|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Network Monitoring System - Recommendations?
Here: http://sourceforge.net/projects/snmpstat and docs are here http://snmpstat.sourceforge.net/CCR-config.htm ----- Original Message ----- From: "Joe Shen" <[email protected]> To: "Alexei Roudnev" <[email protected]>; "Jon Lyons" <[email protected]>; "Andy Dills" <[email protected]>; "Charlie Khanna - NextWeb" <[email protected]> Cc: <[email protected]> Sent: Monday, November 01, 2004 5:53 PM Subject: Re: Network Monitoring System - Recommendations? > > Hi, > > I googled with "CCR" but it seems nothing useful in 5 > pages. Would you please do me a favor to give the URL > of that tool ? > > > I tried to set up MRTG monitoring Unishpere BRAS 1400 > and M160, but I failed with data collection because > wrong OID used ( CPU, mem, tempreture, BW etc ) :-( > > regards > > > > --- Alexei Roudnev <[email protected]> wrote: > > > > > > > > > I read document of these tools and find they work > > with > > > Cisco products. But, how about Juniper M160 or > > M320, > > > Unishpere's BRAS products? Where can I find > > Juniper's > > > OID on its tempreture, chassis, CPU, bandwidth ? > > Does > > They use standart MIB2 and a little of Cisco > > specific MIB's. As I already > > said, it is a good tool to view and monitor traffic, > > utilisation, errors, > > and use additional tiool to deep monitor vendor > > specific parameters. We use > > 'snmpstat' to monitor routers, switches, ports and > > interfaces (and bgp) and > > cricket to watch few additional parameters (to > > configure alerts, we use > > aliases and mhonarc mail archives with auto > > expiration - for alerts, > > warnings, reports and audits, and for 'root' and > > 'oracle' e-mail. > > > > > anyone have a running configuration for M160 or > > > Unishpere's BRAS products? > > CCR can work with anything which (1) allow telnet or > > ssh, and (2) can 'write > > net' config (in any syntax). > > You can use encrypted password file (using > > passphrase) if you want. Using > > SNMP was rejected, because it is absolutely > > device-specific, impossible in > > many cases, and we never saw it as a security > > problem, because all devices > > are restricted to allow ssh or telnet from 2 or 3 > > servers only, because > > passwords are encrypted, and because automated > > config reading and web access > > aree much more important vs very abstract > > possibility of hacking (in > > reality, problem can come from insiders, not from > > hackers, so no extra > > accounst are allowed on monitoring server). > > > > You can get configuratuion (initialize tftp > > transfer) using some snmp > > (WRITE) variable and pre-configured tftp parameters, > > but it works on a very > > few Cisco devices only. > > > > As I said, CCR uses 3 methods: > > - password file encrypted by public key > > - password file encrypted by 3des passphrase; > > - explicit password. > > > > In all cases, problem is with root user only - root > > can alway decrypt > > password or interseipt web session. User, who have > > permission to edit CCR > > config and know passphrase, can (in theory) see > > passwords as well. Other > > users can not, even if they know passphrase - they > > can only initiate config > > reading. > > > > Network admins do not know enable passwords, if they > > do not need it - they > > use passphrase > > > > To have automated config reading, any of first 2 > > methods can be used > > (passphrase must be written into special file, if > > method 2 is used, > > root-only readable). For manual reading, any methgod > > can be used, without > > any file with passphrase. > > > > In reality, it is not serious security problem > > because all devices can be > > accessed from a very few servers only, and because > > we can use 'ssh' instead > > of 'telnet' (CCR can be configured or select > > ssh/telnet automatically). You > > can, in turn, play with security level , but it > > (again) does not work on > > generic case (any cisco device) and is very tricky. > > > > For Juniper or other device - you can try to program > > 'expect' script, or use > > 'snmp' initiated transfer - all other things will > > work. > > > > > > > > > > > > On configuration bankup, rancid use telnet (ssh). > > But, > > > I take this a not-secure methode as it has to code > > > password in login script. Is there any tool to get > > > configuration file from read-only SNMP cumminity? > > > > > > > > > Joe > > > > > > > > > > > > --- Jon Lyons <[email protected]> wrote: > > > > > > > > > > > > Checkout http://perfparse.sourceforge.net/ lets > > you > > > > graph the data from the nagios plugins... > > > > > > > > --- Alexei Roudnev <[email protected]> wrote: > > > > > > > > > > > > > > I generated config for 'snmpstatd' > > automatically, > > > > > from user;'s database (it > > > > > was simple; all I need was Router, Interface, > > > > > User-name, number for this > > > > > user, priority). > > > > > > > > > > For automated config backups, I use CCR (fully > > web > > > > > based Cisco > > > > > configuration -> CVS system). > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "Andy Dills" <[email protected]> > > > > > To: "Charlie Khanna - NextWeb" > > > > <[email protected]> > > > > > Cc: <[email protected]> > > > > > Sent: Thursday, October 28, 2004 11:46 AM > > > > > Subject: Re: Network Monitoring System - > > > > > Recommendations? > > > > > > > > > > > > > > > > > > > > > > On Thu, 28 Oct 2004, Charlie Khanna - > > NextWeb > > > > > wrote: > > > > > > > > > > > > > Hi - I was interested in finding out what > > > > > software applications other > > > > > ISPs > > > > > > > are using for network monitoring? For > > > > example: > > > > > > > > > > > > > > > > > > > > > > > > > > > > 1) Overall network health - uptime > > > > reports > > > > > > > > > > > > http://www.nagios.org > > > > > > > > > > > > > 2) Backup router config > > automatically > > > > > > > > > > > > http://www.shrubbery.net/rancid/ > > > > > > > > > > > > > 3) Bandwidth reporting (or > > integration > > > > > with an MRTG-type app) > > > > > > > > > > > > http://cricket.sourceforge.net/ > > > > > > > > > > > > > 4) SNMP trap support (BGP/OSPF > > session > > > > > drops - emails out) > > > > > > > > > > > > http://www.snmptt.org/ > > > > > > http://www.nagios.org > > > > > > > > > > > > > 5) Database back end (port info into > > or > > > > > over to other apps) > > > > > > > > > > > > > > I'm just looking for something well > > rounded > > > > for > > > > > a small ISP. I've heard > > > > > > > about OpenNMS and other apps but I'd like > > to > > > > get > > > > > everyone's feedback. > > > > > > > Thanks! > > > > > > > > > > > > Nothing all in one place, that I'm aware of. > > But > > > > > with a little work, you > > > > > > could probably integrate it all into nagios. > > > > After > > > > > all, you can make the > > > > > > host names or descriptions URLs that link to > > > > > bandwidth and error graphs or > > > > > > other tools. > > > > > > > > > > > > Andy > > > > > > > > > > > > --- > > > > > > Andy Dills > > > > > > Xecunet, Inc. > > > > > > www.xecu.net > > > > > > 301-682-9972 > > > > > > --- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > __________________________________ > > > > Do you Yahoo!? > > > > Yahoo! Mail Address AutoComplete - You start. We > > > > finish. > > > > http://promotions.yahoo.com/new_mail > > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Log on to Messenger with your mobile phone! > > > http://sg.messenger.yahoo.com > > > > > > __________________________________________________ > Do You Yahoo!? > Log on to Messenger with your mobile phone! > http://sg.messenger.yahoo.com
|