Re: network monitoring of firewalled/NAT'd systems
Intellipool can run in distributed mode, where you have one monitoring server inside each firewall that reports back home to the mothership. http://www.intellipool.se/ Not *quite* what you asked for, but may serve. --DTVZ On Tue, May 18, 2010 at 5:48 PM, Michael ODonnell michael.odonn...@comcast.net wrote: I wrote: We want to monitor (from a central server at HQ) the health and performance status of multiple machines [mostly Windows -( ] at each of multiple customer sites despite them being NAT'd/firewalled. ...and then mentioned a bunch of features we're dreaming about. A more specific question: does anybody even know of a package that can do passive monitoring? IOW, in our scenario some sort of agent on each workstation would be responsible for initiating a connection to HQ and pushing its own monitoring data back to our central server since we'd not be able to initiate connections in the other direction as they'd be blocked at the customer's firewall. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: network monitoring of firewalled/NAT'd systems
On Tue, May 18, 2010 at 05:48:15PM -0400, Michael ODonnell wrote: I wrote: We want to monitor (from a central server at HQ) the health and performance status of multiple machines [mostly Windows -( ] at each of multiple customer sites despite them being NAT'd/firewalled. ...and then mentioned a bunch of features we're dreaming about. A more specific question: does anybody even know of a package that can do passive monitoring? Nagios can do this. We monitor a dozen or so remote sites at work where they are small networks NAT'ed behind a single IP. Nagios runs out of cron on the workstations/servers at those locations and reports back to our main Nagios server. -b -- half a man's life is devoted to what he calls improvements, yet the original had some quality which is lost in the process. e.b. white ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: network monitoring of firewalled/NAT'd systems
Michael ODonnell michael.odonn...@comcast.net writes: I wrote: We want to monitor (from a central server at HQ) the health and performance status of multiple machines [mostly Windows -( ] at each of multiple customer sites despite them being NAT'd/firewalled. ...and then mentioned a bunch of features we're dreaming about. A more specific question: does anybody even know of a package that can do passive monitoring? IOW, in our scenario some sort of agent on each workstation would be responsible for initiating a connection to HQ and pushing its own monitoring data back to our central server since we'd not be able to initiate connections in the other direction as they'd be blocked at the customer's firewall. Anything that uses SNMP traps? -- Don't be afraid to ask (λf.((λx.xx) (λr.f(rr. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
network monitoring of firewalled/NAT'd systems
We want to monitor (from a central server at HQ) the health and performance status of multiple machines [mostly Windows -( ] at each of multiple customer sites despite them being NAT'd/firewalled. We assume all the remote systems will be able to initiate outbound connections through whatever protective layers are between them and the Internet, so we'll want to rig those remote systems with agents such that they each periodically phone home to report status to HQ's central server [ probably Linux ;- ] as we'll generally not be able initiate such contact in the other direction. So we're evaluating network monitoring packages and, at least for now, I've arbitrarily limited our choices to those mentioned in this table: http://en.wikipedia.org/wiki/Comparison_of_network_monitoring_systems ...since this much larger list: http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html ...makes my brain hurt. I'd be interested in hearing recommendations (pro or con) about those or other network monitoring packages with an emphasis on our situation, ie. gathering info from multiple remote systems that aren't directly IP addressable from HQ. Research so far indicates Zabbix, Pandora and OpenNMS are good candidates so I'd be particularly interested in comments about them. Most such packages have most of their features in common with many of the others, but FWIW some of our criteria are: - Configuring/extending the behaviors of agents and server is assisted via abstractions like groups and templates, where possible/appropriate. - When scripting is necessary, commonly used languages are supported (eg. Perl/Python/etc preferred over Rexx/Tcl/etc). - Pretty charts/graphs/reports to impress management. Bonus: trending/prediction. - Windows agent cooperates with WMI and such; Windows log files can be scraped relayed. - Other entities at HQ (eg. trouble calls to Customer Service) can feed into server's notion of a system's status. - Events of interest trigger arbitrarily scriptable responses. - WWW based access to central server. Bonus: access control on a per-user basis. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Network Monitoring
Hi All, I find myself in the dis-pleasing position of needing to monitor internet usage in one of our branch offices. I am looking for recommendations on packages for this purpose. What I need to do is put a box between the internal router and the firewall that will monitor the traffic and correlate it. I need to gather information on what internal IP addresses are accessing what websites, how often, etc. (you know, the usual disdainful big-brother type of information). Any suggestions as to how anyone else has done this would be appreciated, I guess TIA, Kenny PS If you hadn't guessed, I really hate doing this sort of thing. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Network Monitoring
On 7/10/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi All, I find myself in the dis-pleasing position of needing to monitor internet usage in one of our branch offices. I am looking for recommendations on packages for this purpose. What I need to do is put a box between the internal router and the firewall that will monitor the traffic and correlate it. I need to gather information on what internal IP addresses are accessing what websites, how often, etc. (you know, the usual disdainful big-brother type of information). Any suggestions as to how anyone else has done this would be appreciated, I guess I think a proxy server that produces standard apache logs (squid? apache?) and something like analog to do analysis. Make the proxy caching so you get some network speed up for the users. You can usually have the firewall redirect to the proxy transparently. If it's all about blocking bad websites, subscribe to a service that does that so you don't have to keep up with new sites. Dan's Guardian runs on linux and has a blocklist subscription service. I've ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Network Monitoring
On 7/10/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I find myself in the dis-pleasing position of needing to monitor internet usage in one of our branch offices. I am looking for recommendations on packages for this purpose. I use the Squid HTTP proxy for this. GPL. I have it setup to talk to our Active Directory server to do user authentication. It supports the same NTLM that MSIE uses, so user authentication happens automagically. (We want certain users blocked, etc.) Alternatively, if you just want monitoring, you can use a firewall rule to make Squid a transparent interception proxy. Users won't even know it's there. Depending on your usage patterns, a proxy can also result in some bandwidth savings. http://www.squid-cache.org/ -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Network Monitoring
-- Original message -- From: Ben Scott [EMAIL PROTECTED] I use the Squid HTTP proxy for this. GPL. I have it setup to talk to our Active Directory server to do user authentication. It supports the same NTLM that MSIE uses, so user authentication happens automagically. (We want certain users blocked, etc.) Alternatively, if you just want monitoring, you can use a firewall rule to make Squid a transparent interception proxy. Users won't even know it's there. Depending on your usage patterns, a proxy can also result in some bandwidth savings. http://www.squid-cache.org/ I will look into this. Squid has been on my list of things to play with anyway (for the last 5 or so years... :-) This is strictly a monitoring use. There is no blocking, content filtering, etc. The upper crust just wants to know who is going where and how often. Thanks, Kenny ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Network Monitoring
You might consider using Argus, aka the poor-person's Cisco Netflow collector. It captures all networks flows and you can do things like identify top talkers as well as the things you mentioned. http://qosient.com/argus/ I can definitely help you out if you need it. Andy KoreLogic Security 603.465.3236 (Office) 603.340.2498 (Mobile) http://www.korelogic.com GnuPG Fingerprint: 688A 79EC B1E5 5748 CE87 1F20 2C45 60E7 0583 23B6 On Tue, Jul 10, 2007 at 08:48:36PM +, [EMAIL PROTECTED] wrote: Hi All, I find myself in the dis-pleasing position of needing to monitor internet usage in one of our branch offices. I am looking for recommendations on packages for this purpose. What I need to do is put a box between the internal router and the firewall that will monitor the traffic and correlate it. I need to gather information on what internal IP addresses are accessing what websites, how often, etc. (you know, the usual disdainful big-brother type of information). Any suggestions as to how anyone else has done this would be appreciated, I guess TIA, Kenny PS If you hadn't guessed, I really hate doing this sort of thing. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/ -- ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: Network Monitoring
[EMAIL PROTECTED] wrote: -- Original message -- From: Ben Scott [EMAIL PROTECTED] I use the Squid HTTP proxy for this. GPL. I have it setup to talk to our Active Directory server to do user authentication. It supports the same NTLM that MSIE uses, so user authentication happens automagically. (We want certain users blocked, etc.) Alternatively, if you just want monitoring, you can use a firewall rule to make Squid a transparent interception proxy. Users won't even know it's there. Depending on your usage patterns, a proxy can also result in some bandwidth savings. http://www.squid-cache.org I will look into this. Squid has been on my list of things to play with anyway (for the last 5 or so years... :-) This is strictly a monitoring use. There is no blocking, content filtering, etc. The upper crust just wants to know who is going where and how often. I've used Squid several times with a transparent proxy, just as Ben said (albeit without Active Directory). It works well, and frequently does result in somewhat faster browsing (a tad slower the first visit). I used Calamari for reporting as well as some homebrew scripts. Webalyzer also worked. There's a plethora of reporting tools which work with it, check out http://www.squid-cache.org/Scripts/ for a few. Most of the monitoring I've done has been accompanied by filtering (dansguardian) as it was done for schools. I've used Squid as an accelerator over slow links and it definitely helped improve performance there. The logs have proven helpful in identifying malware. In fact, I've used dansguardian in conjunction with squid to block malware by narrowly limiting the dansguardian filtering. (While they are other tools for that task, it was the hammer I already had the first time I used it.) -- Dan Jenkins ([EMAIL PROTECTED]) Rastech Inc., Bedford, NH, USA --- 1-603-206-9951 *** Technical Support Excellence for over a Quarter Century ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/