60 comments

[ 2.9 ms ] story [ 89.3 ms ] thread
Graphit with better UI?
I'm not sure if I see any features worth paying for.
> Basic Longview is completely FREE and includes 5-minute data resolution and 30 minutes of data retention.

Surely Linode isn't giving you an evaluation that handles 6 data points. What does the basic version actually do?

Seriously Linode? 30 minutes of data retention on the free version? You could have at least set it to 7 or even 3 days. 30 minutes is not nearly enough.
I'm guessing that's so people can trial it, then when they realise 30 minutes is basically nothing, will upgrade.
Maybe 30 minutes is the minimum to fill their graphs.
Imagine all the money they will lose by not giving more stuff away to people who don't want to pay them anything for it.
Calling it open source is a bit dirty. The data slurping part is, but their stuff on the other end is completely proprietary and paid.
Notice it says the agent is open source, not the whole thing.
Bit like advertising half a free car as "free car".
I disagree.

The software running on your machines is open source. It can be reviewed. Quite important for people not wishing to run closed source software on their machines.

They're a company that you're probably trusting most of your keys and data to. Trust in them must be absolute anyway.
Different things.

Yea, if you're hosting with them, trusting them is handy.

This Longview agent can be run anywhere though, doesn't have to be on a Linode machine. Not entirely sure why you'd want this setup, but still..

I hope you all know about Logstash & Kibana, which seems like a superset of this. There is even a node.js version of logstash.
Without custom metrics (for example, via StatsD), I'm unable to use Longview to collect these "Meaningful metrics". It may provide me with an overview of what a system does as a whole, but I definitely need custom events from my applications to show up in the same graphs for it to be useful.
you could adapt the agent and use something like Event Fabric: http://event-fabric.com/ and add the other information you need with different agents.

disclaimer: I'm the founder of Event Fabric

I always get a bit annoyed with paid versions that give you less things that the free version, the free version gives you 10 servers but if you take the first step of the paid, you only get 3.. (I know there is a difference in retention)
So what part is opensource about this? The github page mentions the pro version so I'm not sure that this is entirely open. Would I, for example, be able to run the code on a non-linode box and have access to the full software?
Why is HN still tolerating this disgraceful excuse for a company ? Hacked twice. On both occasions deliberately withheld key information from their customers. Which as VPS providers is pretty much the most important thing they can do (i.e. be transparent about security issues).

It's hilarious for me to watch the hyperbole about the CIA, NSA, Snowden etc and yet tolerate a more direct and clear abuse of privacy and security.

Links?
Google? HN Search?

These weren't small incidents. You can find plenty of information on them.

Did you hack it yourself if you are so well informed? If not, what are your information sources? Rumours? I couldn't care less about thing you believe and they have no influence to my opinion about Linode. BTW, they did not abuse neither my privacy, nor my security.
It was all over HN a while back. They were incredibly cryptic and slow to respond after they got hacked. They tried to downplay what happened instead of saying it straight. So clients didn't know what measures they needed to take to protect themselves. The community response afterwards was that basically these people can't be trusted at all.

Even their wiki mentions that they got hacked http://en.wikipedia.org/wiki/Linode

Linode wasn't able to disclose information quickly about the case during at least one of the hacks due to the ongoing FBI investigation. They also got bitten by a 0day, so there wasn't really a whole lot they could have done to prepare.
I've been beta testing Longview for a while. It's been kind of nice to have. I most liked the at-a-glance visibility of whether there were any system package updates available.

The pricing structure is disappointing. I would have rather seen per system pricing ($3-5 mo/server is roughly what it would be worth to me). I have 4-5 nodes running. I'll likely never have 10 so $40/mo doesn't seem like a very good value proposition.

Unbelievable how much complaining there is this thread. This is a great, free addition to their service and is very well done for getting a quick overview of a server.
To be fair, this is half a solution for getting a quick overview of a server. You still need thew collector/visualizer, which, at least now, is proprietary.

You could, conceivably, make your own collector/visualizer, but that seems to be the hard part here.

I think you misunderstand it's actually a free add-on limited to 30 minutes of retention at 5 minute intervals. The paid version has 1 minute intervals with unlimited retention.

Edit: the parent has since stealth edited their comment.

Munin seems like it would be a much better choice for most people -- both the server and the client are Free and it stores a year of data. What it doesn't do is allow you to drill down into old data -- it's only got static day, week, month and year graphs. You can graph pretty much anything, though.

http://munin-monitoring.org/

The awesome thing about munin is that you can throw together an agent for $METRIC in 5 minutes using shell. Getting high level business metrics in with the system metrics is gold.
Why is it a much better choice for most people? It's tricky to configure and requires you to manage another server. For people who want to go through that and have the flexibility offered Munin is great (I use it), but for "most people" who just want a high level look at their stuff Longview seems ideal. There is almost no setup and no management. I put it on a couple servers yesterday and it seems slick.
only 30 mins of data retention... even AWS gives you 2 weeks at 5min resolution for free (albeit only stuff the hypervisor can measure because they don't run an agent, so no RAM etc).
Linode provides basic hypervisor-level usage graphs by default in the Linode Manager. it's one of the more prominent features.
AWS doesn't give you any minutes of data retention if you aren't paying them by the hour for the server. You can use Longview on any server, it does not have to be hosted by Linode.

If you host with Linode you already get access to graphs going back a year for CPU / Network and IO. Longview is in addition to that offering.

Warning. If you have a high traffic server, Longview will eat up all your CPU. It has a function that iterates through all open file handles to find out which ones are network sockets in an O(n^2) loop. This loop never completed on my system. I had to kill the process and eventually disabled Longview.
I had this problem as well, but since I upgraded to the latest version I've never seen it again.
Just had it installed. It is much better than the standard log metrics they offer. However what is bothering me is that the whole installation is through a short URL.

curl -s https://lv.linode.com/aBcD | sudo bash

Where aBcD is randomly generated. If you visit https://lv.linode.com/aBcD, it contains not just the script to execute but also your API Key. How safe is it to expose your API Key?

Since the randomly generated value is only 4 characters long, it shouldn't be hard to find other people's API keys by brute forcing it.

When I go to https://lv.linode.com/aBcD it shows:

  #!/bin/bash
  echo "Invalid Installer Session"
  echo "Please see the Longview details page to start a new session"
  echo "OR if you would like to install Longview manually please see:"
  echo "http://library.linode.com/longview"
I don't think the OP is going to put his short url which has his API keys.
abcd was just an example they used to show the format. What they said is certainly true.
aBcD was just an example. It would be too risky for me to put the real URL here.
I added a client, got a shortlink, and checked as well. Then I removed the client and the link persisted for a few minutes (even after clearing cache). Now my link redirects to the error message like your example. Short period, but since there are so few options I would think this is indeed an issue that could be exploited.
Yup it seems the link only persists for a few minutes. But given the knowledge that a lot of people are currently installing longview and that it takes only less than a minute to iterate though all the possible combinations of the 4 character token, it could still be exploitable. They should definitely increase the token length to a safe number.
Exploited how? It's only used to send data in and it should be a pretty simple matter to not accept traffic from multiple machines for one API key. I accidentally used the same shortlink to install on two servers last night and saw a "there are multiple servers sending data, check your configuration" error (while the stats stayed correct).
I believe the fear here is that if you can guess URLs, and one of those URLs works and provides you with a script that contains an API key, you could use that API key to perform other, non-Longview-related API calls to Linode's management API.

That's a pretty decent fear. I don't know if there's any other controls on the API key that prevent it from being as vulnerable as this suggests...

According to Linode support, the API key provided is unique to longview and can't be used for anything else.
It's a different API key for every Longview machine. I set up 3 and the keys are different in each case (which is also why the short URL changes for each machine, the API key is part of the response and is different for each machine).
I've tested this and it's a unique Longview API key for the initiation of that installation. This key is not your Linode API key and is disposable.
I find it really hard to care much about news from linode given their history with security and transparency...
I'm a fairly happy Linode customer and have been for 3 or so years. (Yes, security/transparency could be better). We've got a nodebalancer and ~10 nodes. What longview lacks for me is a mechanism for notification & alerts. The value of monitoring is only half the equation. Step two is something that either has sensible defaults or easily adjusted settings and notification when limits are exceeded or below acceptable limits. I don't want to have to constantly watch longview to see a problem.

Anyone know if it provides this, or if there are better monitoring tools or services that do?

Rackspace Cloud Monitoring has an API driven way to manage notifications (people) and notification plans (groups of people) that can be flexibly tied to specific checks and alarms. It runs very similarly to this, with an open-source agent running on the host, or remote checks that try to connect from the outside.

http://www.rackspace.com/cloud/monitoring/

I really want to try this, munin is awesome but I find quite hard to configure and some stats hard to understand, longview's design seems much more friendly.
Doesnt' seem to work with my cloud image of saucy: Unable to locate package linode-longview.
I wonder if they considered a partnership with New Relic instead of building this in-house.