Thanks,
I didn't see the VM on the downloads page, is it in either the installer or the TGZ zipped file? I take its in the vmx format for ESX accordingly? Z ________________________________ From: Don Ely [mailto:[EMAIL PROTECTED] Sent: Thursday, January 10, 2008 3:34 PM To: NT System Admin Issues Subject: Re: Network monitoring tools http://www.ossim.net <http://www.ossim.net/> On Jan 10, 2008 12:31 PM, Ziots, Edward <[EMAIL PROTECTED]> wrote: What is the link again, if they got a VM for ESX I definitely want to try this out. Z ________________________________ From: Benjamin Zachary [mailto: [EMAIL PROTECTED] Sent: Thursday, January 10, 2008 3:26 PM To: NT System Admin Issues Subject: RE: Network monitoring tools I saw the link and grabbed the vm and ported it over to my esx box. Runs pretty well, the doc had an error that the file is /etc/network/interfaces not networking From: Don Ely [mailto: [EMAIL PROTECTED] Sent: Thursday, January 10, 2008 3:06 PM To: NT System Admin Issues Subject: Re: Network monitoring tools Has it's own ISO which I installed in a VM, will be looking at it more this afternoon... On Jan 10, 2008 11:50 AM, Kurt Buff <[EMAIL PROTECTED]> wrote: OK - not in ports though. I'll download the .tgz and see how much trouble it gives me. On Jan 9, 2008 7:05 PM, Don Ely <[EMAIL PROTECTED]> wrote: > > > Main page is where I read it... > > Project Admins: dkarg, jcasal > Operating System: All POSIX (Linux/BSD/UNIX-like OSes) > License: BSD License > Category: Security, Monitoring > > > > On Jan 9, 2008 6:31 PM, Don Ely < [EMAIL PROTECTED]> wrote: > > > > > > > I didn't read the FAQ yet and I may be wrong could have been something > else I was reading on sourceforge... > > > > > > > > > > > > On Jan 9, 2008 5:27 PM, Kurt Buff <[EMAIL PROTECTED]> wrote: > > > > > I did a search on the site (which redirected me to a search page on > > > their wiki) for FreeBSD, and it came up with a placeholder page. > > > > > > I haven't gotten to the docs yet, but the FAQ says nothing about BSD. > > > > > > > > > > > > > > > On Jan 9, 2008 5:18 PM, Don Ely <[EMAIL PROTECTED]> wrote: > > > > > > > > I'm DLing the VM. I believe I read in the docs in can be installed > on the > > > > BSD's though... > > > > > > > > > > > > > > > > > > > > On Jan 9, 2008 5:16 PM, Kurt Buff < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: > > > > > > > > > Looks really dang cool. > > > > > > > > > > No port for FreeBSD, though. Looks like the missing bit is spade. > > > > > > > > > > Doesn't look as if any of the BSDs have it. > > > > > > > > > > Well, I'm downloading the install ISO - I wonder what OS it > installs. > > > > > > > > > > > > > > > > > > > > > > > > > On Jan 9, 2008 3:57 PM, Don Ely < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: > > > > > > > > > > > > Go have a look at OSSIM... ;o) It has EVERYTHING > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Jan 9, 2008 3:54 PM, Kurt Buff < [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: > > > > > > > > > > > > > Another good tool for this kinda thing is ntop, but it must be > > > > > > > positioned correctly - you will most likely need a SPAN/mirror > port in > > > > > > > your infrastructure, or else use the netflow or sflow plugins to > get > > > > > > > reports from your routers/switches. > > > > > > > > > > > > > > Either way, it's extremely useful, as it doesn't merely measure > > > > > > > packets in/out of interfaces, it actually categorizes packets > and > > > > > > > keeps track of top talkers, etc. > > > > > > > > > > > > > > Excellent for tracking down who is downloading that huge iso > file, and > > > > > > > where it's coming from. Lets you ask more pointed questions, if > > > > > > > nothing else. > > > > > > > > > > > > > > Differentiates between tcp/udp/etc., and puts up some nice RRD > > > > graphics. > > > > > > > > > > > > > > Kurt > > > > > > > > > > > > > > > > > > > > > On Jan 9, 2008 2:28 PM, Joe Heaton < [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I know we have these discussions every couple of months at > least, > > > > but > > > > > > here > > > > > > > > goes: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > What are you guys using to monitor your networks so that you > have an > > > > > > answer > > > > > > > > to the age-old user question of: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > "Why is everything running so slow?" > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I'm thinking of bandwidth usage first off, which I'm thinking > PRTG > > > > to > > > > > > > > monitor that. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I guess I could run a Wireshark capture, to see if there's a > massive > > > > > > spike > > > > > > > > in weird packets. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Anything else that you guys could suggest? I know someone had > > > > mentioned > > > > > > > > they use Nagios, but that would require me to setup a Linux > box > > > > first, > > > > > > which > > > > > > > > isn't that big a deal, other than piecing a box together... > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Any other ideas? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I'd like to do this without a lot of cost if possible, just > because > > > > I > > > > > > hate > > > > > > > > > > > > > > > > > > > > > > > > > > > > > spending money... > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > > > > > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm > > ~ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > > > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm > ~ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > > ~ < http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm > ~ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~