nanog mailing list archives
RE: on network monitoring and security - req for monitoring tools
From: "Scott Berkman" <scott () sberkman net>
Date: Mon, 23 Aug 2010 10:40:29 -0400
Are you looking only at Open Source tools? If not you are missing all of the most widely deployed tools out there (including): HP Open View Cisco Works IBM Tivoli/NetCool Smarts (now EMC Ionix) Also a few other open tools: ZenOSS Zabbix You will also need to look at separate security monitoring software if your goal is to cover that. Not including any commercial vendors, I'd say you at least need to include: SNORT (possibly including a front end like BASE/ACID) Suricata Nessus Sguil As to one solution being "better" than the other, a lot of it comes down to opinion and exactly what you need. Also are you willing to do a lot of coding to get it to do exactly what you want? What is your budget? How big is your network? What are the vendors in question? What is most important to you (graphing, alerting, automated fault resolution, topology discovery,...)? How much staff do you have dedicated to the project? And on and on... -Scott -----Original Message----- From: travis+ml-nanog () subspacefield org [mailto:travis+ml-nanog () subspacefield org] Sent: Saturday, August 21, 2010 5:58 PM To: nanog () nanog org Subject: on network monitoring and security - req for monitoring tools Hi, I'm putting together a book on security*, and wanted some expert input onto network monitoring solutions... http://www.subspacefield.org/security/security_concepts.html Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others? Any summaries of when one is better than the other? Any suggestions on section 13-15? I imagine I'll offend some of you by not distinguishing between system and network adminsitration, but... it's a small section right now, maybe if it grows. OT: I had issues with understanding MIBs and SNMP tools... specifically, I wanted to query and graph the pf-specific MIB... any suggested places to ask? Do I ask on the Net-SNMP list, or is there a better place? Also, cacti... seemed to behave differently based on whether the target was Linux-based or BSD-based... I suppose the cacti-users is the right place to ask, but if anyone has any suggestions, please LMK. I hate the UI. -- My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email john () subspacefield org to get blacklisted.
Current thread:
- on network monitoring and security - req for monitoring tools travis+ml-nanog (Aug 21)
- Re: on network monitoring and security - req for monitoring tools François D. Ménard (Aug 21)
- RE: on network monitoring and security - req for monitoring tools Scott Berkman (Aug 23)
- Re: on network monitoring and security - req for monitoring tools Charles N Wyble (Aug 23)
- RE: on network monitoring and security - req for monitoring tools Michael K. Smith - Adhost (Aug 24)
- Re: on network monitoring and security - req for monitoring tools Kyle Bader (Aug 24)