Response: The How and Why of Flapjack | Fractional

If you run any type of network monitoring system you will know the pain of log management. The firewall team needs one view, the WAN team & DC team need different views. There is a category of software that I call “log and alert routing” and Flapjack is one of those systems

 

Flapjack will be immediately useful to you if:

  • You want to identify failures faster by rolling up your alerts across multiple monitoring systems.
  • You monitor infrastructures that have multiple teams responsible for keeping them up.
  • Your monitoring infrastructure is multitenant, and each customer has a bespoke alerting strategy.
  • You want to dip your toe in the water and try alternative check execution engines like Sensu, Icinga, or cron in parallel to Nagios.

Added to my list of network monitoring software to keep an eye on.

via The How and Why of Flapjack | Fractional by Lindsay Holmwood.

  • Dave R

    Hi Greg,

    This is a really timely article and one that is close to my heart given the lack of this event normalisation/correlation in our enterprise presently. We’re not truly ‘enterprise’ but would benefit from this correlation of syslogs/alerts/logging functions across multiple platforms.

    In your opinion what are the products of choice for syslogging Campus LAN & firewall infrastructures presently? In my mind presently are products like Splunk and Logrhythm. I’m at the product assesment stage currently and, with the vast array of products out there, down selecting a handful of the better products will save countless days testing/benchmarking…etc..

    • http://etherealmind.com Etherealmind

      Those are good products but they are really expensive. Splunk is so expensive that its not useful for networking in my opinion – it’s become a big data solution and is now pretending it’s not a logging tool.

      You could look at VMware’s LogInsight, Solarwinds has a good solution at small to mid market. There are a number of open source projects that have taken on the same ideas but I don’t have links for those at the moment.

  • http://fractio.nl/ Lindsay Holmwood

    Thanks for the post Greg! It’s very rewarding to see people writing up about the stuff we’ve been working hard on.

    The scenario you talked about above with different network management teams needing to subscribe to different types of alerts is *exactly* the sort of problem we’re solving.

    Our organisation (Bulletproof Networks) has very similar requirements, so we funded Flapjack development to solve those problems.

    If you’ve got any questions or comments please say hi. :-)