RE: Monitoring Sensors

[Christopher Lyon <cslyon () netsvcs com>]

Pedro,
There are a couple of theories on how you should monitor your sensors. Just
ping to see if the box is up or actively poll the device for up, down, and
other stats.
What we found to work best is actively poll the device using SNMP. The
reason for this is so that we can poll to make sure processes like snort are
running. Yeah it is good to know if the box is up but what good is it if a
key service has quit working. 
If you load ucd-snmp, assuming you are on a UNIX platform, you can monitor
not only if the box is up and running but you can monitor CPU utilization
and processes. So if mysql, snort or apache decided to quit for whatever
reason you can be notified that they are not running. You can use any SNMP
based product as a manager to poll the sensor for that information. We
activity monitor about 10 sensors and we get paged if any of the critical
processes stop running or if the CPU utilization is hammered. 
NetSaint, from what I can tell, only pings and does a port check. I am sure
there are other SNMP packages out there for little to no money it is just a
question about finding one. At our datacenter we use SNMPc for our
monitoring and it works very well but it is costs money and runs in Windows.


Hope that gives you some help.



-----Original Message-----
From: Pedro Tedeschi [mailto:pedro.tedeschi () frb-par com] 
Sent: Friday, September 20, 2002 11:51 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Monitoring Sensors

Hey all,
 
Asking myself, i'm thinking about some application that monitors my snort
sensors.
Some program that verify if the sensors are down, or if have some problem,
etc.
It´s very useful for networks that they have many sensors.
Looking in the web, i find some programs like a NetSaint, but i don't know
if these are useful for this function.
Anyone use some program like this?
 
 
 
Thanks in advance
 
 
 
Regards,
 
 
Pedro Tedeschi