|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Network Monitoring System - Recommendations?
> I read document of these tools and find they work with > Cisco products. But, how about Juniper M160 or M320, > Unishpere's BRAS products? Where can I find Juniper's > OID on its tempreture, chassis, CPU, bandwidth ? Does They use standart MIB2 and a little of Cisco specific MIB's. As I already said, it is a good tool to view and monitor traffic, utilisation, errors, and use additional tiool to deep monitor vendor specific parameters. We use 'snmpstat' to monitor routers, switches, ports and interfaces (and bgp) and cricket to watch few additional parameters (to configure alerts, we use aliases and mhonarc mail archives with auto expiration - for alerts, warnings, reports and audits, and for 'root' and 'oracle' e-mail. > anyone have a running configuration for M160 or > Unishpere's BRAS products? CCR can work with anything which (1) allow telnet or ssh, and (2) can 'write net' config (in any syntax). You can use encrypted password file (using passphrase) if you want. Using SNMP was rejected, because it is absolutely device-specific, impossible in many cases, and we never saw it as a security problem, because all devices are restricted to allow ssh or telnet from 2 or 3 servers only, because passwords are encrypted, and because automated config reading and web access aree much more important vs very abstract possibility of hacking (in reality, problem can come from insiders, not from hackers, so no extra accounst are allowed on monitoring server). You can get configuratuion (initialize tftp transfer) using some snmp (WRITE) variable and pre-configured tftp parameters, but it works on a very few Cisco devices only. As I said, CCR uses 3 methods: - password file encrypted by public key - password file encrypted by 3des passphrase; - explicit password. In all cases, problem is with root user only - root can alway decrypt password or interseipt web session. User, who have permission to edit CCR config and know passphrase, can (in theory) see passwords as well. Other users can not, even if they know passphrase - they can only initiate config reading. Network admins do not know enable passwords, if they do not need it - they use passphrase To have automated config reading, any of first 2 methods can be used (passphrase must be written into special file, if method 2 is used, root-only readable). For manual reading, any methgod can be used, without any file with passphrase. In reality, it is not serious security problem because all devices can be accessed from a very few servers only, and because we can use 'ssh' instead of 'telnet' (CCR can be configured or select ssh/telnet automatically). You can, in turn, play with security level , but it (again) does not work on generic case (any cisco device) and is very tricky. For Juniper or other device - you can try to program 'expect' script, or use 'snmp' initiated transfer - all other things will work. > > On configuration bankup, rancid use telnet (ssh). But, > I take this a not-secure methode as it has to code > password in login script. Is there any tool to get > configuration file from read-only SNMP cumminity? > > > Joe > > > > --- Jon Lyons <[email protected]> wrote: > > > > > > Checkout http://perfparse.sourceforge.net/ lets you > > graph the data from the nagios plugins... > > > > --- Alexei Roudnev <[email protected]> wrote: > > > > > > > > I generated config for 'snmpstatd' automatically, > > > from user;'s database (it > > > was simple; all I need was Router, Interface, > > > User-name, number for this > > > user, priority). > > > > > > For automated config backups, I use CCR (fully web > > > based Cisco > > > configuration -> CVS system). > > > > > > > > > ----- Original Message ----- > > > From: "Andy Dills" <[email protected]> > > > To: "Charlie Khanna - NextWeb" > > <[email protected]> > > > Cc: <[email protected]> > > > Sent: Thursday, October 28, 2004 11:46 AM > > > Subject: Re: Network Monitoring System - > > > Recommendations? > > > > > > > > > > > > > > On Thu, 28 Oct 2004, Charlie Khanna - NextWeb > > > wrote: > > > > > > > > > Hi - I was interested in finding out what > > > software applications other > > > ISPs > > > > > are using for network monitoring? For > > example: > > > > > > > > > > > > > > > > > > > > 1) Overall network health - uptime > > reports > > > > > > > > http://www.nagios.org > > > > > > > > > 2) Backup router config automatically > > > > > > > > http://www.shrubbery.net/rancid/ > > > > > > > > > 3) Bandwidth reporting (or integration > > > with an MRTG-type app) > > > > > > > > http://cricket.sourceforge.net/ > > > > > > > > > 4) SNMP trap support (BGP/OSPF session > > > drops - emails out) > > > > > > > > http://www.snmptt.org/ > > > > http://www.nagios.org > > > > > > > > > 5) Database back end (port info into or > > > over to other apps) > > > > > > > > > > I'm just looking for something well rounded > > for > > > a small ISP. I've heard > > > > > about OpenNMS and other apps but I'd like to > > get > > > everyone's feedback. > > > > > Thanks! > > > > > > > > Nothing all in one place, that I'm aware of. But > > > with a little work, you > > > > could probably integrate it all into nagios. > > After > > > all, you can make the > > > > host names or descriptions URLs that link to > > > bandwidth and error graphs or > > > > other tools. > > > > > > > > Andy > > > > > > > > --- > > > > Andy Dills > > > > Xecunet, Inc. > > > > www.xecu.net > > > > 301-682-9972 > > > > --- > > > > > > > > > > > > > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! Mail Address AutoComplete - You start. We > > finish. > > http://promotions.yahoo.com/new_mail > > > > __________________________________________________ > Do You Yahoo!? > Log on to Messenger with your mobile phone! > http://sg.messenger.yahoo.com
|