carlopmart wrote:
Hi all,
I need to know some opninons about existing monitoring tools for
openbsd carp/pf firewalls.
My requsities are:
- Monitor VPN conections betwwen three providers and roadwarriros
clients (I am using another pflogd process to this) using web front-end
preferred.
I've never seen nor needed such a niche tool. I use Nagios to monitor
my IPsec tunnels.
- Monitor logs genereated by pf using web front-end prefered
(real-time is a must)
I'm not aware of anything real-time that monitors logs. If you'd ever
tried to develop such a tool, you'd understand why. I wrote Hatchet
(http://www.dixongroup.net/hatchet/) to present pflog information; it's
anything but real-time and suffers from a lack of updates. I had an
idea to write a "Hatchet 2.0" application that utilizes bayesian
filtering to rule out "noise" log entries, but haven't had the time or
assistance to move on the idea.
- Integrating OpenBSD events (logs, mails, etc) under an opensource
SIM like OpenSIMS (http://opensims.sourceforge.net/) or OSSIM
(www.ossim.net)
Isn't it unfortunate that an application marketed on security (well, the
analysis of security) requires 40+ external software packages
(http://opensims.sourceforge.net/2006/06/02/help-wanted-opensims-ebuild-for-gentoo-anyone/)?
Which tools do you recommends me? Somebdy have tested OpenSIMS or
OSSIM with OPenBSD??
None of the above. Admittedly, I'm lazy/paranoid, highly valued traits
in a SysAdmin. ;-)
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/
