mailing list archives
Re: Network monitoring/IDS rant - What's hot what's not?
From: Jared Mauch <jared () puck Nether net>
Date: Wed, 26 Feb 2003 11:47:24 -0500
On Wed, Feb 26, 2003 at 11:29:47AM -0500, Jeff Weisberg wrote:
| > (traditionally) but they can normally monitor the heck
| > out of 'decent' sized networks (less than 500 components
| > was my last experience with OVW atleast, tivoli and CA
| > we never got working correctly with less than 1 metric
| > butt ton of LOE to keep it running)
| What are the options and recommendations for networks > 500
back when I had a 'network > 500 components', I could never find
any monitoring software that did what I wanted.
so I wrote my own. over the years it's been through some re-writes,
gathered features, (lost features), and become open-source.
written by an ISP for an ISP.
find it here:
On the same here. I have slowly been writing over
the years (and allowing to evolve) software i have called
'sysmon' that does network monitoring for ISPs by an ISP.
It can see that there are network dependencies, that if
a host is unpingable that perhaps the pop3 server is actually not
worth the cpu time for testing.
If you have a spare 486/pentium lying around with an
ethernet card, you can monitor a fairly large network with it
ps. all the data needed for fancy graphics is stored internally and
somewhat accessible via a currently pseudo-undocumented xml
interface. someone just needs to write some gui kludge to represent
Jared Mauch | pgp key available via finger from jared () puck nether net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.