Gullveig

Gullveig

  • Documentation
  • GitHub

›Overview

Overview

  • Overview
  • Web UI
  • Roadmap

Features

  • Monitoring
  • Metadata
  • Knowledge base

Setup

  • Getting started
  • Requirements
  • Security
  • Network
  • Installation
  • Server setup
  • Web setup
  • Agent setup
  • Upgrading

Configuration

  • Configuration
  • agent.conf
  • server.conf
  • web.conf

Alerting

  • Alerting

Modules

  • Overview
  • mod_apt
  • mod_collectd
  • mod_facter
  • mod_fs
  • mod_lwall
  • mod_osquery
  • mod_pkg
  • mod_res
  • mod_systemd

Advanced

  • Reporting
  • Monitoring
  • Extending Gullveig
  • Server database

Platform roadmap

This section documents pending changes, upcoming features and future expansion plans for Gullveig.

Please, open a ticket or comment on existing ticket before working on any code changes to avoid code conflicts and to confirm that your changes can be incorporated in the codebase before spending time implementing them.

See the contributions policy for more information.

Agent

Planned features

  • Migrating to complete remote configuration using node groups - agents will receive configuration from the server, exclusively.
  • Drop support for WebSockets as event transport.
  • Performance optimizations.

Planned modules

Near future

  • mod_http - check if a remote HTTP endpoint is reachable, with timeouts and latency check.
  • mod_rport - check if a remote TCP port is open, with timeouts and latency check.
  • mod_cert - check if a remote HTTP certificate is valid and non-expired. Alert N hours before expiry.
  • mod_ifload - monitor per-interface bandwidth utilization, issue alerts on thresholds.

Later

  • mod_pkg_cve - check installed packages against CVE vulnerabilities.
  • mod_authevent - report authentication events using pam_exec receiver. Depends on events feature.
  • mod_snmp - SNMP query module.
  • mod_oscap - monitor OpenSCAP compliance.
  • mod_pdnsrec - monitor PowerDNS recursor.
  • mod_fail2ban - report fail2ban metrics.

Server

  • Dropping support for SQLite and replacing it with a standalone database server.
  • Metadata based monitoring (alert on key change, new items, etc.)
  • Alerting integrations other than SMTP - Pushover, Pagerduty, Opsgenie, VictorOps, Slack.
  • Custom data retention rules.
  • Performance optimizations.

Web

  • Improve timestamps for metric charts.
  • Health history pagination.
  • Redesign graphs and charts.

Util

  • Command line tool to make server forget about a node (cleanup all data).
  • Command line tool to remove status items (data cleanup).
  • Command line tool to mark services for scheduled downtime.

Platform

  • Support for event reporting - ability for agents to report local events remotely as a kind of "remote log". Would introduce a new section and concept in reporting - "events", with a separate section in Web. Would be useful to monitor singular events and state changes (user logins, interesting log events, etc.)
  • Support for events to be marked "audit" with special storage and retention provisions.
  • Support for "canary" events - expectation for certain events to be invoked on certain intervals. Failure to send an event will trigger an alert.
Last updated on 1/6/2021
← Web UIMonitoring →
  • Agent
    • Planned features
    • Planned modules
  • Server
  • Web
  • Util
  • Platform
Gullveig
Documentation
OverviewWeb UISetupConfiguration
More
GitHubStar
Copyright © 2021 Matīss Treinis