You are here

Blog

Opsview 4.6.3 Full Release Overview

With the recent release of Opsview 4.6.3, we have introduced a range of enhancements to the ‘edge’ of the Opsview solution – in terms of agents, monitoring plugins, Opspacks, virtual appliances and more, along with a plethora of bug fixes and tweaks.

Twelve New Opspacks

The latest release saw the introduction of no less than 12 Opspacks, providing such functionality as monitoring the performance of individual Docker instances (including the ability to get the ‘top’ output, within Opsview, for each instance!). We also introduced monitoring for Elasticsearch, Microsoft Hyper-V, Salesforce, Apache Solr and more.

We’ve already been taking advantage of our new opspacks here in the office, using our Salesforce “Service Cloud” Opspack to monitor for new ‘Severity 1’ incidents and send a signal to a Raspberry Pi when a new S1 incident occurs. The pi then sends a signal via GPIO to a strip of red LED’s and voila – the entire world knows there is a problem (ok maybe not the entire world, the lights aren’t that bright!). There are so many cool things you can do with Opspacks and event handlers – it’s a simple ‘If something goes wrong, then run this script’ approach to Ops! 

Enhanced Agent Security

One of the main issues of NRPE (and NSclient, to a lesser extent) is security. We have seen a range of vulnerabilities over the years regarding NRPE, such as NRPE 2.13 allowing any hacker to run remote commands on a monitored box (See our fix here)

NRPE also uses a set of somewhat weak ciphers (using ADH-256). Diffie-Hellman relates to the message authentication codes used to verify messages received during SSL handshake amongst other things. ADH doesn’t authenticate messages received which means it is prone to a Man-in-the-middle (MITM) attack – which would potentially reveal sensitive data such as login credentials and allow the remote execution of code and scripts, similar to the NRPE 2.13 vulnerability.

In the new Opsview agents, we have introduced the option to use SSL certificates for not only encryption but also for authentication. This method is supported in both NRPE (Linux / Unix) and NSclient (Windows) agents, meaning that the agents are now much more secure and can be configured to talk ONLY to the Opsview Master/Slave servers. The new agents also support the modification of ciphers, allowing for such ciphers as AES128 and even AES256.

tl;dr version– The agents are now much harder and secure. We support the ability to use stronger (not ADH-based) ciphers, and even better – support SSL-based encryption and authentication. 

Slave Virtual Appliances

Opsview virtual appliances continue to fly off the e-shelves at a blistering pace. 
Customers and users who either don’t have the Linux knowledge or prefer a quick and easy deployment are choosing Opsview virtual appliances to get up and running in a matter of minutes – which is great news for everyone involved. We recently introduced a Microsoft Hyper-V appliance to allow an even greater range of people to be able to use Opsview, which has also been a tremendous success.

Due to this growing use of virtual appliances we have decided to introduce a slave virtual appliance which greatly simplifies the deployment of a highly-scalable, virtual-appliance based Opsview system. These virtual appliances use the same OS (Ubuntu 14.04) as the Master virtual appliance, and can be configured to talk to the Master in a matter of moments meaning users can simply download the slave VA, configure it to talk to the Master VA via an encrypted link and voila they have a scalable monitoring system.

Click here to get the slave VA today 

Read-Only Databases

For customers who have large Opsview deployments, we have introduced the ability to create a read-only database for certain REST related database queries. This allows Opsview administrators to offload all REST API queries relating to the dashboard, for example, to a separate database host. For more information, please follow the how-to guide here 

Other

There are also a range of other enhancements and improvements, including:
•    Fixed the XSS vulnerability CVE-2015-4420 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4420) - many thanks to Dolev Farhi for his help on this.
•    More resilient master/slave SSH tunnel management.
•    Opsview/LDAP syncing now replaces invalid characters in Fullname/Description field.
•    Check_ro_mounts added to Opsview Agent to check if file system has become read-only.
•    VMware auto-discovery amended. In 4.6.2 and below, we would use the VMware API to get a list of guests on the VMware host and then ping each of the hosts. If we didn’t receive a response we assumed the guest wasn’t there – however if we are getting the list of guests via the API then it doesn’t make sense to ping as a secondary stage. So ping is now gone for VMware! 

Many thanks for reading and we hope you enjoy our new additions! If you have any queries please contact Opsview’s Customer Success Team who will be happy to help.

To see exactly what changed from version to version, see our changelog here

Get unified insight into your IT operations with Opsview Monitor

webteam's picture
by Opsview Team,
Administrator
Opsview is passionately focused on monitoring that enables DevOps teams to deliver smarter business services, faster.

More like this

Mar 04, 2013
Blog
By Opsview Team, Administrator
Issue

NRPE is a daemon used by Opsview to allow central monitoring of a remote host by an Opsview server.

Opsview's use of NRPE allows...

Apr 08, 2013
Blog
By Opsview Team, Administrator

With the release of Opsview 4.3 we've taken Autodiscovery to the next level. Agentless Windows detection (via WMI) is now supported out-of-the-box...

Aug 05, 2011
Blog
By Opsview Team, Administrator

This post summarises the work involved to successfully monitor your ESX environment using Opsview and the vSphere SDK for Perl.

Prerequisites...