North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Network monitoring/IDS rant - What's hot what's not?

  • From: Jared Mauch
  • Date: Wed Feb 26 11:54:58 2003

On Wed, Feb 26, 2003 at 11:29:47AM -0500, Jeff Weisberg wrote:
> | > (traditionally) but they can normally monitor the heck
> | > out of 'decent' sized networks (less than 500 components
> | > was my last experience with OVW atleast, tivoli and CA
> | > we never got working correctly with less than 1 metric
> | > butt ton of LOE to keep it running)
> | 
> | What are the options and recommendations for networks > 500
> | components?
> 
> back when I had a 'network > 500 components', I could never find
> any monitoring software that did what I wanted.
> so I wrote my own. over the years it's been through some re-writes,
> gathered features, (lost features), and become open-source.
> written by an ISP for an ISP[1].
> 
> find it here:
> 	http://argus.tcp4me.com

<shameless plug>
	On the same here.  I have slowly been writing over
the years (and allowing to evolve) software i have called
'sysmon' that does network monitoring for ISPs by an ISP.

	It can see that there are network dependencies, that if
a host is unpingable that perhaps the pop3 server is actually not
worth the cpu time for testing.

	If you have a spare 486/pentium lying around with an
ethernet card, you can monitor a fairly large network with it
as well.

	http://sysmon.org/

	- jared

ps. all the data needed for fancy graphics is stored internally and
somewhat accessible via a currently pseudo-undocumented xml
interface.  someone just needs to write some gui kludge to represent
it all.

--
Jared Mauch  | pgp key available via finger from [email protected]
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.