I have to transport one file from one zone to the other. IS it sane idea to simply do the copy in GZ using the /zone folder structure?

szilard: it's perfectly ok. What do you were dubious about?

I just don't want to break my system :)

I do it often.

I am attempting to set up a metrics zone using victoriametrics. I have managed to get it running in the metrics zone, now I am setting up the first "to-be-monitored" zone.

mighty_spiky: break your system or copying files between zones? :')

warden: hahaha, Copying between zones from GZ

I found vmagent to forward the metrics, but to actually collect the metrics I found nothing in the repository. I however managed to compile the "node-exporter" tool, which claims to support solaris.

Have you guys have any experience with similar setup?

First I'd like to test the own-compiled node-exporter in a zone, and if it works, I can try to write a proper build recipe.

I've no experience with VictoriaMetrics... I use ZABBIX for monitoring

is that hard to setup?

well, it depends by what you need to monitor. I'm primary getting data via SNMP from network equipment, and its pretty straightforward. There are also many template just ready for a wide range of products: zabbix.com/integrations

the zabbix port in omnios-extra seems to be somewhat old. Should I try to update it?

Yes, ZABBIX server 's package is a major release behind in IPS, and also in pkgsrc it looks the same. Actually I'm still running the server in a FreeBSD jail :$

maybe this is the last version which supports solarish?

I use Naemon (fork of Nagios) with Thruk web interface and PNP4Nagios for graphs (it uses rrdtool). Config is done in text files and no DB is involved (apart from rrdtool files which are really small compared to the potentially big DB of Zabbix). Unfortunately, Those three components (Naemon, Thruk and PNP) are only available on Linux for now. At least, there’s Nagios that is available in OmniOS but vanilla Nagios without anything else ca

be a pain in the *** to use.

Thanks for the input.

I was also looking at sshguard. Are you using anytging like this? Or geoblocking using ipf?

I use Fail2ban and TCP wrapper along geoipudate and mmdb-bin on Debian.. Here’s an article I made on geoblocking: moui.ca/blog/2020/11/10/restreindre…-selon-le-pays-sur-debian-gnu-linux

It’s in french but translation is available

I surely would like to have the equivalent on a OmniOS instance

as for what they officially say, even the latest ZABBIX release should run on solarish: zabbix.com/documentation/current/en…on/requirements#supported-platforms

I found this guide, which is a bit old, but it might give you the path: omnios.org/article/zabbix

It's been a while since doing any monitoring but in the past I've used zabbix as I've found it good for both network equipment and servers

It's fairly easy to monitor various things by configuring the agent to run suitable commands and configuring a suitable template on the zabbix server.

also the proxy makes multi-site setups fairly easy.

szilard: for ssh I've generally worked on the principle of only have it internet accessible on as fewer systems as possible. I generally also move it to a random port. That seems to cut out the vast majority of bot spam

I see

potentially I'd run something like a sparse zone with the publicly accessible ssh service and very little else then use that to access other things. That way if it happened to get compromised it's easy to destroy and rebuild