Home page logo

nanog logo nanog mailing list archives

Re: Network monitoring/IDS rant - What's hot what's not?
From: Martin hepworth <martinh () solid-state-logic com>
Date: Wed, 26 Feb 2003 10:19:46 +0000

Christopher J. Wolff wrote:
Tivoli, Openview, Unicenter, ipmonitor, mrtg, nagios?

There are many network monitoring options but each option has its
pitfalls.  I'm rapidly coming to the conclusion that any software
Computer Associates publishes is designed for the criminally insane.
However, there 'has' to be something that offers more visibility into a
major WAN than MRTG/RRDTOOL.
Perhaps I'm on a Computer Associates rant today but can anyone share any
positive experiences with E-trust intrusion detection?  5 MB of traffic
flow paralyzes a dual P3 with gobs of ram and it still misses signatures
that Snort does not miss.  Originally I was going to blame this lousy
performance on application tuning; however, it was a CA engineer that
set this box up.

Any IDS suggestions would be greatly appreciated as well.

Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.


All the reviews I've/heard of etc all say snort is the bestIDS. Now I'm not it is, just passing what I've heard as I've not had the opportunity to compare the things myself. (also remember that alot of CA software is aquired by merger not written by themselve so it normally takes a couple of iterations to get things into the CA way)

as to network monitoring I'll go with mrtg and/or nagios anytime (mainly 'cos of the price/performance issue). PSiNETEurope use MRTG to display router stats for their customers and so do alot of other people - it just works.

Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
+44 (0)1865 842300

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]