[56121] in North American Network Operators' Group
Re: Network monitoring/IDS rant - What's hot what's not?
daemon@ATHENA.MIT.EDU (Martin hepworth)
Wed Feb 26 06:17:14 2003
Date: Wed, 26 Feb 2003 10:19:46 +0000
From: Martin hepworth <martinh@solid-state-logic.com>
To: nanog@merit.edu
In-Reply-To: <002201c2dd55$a2837cc0$0300a8c0@cartman>
Errors-To: owner-nanog-outgoing@merit.edu
Christopher J. Wolff wrote:
> Tivoli, Openview, Unicenter, ipmonitor, mrtg, nagios?
>
> There are many network monitoring options but each option has its
> pitfalls. I'm rapidly coming to the conclusion that any software
> Computer Associates publishes is designed for the criminally insane.
> However, there 'has' to be something that offers more visibility into a
> major WAN than MRTG/RRDTOOL.
>
> Perhaps I'm on a Computer Associates rant today but can anyone share any
> positive experiences with E-trust intrusion detection? 5 MB of traffic
> flow paralyzes a dual P3 with gobs of ram and it still misses signatures
> that Snort does not miss. Originally I was going to blame this lousy
> performance on application tuning; however, it was a CA engineer that
> set this box up.
>
> Any IDS suggestions would be greatly appreciated as well.
>
> Regards,
> Christopher J. Wolff, VP CIO
> Broadband Laboratories, Inc.
> http://www.bblabs.com
>
>
>
>
Chris
All the reviews I've/heard of etc all say snort is the bestIDS. Now I'm
not it is, just passing what I've heard as I've not had the opportunity
to compare the things myself. (also remember that alot of CA software is
aquired by merger not written by themselve so it normally takes a couple
of iterations to get things into the CA way)
as to network monitoring I'll go with mrtg and/or nagios anytime (mainly
'cos of the price/performance issue). PSiNETEurope use MRTG to display
router stats for their customers and so do alot of other people - it
just works.
--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
+44 (0)1865 842300
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
