[unisog] Linux network monitoring software

Brian Smith-Sweeney bsmithsweeney at nyu.edu
Tue Jul 19 13:02:08 GMT 2005


Youngquist, Jason R. wrote:

> I’ve been looking into free network monitoring software for Linux. 
> Right now, here are the products I’m considering:
>
> Nagios - availability monitoring
>
> openNMS - network discovery
>
> Torrus - network and server monitoring
>
> Anyone have any other suggestions for software that may fit this bill 
> and be better/easier to configure?
>
I've been out of the network monitoring game for about 2 years now, but 
I'll contribute the stuff I used before. My favorites include:

SmokePing - latency monitor
BigBrother - system monitor
MRTG - network device monitor (bandwidth usage, etc)
IPAudit - flow monitoring

One of the big attractions for me for BigBrother was the ease of 
extending it to monitor arbitrary services. If you can write BASH 
script, (or even perl now, I believe?) you can write a new test BB. This 
is assuming that no one else has written it already. There's a pretty 
active community that write new tests, modifications, etc. to BB all the 
time, available at http://www.deadcat.net.

MRTG's usefulness can be questionable at times, particularly if you 
haven't gotten your network devices and uplinks really well documented. 
I know some folks use Cricket instead, but I have no experience with it. 
MRTG's biggest draw is imho the historical data, which can be really 
useful when you're trying to decide if a given traffic spike is normal.

IPAudit is a must-have, if you're not already doing flow processing 
elsewhere.

I have also setup an NTOP system for general network monitoring 
purposes. NTOP is nice but really needs to be run on good hardware for 
it to be useful. Often I found it dying trying to process network 
traffic when there were problems, and when it dies it tends to lose 
historical data (this may work better with newer versions). It also can 
do flow-processing, but I prefer IPAudit for this.

Finally, in the "not terribly useful but fun to show managers/auditors" 
class of utilities, there's Etherape. What could be better than great 
big circles and lines showing you where every bit of data on your 
network is going! Great fun to show folks what a network scan looks 
like. Warning, though...it may bring any box it runs on to a crawl.

FYI, found this list of tools from SLAC after a quick search, which you 
might find useful:

http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html

I'm purposely not listing IDS stuff here, as I'm been assuming your not 
looking for security monitoring right now.

Cheers,
Brian

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Smith-Sweeney      
Sr. Network Security Analyst
ITS Technology Security Services, New York University
bsmithsweeney at nyu.edu
http://www.nyu.edu/its/security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



More information about the unisog mailing list