centralized logging VS network monitoring tool

Dear Experts

What is the difference between audit log enabling like setting up centralised logging like  Syslog server and  Networking monitoring enabling and setting up, does both serve the same purpose, can you please help me to understand this. what each of these does , is it recommend both to be enabled in two different servers please suggest
D_wathiAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fred MarshallPrincipalCommented:
Different things altogether if I understand the terms you're using.
One logs and analyzes events like SIEM.
The other monitors network state like traffic and machine status.
Yes, they can overlap.
0
David SankovskySenior SysAdminCommented:
Allow me to further expand on Fred's answer.

Collecting logs into a centralized system, could make investigations easy - for example, you would be able to very quickly ascertain why a certain service failed on a certain machine.
A Network Monitor (notable examples would be PRTG, CheckMK, orNagios to name a few) allows you to have a real time view of you network with the ability to drill down to very specific checks (CPU / RAM utilization on a server, Disk usage, is a service up or down).

A lot of companies use both systems, we for example use PRTG for monitoring and ELK stack for log collection.
Last week it allowed one of our junior techs who has very little experience with debugging any type of error, got an alert from the monitoring system that MySQL on one of our staging servers was down, When he logged into the ELK stack, he very quickly saw that MySQL couldn't restart after a scheduled server reboot because the server ran out of storage.
0
D_wathiAuthor Commented:
thank you very much for less expensive can you suggest me solution , think syslog server on one of the VM running centos will be okay please suggest and for network monitoring can you please suggest a tool can this be on VM linux/windows can you please suggest. thanks in advance.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

David SankovskySenior SysAdminCommented:
CheckMK is an open source network monitor tool.
It takes some time to get used to it and to learn how to configure it, but it gets comfortable very quickly.
0
nociSoftware EngineerCommented:
They serve different puposes:
Central LOG server:  - Primary get log record off a system to some central place. Needed to reconstruct history when a system gets lost.
(Compare to blackboxes in planes).  They can ALSO be useful to monitor because a lot of stuff might be early indicators of trouble.

Network Monitoring as such is only useful to log traffic & traffic patterns. (Might be useful to find signature of attacks after the act).
Network monitoring also allows to act on observed patterns. Lot of tools can recognize specific patterns used used in the past  (or elsewhere) and then act on the data.

snort is well known tool to observe & act on traffic & traffic patterns in networks.
fail2ban is a log monitor that can act  on f.e. connect/login attempts from certain sources.
splunk to monitor logs on a large scale.
openvas assesses vulnerabilities in networked equipment.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
D_wathiAuthor Commented:
can you please let me know which one is recommend is it SNOT or Nagios please
0
nociSoftware EngineerCommented:
They do different things....
Nagios: probe elements on systems/network of existence, reachability, etc. and report/alert on missing/defective etc.
SNORT: Monitor network traffic (mostly on firewalls) and warn on anomalies in traffic, like virus signatures  (not values in files, but traffic paterns, like sudden bulk connections to port 1433...)
So maybe both?
0
D_wathiAuthor Commented:
thanks in the small network of very few systems but mpls vpn (hub and 2 spoke ) but very secured network is nagois needed or SNORT, please suggest.
0
nociSoftware EngineerCommented:
This is like asking: For a weather forecast do i need a windspeed meter or a rain meter....
( depends on wether you dislike wind/rain the most..., or may you need both for better forecasting)
Or to drive a nail into the wood do i need a light hammer, a heavy hammer, or a sledge hammer.... (depends on nail size).

The real question then is WHAT do you want to accomplish....
Nagios: incident measurement, absence of service measurement, systems load measurement, ... and alert/report if threshholds are exceeded.
           mostly active polling of components
Snort: network traffic measurement  of packets passing through a server/firewall. If certain conditions are met act/report on observed issues.
Splunk: log analysis, watch logs for some trigger events, report/alert on observed issues
OpenVAS: poll all networked equipment and assess if certain KNOWN vulnerabilities exist. (f.e. logons without password, weak encryption methods, weak signing methods, known bugs in services seen)
fail2ban: monitor logs and if a certain amount of failures with Source Ip is reported either block the source and/or report on it.

Looked at Check_MK (didn't know it...) : short lookaround: a tool to help run a nagios environment. (web manager interface to nagios, complementary to nagios)
0
Fred MarshallPrincipalCommented:
For network monitoring, PRTG is very good and a reasonable network can be monitored with the free version.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Management

From novice to tech pro — start learning today.