on network monitoring and security - req for monitoring tools
Hi, I'm putting together a book on security*, and wanted some expert input onto network monitoring solutions... http://www.subspacefield.org/security/security_concepts.html Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others? Any summaries of when one is better than the other? Any suggestions on section 13-15? I imagine I'll offend some of you by not distinguishing between system and network adminsitration, but... it's a small section right now, maybe if it grows. OT: I had issues with understanding MIBs and SNMP tools... specifically, I wanted to query and graph the pf-specific MIB... any suggested places to ask? Do I ask on the Net-SNMP list, or is there a better place? Also, cacti... seemed to behave differently based on whether the target was Linux-based or BSD-based... I suppose the cacti-users is the right place to ask, but if anyone has any suggestions, please LMK. I hate the UI. -- My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email john@subspacefield.org to get blacklisted.
Mikrotik TheDude -- fmenard@xittel.net On 2010-08-21, at 17:57, travis+ml-nanog@subspacefield.org wrote:
Hi, I'm putting together a book on security*, and wanted some expert input onto network monitoring solutions...
http://www.subspacefield.org/security/security_concepts.html
Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others?
Any summaries of when one is better than the other?
Any suggestions on section 13-15? I imagine I'll offend some of you by not distinguishing between system and network adminsitration, but... it's a small section right now, maybe if it grows.
OT: I had issues with understanding MIBs and SNMP tools... specifically, I wanted to query and graph the pf-specific MIB... any suggested places to ask? Do I ask on the Net-SNMP list, or is there a better place?
Also, cacti... seemed to behave differently based on whether the target was Linux-based or BSD-based... I suppose the cacti-users is the right place to ask, but if anyone has any suggestions, please LMK. I hate the UI. -- My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email john@subspacefield.org to get blacklisted.
Are you looking only at Open Source tools? If not you are missing all of the most widely deployed tools out there (including): HP Open View Cisco Works IBM Tivoli/NetCool Smarts (now EMC Ionix) Also a few other open tools: ZenOSS Zabbix You will also need to look at separate security monitoring software if your goal is to cover that. Not including any commercial vendors, I'd say you at least need to include: SNORT (possibly including a front end like BASE/ACID) Suricata Nessus Sguil As to one solution being "better" than the other, a lot of it comes down to opinion and exactly what you need. Also are you willing to do a lot of coding to get it to do exactly what you want? What is your budget? How big is your network? What are the vendors in question? What is most important to you (graphing, alerting, automated fault resolution, topology discovery,...)? How much staff do you have dedicated to the project? And on and on... -Scott -----Original Message----- From: travis+ml-nanog@subspacefield.org [mailto:travis+ml-nanog@subspacefield.org] Sent: Saturday, August 21, 2010 5:58 PM To: nanog@nanog.org Subject: on network monitoring and security - req for monitoring tools Hi, I'm putting together a book on security*, and wanted some expert input onto network monitoring solutions... http://www.subspacefield.org/security/security_concepts.html Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others? Any summaries of when one is better than the other? Any suggestions on section 13-15? I imagine I'll offend some of you by not distinguishing between system and network adminsitration, but... it's a small section right now, maybe if it grows. OT: I had issues with understanding MIBs and SNMP tools... specifically, I wanted to query and graph the pf-specific MIB... any suggested places to ask? Do I ask on the Net-SNMP list, or is there a better place? Also, cacti... seemed to behave differently based on whether the target was Linux-based or BSD-based... I suppose the cacti-users is the right place to ask, but if anyone has any suggestions, please LMK. I hate the UI. -- My emails do not have attachments; it's a digital signature that your mail program doesn't understand. | http://www.subspacefield.org/~travis/ If you are a spammer, please email john@subspacefield.org to get blacklisted.
On 08/23/2010 07:40 AM, Scott Berkman wrote:
Are you looking only at Open Source tools? If not you are missing all of the most widely deployed tools out there (including):
You will also need to look at separate security monitoring software if your goal is to cover that. Not including any commercial vendors, I'd say you at least need to include: SNORT (possibly including a front end like BASE/ACID) Suricata Nessus
These days I use openvas.org instead of nessus.
-----Original Message----- From: travis+ml-nanog@subspacefield.org [mailto:travis+ml- nanog@subspacefield.org] Sent: Saturday, August 21, 2010 2:58 PM To: nanog@nanog.org Subject: on network monitoring and security - req for monitoring tools
Hi, I'm putting together a book on security*, and wanted some expert input onto network monitoring solutions...
http://www.subspacefield.org/security/security_concepts.html
Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others?
I would add OSSIM (http://www.alienvault.com/community.php?section=Home) Mike
Hi, I'm putting together a book on security*, and wanted some expert input onto network monitoring solutions...
http://www.subspacefield.org/security/security_concepts.html
Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others?
prelude, barnyard -- Kyle
participants (6)
-
"François D. Ménard"
-
Charles N Wyble
-
Kyle Bader
-
Michael K. Smith - Adhost
-
Scott Berkman
-
travis+ml-nanog@subspacefield.org