# Routers and Switches device monitoring

## dgtaro

I want to manage some devices (Cisco routers and switches, and some win2000 servers). What are some decent tools that I may get my hand on? Here are some that I have been suggested:

Nagios - This is a great tool and all, but in my environment interop. is the issue; I want something that can run on x86 machine also.

ntop - agian, only *nix machines. great tool, btw.

mon - also great.

I guess what I'm looking for is a tool that would help me manage these devices from both the x86 machine and *nix machines; and no ssh over tunnel to X server on a box running a linux is not an option for me.

----------

## kashani

Interoperation is great, but I don't see it adding anything to the system. Instead I'd setup a network monitoring box and run the following.

1. MRTG or Cacti. If you have snmp addressable network gear there is no reason not to have graphs of everything single interface, RAM usage, CPU usage, and temp. Additionally it'll help you plan upgrades and when things break knowing that port 10 on switch 4 the DNS server normally seeing 2mb/s at peak and now it's taking 15mb/s can be a life saver.

Additionally you can run snmp on your servers, any OS, and have MRTG/Cacti pull the same data.

2. Tacacs or Radius - Centralized authentication and logging for your switches and routers

3. Nagios - Nagios can ping and test services on any machine just by hitting the port. No problem with interop there.  Also you can install the scripts on *nix or Windows to check swap, cpu, disk, etc. 

I think your problem is you're trying to run everything from individual boxes and not from a single box to watch all the others. 

kashani

----------

## Styles

I setup a central Gentoo / Monitoring box. NTOP + snort + ACID + Nagios + OpenSims (see attacks in real time) + prelude.

Another Gentoo Box for my CO. Mailgateway using Mailscanner

As for nagios I use (NSCA) to send monitoring info from my Winblows servers to nagios which monitor Disk space, cpu, etc... Also to monitor the same stuff on my *nix servers as well. To manage the Nagios configuration I use NagMin which is a pluging for webmin.

I know all, see all, and monitor everything on my network with these tools and the bleeding edge rules for snort, if I do see something suspicious I then break out ettercap and tcpdump on the same server.

You really dont want to use a winblows box for an IDS or NIDS solution.

----------

## dgtaro

 *kashani wrote:*   

> Interoperation is great, but I don't see it adding anything to the system. Instead I'd setup a network monitoring box and run the following.
> 
> 1. MRTG or Cacti. If you have snmp addressable network gear there is no reason not to have graphs of everything single interface, RAM usage, CPU usage, and temp. Additionally it'll help you plan upgrades and when things break knowing that port 10 on switch 4 the DNS server normally seeing 2mb/s at peak and now it's taking 15mb/s can be a life saver.
> 
> Additionally you can run snmp on your servers, any OS, and have MRTG/Cacti pull the same data.
> ...

 

Yes, all of my devices are on the same snmp community pretty much, so MRTG/Cacti would seem to make sense at this point in terms of polling for these devices health.

And you're right: at this point I'm trying to run everything from different places, that's only because I'm at the initial stage of testing these different tools out. Eventually, I would be watching everything from one place which would make more sense. However, the real issue here is that I'm in a "window$ realm" and can't really afford to run what I wanted on a Linux box (However, Solaris is a promising option for me, believe it or not). So, I'm sorta force to seek for a tool that can work on a x86 machine.

So I hope to give MRTG/Cacti a test run and see how they meet up to the demands--robust, reliability, and etc. (on Solaris, in this case).

Besides that I'm still looking.   :Wink: 

----------

## kashani

You want to run the Cisco Works Scam.  :Smile: 

You turn in a PO for Cisco Works and Cisco ACS which is going to run $50k or so. Then mention that with a $1k Linux box you can duplicate most of the functionality and also watch the Windows boxes as well.

You can run each fo the tools I mentioned on Solaris as well, which is how I got started using each fo them. MRTG can be run from from Windows though getting RRDTool to work with it might be more difficult. IIRC correctly there is a Tacacs something that works for Windows as well.

A few more to add

syslog server, I like syslog-ng for this, but there is a Windows logger that is decent.

logwatch to alert on interesting logs. Windows also has somethign similar.

kashani

----------

## dgtaro

 *kashani wrote:*   

> You want to run the Cisco Works Scam. 
> 
> You turn in a PO for Cisco Works and Cisco ACS which is going to run $50k or so. Then mention that with a $1k Linux box you can duplicate most of the functionality and also watch the Windows boxes as well.
> 
> You can run each fo the tools I mentioned on Solaris as well, which is how I got started using each fo them. MRTG can be run from from Windows though getting RRDTool to work with it might be more difficult. IIRC correctly there is a Tacacs something that works for Windows as well.
> ...

 

Haha, that little scam sounds like a superb plan  :Wink: 

But yea, the company is under budget at this point, so for us to get anything more from Cisco is out of the quesiton. That's why I'm leaning so heavily on Nagios.

I'm rebuilding a Solaris box right now, 8.0. for nagios. --> pending result.

I've run syslog-ng on my Gentoo box at home and might also consider it fo r this Solaris setup---along side nagios, of course.  I haven't tried logwatch. So will see how that measures up to the environment. 

Thanks for the comments!  :Wink: 

----------

## dgtaro

 *Styles wrote:*   

> I setup a central Gentoo / Monitoring box. NTOP + snort + ACID + Nagios + OpenSims (see attacks in real time) + prelude.
> 
> Another Gentoo Box for my CO. Mailgateway using Mailscanner
> 
> As for nagios I use (NSCA) to send monitoring info from my Winblows servers to nagios which monitor Disk space, cpu, etc... Also to monitor the same stuff on my *nix servers as well. To manage the Nagios configuration I use NagMin which is a pluging for webmin.
> ...

 

You know OpenSIMS is actually very interesting. I would have to try it out on my private network at home; not as complicate of a network, but why not, right?   :Wink: 

----------

## dgtaro

I guess I'm updating myself on this one...

I've thrown Nagios out and decided to go with ntop. It's just what I needed. Nagios seem to overkilled. 

Getting ntop to work correctly on Solaris, now, that is the thing.   :Mad: 

----------

