[unisog] Linux network monitoring software
bsmithsweeney at nyu.edu
Tue Jul 19 13:02:08 GMT 2005
Youngquist, Jason R. wrote:
> I’ve been looking into free network monitoring software for Linux.
> Right now, here are the products I’m considering:
> Nagios - availability monitoring
> openNMS - network discovery
> Torrus - network and server monitoring
> Anyone have any other suggestions for software that may fit this bill
> and be better/easier to configure?
I've been out of the network monitoring game for about 2 years now, but
I'll contribute the stuff I used before. My favorites include:
SmokePing - latency monitor
BigBrother - system monitor
MRTG - network device monitor (bandwidth usage, etc)
IPAudit - flow monitoring
One of the big attractions for me for BigBrother was the ease of
extending it to monitor arbitrary services. If you can write BASH
script, (or even perl now, I believe?) you can write a new test BB. This
is assuming that no one else has written it already. There's a pretty
active community that write new tests, modifications, etc. to BB all the
time, available at http://www.deadcat.net.
MRTG's usefulness can be questionable at times, particularly if you
haven't gotten your network devices and uplinks really well documented.
I know some folks use Cricket instead, but I have no experience with it.
MRTG's biggest draw is imho the historical data, which can be really
useful when you're trying to decide if a given traffic spike is normal.
IPAudit is a must-have, if you're not already doing flow processing
I have also setup an NTOP system for general network monitoring
purposes. NTOP is nice but really needs to be run on good hardware for
it to be useful. Often I found it dying trying to process network
traffic when there were problems, and when it dies it tends to lose
historical data (this may work better with newer versions). It also can
do flow-processing, but I prefer IPAudit for this.
Finally, in the "not terribly useful but fun to show managers/auditors"
class of utilities, there's Etherape. What could be better than great
big circles and lines showing you where every bit of data on your
network is going! Great fun to show folks what a network scan looks
like. Warning, though...it may bring any box it runs on to a crawl.
FYI, found this list of tools from SLAC after a quick search, which you
might find useful:
I'm purposely not listing IDS stuff here, as I'm been assuming your not
looking for security monitoring right now.
Sr. Network Security Analyst
ITS Technology Security Services, New York University
bsmithsweeney at nyu.edu
More information about the unisog