[56136] in North American Network Operators' Group
Re: Network monitoring/IDS rant - What's hot what's not?
daemon@ATHENA.MIT.EDU (Jared Mauch)
Wed Feb 26 11:52:32 2003
Date: Wed, 26 Feb 2003 11:47:24 -0500
From: Jared Mauch <jared@puck.Nether.net>
To: Jeff Weisberg <jaw+nanog01@tcp4me.com>
Cc: nanog@merit.edu
In-Reply-To: <200302261629.h1QGTlV15241@penelope.tcp4me.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Wed, Feb 26, 2003 at 11:29:47AM -0500, Jeff Weisberg wrote:
> | > (traditionally) but they can normally monitor the heck
> | > out of 'decent' sized networks (less than 500 components
> | > was my last experience with OVW atleast, tivoli and CA
> | > we never got working correctly with less than 1 metric
> | > butt ton of LOE to keep it running)
> |
> | What are the options and recommendations for networks > 500
> | components?
>
> back when I had a 'network > 500 components', I could never find
> any monitoring software that did what I wanted.
> so I wrote my own. over the years it's been through some re-writes,
> gathered features, (lost features), and become open-source.
> written by an ISP for an ISP[1].
>
> find it here:
> http://argus.tcp4me.com
<shameless plug>
On the same here. I have slowly been writing over
the years (and allowing to evolve) software i have called
'sysmon' that does network monitoring for ISPs by an ISP.
It can see that there are network dependencies, that if
a host is unpingable that perhaps the pop3 server is actually not
worth the cpu time for testing.
If you have a spare 486/pentium lying around with an
ethernet card, you can monitor a fairly large network with it
as well.
http://sysmon.org/
- jared
ps. all the data needed for fancy graphics is stored internally and
somewhat accessible via a currently pseudo-undocumented xml
interface. someone just needs to write some gui kludge to represent
it all.
--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
