Snort mailing list archives

Re: Performance Monitor Graphing Tool

From: Paul Halliday <paul.halliday () gmail com>
Date: Fri, 3 Sep 2010 16:00:37 -0300

On Fri, Sep 3, 2010 at 10:54 AM, Mike Lococo <mikelococo () gmail com> wrote:

On 09/02/2010 02:46 PM, Greg Lane wrote:

Does anybody had a good location to obtain a good perfmonitor graph tool
for snort?  Every link that I have tried doesn’t seem to work and
nothing is available.

With my Zabbix setup, I have a single screen that shows the following
data for all my snort sensors:

 * Bandwidth at my taps (snmp)
 * Bandwidth to my snort processses (agent custom item)
 * Received/dropped packets for snort (agent custom item)
 * stream/frag stats (agent custom item)
 * CPU usage of various types (agent build-in item)
 * RAM usage of various types (agent build-in item)
 * Disk I/O activity in bytes and in iops (agent build-in item)
 * Free disk space (agent build-in item)
 * A list of the top-5 process-names that are using CPU-time (I
   can't wait for iotop to work on RHEL so I can get this list
   for io-consumers as well, this is an agent custom item).
 * Other stuff I can't remember



I second Zabbix :)

I use a map to relay information about the sensors though:
http://www.pintumbler.org/onestop.png

All of the links you see in the picture are tied to numerous event
triggers. DB connectivity and stats, snort and sguil processes,
perfmon, CPU, MEM, I/O, BW and even latency make up the event
triggers.
All of this summarized with: "OK" or "Problem". I don't start looking
at graphs until there is a problem :).

The perfmon stuff is useful but it is only a small part of a much
larger picture.

------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Performance Monitor Graphing Tool, (continued)
- Re: Performance Monitor Graphing Tool Eoin Miller (Sep 02)
- Re: Performance Monitor Graphing Tool JJ Cummings (Sep 02)
- Re: Performance Monitor Graphing Tool Joel Esler (Sep 02)
  - Re: Performance Monitor Graphing Tool JJC (Sep 02)
  - Re: Performance Monitor Graphing Tool Jason Brvenik (Sep 02)
- Re: Performance Monitor Graphing Tool Nerijus Krukauskas (Sep 02)
  - Re: Performance Monitor Graphing Tool Edward Fjellskål (Sep 02)
- Re: Performance Monitor Graphing Tool Mike Lococo (Sep 03)
  - Re: Performance Monitor Graphing Tool Edward Fjellskål (Sep 03)
  - Re: Performance Monitor Graphing Tool Jason Wallace (Sep 03)
  - Re: Performance Monitor Graphing Tool Paul Halliday (Sep 03)