Firewall Wizards mailing list archives

Re: Event management

From: Nicholas Tang <ntang () nachtwache org>
Date: Wed, 23 Aug 2000 09:37:58 -0400 (EDT)

On Mon, 21 Aug 2000, [iso-8859-2] Magos?nyi ?rp?d wrote:

If we are talking about only the event handling connected to operation
management (and not security related alerts), the following scheme seems to
work:

All devices run some scripts from cron, which checks the system health
of the system. 
The output of the script is (through the stdin of ssh) sent to the health
monitoring station (which is protected on the level of intranet; untrusted
operators should look at the results, no one can operate on the firewalls
from that station).
On the monitoring station there is a Netsaint, which can be looked at through
http(s).
It can be extended by all bells-and-whistles of netsaint: bells, 3D, independent
backup stations, and (this has the best hacque level for me, although have no
real use unless one cannot see) alerts told by the computer with festival speech
synthesizer system>

The above meets all the above specified criteria, but we have not talked
about the real question: security alerts.


Two things: one, it doesn't have to be done through cron jobs.  Netsaint
can use ssh to connect to the remote host and execute the plugin remotely
to do things like check for disk usage and other similar things.

As far as the security alerts, Netsaint can also handle those through its
external input and non-volatile alert features... go to
http://www.netsaint.org/ and look at the documentation for the latest
(currently non-stable, but I'm guessing no more than a few weeks away from
being stable) release, 0.0.6.  (Ignore the version numbers, Netsaint was
started over over 2 years ago I believe)

It's a pretty nice system and the author of Netsaint actually does get
security alerts and you can see them in his online demo, which is viewable
here: http://real.extension.umn.edu/netsaint/ (username: guest,
password: netsaint5).

It's a nice piece of software and one of my favorite open source packages,
and well worth a look.

Nicholas




_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

Current thread:

Event management Chris Trudeau (Aug 20)
- Re: Event management Magosányi Árpád (Aug 21)
  - Re: Event management Chris Trudeau (Aug 21)
  - Re: Event management Nicholas Tang (Aug 24)
- <Possible follow-ups>
- Re: Event management Nicholas Tang (Aug 26)