Home page logo

nanog logo nanog mailing list archives

Re: Network monitoring/IDS rant - What's hot what's not?
From: "Christopher L. Morrow" <chris () UU NET>
Date: Wed, 26 Feb 2003 16:37:37 +0000 (GMT)

On Wed, 26 Feb 2003, Pete Kruckenberg wrote:

On Wed, 26 Feb 2003, Christopher L. Morrow wrote:

CA-Unicenter/OVW/Tivoli are not IDS systems...
(traditionally) but they can normally monitor the heck
out of 'decent' sized networks (less than 500 components
was my last experience with OVW atleast, tivoli and CA
we never got working correctly with less than 1 metric
butt ton of LOE to keep it running)

What are the options and recommendations for networks > 500

At my previous job our largest network (we ran something like 8 seperate
ones as I recall) was around 500 managed devices, including switches
(bay) and routers (cisco/promina). All that was done with OVW, and some
plugins we got 'for free' (ciscoworks, bay's crazy OVW plugin for switch

At networks larger than 500 mostly things are handbuilt and
nongraphical... atleast on the one I have experience with. I suppose you
can think of it like this: Do you need the graphical info, or do you just
want alarms/alerts when problems arise? If you maintain the data in some
sane format (think database) you can corellate that info as you want, and
generate graphical displays for things of interest.

MRTG/RRDTool or RTG are nice packages for somethings, but you might have
to have a farm of pollers/graphers/displayers (and a few folks to care for
them/create displays that matter) to poll 100,000 interfaces, eh?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]