Icinga2 vs ELK

Elastic Stack Elasticsearch
1

Hey there, I've been doing a bit of research into monitoring options for the following environment:

  • Windows Servers 2012/2016 (less than 5) and Windows 10 Desktops (less than 10)

  • Syslogs - WiFi APs, Linux Servers, Network Routers, PFSense

As you can see, it's a fairly small environment, but comparing Icinga2 vs ELK

So, my actual question is: What are the main differences since both do monitoring? Do they overlap or do I just deploy ELK?

Thanks
Stinkfly

2

Hi @stinkfly,
monitoring in the context you use is very broad. Yes, they can both be used for monitoring but cover very different use cases.

Elastic Stack, when used for monitoring, is used for centralized log aggregation and visualization. It is great for dashboards and digging into logs. The basic open source version does not support alerting. Alerting can be achieved in many different ways, among others by purchasing an X-pack license.

Icinga2 is more of an events driven monitoring solution. You have predefined health checks defined and they run every X seconds. When a check fails, you receive an alert (there is a bit more to it but basically that is what you probably would use it for).

So, it really depends on what you need from your monitoring. Where I work we use Elastic Stack for logs, InfluxDB for metrics and Sensu for event driven monitoring. The environment is very different though.

1 Like
3

Hi A_B,

Thanks for your reply. I found this in my Spam so sorry for the late reply. I should have been clearer in my question. Thinking a bit more closely about what you said, I think we actually would want both - alerts from Icinga if events are triggered and the ability to collect logs from multiple Syslog/Windows event logs so we can go back and view historical data.

I know there is integration plugins/modules between the two.

Thanks again for your reply

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.