Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1072
  • Last Modified:

Network monitoring - ideas? Theory....

I am trying to setup a monitoring system using various components. What I am looking to gather data on is Syslog, SNMP (bandwidth usage) and NetFlow for about 50 Cisco ASAs. I know I could go with one of the big providers like SolarWinds or Plixer but they are pricy. At this point we really can't afford to drop the cash on a big product just yet, but I'm sure we will once we get some results... Anyway... Here are my thoughts, please let me know where any of this makes sense or give advice as to what best to do.

I've been playing with Ntop, Splunk, Kiwi, Cacti, and NetCrunch. We currently use NetCrunch for server monitoring. I want something more geared toward network monitoring. Since we are trying to save cash out of the gate, I am trying to use open source stuff where possible. Cacti is alright and gets the job done. It's a bit limited but works for now. I use it for bandwidth monitoring only now. What I would like to do is gather all the data in one point and parse it out to applications as necessary. We don't always need to be monitoring a specific node all of the time. Would it make sense to pull all of the SNMP and Syslog data into say.. Kiwi, then forward it along with some rules applied to Cacti for bandwidth... then some of the Syslog data that matches a filter to Splunk? Then there is Netflow. I would love to get this working. A client may want us to monitor a system for a month and give them a report that says in detail what kind of traffic they are using. I know with NetFlow that is a whole lot of data and most of the free licenses will not allow us to use all of it (Splunk with it's 500MB/Day quota).

If you can gather what it is that I'm trying to do, what advice would you give me?

I hope this isn't too scattered but I'm new to this and learning a lot.

Thanks!
0
farroar
Asked:
farroar
2 Solutions
 
Randy DownsOWNERCommented:
Try Solarwinds. you can get a free trial.

http://www.solarwinds.com/search/how-to-configure-netflow-snmp.aspx

Network Performance Monitor
Powerful fault & performance management software makes it quick and easy to detect, diagnose, and resolve issues. Download a free trial of Orion NPM and start monitoring your network in less than an hour! ...
www.solarwinds.com/products/orion/
0
 
Matt VCommented:
Have you looked at Zenoss at all?  It combines pretty much everything into one product.

http://community.zenoss.org/index.jspa

Nice thing about Zenoss is you can purchase commercial support if you decide you want it later.
0
 
Fred MarshallCommented:
PRTG is very good in my opinion.  And, not very costly.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
danieljanderson1234Commented:
ihij.com may have what you need.

Not sure if it will give you all the reports you are looking for, but I think it can report high bandwidth on devices.
0
 
convergintCommented:
https://www.icinga.org/
http://www.netxms.org/
http://www.opennms.org/
http://www.zabbix.com/product.php

I have only used Zenoss so far and it is not bad but OpenNMS has very good reviews but we have not yet tried it.  All of the above are free open source.
0
 
Cyclops3590Commented:
for flow data, ntop is going to be your best bet unless you shove out tons of cash. Sounds like you want to get bandwidth stats on a per app basis.  The best bet will most likely be via syslog analysis via splunk for that.  but you'll most likely have to have multiple instances as I'm sure you'll have over the amount for the free version.  However if you just want total bandwidth, regardless of client/server/app, then what the rest said should do the job.  Most of them you can do custom scripts as well to grab at the stats you want to put into an RRD.  Cacti is actually quite flexible, but it is confusing at first to get what you want into the graphs.  You may want to look into writing your own delta type script to grab the bandwidth you want and then use cacti to call that script and graph that data.  Otherwise yes, for some of the stuff you're after, it's going to cost for that kind of granularity.
0
 
madunixChief Information Security Officer Commented:
0
 
farroarAuthor Commented:
All very excellent comments posted. I appreciate the help. I am going to continue to dig and learn some more. Currently I am trying to get Splunk to do what I want, not quite there yet but coming along.

Thanks and cheers.
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Tackle projects and never again get stuck behind a technical roadblock.
Join Now