Monitoring Sensu

Badass Monitoring, Pt 1: Sensu & Gremlin

Using chaos engineering principles to enhance your monitoring tools

One of my earliest jobs was as an admin for an MSP. Weā€™d routinely generate alerts that werenā€™t actionable, lacked context, and for most of our customers, were considered noise. From a monitoring perspective, it was bad. Customers didnā€™t trust in the alerts they received and often resorted to having some additional monitoring product installed on their systems. Itā€™s safe to say that our auto-generated tickets and emails were largely ignored.

In an effort to avoid repeating mistakes of the past, I want to ensure that I have actionable alerts that are context heavy. Thankfully, there are a couple of tools that Iā€™ve found go a long way in helping me with that effort: Sensu and Gremlin. Iā€™ll do an intro to those tools today, and weā€™ll pick up on how these tools work together in the next post. Itā€™s worth mentioning that I am a Sensu employee.

With that out of the way, letā€™s get to the tools!

The Tools

Sensu

If youā€™ve not used Sensu before, allow me to make a formal introduction. At Sensu, we talk about it as a ā€œmonitoring event pipeline.ā€ The concept is similar to a CI/CD pipeline, except that instead of releasing software software, Iā€™m sending monitoring event data. The goal with the pipeline being that by the time I receive a monitoring event or alert, I know beyond a shadow of a doubt that what I have in front of me has been verified and provides me with exactly what I need to act on the data.

For this series, Iā€™ll be using Sensu as my monitoring tool of choice.

Gremlin

If youā€™re in IT, youā€™re probably familiar with Gremlins.

![gremlin gif][1]

Yes, those ones. Theyā€™ve been known to cause many an issue, but in this case, Iā€™m talking about this [Gremlin][2] in particular. Gremlin is a [chaos engineering][3] tool that allows you to run targeted attacks on your infrastructure. This can be anything from a time-drift attack to more complicated types of attacks. The goal here will be to apply the principles of chaos engineering to uncover any weaknesses in our Sensu deployment and ensure that it is able to withstand real-world conditions.

Weā€™ll also use Gremlin to introduce conditions that will generate Sensu alerts. By introducing those conditions, weā€™ll be able to ensure that the alerts generated follow the [CASE][4] method.

The Setup

Sensu

Iā€™ve already set up Sensu in my own environment (which is Ubuntu 18.04), so Iā€™m not going to walk through that here. However, if you donā€™t have a working Sensu deployment, youā€™ll want to checkout the [Sensu installation doc][5], so that you can get all of the various Sensu components installed. Itā€™s worth noting that for some our later testing, weā€™ll be using a clustered deployment. For that, youā€™ll want to take a look at the [clustering doc][6].

Gremlin

Just like Sensu, weā€™ll need to install Gremlinā€™s agent so we can start doing pseudo-nefarious stuff performing attacks on our test boxen. šŸ˜ˆ In this case, since Iā€™m using Ubuntu 18.04 as my test box of choice, Iā€™ll also follow [Gremlinā€™s installation guide][7] for Ubuntu as well (though itā€™s for Ubuntu 16.04, this should still work in our case).

Next Steps

Once youā€™ve got both Sensu and Gremlin installed, letā€™s run a couple of tests to make sure things are working like we expect them to.

Sensu

One of the cool things about Sensu is that you can monitor anything and you can have alerts generated from any number of things, not just the [community plugins][8] or [assets][8] Sensu offers. We can create some ad-hoc alerts using the [agent API][9] just to see what an alert might look like in our dashboard. To do that, run the following on your test VM:

curl -X POST \
-H 'Content-Type: application/json' \
-d '{
  "check": {
    "metadata": {
      "name": "mysql-backup-job"
    },
    "status": 0,
    "output": "mysql backup initiated",
    "ttl": 25200
  }
}' \
http://127.0.0.1:3031/events

That command creates a mock event and sends it to the agent API. Now, this might be useful if I had some sort of code that monitored a mysql backup job and emitted this message. In our case, itā€™s just for us to make sure that weā€™ve set up and configured Sensu correctly. A successful test should leave you with an event that looks something like this:

BOOM! šŸ’„ Our test worked! Letā€™s just run a quick sample attack with Gremlin now.

Gremlin

Just like we tested Sensu to make sure weā€™re able to receive events, weā€™re going to test our Gremlin agent. You can see me run the attack below:

Screen Recording 2019-06-14 at 03.25 PM.mov

There we have it! Both Sensu and Gremlin are working like we expect them to. In the next post, Iā€™m going to dig a bit more into the ā€œwhyā€ of using a chaos engineering tool like Gremlin to test monitoring tools like Sensu.

[1]: https://media.giphy.com/media/BqPljBK6V9ZPG/giphy.gif [2]: https://www.gremlin.com/ [3]: https://principlesofchaos.org/ [4]: http://onemogin.com/monitoring/case-method-better-monitoring-for-humans.html [5]: https://docs.sensu.io/sensu-go/5.9/installation/install-sensu/#install-the-sensu-backend [6]: https://docs.sensu.io/sensu-go/5.9/guides/clustering/ [7]: https://www.gremlin.com/community/tutorials/how-to-install-and-use-gremlin-on-ubuntu-16-04/

Ā© 2019 - 2025 Ā© 2025 Aaron Sachs. All rights reserved.
Built with Hugo
Theme Stack designed by Jimmy