Network monitoring is a fact of life for IT departments. Monitoring software ranges from simple ICMP-based scripts for up/down monitoring to midrange products like SolarWinds to high-end offerings such as HP's OpenView and IBM's Tivoli — all of which have their drawbacks. Simpler monitoring systems don't provide enough information about your network, while the feature-laden high-end systems can be prohibitively expensive. At the same time, midrange systems might not scale well for monitoring large networks.
Two network monitoring systems with open source roots, OpenNMS and Zenoss, provide a bevy of features at a lower (or no) cost than their high-end competitors, and can scale to monitor large numbers of network nodes. Both solutions compete with large commercial systems such as OpenView and Tivoli. They are advanced systems capable of monitoring a wide variety of network devices. OpenNMS is completely open source, while Zenoss offers Core, a free open source edition that can be extended with free Zenoss- and community-built add-ons.
Although OpenNMS and Zenoss support a large number of common network devices, computers, and applications out of the box, some companies will have uncommon or specialized equipment that is not yet supported. Both provide facilities to extend the functionality of the system and to add custom network device support. Zenoss uses its ZenPack system, which is a Python-egg plug-in architecture.
OpenNMS has several ways to provide additional capabilities. First, most of the configuration information for OpenNMS exists in XML files in /etc/opennms. These files can be edited to add new notification methods and other small extensions to the application. Next are event automations, which allow you to specify an SQL query to look for thresholds being exceeded and create events or trigger actions (such as shell scripts). External tools — such as mib2opennms for SNMP Traps and the mibParser for data collection — can be used to convert SNMP MIB information into a format OpenNMS can use. Finally, if you're a Java programmer, it is pretty straightforward to create custom monitors and data collectors in Java.
In addition, both systems have the ability to run custom scripts, and they can use Nagios plug-ins to extend functionality. This is a handy feature, but note that it can hamper scalability for large networks. (See the article, "Maximize the performance of your monitoring system.")
OpenNMS and Zenoss put in good efforts at making their applications easy to use, providing Web interfaces for management and information delivery. Nevertheless, to get the full network monitoring benefits of these two systems, you will need to roll up your sleeves and spend at least some time on the command line. For example, neither has the ability to import a list of devices via the Web interface. And we have to face the fact that an enterprise-grade network monitoring system is not a simple piece of software. Despite both companies' best efforts at making their software easy to manage, these are complex systems, and IT staff will want to read all the documentation and take full advantage of the training classes offered by both companies.
I was pleasantly surprised to find that installation is quite easy for the two products, and both support a variety of Unix-ish platforms, including various Linux distributions, FreeBSD, Solaris, and Mac OS X. OpenNMS can also run on OpenBSD and Windows. As a longtime Debian user, I'm used to being disappointed when big commercial applications do not support Debian's native apt installer or even deb packages. So I was pleased that Zenoss provides stand-alone deb packages with dependencies, and OpenNMS maintains a software repository for use with Debian's apt software installation system.
Further, both of these network monitoring systems can be run on virtualization platforms such as VMware and Xen. Zenoss maintains a VMware image of its open source Core version, and OpenNMS makes a VMware image available for download from SourceForge. My company runs OpenNMS on an Amazon EC2 cloud computing instance.
OpenNMS and Zenoss share several advanced features that separate them from their lower-end open source counterparts such as Nagios or Cacti. Companies with large network infrastructures are likely using some configuration management tool. If that happens to be the open source RANCID project, then you will be glad that both OpenNMS and Zenoss can integrate with RANCID. For IT shops with Windows servers, OpenNMS and Zenoss can use WMI to monitor the Windows machines (though large numbers of WMI monitored network devices will cause a performance hit; again, see the "Maximize performance" sidebar). Futhermore, these two network monitoring systems will cull information from your VMware infrastructure.
Beyond the usual ICMP and service up/down monitoring that you'll get with most any network monitoring system, OpenNMS and Zenoss are able to use specific service queries and compare the responses against what you expect from your monitored servers. You can run custom SQL queries against your production databases and trigger an alert if the response changes. Maybe you want to monitor a critical Web application that uses Apache with PHP and MySQL. You can build a PHP page on your Web server that will run a database query and return the results in the Web page, thus ensuring that Apache, PHP, and MySQL all work as expected.