Home page logo
/

nanog logo nanog mailing list archives

Re: Network monitoring/IDS rant - What's hot what's not?
From: Jared Mauch <jared () puck Nether net>
Date: Wed, 26 Feb 2003 11:47:24 -0500


On Wed, Feb 26, 2003 at 11:29:47AM -0500, Jeff Weisberg wrote:
| > (traditionally) but they can normally monitor the heck
| > out of 'decent' sized networks (less than 500 components
| > was my last experience with OVW atleast, tivoli and CA
| > we never got working correctly with less than 1 metric
| > butt ton of LOE to keep it running)
| 
| What are the options and recommendations for networks > 500
| components?

back when I had a 'network > 500 components', I could never find
any monitoring software that did what I wanted.
so I wrote my own. over the years it's been through some re-writes,
gathered features, (lost features), and become open-source.
written by an ISP for an ISP[1].

find it here:
      http://argus.tcp4me.com

<shameless plug>
        On the same here.  I have slowly been writing over
the years (and allowing to evolve) software i have called
'sysmon' that does network monitoring for ISPs by an ISP.

        It can see that there are network dependencies, that if
a host is unpingable that perhaps the pop3 server is actually not
worth the cpu time for testing.

        If you have a spare 486/pentium lying around with an
ethernet card, you can monitor a fairly large network with it
as well.

        http://sysmon.org/

        - jared

ps. all the data needed for fancy graphics is stored internally and
somewhat accessible via a currently pseudo-undocumented xml
interface.  someone just needs to write some gui kludge to represent
it all.

--
Jared Mauch  | pgp key available via finger from jared () puck nether net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]