Hi, I'm putting together a book on security*, and wanted some expert
input onto network monitoring solutions...
http://www.subspacefield.org/security/security_concepts.html
Nagios, Net-SNMP, ifgraph, cacti, OpenNMS... any others?
Any summaries of when one is better than the other?
Any suggestions on section 13-15? I imagine I'll offend some of you
by not distinguishing between system and network adminsitration,
but... it's a small section right now, maybe if it grows.
OT:
I had issues with understanding MIBs and SNMP tools... specifically,
I wanted to query and graph the pf-specific MIB... any suggested places
to ask? Do I ask on the Net-SNMP list, or is there a better place?
Also, cacti... seemed to behave differently based on whether the
target was Linux-based or BSD-based... I suppose the cacti-users is
the right place to ask, but if anyone has any suggestions, please LMK.
I hate the UI.
Are you looking only at Open Source tools? If not you are missing all of
the most widely deployed tools out there (including):
HP Open View
Cisco Works
IBM Tivoli/NetCool
Smarts (now EMC Ionix)
Also a few other open tools:
ZenOSS
Zabbix
You will also need to look at separate security monitoring software if your
goal is to cover that. Not including any commercial vendors, I'd say you at
least need to include:
SNORT (possibly including a front end like BASE/ACID)
Suricata
Nessus
Sguil
As to one solution being "better" than the other, a lot of it comes down to
opinion and exactly what you need. Also are you willing to do a lot of
coding to get it to do exactly what you want? What is your budget? How big
is your network? What are the vendors in question? What is most important
to you (graphing, alerting, automated fault resolution, topology
discovery,...)? How much staff do you have dedicated to the project? And
on and on...
-Scott
These days I use openvas.org instead of nessus.