on network monitoring and security - req for monitoring tools

• Previous message (by thread): on network monitoring and security - req for monitoring tools
• Next message (by thread): on network monitoring and security - req for monitoring tools
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Are you looking only at Open Source tools?  If not you are missing all of
the most widely deployed tools out there (including):

HP Open View
Cisco Works
IBM Tivoli/NetCool
Smarts (now EMC Ionix)

Also a few other open tools:
ZenOSS
Zabbix

You will also need to look at separate security monitoring software if your
goal is to cover that.  Not including any commercial vendors, I'd say you at
least need to include:
SNORT (possibly including a front end like BASE/ACID)
Suricata
Nessus
Sguil


As to one solution being "better" than the other, a lot of it comes down to
opinion and exactly what you need.  Also are you willing to do a lot of
coding to get it to do exactly what you want?  What is your budget?  How big
is your network?  What are the vendors in question?  What is most important
to you (graphing, alerting, automated fault resolution, topology
discovery,...)?  How much staff do you have dedicated to the project?  And
on and on...

	-Scott


-----Original Message-----
From: travis+ml-nanog at subspacefield.org
[mailto:travis+ml-nanog at subspacefield.org] 
Sent: Saturday, August 21, 2010 5:58 PM
To: nanog at nanog.org
Subject: on network monitoring and security - req for monitoring tools

Hi, I'm putting together a book on security*, and wanted some expert input
onto network monitoring solutions...

http://www.subspacefield.org/security/security_concepts.html

Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others?

Any summaries of when one is better than the other?

Any suggestions on section 13-15?  I imagine I'll offend some of you by not
distinguishing between system and network adminsitration, but... it's a
small section right now, maybe if it grows.

OT:
I had issues with understanding MIBs and SNMP tools... specifically, I
wanted to query and graph the pf-specific MIB... any suggested places to
ask?  Do I ask on the Net-SNMP list, or is there a better place?

Also, cacti... seemed to behave differently based on whether the target was
Linux-based or BSD-based... I suppose the cacti-users is the right place to
ask, but if anyone has any suggestions, please LMK.
I hate the UI.
--
My emails do not have attachments; it's a digital signature that your mail
program doesn't understand. | http://www.subspacefield.org/~travis/
If you are a spammer, please email john at subspacefield.org to get
blacklisted.

• Previous message (by thread): on network monitoring and security - req for monitoring tools
• Next message (by thread): on network monitoring and security - req for monitoring tools
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]