Re: Network Monitoring System - Recommendations?

["Alexei Roudnev" <alex () relcom net>]

Here:

http://sourceforge.net/projects/snmpstat

and docs are here

http://snmpstat.sourceforge.net/CCR-config.htm


----- Original Message ----- 
From: "Joe Shen" <joe_hznm () yahoo com sg>
To: "Alexei Roudnev" <alex () relcom net>; "Jon Lyons" <jlyons30 () yahoo com>;
"Andy Dills" <andy () xecu net>; "Charlie Khanna - NextWeb"
<charlie () nextweb net>
Cc: <nanog () merit edu>
Sent: Monday, November 01, 2004 5:53 PM
Subject: Re: Network Monitoring System - Recommendations?


> Hi,
>
> I googled with "CCR" but it seems nothing useful in 5
> pages. Would you please do me a favor to give the URL
> of that tool ?
>
>
> I tried to set up MRTG monitoring Unishpere BRAS 1400
> and M160, but I failed with data collection because
> wrong OID used ( CPU, mem, tempreture, BW etc ) :-(
>
> regards
>
>
>
>  --- Alexei Roudnev <alex () relcom net> wrote:
> > > I read document of these tools and find they work
> > with
> > > Cisco products. But, how about Juniper M160 or
> > M320,
> > > Unishpere's BRAS products?  Where can I find
> > Juniper's
> > > OID on its tempreture, chassis, CPU, bandwidth ?
> > Does
> > They use standart MIB2 and a little of Cisco
> > specific MIB's. As I already
> > said, it is a good tool to view and monitor traffic,
> > utilisation, errors,
> > and use additional tiool to deep monitor vendor
> > specific parameters. We use
> > 'snmpstat' to monitor routers, switches, ports and
> > interfaces (and bgp) and
> > cricket to watch few additional parameters (to
> > configure alerts, we use
> > aliases and mhonarc mail archives with auto
> > expiration - for alerts,
> > warnings, reports and audits, and for 'root' and
> > 'oracle' e-mail.
> >
> > > anyone have a  running configuration for M160 or
> > > Unishpere's BRAS products?
> > CCR can work with anything which (1) allow telnet or
> > ssh, and (2) can 'write
> > net' config (in any syntax).
> > You can use encrypted password file (using
> > passphrase) if you want. Using
> > SNMP was rejected, because it is absolutely
> > device-specific, impossible in
> > many cases, and we never saw it as a security
> > problem, because all devices
> > are restricted to allow ssh or telnet from 2 or 3
> > servers only, because
> > passwords are encrypted, and because automated
> > config reading and web access
> > aree much more important vs very abstract
> > possibility of hacking (in
> > reality, problem can come from insiders, not from
> > hackers, so no extra
> > accounst are allowed on monitoring server).
> >
> > You can get configuratuion (initialize tftp
> > transfer) using some snmp
> > (WRITE) variable and pre-configured tftp parameters,
> > but it works on a very
> > few Cisco devices only.
> >
> > As I said, CCR uses 3 methods:
> > - password file encrypted by public key
> > - password file encrypted by 3des passphrase;
> > - explicit password.
> >
> > In all cases, problem is with root user only - root
> > can alway decrypt
> > password or interseipt web session. User, who have
> > permission to edit CCR
> > config and know passphrase, can (in theory) see
> > passwords as well. Other
> > users can not, even if they know passphrase - they
> > can only initiate config
> > reading.
> >
> > Network admins do not know enable passwords, if they
> > do not need it - they
> > use passphrase
> >
> > To have automated config reading, any of first 2
> > methods can be used
> > (passphrase must be written into special file, if
> > method 2 is used,
> > root-only readable). For manual reading, any methgod
> > can be used, without
> > any file with passphrase.
> >
> > In reality, it is not serious security problem
> > because all devices can be
> > accessed from a very few servers only, and because
> > we can use 'ssh' instead
> > of 'telnet' (CCR can be configured or select
> > ssh/telnet automatically). You
> > can, in turn, play with security level , but it
> > (again) does not work on
> > generic case (any cisco device) and is very tricky.
> >
> > For Juniper or other device - you can try to program
> > 'expect' script, or use
> > 'snmp' initiated transfer - all other things will
> > work.
> >
> >
> >
> > > On configuration bankup, rancid use telnet (ssh).
> > But,
> > > I take this a not-secure methode as it has to code
> > > password in login script. Is there any tool to get
> > > configuration file from read-only SNMP cumminity?
> > >
> > >
> > > Joe
> > >
> > >
> > >
> > > --- Jon Lyons <jlyons30 () yahoo com> wrote:
> > > > Checkout http://perfparse.sourceforge.net/ lets
> > you
> > > > graph the data from the nagios plugins...
> > > >
> > > > --- Alexei Roudnev <alex () relcom net> wrote:
> > > >
> > > > > I generated config for 'snmpstatd'
> > automatically,
> > > > > from user;'s database (it
> > > > > was simple; all I need was Router, Interface,
> > > > > User-name, number for this
> > > > > user, priority).
> > > > >
> > > > > For automated config backups, I use CCR (fully
> > web
> > > > > based Cisco
> > > > > configuration -> CVS system).
> > > > >
> > > > >
> > > > > ----- Original Message ----- 
> > > > > From: "Andy Dills" <andy () xecu net>
> > > > > To: "Charlie Khanna - NextWeb"
> > > > <charlie () nextweb net>
> > > > > Cc: <nanog () merit edu>
> > > > > Sent: Thursday, October 28, 2004 11:46 AM
> > > > > Subject: Re: Network Monitoring System -
> > > > > Recommendations?
> > > > >
> > > > >
> > > > > > On Thu, 28 Oct 2004, Charlie Khanna -
> > NextWeb
> > > > > wrote:
> > > > > > > Hi - I was interested in finding out what
> > > > > software applications other
> > > > > ISPs
> > > > > > > are using for network monitoring?  For
> > > > example:
> > > > > > > 1)       Overall network health - uptime
> > > > reports
> > > > > > http://www.nagios.org
> > > > > >
> > > > > > > 2)       Backup router config
> > automatically
> > > > > > http://www.shrubbery.net/rancid/
> > > > > >
> > > > > > > 3)       Bandwidth reporting (or
> > integration
> > > > > with an MRTG-type app)
> > > > > > http://cricket.sourceforge.net/
> > > > > >
> > > > > > > 4)       SNMP trap support (BGP/OSPF
> > session
> > > > > drops - emails out)
> > > > > > http://www.snmptt.org/
> > > > > > http://www.nagios.org
> > > > > >
> > > > > > > 5)       Database back end (port info into
> > or
> > > > > over to other apps)
> > > > > > > I'm just looking for something well
> > rounded
> > > > for
> > > > > a small ISP.  I've heard
> > > > > > > about OpenNMS and other apps but I'd like
> > to
> > > > get
> > > > > everyone's feedback.
> > > > > > > Thanks!
> > > > > >
> > > > > > Nothing all in one place, that I'm aware of.
> > But
> > > > > with a little work, you
> > > > > > could probably integrate it all into nagios.
> > > > After
> > > > > all, you can make the
> > > > > > host names or descriptions URLs that link to
> > > > > bandwidth and error graphs or
> > > > > > other tools.
> > > > > >
> > > > > > Andy
> > > > > >
> > > > > > ---
> > > > > > Andy Dills
> > > > > > Xecunet, Inc.
> > > > > > www.xecu.net
> > > > > > 301-682-9972
> > > > > > ---
> > > >
> > > >
> > > >
> > > >
> > > > __________________________________
> > > > Do you Yahoo!?
> > > > Yahoo! Mail Address AutoComplete - You start. We
> > > > finish.
> > > > http://promotions.yahoo.com/new_mail
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Log on to Messenger with your mobile phone!
> > > http://sg.messenger.yahoo.com
>
> __________________________________________________
> Do You Yahoo!?
> Log on to Messenger with your mobile phone!
> http://sg.messenger.yahoo.com