Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
901
Views
0
Helpful
2
Replies

Network Monitoring

johnsayce
Level 1
Level 1

‎03-01-2011 10:40 AM - edited ‎02-21-2020 04:16 AM

I'm looking for software for monitoring and alerting various things on my cisco 877 router.

At current I have cacti setup to monitor bandwidth, cpu and various other things via snmp.  I also have a nagios installation that could be used for alerting, however, for many of the things I want I think I would have to write my own custom tests.  I've also looked at a few products to utilize netflow.

To extend on what I want, I want to be able to create utilization alerts for the things I monitor with cacti, which I could do with a plugin for cacti called Thold.  ie send an email if cpu > 95% utilization for more than a minute.

I also wish to have alerts if the router is down (based on a ping test I guess) and alerts on interfaces changing state.

The biggest problem I have is creating alerts based on the logs I generate.  I want to have a better way to look at ips alerts rather than just a text file with them listed chronologically and I want to be able to quickly report on logins to the router via ssh and vpn.  I also want firewall based alerts.  ie a port scan (or other ips signature) generates an alert that requires acknowledgement, gets logged and sends an email.

With regards to netflow like reports, I'd like to look at computers that are trying to connect to the blocked ports on the router.  I'd also like to report on the computers that are connecting to my applications.

It'd be nice to do all of the above in one application but a combination of easily configurable applications is fine.

As an aside, it'd also be nice to be able to monitor other applications or services on linux and windows to report on thier status.  I'd also like to report on squid proxy server logs, windows/ linux error logs and authentication logs.  I'd also like to have ids alerts generated from snort but all of these fall outside of my current project.

Should be a easy........

0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎03-01-2011 01:01 PM 

johnsayce wrote:
I'm looking for software for monitoring and alerting various things on my cisco 877 router. 
At current I have cacti setup to monitor bandwidth, cpu and various other things via snmp.  I also have a nagios installation that could be used for alerting, however, for many of the things I want I think I would have to write my own custom tests.  I've also looked at a few products to utilize netflow.
To extend on what I want, I want to be able to create utilization alerts for the things I monitor with cacti, which I could do with a plugin for cacti called Thold.  ie send an email if cpu > 95% utilization for more than a minute.
I also wish to have alerts if the router is down (based on a ping test I guess) and alerts on interfaces changing state.
The biggest problem I have is creating alerts based on the logs I generate.  I want to have a better way to look at ips alerts rather than just a text file with them listed chronologically and I want to be able to quickly report on logins to the router via ssh and vpn.  I also want firewall based alerts.  ie a port scan (or other ips signature) generates an alert that requires acknowledgement, gets logged and sends an email.
With regards to netflow like reports, I'd like to look at computers that are trying to connect to the blocked ports on the router.  I'd also like to report on the computers that are connecting to my applications.
It'd be nice to do all of the above in one application but a combination of easily configurable applications is fine.
As an aside, it'd also be nice to be able to monitor other applications or services on linux and windows to report on thier status.  I'd also like to report on squid proxy server logs, windows/ linux error logs and authentication logs.  I'd also like to have ids alerts generated from snort but all of these fall outside of my current project.
Should be a easy........

Jonathan,

I'll break this out by your requests-

General SNMP MIB-II type stuff: Solarwinds Orion

It can alert on node down (ICMP or SNMP polling), alert on x% utlization for x amount of time, alerts on interface state change and a ton of other alerting capabilities

Netflow: Solarwinds Orion or Plixer, netflow can't report on accessing blocked ports. All it does is report on flows through an interface(s)

IPS & Cisco log events: Splunk or Cisco Security Manager

Reporting on SSH & VPN logins: Cisco ACS

Monitor Win & Linux services: Solarwinds Orion

Monitor Win & Linux logs: Splunk again

I have used all of the above in a large production environment with the exception of Splunk. We eval'd and loved it, but it got shot down.

0 Helpful

johnsayce
Level 1
Level 1
In response to Collin Clark

‎03-02-2011 11:02 AM

Cheers for all the info.

For the SNMP MIB-II stuff, I'll probably go with nagios because it's free.  I might have to write a couple of tests myself but (I hope) I can find tests for most things I want.  I quite like the alerting in nagios and ultimately I'll be able to get it to do exactly what I want.

Netflow:  I've looked at a number of products and I've used the fluke networks offering.  I can really recomend it, although I believe it is relatively costly.  I'll check out plixer, it looks right up my street.  The following quote from wikipedia suggests it is possible to report on dropped packets:  "NetFlow is generally based on the packets input to interfaces where it is enabled. This avoids double counting  and saves work for the router. It also allows the router to export NetFlow records for dropped packets."  I've not really looked at this extensively but it seems plausable, although I'm not sure how you would know a packet had been dropped, meerely that it was heading to a port that you might know was blocked.....

IPS & CISCO log events:  I've looked at splunk and there seemed to be a cisco security plugin but I couldn't get it to work.  How did you use it in your evaluation?   I'm looking at cisco security manager at the moment although it doesn't really seem to do anything special for reporting on logs, although I have yet to get it to actually work.  This may be related to my disabling of the sdm functions of the router.

SSH & VPN logins:  I'll have a look at CISCO ACS.  Are there any other products on the market because this is what I've struggled most with?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card