Ganglia Web 3.5.1 Release – Security Advisory

There is a security issue in Ganglia Web going back to at least 3.1.7 which can lead to arbitrary script being executed with web user privileges possibly leading to a machine compromise. Issue has been fixed in the latest version of Ganglia Web which can be downloaded from

https://sourceforge.net/projects/ganglia/files/ganglia-web/3.5.1/

If you are running Ganglia Web open on the internet you are advised to upgrade ASAP or at a minimum password protect access to Ganglia Web.

We’ll have a write up about details of the vulnerability in few days.

No Comments

Overlaying timeshifted data

Often times when troubleshooting an issue it is useful to compare current data to data from a previous period. For example you observe high load on one machine and want to compare it to the load from a previous day. In the past you would simply open up two browser windows with data from each period and compare them. This may prove tricky as you may be dealing with different Y scales. To help with that we have recently added ability to overlay timeshifted data onto any host metric graph in Ganglia. What this means is that next to each metric graph you will see a button that says Timeshift. Clicking on it will overlay data from the same period prior to it e.g. if you are viewing hour it will overlay data from an hour ago, if you are viewing day it will overlay data from a day ago etc. For example this shows one minute load average overlaid with data from yesterday

Timeshift load one average

Timeshifted load one average

whereas graph below displays data from a week ago overlaid over this weeks data

Timeshift overlay CPU user

Timeshift overlay CPU user

Preliminary support for this feature has already landed in the trunk of our Ganglia Web repository

https://github.com/ganglia/ganglia-web

It is full usable although we are working on refining it. This should be included in Ganglia Web 3.5.0 when it’s fully ready.

No Comments

Ganglia Web 3.4.2 released

The Ganglia team is pleased to release Ganglia Web 3.4.2. Notable changes are:

  • Improvements to the Live Dashboard
  • Fixed the aggregate graphs metric auto complete which was broken in 3.4.1
  • Add ability to specify critical and warning thresholds which can be used in Live Dashboard and Views
  • Minor bug fixes

This release can be downloaded here.

No Comments

Ganglia 3.3.7 released

The Ganglia team is pleased to announce the release of 3.3.7. The following issues have been fixed in gmond:

  • BUG100: Fails to start in Solaris containers
  • Fails to start when no address on the network interface (added retry_bind parameter)
  • BUG321: Fails to start when Solaris CPU is in FAILED state (segmentation fault)

The release can be immediately downloaded here.

No Comments

Ganglia 3.3.6 released

The Ganglia Development Team is happy to announce the release of Ganglia 3.3.6. This release fixes the following bug:

BUG327: memory leak when receive channel is not configured or not hearing any data

No Comments

Ganglia 3.3.5 released

The Ganglia Development Team is happy to announce the release of Ganglia 3.3.5. This is mainly a bugfix release for 3.3.1 and all users of the 3.3.x series are encouraged to upgrade.

For more details regarding this release, please refer to the Release Notes. Downloads are available at SourceForge.

Work is already under way for the next release, please stay tuned for upcoming enhancements to the project!

No Comments

Adding trendline to your graphs

As part of our upcoming release of Ganglia 3.3.2 you will have the ability to add a trend line to any host metric. Let’s say you wanted to know when you will need to add more disk space to a  particular machine.

Disk space trend with 3 months of data

We are “safe” for about a year. Or let’s say you wanted to see how your web server 90th percentile has trended.

90th percentile Apache time using last 6 months of data

This takes calculates trend based on last six month of data (which is a default). That looks pretty good however let’s see how it looks if we take 12 months of data

90thpercentile Apache time with 12 month trend

Not so good. Trending interface has easy controls that allow you to easily change how far to extend the trend line and how far back to go
e.g.

ganglia_trends

Enjoy.

No Comments

Ganglia 3.3.1 released

We are happy to announce release of Ganglia 3.3.1. This release provides several enhancements to our web frontend as well as additional capabilities for exporting data to Graphite.

Please refer to our release note. You can download the latest release at SourceForge.

No Comments

Ganglia 3.3.0 released

We are happy to announce the release of Ganglia 3.3.0. Highlights of this release are

  • Ganglia Monitor Core is now shipped with our second generation Ganglia Web UI.
  • Gmetad Daemon now supports sending metrics to Graphite (carbon)
  • sFlow supports additional metric sources such as JMX, memcache, Apache
  • Gmond now comes bundled with a number of additional metrics e.g. disk statistics, network interface utilization etc.

Full Release notes can be found on Github.

You can download the release from SourceForge.

Please report any issues with the release to our GitHub issue tracker.

No Comments

Putting metrics data on a common “bus”

Patrick Debois has kicked of an interesting set of projects to put metric  information on a common “bus”. For example he has implemented a ruby based daemon that  parses Ganglia gmond packets and puts them on a ZeroMQ pub/sub bus. Once it’s there you can “subscribe” with a client of your choice and do transforms to the data e.g.

  • feed graphite or another monitoring tool
  • insert data into a SQL database
  • feed Nagios using passive checks

Thanks to Patrick for a great idea and implementation. Now let’s get to work on useful subscribers.

Gmond-zmq https://github.com/jedi4ever/gmond-zmq

Statsd-zmq https://github.com/jedi4ever/statsd

No Comments