35 comments

[ 4.3 ms ] story [ 80.3 ms ] thread
Looks nice, kinda like a combination of Papertrail and New Relic? Going to give a try.
Try to see a list of plugins, the docs tell me to click on the servers page, which tells me: You need to sign in or sign up before continuing.

I'm not signing up just to see that.

What sucks is that they are charging for it. When your talking about monitoring 100 servers, that's $1000/month. Currently I use Check_mk/OMD and it works beautifully. Oh, and its 100% free.
You might have missed the Free plan shown at the bottom of the page.
If you have 100 servers, $1k/month to monitor all of them is likely a drop in the budget bucket.
Getting 403's trying to install on new servers.

Edit: Looks like it's just from one of my servers. Also getting this error when installing on a DigitalOcean VPS:

runtime: panic before malloc heap initialized

fatal error: runtime: cannot allocate heap metadata

We have support chat on our website, if you can go there i can help you debug the problem. Thanks.
I'm also seeing this on a 512MB DigitalOcean server.

From previous experience, I'm pretty sure the problem is that when you compile with Go 1.1 your program's VM commit charge is much larger (~500M) than it was with Go 1.0 (~70M):

https://code.google.com/p/go/issues/detail?id=5236

Hence it runs out of memory on low-memory systems. Rebuild Go 1.1 from source with this patch applied:

https://codereview.appspot.com/download/issue9791044_36001.d...

Then rebuild your program and it should be fixed.

Did you turn off overcommitting ? also which distro and cpu architecture are you using ?
No, overcommit is turned on (overcommit_memory=0, overcommit_ratio=50). Ubuntu 12.04.3 x86_64, kernel 3.8.0-29-generic.
Where's this support chat? I can't find it for the life of me on getanomalous.com.
Can you explain how the set of possible anomalies are defined?

Does each user decide them for their own application, or does Anomalous try to figure out when something weird has happened?

Currently, the conditions are user-defined on a per-metric basis. Future versions of the agent will calculate a baseline for each metric and use that as a means of performing automatic anomaly detection.
So I'm not in your target market, but just throwing this out there, I do a lot of client or client/server development (e.g. mobile). And so something that I really want is a logging service that creates unified client/server logs and treats both clients and servers as equal partners.

There are just so many server logging services (Loggly, Splunk, Logentries, etc.) and some of them even have some shitty client logging feature as an afterthought. But if you're serious about catching both client and server issues you either have to use separate dedicated client/server products, or roll your own server on FluentD or similar. Which, I'd like to point out, is terrible to set up on VPS or inside Docker because you have to tweak all sorts of Linux kernel parameters so that the network stack performs well[1].

So I mean maybe there is a great market for Yet Another Loggly Service out there, and if so, hats off to you. But I have spent a lot of time googling for a logging product I can use as a client/server person, and I've got nothing. So if you (or anyone on HN really) can easily enter that market, I will be your first customer. E-mail in profile.

[1] http://docs.fluentd.org/articles/before-install

Maybe this can be my next weekend project. I've been itching to try Rethink, and it sounds ideal for this sort of thing. What sorts of logs are you thinking of?

By the way, you can email me if you want to discuss this more at length (email is in profile).

No Windows?
no, windows isn't currently supported.

    © 2013 Errplane Inc.
Can anyone clarify the relationship between this and Errplane - is this a rebranding, a new complementary product, a new iteration of the existing product, etc?
Looks like it's a side project of errplane or something. On the errplane site, there's a link to anomalous in their nav bar.
It's a new iteration of the server side stuff in Errplane, but it's a separate product.
For this sort of service an "About" or a "Company" section is a must. Few people will want to "install the server agent" with an always-on link to the mothership by some unknown publisher.

In fact, if I look at the page request log, I see several static resources being pulled down from yandex.ru. Needless to say this raises the question of company origins and whether their ignorance/negligence with sharing visitors stats may be indicative of how they handle the actual server health data. Then add in the lack of any sort of About section and it kind of starts to look odd.

(edit) I was going to say "just link to the Errplane site at the bottom", but then errplane.com has the exact same problem - no company info.

Few people will want to "install the server agent"...

I'm assuming this is actually a client agent (as in, it talks to a server or servers operated by anomalous), but why would it be required anyway? It seems actual log lines are being uploaded to "anomalous" anyway? If it's just to reduce bandwidth, why isn't this just a plugin for rsyslog?

    curl https://getanomalous.com/install.sh 2>/dev/null | sudo bash -s your_app_key your_api_key
Please do not use this kind of install solution! Piping arbitrary commands to an elevated shell is very bad. People who know better won't use it, and people who don't know better will have their "this is an acceptable method of install" bias confirmed, leaving them vulnerable to losing control over their machines.

Provide packages, please, not arbitrary tarballs from s3.

With regards to the MySQL plugin, I don't see any checks for active threads versus max threads, deadlocks warnings, InnoDB status warnings, replication status, long running queries, etc. For actual host monitoring, I don't see anything about load, disk usage, logged in users, memory usage, processor usage...

In short, I don't see anything particularly useful if you're actually monitoring a MySQL host.

Sorry if this seems abrupt, but if you want someone to pay for a Nagios replacement, it has to be an actual replacement for Nagios, which this does not actually appear to be.

Please do not use [curl https://.... | sudo bash]

Provide packages, please, not arbitrary tarballs from s3.

Besides a well-behaved package being automatically uninstallable, what's the difference? Either way you're running code that you only trust because of where you got it from, rather than because you've read it and understand it.

Well, packages can be signed, packages can be pinned using internal repos, and lists of installed packages (and their versions) can be easily generated.

Packages are also easier to audit and deploy on internal networks than an install script which can change at whim.

In short, I have no guarantee that the bash script or tarball I'm installing via the piped bash method is the script or tarball the authors intended to be installed. I also have no way of installing this on servers without internet access, short of hacking the install script (of course, this matters less since this is monitoring as a service, but as a general principle it still stands).

Oh, you meant "lose control" more as in "have an unmaintainable mess". For some reason I'd only read it as "get 'sploited".
I did also mean "get 'sploited" - in that when someone is used to running curls into elevated shells, they're more likely to accept this from random forum goers as a valid way to troubleshoot problems; not necessarily as a problem for this company.
I'd love to see a comparison of features between:

https://getanomalous.com http://www.graphdat.com http://www.datadoghq.com/ http://www.serverdensity.com/ http://newrelic.com/

There are lots of choices, and all of the above are high quality.

Well, using DataDog I can 1) increase a counter when something happens -- like an error or an expected user action and 2) setup an alert when the average amount of events over a X minute period is sustained above or below a certain threshold -- with a separate trigger per e.g. host.

So more than 60 error in a 5-minute period, or a sustained 10mbps for more than few minutes triggers, and sends me an email with a nice embedded graph.

Compared to all the other DD features -- like dashboards with all the metrics that can also be, to some limited degree, shared, Anomalous seems kind of limited at a glance. DD is $15/host/month.

(comment deleted)
I don't like how it's POSTing to an non-SSL endpoint.

Is it safe to send API keys out in plaintext?

Just a quick note, for what it's worth.

I work for an ISP/MSP. In addition to our servers and network, we manage those of many of our customers. We would never pay $10/month/server for this and neither would our customers. There was a time when we probably would have -- when we deployed on bare metal -- but with the rise of virtualization it's simply no longer possible. Whereas a customer might have had three (physical) servers a few years ago, they might have 15 or 20 now ("one task per (virtual) server") and that makes your product unaffordable.