RE: Network Monitoring System - Recommendations?
> -Original Message- > From: Charlie Khanna - NextWeb [mailto:[EMAIL PROTECTED] > Subject: Network Monitoring System - Recommendations? > > Hi - I was interested in finding out what software applications other ISPs are > using for network monitoring? For example: > > 1) Overall network health - uptime reports > 2) Backup router config automatically > 3) Bandwidth reporting (or integration with an MRTG-type app) > 4) SNMP trap support (BGP/OSPF session drops - emails out) > 5) Database back end (port info into or over to other apps) I've been using Argus - http://argus.tcp4me.com I've found this program more and more useful as time goes on... This should fit in with every point except #5. But, of course, the data has to be stored somewhere, so it should be fairly trivial to either write a parser, or modify the source to use a database. At any rate, I really like this program, it works wonderfully. > I'm just looking for something well rounded for a small ISP. I've heard about > OpenNMS and other apps but I'd like to get everyone's feedback. Thanks! > > -Charlie
Re: Network Monitoring System - Recommendations?
On Thu, 28 Oct 2004, Charlie Khanna - NextWeb wrote: > Hi - I was interested in finding out what software applications other ISPs > are using for network monitoring? For example: > > > > 1) Overall network health - uptime reports http://www.nagios.org > 2) Backup router config automatically http://www.shrubbery.net/rancid/ > 3) Bandwidth reporting (or integration with an MRTG-type app) http://cricket.sourceforge.net/ > 4) SNMP trap support (BGP/OSPF session drops - emails out) http://www.snmptt.org/ http://www.nagios.org > 5) Database back end (port info into or over to other apps) > > I'm just looking for something well rounded for a small ISP. I've heard > about OpenNMS and other apps but I'd like to get everyone's feedback. > Thanks! Nothing all in one place, that I'm aware of. But with a little work, you could probably integrate it all into nagios. After all, you can make the host names or descriptions URLs that link to bandwidth and error graphs or other tools. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Re: Network Monitoring System - Recommendations?
> On Thu, 28 Oct 2004 14:46:31 -0400 (EDT), Andy Dills <[EMAIL PROTECTED]> said: >> 1) Overall network health - uptime reports >> 2) Backup router config automatically >> 3) Bandwidth reporting (or integration with an MRTG-type app) >> 4) SNMP trap support (BGP/OSPF session drops - emails out) >> 5) Database back end (port info into or over to other apps) Andy> Nothing all in one place, that I'm aware of. But with a little work, you Andy> could probably integrate it all into nagios. After all, you can make the Andy> host names or descriptions URLs that link to bandwidth and error graphs or Andy> other tools. Net-Policy does 1, 3, and 5... It collects traps and lets you view them, but doesn't currently email (trivial addition though). #2 isn't done, though it does collect data and put it in a postgres database, thus you could say it collects it, just not in a way in which you can send it back out again :-/ -- "In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find." -- Terry Pratchett
Re: Network Monitoring System - Recommendations?
3) Bandwidth reporting (or integration with an MRTG-type app) http://cricket.sourceforge.net/ You can also do this with Nagios now too.. with APAN. http://apan.sourceforge.net/ It's kind of cool. :D -Jonathan
Re: Network Monitoring System - Recommendations?
I use http://snmpstat.sf.net for bandwidth, links monityoring, router's cpu usage, etc etc; and http://cricket.sourceforge.net/ for additional parameters. First (developed in Moscow for few ISP) monitors abd adapted here for Enterprise (and shows everuything on the single scree, with traffic bars) 300 - 600 links without any problems (using approx 5% of servers cpu); second allows to monitor non standard parameters), have tickets, reports, alerts; second is very flexible (even to flexible). Btw, we implemented per-usert view (user can open his link and see traffic, tickets, usage reports etc for HIS link only) in snmpstat. (In reality, we use portal based on snmpstat, with few different tools integrated tiogether, such as Cisco Configuration Repository, ProBIND2 , inventory database, alert alias system with archive and so on). - Original Message - From: "Jonathan Nichols" <[EMAIL PROTECTED]> To: "Andy Dills" <[EMAIL PROTECTED]> Cc: "Charlie Khanna - NextWeb" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, October 28, 2004 6:31 PM Subject: Re: Network Monitoring System - Recommendations? > > > >>3) Bandwidth reporting (or integration with an MRTG-type app) > > > > > > http://cricket.sourceforge.net/ > > > > You can also do this with Nagios now too.. with APAN. > > http://apan.sourceforge.net/ > > It's kind of cool. :D > > -Jonathan
Re: Network Monitoring System - Recommendations?
I generated config for 'snmpstatd' automatically, from user;'s database (it was simple; all I need was Router, Interface, User-name, number for this user, priority). For automated config backups, I use CCR (fully web based Cisco configuration -> CVS system). - Original Message - From: "Andy Dills" <[EMAIL PROTECTED]> To: "Charlie Khanna - NextWeb" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Thursday, October 28, 2004 11:46 AM Subject: Re: Network Monitoring System - Recommendations? > > On Thu, 28 Oct 2004, Charlie Khanna - NextWeb wrote: > > > Hi - I was interested in finding out what software applications other ISPs > > are using for network monitoring? For example: > > > > > > > > 1) Overall network health - uptime reports > > http://www.nagios.org > > > 2) Backup router config automatically > > http://www.shrubbery.net/rancid/ > > > 3) Bandwidth reporting (or integration with an MRTG-type app) > > http://cricket.sourceforge.net/ > > > 4) SNMP trap support (BGP/OSPF session drops - emails out) > > http://www.snmptt.org/ > http://www.nagios.org > > > 5) Database back end (port info into or over to other apps) > > > > I'm just looking for something well rounded for a small ISP. I've heard > > about OpenNMS and other apps but I'd like to get everyone's feedback. > > Thanks! > > Nothing all in one place, that I'm aware of. But with a little work, you > could probably integrate it all into nagios. After all, you can make the > host names or descriptions URLs that link to bandwidth and error graphs or > other tools. > > Andy > > --- > Andy Dills > Xecunet, Inc. > www.xecu.net > 301-682-9972 > ---
Re: Network Monitoring System - Recommendations?
APAN looks pretty sweet, going to have to try that one out myself :-) On Thu, 2004-10-28 at 21:31, Jonathan Nichols wrote: > >>3) Bandwidth reporting (or integration with an MRTG-type app) > > > > > > http://cricket.sourceforge.net/ > > > > You can also do this with Nagios now too.. with APAN. > > http://apan.sourceforge.net/ > > It's kind of cool. :D > > -Jonathan
Re: Network Monitoring System - Recommendations?
Checkout http://perfparse.sourceforge.net/ lets you graph the data from the nagios plugins... --- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > I generated config for 'snmpstatd' automatically, > from user;'s database (it > was simple; all I need was Router, Interface, > User-name, number for this > user, priority). > > For automated config backups, I use CCR (fully web > based Cisco > configuration -> CVS system). > > > - Original Message - > From: "Andy Dills" <[EMAIL PROTECTED]> > To: "Charlie Khanna - NextWeb" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Thursday, October 28, 2004 11:46 AM > Subject: Re: Network Monitoring System - > Recommendations? > > > > > > On Thu, 28 Oct 2004, Charlie Khanna - NextWeb > wrote: > > > > > Hi - I was interested in finding out what > software applications other > ISPs > > > are using for network monitoring? For example: > > > > > > > > > > > > 1) Overall network health - uptime reports > > > > http://www.nagios.org > > > > > 2) Backup router config automatically > > > > http://www.shrubbery.net/rancid/ > > > > > 3) Bandwidth reporting (or integration > with an MRTG-type app) > > > > http://cricket.sourceforge.net/ > > > > > 4) SNMP trap support (BGP/OSPF session > drops - emails out) > > > > http://www.snmptt.org/ > > http://www.nagios.org > > > > > 5) Database back end (port info into or > over to other apps) > > > > > > I'm just looking for something well rounded for > a small ISP. I've heard > > > about OpenNMS and other apps but I'd like to get > everyone's feedback. > > > Thanks! > > > > Nothing all in one place, that I'm aware of. But > with a little work, you > > could probably integrate it all into nagios. After > all, you can make the > > host names or descriptions URLs that link to > bandwidth and error graphs or > > other tools. > > > > Andy > > > > --- > > Andy Dills > > Xecunet, Inc. > > www.xecu.net > > 301-682-9972 > > --- > > __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail
Re: Network Monitoring System - Recommendations?
Nothing all in one place, that I'm aware of. But with a little work, you could probably integrate it all into nagios. After all, you can make the host names or descriptions URLs that link to bandwidth and error graphs or other tools. I'll second this part. Whether you use cricket or MRTG, or even Nagios itself, you can use a little "notes_url" command to create a link from, say, the "ping" service of your core router to the MRTG charts of bandwidth usage. Rob Nelson Rob Nelson [EMAIL PROTECTED]
Re: Network Monitoring System - Recommendations?
3) Bandwidth reporting (or integration with an MRTG-type app) http://cricket.sourceforge.net/ You can also do this with Nagios now too.. with APAN. http://apan.sourceforge.net/ It's kind of cool. :D There's more than one way to do it with Nagios: http://www.nagiosexchange.org/Charts.1720.0.html I'm using nagiostat myself, which churns out graphs like: http://nagios.windchannel.com/nagiostat/nagiostat.cgi?graph_name=westst-cr1-ser30 I just set it up yesterday so there's not much polling data yet. I like it with MRTG/cricket better, actually - you can see a few blank spots where checks got delayed due to other outages, and then there's no info to use. MRTG/cricket just runs off cron, which means it hardly misses a beat. Rob Nelson Rob Nelson [EMAIL PROTECTED]
Re: Network Monitoring System - Recommendations?
> > > >Nothing all in one place, that I'm aware of. But with a little work, you snmpstat have hardcoded set of monitored parameters, but creates all graphs anb links automartically, including customer-only view of customer's links, link to the database record about this link, and link to the router's config @ CCR. This is why we use combination - for 99% of partameters, snmpstat, and for the rest, hand-configured cricket (but I recommend nagios). > >could probably integrate it all into nagios. After all, you can make the > >host names or descriptions URLs that link to bandwidth and error graphs or > >other tools. > > I'll second this part. Whether you use cricket or MRTG, or even Nagios > itself, you can use a little "notes_url" command to create a link from, > say, the "ping" service of your core router to the MRTG charts of bandwidth > usage. > > Rob Nelson > > Rob Nelson > [EMAIL PROTECTED] >
Re: Network Monitoring System - Recommendations?
Dear all Thank you for your info but Do you know there are any softwares to support MAC? Thank you --- Rob Nelson <[EMAIL PROTECTED]> wrote: > > > >>>3) Bandwidth reporting (or integration with > an MRTG-type app) > >> > >>http://cricket.sourceforge.net/ > > > >You can also do this with Nagios now too.. with > APAN. > > > >http://apan.sourceforge.net/ > > > >It's kind of cool. :D > > > There's more than one way to do it with Nagios: > > http://www.nagiosexchange.org/Charts.1720.0.html > > I'm using nagiostat myself, which churns out graphs > like: > > http://nagios.windchannel.com/nagiostat/nagiostat.cgi?graph_name=westst-cr1-ser30 > > I just set it up yesterday so there's not much > polling data yet. I like it > with MRTG/cricket better, actually - you can see a > few blank spots where > checks got delayed due to other outages, and then > there's no info to use. > MRTG/cricket just runs off cron, which means it > hardly misses a beat. > > Rob Nelson > > Rob Nelson > [EMAIL PROTECTED] > >
Re: Network Monitoring System - Recommendations?
I read document of these tools and find they work with Cisco products. But, how about Juniper M160 or M320, Unishpere's BRAS products? Where can I find Juniper's OID on its tempreture, chassis, CPU, bandwidth ? Does anyone have a running configuration for M160 or Unishpere's BRAS products? On configuration bankup, rancid use telnet (ssh). But, I take this a not-secure methode as it has to code password in login script. Is there any tool to get configuration file from read-only SNMP cumminity? Joe --- Jon Lyons <[EMAIL PROTECTED]> wrote: > > > Checkout http://perfparse.sourceforge.net/ lets you > graph the data from the nagios plugins... > > --- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > > > > I generated config for 'snmpstatd' automatically, > > from user;'s database (it > > was simple; all I need was Router, Interface, > > User-name, number for this > > user, priority). > > > > For automated config backups, I use CCR (fully web > > based Cisco > > configuration -> CVS system). > > > > > > - Original Message - > > From: "Andy Dills" <[EMAIL PROTECTED]> > > To: "Charlie Khanna - NextWeb" > <[EMAIL PROTECTED]> > > Cc: <[EMAIL PROTECTED]> > > Sent: Thursday, October 28, 2004 11:46 AM > > Subject: Re: Network Monitoring System - > > Recommendations? > > > > > > > > > > On Thu, 28 Oct 2004, Charlie Khanna - NextWeb > > wrote: > > > > > > > Hi - I was interested in finding out what > > software applications other > > ISPs > > > > are using for network monitoring? For > example: > > > > > > > > > > > > > > > > 1) Overall network health - uptime > reports > > > > > > http://www.nagios.org > > > > > > > 2) Backup router config automatically > > > > > > http://www.shrubbery.net/rancid/ > > > > > > > 3) Bandwidth reporting (or integration > > with an MRTG-type app) > > > > > > http://cricket.sourceforge.net/ > > > > > > > 4) SNMP trap support (BGP/OSPF session > > drops - emails out) > > > > > > http://www.snmptt.org/ > > > http://www.nagios.org > > > > > > > 5) Database back end (port info into or > > over to other apps) > > > > > > > > I'm just looking for something well rounded > for > > a small ISP. I've heard > > > > about OpenNMS and other apps but I'd like to > get > > everyone's feedback. > > > > Thanks! > > > > > > Nothing all in one place, that I'm aware of. But > > with a little work, you > > > could probably integrate it all into nagios. > After > > all, you can make the > > > host names or descriptions URLs that link to > > bandwidth and error graphs or > > > other tools. > > > > > > Andy > > > > > > --- > > > Andy Dills > > > Xecunet, Inc. > > > www.xecu.net > > > 301-682-9972 > > > --- > > > > > > > > > __ > Do you Yahoo!? > Yahoo! Mail Address AutoComplete - You start. We > finish. > http://promotions.yahoo.com/new_mail > __ Do You Yahoo!? Log on to Messenger with your mobile phone! http://sg.messenger.yahoo.com
Re: Network Monitoring System - Recommendations?
> I read document of these tools and find they work with > Cisco products. But, how about Juniper M160 or M320, > Unishpere's BRAS products? Where can I find Juniper's > OID on its tempreture, chassis, CPU, bandwidth ? Does They use standart MIB2 and a little of Cisco specific MIB's. As I already said, it is a good tool to view and monitor traffic, utilisation, errors, and use additional tiool to deep monitor vendor specific parameters. We use 'snmpstat' to monitor routers, switches, ports and interfaces (and bgp) and cricket to watch few additional parameters (to configure alerts, we use aliases and mhonarc mail archives with auto expiration - for alerts, warnings, reports and audits, and for 'root' and 'oracle' e-mail. > anyone have a running configuration for M160 or > Unishpere's BRAS products? CCR can work with anything which (1) allow telnet or ssh, and (2) can 'write net' config (in any syntax). You can use encrypted password file (using passphrase) if you want. Using SNMP was rejected, because it is absolutely device-specific, impossible in many cases, and we never saw it as a security problem, because all devices are restricted to allow ssh or telnet from 2 or 3 servers only, because passwords are encrypted, and because automated config reading and web access aree much more important vs very abstract possibility of hacking (in reality, problem can come from insiders, not from hackers, so no extra accounst are allowed on monitoring server). You can get configuratuion (initialize tftp transfer) using some snmp (WRITE) variable and pre-configured tftp parameters, but it works on a very few Cisco devices only. As I said, CCR uses 3 methods: - password file encrypted by public key - password file encrypted by 3des passphrase; - explicit password. In all cases, problem is with root user only - root can alway decrypt password or interseipt web session. User, who have permission to edit CCR config and know passphrase, can (in theory) see passwords as well. Other users can not, even if they know passphrase - they can only initiate config reading. Network admins do not know enable passwords, if they do not need it - they use passphrase To have automated config reading, any of first 2 methods can be used (passphrase must be written into special file, if method 2 is used, root-only readable). For manual reading, any methgod can be used, without any file with passphrase. In reality, it is not serious security problem because all devices can be accessed from a very few servers only, and because we can use 'ssh' instead of 'telnet' (CCR can be configured or select ssh/telnet automatically). You can, in turn, play with security level , but it (again) does not work on generic case (any cisco device) and is very tricky. For Juniper or other device - you can try to program 'expect' script, or use 'snmp' initiated transfer - all other things will work. > > On configuration bankup, rancid use telnet (ssh). But, > I take this a not-secure methode as it has to code > password in login script. Is there any tool to get > configuration file from read-only SNMP cumminity? > > > Joe > > > > --- Jon Lyons <[EMAIL PROTECTED]> wrote: > > > > > > Checkout http://perfparse.sourceforge.net/ lets you > > graph the data from the nagios plugins... > > > > --- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > > > > > > > I generated config for 'snmpstatd' automatically, > > > from user;'s database (it > > > was simple; all I need was Router, Interface, > > > User-name, number for this > > > user, priority). > > > > > > For automated config backups, I use CCR (fully web > > > based Cisco > > > configuration -> CVS system). > > > > > > > > > - Original Message - > > > From: "Andy Dills" <[EMAIL PROTECTED]> > > > To: "Charlie Khanna - NextWeb" > > <[EMAIL PROTECTED]> > > > Cc: <[EMAIL PROTECTED]> > > > Sent: Thursday, October 28, 2004 11:46 AM > > > Subject: Re: Network Monitoring System - > > > Recommendations? > > > > > > > > > > > > > > On Thu, 28 Oct 2004, Charlie Khanna - NextWeb > > > wrote: > > > > > > > > > Hi - I was interested in finding out what > > > software applications other > > > ISPs > > > > > are using for network monitoring? For > > example: > > > > > > > > > > > > > > > > > > > > 1) Overall network health - uptime > > reports > > > > > > > > http://ww
Re: Network Monitoring System - Recommendations?
Hi, I googled with "CCR" but it seems nothing useful in 5 pages. Would you please do me a favor to give the URL of that tool ? I tried to set up MRTG monitoring Unishpere BRAS 1400 and M160, but I failed with data collection because wrong OID used ( CPU, mem, tempreture, BW etc ) :-( regards --- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > > > > I read document of these tools and find they work > with > > Cisco products. But, how about Juniper M160 or > M320, > > Unishpere's BRAS products? Where can I find > Juniper's > > OID on its tempreture, chassis, CPU, bandwidth ? > Does > They use standart MIB2 and a little of Cisco > specific MIB's. As I already > said, it is a good tool to view and monitor traffic, > utilisation, errors, > and use additional tiool to deep monitor vendor > specific parameters. We use > 'snmpstat' to monitor routers, switches, ports and > interfaces (and bgp) and > cricket to watch few additional parameters (to > configure alerts, we use > aliases and mhonarc mail archives with auto > expiration - for alerts, > warnings, reports and audits, and for 'root' and > 'oracle' e-mail. > > > anyone have a running configuration for M160 or > > Unishpere's BRAS products? > CCR can work with anything which (1) allow telnet or > ssh, and (2) can 'write > net' config (in any syntax). > You can use encrypted password file (using > passphrase) if you want. Using > SNMP was rejected, because it is absolutely > device-specific, impossible in > many cases, and we never saw it as a security > problem, because all devices > are restricted to allow ssh or telnet from 2 or 3 > servers only, because > passwords are encrypted, and because automated > config reading and web access > aree much more important vs very abstract > possibility of hacking (in > reality, problem can come from insiders, not from > hackers, so no extra > accounst are allowed on monitoring server). > > You can get configuratuion (initialize tftp > transfer) using some snmp > (WRITE) variable and pre-configured tftp parameters, > but it works on a very > few Cisco devices only. > > As I said, CCR uses 3 methods: > - password file encrypted by public key > - password file encrypted by 3des passphrase; > - explicit password. > > In all cases, problem is with root user only - root > can alway decrypt > password or interseipt web session. User, who have > permission to edit CCR > config and know passphrase, can (in theory) see > passwords as well. Other > users can not, even if they know passphrase - they > can only initiate config > reading. > > Network admins do not know enable passwords, if they > do not need it - they > use passphrase > > To have automated config reading, any of first 2 > methods can be used > (passphrase must be written into special file, if > method 2 is used, > root-only readable). For manual reading, any methgod > can be used, without > any file with passphrase. > > In reality, it is not serious security problem > because all devices can be > accessed from a very few servers only, and because > we can use 'ssh' instead > of 'telnet' (CCR can be configured or select > ssh/telnet automatically). You > can, in turn, play with security level , but it > (again) does not work on > generic case (any cisco device) and is very tricky. > > For Juniper or other device - you can try to program > 'expect' script, or use > 'snmp' initiated transfer - all other things will > work. > > > > > > > On configuration bankup, rancid use telnet (ssh). > But, > > I take this a not-secure methode as it has to code > > password in login script. Is there any tool to get > > configuration file from read-only SNMP cumminity? > > > > > > Joe > > > > > > > > --- Jon Lyons <[EMAIL PROTECTED]> wrote: > > > > > > > > > Checkout http://perfparse.sourceforge.net/ lets > you > > > graph the data from the nagios plugins... > > > > > > --- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > I generated config for 'snmpstatd' > automatically, > > > > from user;'s database (it > > > > was simple; all I need was Router, Interface, > > > > User-name, number for this > > > > user, priority). > > > > > > > > For automated config backups, I use CCR (fully > web > > > > based Cisco > > > > configuration
Re: Network Monitoring System - Recommendations?
ï Nagios is one of the best systems (and widely used). CCR is part of snmpstat (but separate installation tar), see http://snmpstat.sf.net - Original Message - From: J Sparacio To: Joe Shen Cc: Alexei Roudnev ; Jon Lyons ; Andy Dills ; Charlie Khanna - NextWeb ; [EMAIL PROTECTED] Sent: Monday, November 01, 2004 9:54 PM Subject: Re: Network Monitoring System - Recommendations? There's a cool one that's open source called Nagios. www.nagios.org. We (local ISP) just started using it network wide, and it rocks.On Mon, 2004-11-01 at 20:53, Joe Shen wrote: Hi, I googled with "CCR" but it seems nothing useful in 5 pages. Would you please do me a favor to give the URL of that tool ? I tried to set up MRTG monitoring Unishpere BRAS 1400 and M160, but I failed with data collection because wrong OID used ( CPU, mem, tempreture, BW etc ) :-( regards --- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > > > > I read document of these tools and find they work > with > > Cisco products. But, how about Juniper M160 or > M320, > > Unishpere's BRAS products? Where can I find > Juniper's > > OID on its tempreture, chassis, CPU, bandwidth ? > Does > They use standart MIB2 and a little of Cisco > specific MIB's. As I already > said, it is a good tool to view and monitor traffic, > utilisation, errors, > and use additional tiool to deep monitor vendor > specific parameters. We use > 'snmpstat' to monitor routers, switches, ports and > interfaces (and bgp) and > cricket to watch few additional parameters (to > configure alerts, we use > aliases and mhonarc mail archives with auto > expiration - for alerts, > warnings, reports and audits, and for 'root' and > 'oracle' e-mail. > > > anyone have a running configuration for M160 or > > Unishpere's BRAS products? > CCR can work with anything which (1) allow telnet or > ssh, and (2) can 'write > net' config (in any syntax). > You can use encrypted password file (using > passphrase) if you want. Using > SNMP was rejected, because it is absolutely > device-specific, impossible in > many cases, and we never saw it as a security > problem, because all devices > are restricted to allow ssh or telnet from 2 or 3 > servers only, because > passwords are encrypted, and because automated > config reading and web access > aree much more important vs very abstract > possibility of hacking (in > reality, problem can come from insiders, not from > hackers, so no extra > accounst are allowed on monitoring server). > > You can get configuratuion (initialize tftp > transfer) using some snmp > (WRITE) variable and pre-configured tftp parameters, > but it works on a very > few Cisco devices only. > > As I said, CCR uses 3 methods: > - password file encrypted by public key > - password file encrypted by 3des passphrase; > - explicit password. > > In all cases, problem is with root user only - root > can alway decrypt > password or interseipt web session. User, who have > permission to edit CCR > config and know passphrase, can (in theory) see > passwords as well. Other > users can not, even if they know passphrase - they > can only initiate config > reading. > > Network admins do not know enable passwords, if they > do not need it - they > use passphrase > > To have automated config reading, any of first 2 > methods can be used > (passphrase must be written into special file, if > method 2 is used, > root-only readable). For manual reading, any methgod > can be used, without > any file with passphrase. > > In reality, it is not serious security problem > because all devices can be > accessed from a very few servers only, and because > we can use 'ssh' instead > of 'telnet' (CCR can be configured or select > ssh/telnet automatically). You > can, in turn, play with security level , but it > (again) does not work on > generic case (any cisco device) and is very tricky. > > For Juniper or other device - you can try to program > 'expect' script, or use > 'snmp' initiated transfer - all other things will > work. > > > > > > > On configuration bankup, rancid use telnet (ssh). > But, > > I take this a not-secure methode as it has to code > > password in login script. Is there any tool to get > > configuration file from read-only SNMP cumminity? > > > > > > Joe > > > > > > > > --- Jon Lyons <[EMAIL PROTECTED]> wrote: > > > > > > > > > Checkout http://perfparse.sourceforge.net/ lets > you > &g
Re: Network Monitoring System - Recommendations?
Here: http://sourceforge.net/projects/snmpstat and docs are here http://snmpstat.sourceforge.net/CCR-config.htm - Original Message - From: "Joe Shen" <[EMAIL PROTECTED]> To: "Alexei Roudnev" <[EMAIL PROTECTED]>; "Jon Lyons" <[EMAIL PROTECTED]>; "Andy Dills" <[EMAIL PROTECTED]>; "Charlie Khanna - NextWeb" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Monday, November 01, 2004 5:53 PM Subject: Re: Network Monitoring System - Recommendations? > > Hi, > > I googled with "CCR" but it seems nothing useful in 5 > pages. Would you please do me a favor to give the URL > of that tool ? > > > I tried to set up MRTG monitoring Unishpere BRAS 1400 > and M160, but I failed with data collection because > wrong OID used ( CPU, mem, tempreture, BW etc ) :-( > > regards > > > > --- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > > > > > > > > I read document of these tools and find they work > > with > > > Cisco products. But, how about Juniper M160 or > > M320, > > > Unishpere's BRAS products? Where can I find > > Juniper's > > > OID on its tempreture, chassis, CPU, bandwidth ? > > Does > > They use standart MIB2 and a little of Cisco > > specific MIB's. As I already > > said, it is a good tool to view and monitor traffic, > > utilisation, errors, > > and use additional tiool to deep monitor vendor > > specific parameters. We use > > 'snmpstat' to monitor routers, switches, ports and > > interfaces (and bgp) and > > cricket to watch few additional parameters (to > > configure alerts, we use > > aliases and mhonarc mail archives with auto > > expiration - for alerts, > > warnings, reports and audits, and for 'root' and > > 'oracle' e-mail. > > > > > anyone have a running configuration for M160 or > > > Unishpere's BRAS products? > > CCR can work with anything which (1) allow telnet or > > ssh, and (2) can 'write > > net' config (in any syntax). > > You can use encrypted password file (using > > passphrase) if you want. Using > > SNMP was rejected, because it is absolutely > > device-specific, impossible in > > many cases, and we never saw it as a security > > problem, because all devices > > are restricted to allow ssh or telnet from 2 or 3 > > servers only, because > > passwords are encrypted, and because automated > > config reading and web access > > aree much more important vs very abstract > > possibility of hacking (in > > reality, problem can come from insiders, not from > > hackers, so no extra > > accounst are allowed on monitoring server). > > > > You can get configuratuion (initialize tftp > > transfer) using some snmp > > (WRITE) variable and pre-configured tftp parameters, > > but it works on a very > > few Cisco devices only. > > > > As I said, CCR uses 3 methods: > > - password file encrypted by public key > > - password file encrypted by 3des passphrase; > > - explicit password. > > > > In all cases, problem is with root user only - root > > can alway decrypt > > password or interseipt web session. User, who have > > permission to edit CCR > > config and know passphrase, can (in theory) see > > passwords as well. Other > > users can not, even if they know passphrase - they > > can only initiate config > > reading. > > > > Network admins do not know enable passwords, if they > > do not need it - they > > use passphrase > > > > To have automated config reading, any of first 2 > > methods can be used > > (passphrase must be written into special file, if > > method 2 is used, > > root-only readable). For manual reading, any methgod > > can be used, without > > any file with passphrase. > > > > In reality, it is not serious security problem > > because all devices can be > > accessed from a very few servers only, and because > > we can use 'ssh' instead > > of 'telnet' (CCR can be configured or select > > ssh/telnet automatically). You > > can, in turn, play with security level , but it > > (again) does not work on > > generic case (any cisco device) and is very tricky. > > > > For Juniper or other device - you can try to program > > 'expect' script, or use > > 'snmp' initiated transfer - all other things will > > work. > > > > > > &
Re: Network Monitoring System - Recommendations?
Hi Charlie - We use JFFNMS here (http://www.jffnms.org/). We have it monitoring BGP with our 6 backbone providers, all of our T1's (300 or so), DSL lines, dedicated servers, backing up all of our router configs, talking to our F5s, pretty much everything you are asking for. We use it extensively to grab traps and notify my NOC of any problems. Overall I would say that it is monitoring over 15,000 connections and pieces of hardware. We have its bandwidth monitoring and tracking talking directly to our billing engine and allow our customers the ability to log into it and view all of their stats as well. We don't use it to monitor uptime as we utilize different hardware for that but my guess is that with some minor tweaking it could do that as well. Hope this helps. On Thu, 28 Oct 2004 00:01:42 -0700 "Charlie Khanna - NextWeb" <[EMAIL PROTECTED]> wrote: > Hi - I was interested in finding out what software applications other ISPs > are using for network monitoring? For example: > > > > 1) Overall network health - uptime reports > > 2) Backup router config automatically > > 3) Bandwidth reporting (or integration with an MRTG-type app) > > 4) SNMP trap support (BGP/OSPF session drops - emails out) > > 5) Database back end (port info into or over to other apps) > > > > I'm just looking for something well rounded for a small ISP. I've heard > about OpenNMS and other apps but I'd like to get everyone's feedback. > Thanks! > > > > -Charlie > > > ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . "Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching."
RE: Network Monitoring System - Recommendations?
Title: Re: Network Monitoring System - Recommendations? We actually use it now and its fine for what it does – however, I don’t think it provides a real integrated solution. -Charlie From: Erik Amundson [mailto:[EMAIL PROTECTED] Sent: Thursday, November 04, 2004 11:21 AM To: Richard J. Sears; Charlie Khanna - NextWeb Cc: [EMAIL PROTECTED] Subject: RE: Network Monitoring System - Recommendations? Not a lot of people seem to be using it, but at my organization, we just love WhatsUp Gold by IPSwitch. We first started using it about 4 years ago, when it was a very simple product that pretty much just did SNMP and ping-polling. Now, it's a much more advanced system that can do loads of things... Check it outwww.ipswitch.com - Erik From: [EMAIL PROTECTED] on behalf of Richard J. Sears Sent: Thu 11/4/2004 9:11 AM To: Charlie Khanna - NextWeb Cc: [EMAIL PROTECTED] Subject: Re: Network Monitoring System - Recommendations? Hi Charlie - We use JFFNMS here (http://www.jffnms.org/). We have it monitoring BGP with our 6 backbone providers, all of our T1's (300 or so), DSL lines, dedicated servers, backing up all of our router configs, talking to our F5s, pretty much everything you are asking for. We use it extensively to grab traps and notify my NOC of any problems. Overall I would say that it is monitoring over 15,000 connections and pieces of hardware. We have its bandwidth monitoring and tracking talking directly to our billing engine and allow our customers the ability to log into it and view all of their stats as well. We don't use it to monitor uptime as we utilize different hardware for that but my guess is that with some minor tweaking it could do that as well. Hope this helps. On Thu, 28 Oct 2004 00:01:42 -0700 "Charlie Khanna - NextWeb" <[EMAIL PROTECTED]> wrote: > Hi - I was interested in finding out what software applications other ISPs > are using for network monitoring? For example: > > > > 1) Overall network health - uptime reports > > 2) Backup router config automatically > > 3) Bandwidth reporting (or integration with an MRTG-type app) > > 4) SNMP trap support (BGP/OSPF session drops - emails out) > > 5) Database back end (port info into or over to other apps) > > > > I'm just looking for something well rounded for a small ISP. I've heard > about OpenNMS and other apps but I'd like to get everyone's feedback. > Thanks! > > > > -Charlie > > > ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . "Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching."
Re: Network Monitoring System - Recommendations?
MIDAS looks interesting...a little confusing at first to setup but not too bad once you figure out what the various MIDASa/b/c/etc things do (Still working on that part... ;) ) http://midas-nms.sourceforge.net/ -- /"\ \ / ASCII RIBBON CAMPAIGN XAGAINST HTML MAIL / \
