North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Network Monitoring System - Recommendations?

  • From: Joe Shen
  • Date: Mon Nov 01 20:54:39 2004

Hi,

I googled with "CCR" but it seems nothing useful in 5
pages. Would you please do me a favor to give the URL
of that tool ? 


I tried to set up MRTG monitoring Unishpere BRAS 1400
and M160, but I failed with data collection because
wrong OID used ( CPU, mem, tempreture, BW etc ) :-(

regards



 --- Alexei Roudnev <[email protected]> wrote:   
> 
> 
> 
> > I read document of these tools and find they work
> with
> > Cisco products. But, how about Juniper M160 or
> M320,
> > Unishpere's BRAS products?  Where can I find
> Juniper's
> > OID on its tempreture, chassis, CPU, bandwidth ?
> Does
> They use standart MIB2 and a little of Cisco
> specific MIB's. As I already
> said, it is a good tool to view and monitor traffic,
> utilisation, errors,
> and use additional tiool to deep monitor vendor
> specific parameters. We use
> 'snmpstat' to monitor routers, switches, ports and
> interfaces (and bgp) and
> cricket to watch few additional parameters (to
> configure alerts, we use
> aliases and mhonarc mail archives with auto
> expiration - for alerts,
> warnings, reports and audits, and for 'root' and
> 'oracle' e-mail.
> 
> > anyone have a  running configuration for M160 or
> > Unishpere's BRAS products?
> CCR can work with anything which (1) allow telnet or
> ssh, and (2) can 'write
> net' config (in any syntax).
> You can use encrypted password file (using
> passphrase) if you want. Using
> SNMP was rejected, because it is absolutely
> device-specific, impossible in
> many cases, and we never saw it as a security
> problem, because all devices
> are restricted to allow ssh or telnet from 2 or 3
> servers only, because
> passwords are encrypted, and because automated
> config reading and web access
> aree much more important vs very abstract
> possibility of hacking (in
> reality, problem can come from insiders, not from
> hackers, so no extra
> accounst are allowed on monitoring server).
> 
> You can get configuratuion (initialize tftp
> transfer) using some snmp
> (WRITE) variable and pre-configured tftp parameters,
> but it works on a very
> few Cisco devices only.
> 
> As I said, CCR uses 3 methods:
> - password file encrypted by public key
> - password file encrypted by 3des passphrase;
> - explicit password.
> 
> In all cases, problem is with root user only - root
> can alway decrypt
> password or interseipt web session. User, who have
> permission to edit CCR
> config and know passphrase, can (in theory) see
> passwords as well. Other
> users can not, even if they know passphrase - they
> can only initiate config
> reading.
> 
> Network admins do not know enable passwords, if they
> do not need it - they
> use passphrase
> 
> To have automated config reading, any of first 2
> methods can be used
> (passphrase must be written into special file, if
> method 2 is used,
> root-only readable). For manual reading, any methgod
> can be used, without
> any file with passphrase.
> 
> In reality, it is not serious security problem
> because all devices can be
> accessed from a very few servers only, and because
> we can use 'ssh' instead
> of 'telnet' (CCR can be configured or select
> ssh/telnet automatically). You
> can, in turn, play with security level , but it
> (again) does not work on
> generic case (any cisco device) and is very tricky.
> 
> For Juniper or other device - you can try to program
> 'expect' script, or use
> 'snmp' initiated transfer - all other things will
> work.
> 
> 
> 
> >
> > On configuration bankup, rancid use telnet (ssh).
> But,
> > I take this a not-secure methode as it has to code
> > password in login script. Is there any tool to get
> > configuration file from read-only SNMP cumminity?
> >
> >
> > Joe
> >
> >
> >
> > --- Jon Lyons <[email protected]> wrote:
> > >
> > >
> > > Checkout http://perfparse.sourceforge.net/ lets
> you
> > > graph the data from the nagios plugins...
> > >
> > > --- Alexei Roudnev <[email protected]> wrote:
> > >
> > > >
> > > > I generated config for 'snmpstatd'
> automatically,
> > > > from user;'s database (it
> > > > was simple; all I need was Router, Interface,
> > > > User-name, number for this
> > > > user, priority).
> > > >
> > > > For automated config backups, I use CCR (fully
> web
> > > > based Cisco
> > > > configuration -> CVS system).
> > > >
> > > >
> > > > ----- Original Message ----- 
> > > > From: "Andy Dills" <[email protected]>
> > > > To: "Charlie Khanna - NextWeb"
> > > <[email protected]>
> > > > Cc: <[email protected]>
> > > > Sent: Thursday, October 28, 2004 11:46 AM
> > > > Subject: Re: Network Monitoring System -
> > > > Recommendations?
> > > >
> > > >
> > > > >
> > > > > On Thu, 28 Oct 2004, Charlie Khanna -
> NextWeb
> > > > wrote:
> > > > >
> > > > > > Hi - I was interested in finding out what
> > > > software applications other
> > > > ISPs
> > > > > > are using for network monitoring?  For
> > > example:
> > > > > >
> > > > > >
> > > > > >
> > > > > > 1)       Overall network health - uptime
> > > reports
> > > > >
> > > > > http://www.nagios.org
> > > > >
> > > > > > 2)       Backup router config
> automatically
> > > > >
> > > > > http://www.shrubbery.net/rancid/
> > > > >
> > > > > > 3)       Bandwidth reporting (or
> integration
> > > > with an MRTG-type app)
> > > > >
> > > > > http://cricket.sourceforge.net/
> > > > >
> > > > > > 4)       SNMP trap support (BGP/OSPF
> session
> > > > drops - emails out)
> > > > >
> > > > > http://www.snmptt.org/
> > > > > http://www.nagios.org
> > > > >
> > > > > > 5)       Database back end (port info into
> or
> > > > over to other apps)
> > > > > >
> > > > > > I'm just looking for something well
> rounded
> > > for
> > > > a small ISP.  I've heard
> > > > > > about OpenNMS and other apps but I'd like
> to
> > > get
> > > > everyone's feedback.
> > > > > > Thanks!
> > > > >
> > > > > Nothing all in one place, that I'm aware of.
> But
> > > > with a little work, you
> > > > > could probably integrate it all into nagios.
> > > After
> > > > all, you can make the
> > > > > host names or descriptions URLs that link to
> > > > bandwidth and error graphs or
> > > > > other tools.
> > > > >
> > > > > Andy
> > > > >
> > > > > ---
> > > > > Andy Dills
> > > > > Xecunet, Inc.
> > > > > www.xecu.net
> > > > > 301-682-9972
> > > > > ---
> > > >
> > > >
> > >
> > >
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > Yahoo! Mail Address AutoComplete - You start. We
> > > finish.
> > > http://promotions.yahoo.com/new_mail
> > >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Log on to Messenger with your mobile phone!
> > http://sg.messenger.yahoo.com
> 
>  

__________________________________________________
Do You Yahoo!?
Log on to Messenger with your mobile phone!
http://sg.messenger.yahoo.com