On August 16, 2018 at 9:16:42 PM, Nick Peelman (npeelman@etc1.net) wrote:
seconded. the pains of maintaining ELK are made worthwhile by this alone.
-nick
—
Nick Peelman
Network Engineer | Enhanced Telecommunications Corp.
812-222-0169<tel:812-222-0169> | npeelman@etc1.net<mailto:npeelman@etc1.net> | www.etczone.com<http://www.etczone.com/>
Sent from my iPhone
On Aug 16, 2018, at 11:41, Stan Ouchakov <stano@imaginesoftware.com<mailto:stano@imaginesoftware.com>> wrote:
Regarding netflow/sflow/ipfix monitoring, we had recently started using elastiflow by Robert Cowart. Scales very well with pretty visualizations. Cannot imagine what paid / supported version has to offer :)
https://github.com/robcowart/elastiflow
-----Original Message-----
From: NANOG <nanog-bounces@nanog.org<mailto:nanog-bounces@nanog.org>> On Behalf Of Joe Loiacono
Sent: Wednesday, August 15, 2018 8:31 PM
To: William Herrin <bill@herrin.us<mailto:bill@herrin.us>>
Cc: NANOG <nanog@nanog.org<mailto:nanog@nanog.org>>
Subject: Re: What NMS do you use and why?
Consider also open-source FlowViewer for netflow capture and analysis. A lot of very useful netflow based analytical tools in an easy UI. Sits on top of a robust set of Carnegie-Mellon's high-capacity SiLK netflow tools.
https://sourceforge.net/projects/flowviewer/
Joe
----- Original Message -----
From: "William Herrin" <bill@herrin.us<mailto:bill@herrin.us>>
To: "Colton Conor" <colton.conor@gmail.com<mailto:colton.conor@gmail.com>>
Cc: "NANOG" <nanog@nanog.org<mailto:nanog@nanog.org>>
Sent: Wednesday, August 15, 2018 3:25:48 PM
Subject: Re: What NMS do you use and why?
On Wed, Aug 15, 2018 at 9:49 AM, Colton Conor <colton.conor@gmail.com<mailto:colton.conor@gmail.com>> wrote:
We are looking for a new network monitoring system. Since there are so
many operators on this list, I would like to know which NMS do you use and why?
Is there one that you really like, and others that you hate?
I still use a tool I wrote in perl nearly 20 years ago called "MrPing." MrPing handles multi-dependency graphs.
Consider:
A is reachable via either B or C.
If A and B are down but C is up, A being down is a separate failure from B being down. I need to know about both.
If B and C are both down, A is unreachable. I don't want to receive alerts about A because they'll distract me from the root cause of the
problem: that both B and C are down. The NMS should record that A is unreachable but it should also tell me that A being unreachable is a dependent failure that I can ignore until I fix the failures it depends on.
The NMSes I've paid attention to either don't support dependencies well at all or support only simple hierarchical dependencies.
Resilient, professional networks simply aren't built that way.
Regards,
Bill Herrin
--
William Herrin ................ herrin@dirtside.com<mailto:herrin@dirtside.com> bill@herrin.us<mailto:bill@herrin.us> Dirtside Systems ......... Web: <http://www.dirtside.com/>