELK stack (http://elastic.co/) but it doesn't do all of the above - or perhaps will with some extra work and customisation. I do look at the daily and security log emails from our systems, as well as being subscribed to security-advisories@freebsd.org, as well as running 'freebsd-update cron' every night, which only sends an email if there are updates available. > Along with this, I'd also be interested in knowing how people tend to > deploy multiple systems with extensive reconfiguration. The base of my > systems look mostly the same, so I was hoping there might be a good > way to do this. This sounds like a job for configuration management. We use Puppet, but you could equally use Salt, Ansible, Chef or others. You might start with simple scripts to get started with automation, especially if a full CM package is overkill for your situation. You've done the first step of documenting your steps, so writing scripts to automate a bit could be your next step. The approach here is this: Install vanilla FreeBSD, do the bare minimum configuration necessary to get it ready to run Puppet (e.g. ensure networking is active, install Puppet), then let Puppet do the rest. All as automated as possible. HTH, Greg.