Educause Security Discussion mailing list archives

Re: Alerting tool

From: "Raw, Randy" <rawr () MORE NET>
Date: Fri, 23 Oct 2009 16:43:52 -0500

At last year's Security Professionals Conference several people were talking about the GroundWork OpenSource tool for 
alerting/monitoring. It puts a pretty decent GUI in front of Nagios and Cacti and helps decrease the learning curve 
significantly. They have a Virtual Appliance that you can download and try. We did some research and a webinar on it 
this past summer for our members. It looks promising.

Randy Raw, CISSP
MOREnet Manager, Network Security
3212 LeMone Industrial Blvd
Columbia, MO 65201
573.882.0749
573.884.7699 fax
http://www.more.net/security

Remember...security is EVERYONE's business.
Register for the monthly MOREnet Security Webcasts at
http://www.more.net/content/web-seminar-schedule

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Peter Charbonneau
Sent: Friday, October 23, 2009 7:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Alerting tool

Matt,

   Thanks.

   We have What's Up Gold and Cacti for monitoring.  I have been
looking around for something that might be able to do this, and Nagios
looks like it will, but also seems like the Nagios learning curve is
pretty steep.  If I was going to use it for more, then that would not
be an issue.

p

On Oct 22, 2009, at 11:37 AM, Matthew Gracie wrote:

Peter Charbonneau wrote:

SNMP read interface OID string to get bytes in.  In one (two, five)
minutes read the counter again, if the difference between the two
reads is less than value x, but more than value y, page as "down".


I would prefer and open source tool.  I am using Cisco routers.

What's up Gold doesn't seem to be able to do this.  Is there,
potentially an addon for Cacti that can do it?  Using Nagios for this
seems to be like swatting a fly with a sledge hammer, but ...

Anyone out there doing anything like this?


I've written some custom SNMP read rules in Nagios that do something
similar. I imagine if you've already got a Nagios implementation in
place, it would be pretty straightforward.

What are you currently using for monitoring?

--
Matt Gracie                     (716) 888-8378
Information Security Administrator  graciem () canisius edu
Canisius College ITS                    Buffalo, NY
http://www2.canisius.edu/~graciem/graciem_public_key.gpg




PeteC


Peter Charbonneau
Sr. Network and Systems Administrator
Williams College
(413) 597-3408 (office)
(413) 822-2922 (cell)
OIT will NEVER ask for your password!

Current thread:

Alerting tool Peter Charbonneau (Oct 22)
- <Possible follow-ups>
- Re: Alerting tool Matthew Gracie (Oct 22)
- Re: Alerting tool Peter Charbonneau (Oct 23)
- Re: Alerting tool Crim, David (Oct 23)
- Re: Alerting tool Emery Rudolph (Oct 23)
- Re: Alerting tool Dunker, Mary (Oct 23)
- Re: Alerting tool Joel Rosenblatt (Oct 23)
- Re: Alerting tool Raw, Randy (Oct 23)
- Re: Alerting tool Mike Lococo (Oct 27)