Hi, I googled with "CCR" but it seems nothing useful in 5 pages. Would you please do me a favor to give the URL of that tool ?
I tried to set up MRTG monitoring Unishpere BRAS 1400 and M160, but I failed with data collection because wrong OID used ( CPU, mem, tempreture, BW etc ) :-( regards --- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > > > > I read document of these tools and find they work > with > > Cisco products. But, how about Juniper M160 or > M320, > > Unishpere's BRAS products? Where can I find > Juniper's > > OID on its tempreture, chassis, CPU, bandwidth ? > Does > They use standart MIB2 and a little of Cisco > specific MIB's. As I already > said, it is a good tool to view and monitor traffic, > utilisation, errors, > and use additional tiool to deep monitor vendor > specific parameters. We use > 'snmpstat' to monitor routers, switches, ports and > interfaces (and bgp) and > cricket to watch few additional parameters (to > configure alerts, we use > aliases and mhonarc mail archives with auto > expiration - for alerts, > warnings, reports and audits, and for 'root' and > 'oracle' e-mail. > > > anyone have a running configuration for M160 or > > Unishpere's BRAS products? > CCR can work with anything which (1) allow telnet or > ssh, and (2) can 'write > net' config (in any syntax). > You can use encrypted password file (using > passphrase) if you want. Using > SNMP was rejected, because it is absolutely > device-specific, impossible in > many cases, and we never saw it as a security > problem, because all devices > are restricted to allow ssh or telnet from 2 or 3 > servers only, because > passwords are encrypted, and because automated > config reading and web access > aree much more important vs very abstract > possibility of hacking (in > reality, problem can come from insiders, not from > hackers, so no extra > accounst are allowed on monitoring server). > > You can get configuratuion (initialize tftp > transfer) using some snmp > (WRITE) variable and pre-configured tftp parameters, > but it works on a very > few Cisco devices only. > > As I said, CCR uses 3 methods: > - password file encrypted by public key > - password file encrypted by 3des passphrase; > - explicit password. > > In all cases, problem is with root user only - root > can alway decrypt > password or interseipt web session. User, who have > permission to edit CCR > config and know passphrase, can (in theory) see > passwords as well. Other > users can not, even if they know passphrase - they > can only initiate config > reading. > > Network admins do not know enable passwords, if they > do not need it - they > use passphrase > > To have automated config reading, any of first 2 > methods can be used > (passphrase must be written into special file, if > method 2 is used, > root-only readable). For manual reading, any methgod > can be used, without > any file with passphrase. > > In reality, it is not serious security problem > because all devices can be > accessed from a very few servers only, and because > we can use 'ssh' instead > of 'telnet' (CCR can be configured or select > ssh/telnet automatically). You > can, in turn, play with security level , but it > (again) does not work on > generic case (any cisco device) and is very tricky. > > For Juniper or other device - you can try to program > 'expect' script, or use > 'snmp' initiated transfer - all other things will > work. > > > > > > > On configuration bankup, rancid use telnet (ssh). > But, > > I take this a not-secure methode as it has to code > > password in login script. Is there any tool to get > > configuration file from read-only SNMP cumminity? > > > > > > Joe > > > > > > > > --- Jon Lyons <[EMAIL PROTECTED]> wrote: > > > > > > > > > Checkout http://perfparse.sourceforge.net/ lets > you > > > graph the data from the nagios plugins... > > > > > > --- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > I generated config for 'snmpstatd' > automatically, > > > > from user;'s database (it > > > > was simple; all I need was Router, Interface, > > > > User-name, number for this > > > > user, priority). > > > > > > > > For automated config backups, I use CCR (fully > web > > > > based Cisco > > > > configuration -> CVS system). > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Andy Dills" <[EMAIL PROTECTED]> > > > > To: "Charlie Khanna - NextWeb" > > > <[EMAIL PROTECTED]> > > > > Cc: <[EMAIL PROTECTED]> > > > > Sent: Thursday, October 28, 2004 11:46 AM > > > > Subject: Re: Network Monitoring System - > > > > Recommendations? > > > > > > > > > > > > > > > > > > On Thu, 28 Oct 2004, Charlie Khanna - > NextWeb > > > > wrote: > > > > > > > > > > > Hi - I was interested in finding out what > > > > software applications other > > > > ISPs > > > > > > are using for network monitoring? For > > > example: > > > > > > > > > > > > > > > > > > > > > > > > 1) Overall network health - uptime > > > reports > > > > > > > > > > http://www.nagios.org > > > > > > > > > > > 2) Backup router config > automatically > > > > > > > > > > http://www.shrubbery.net/rancid/ > > > > > > > > > > > 3) Bandwidth reporting (or > integration > > > > with an MRTG-type app) > > > > > > > > > > http://cricket.sourceforge.net/ > > > > > > > > > > > 4) SNMP trap support (BGP/OSPF > session > > > > drops - emails out) > > > > > > > > > > http://www.snmptt.org/ > > > > > http://www.nagios.org > > > > > > > > > > > 5) Database back end (port info into > or > > > > over to other apps) > > > > > > > > > > > > I'm just looking for something well > rounded > > > for > > > > a small ISP. I've heard > > > > > > about OpenNMS and other apps but I'd like > to > > > get > > > > everyone's feedback. > > > > > > Thanks! > > > > > > > > > > Nothing all in one place, that I'm aware of. > But > > > > with a little work, you > > > > > could probably integrate it all into nagios. > > > After > > > > all, you can make the > > > > > host names or descriptions URLs that link to > > > > bandwidth and error graphs or > > > > > other tools. > > > > > > > > > > Andy > > > > > > > > > > --- > > > > > Andy Dills > > > > > Xecunet, Inc. > > > > > www.xecu.net > > > > > 301-682-9972 > > > > > --- > > > > > > > > > > > > > > > > > > > > > > > __________________________________ > > > Do you Yahoo!? > > > Yahoo! Mail Address AutoComplete - You start. We > > > finish. > > > http://promotions.yahoo.com/new_mail > > > > > > > __________________________________________________ > > Do You Yahoo!? > > Log on to Messenger with your mobile phone! > > http://sg.messenger.yahoo.com > > __________________________________________________ Do You Yahoo!? Log on to Messenger with your mobile phone! http://sg.messenger.yahoo.com