Link to home
Start Free TrialLog in
Avatar of Goutham
GouthamFlag for India

asked on

centralized logging VS network monitoring tool

Dear Experts

What is the difference between audit log enabling like setting up centralised logging like  Syslog server and  Networking monitoring enabling and setting up, does both serve the same purpose, can you please help me to understand this. what each of these does , is it recommend both to be enabled in two different servers please suggest
SOLUTION
Avatar of hypercube
hypercube
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Goutham

ASKER

thank you very much for less expensive can you suggest me solution , think syslog server on one of the VM running centos will be okay please suggest and for network monitoring can you please suggest a tool can this be on VM linux/windows can you please suggest. thanks in advance.
CheckMK is an open source network monitor tool.
It takes some time to get used to it and to learn how to configure it, but it gets comfortable very quickly.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Goutham

ASKER

can you please let me know which one is recommend is it SNOT or Nagios please
Avatar of noci
noci

They do different things....
Nagios: probe elements on systems/network of existence, reachability, etc. and report/alert on missing/defective etc.
SNORT: Monitor network traffic (mostly on firewalls) and warn on anomalies in traffic, like virus signatures  (not values in files, but traffic paterns, like sudden bulk connections to port 1433...)
So maybe both?
Avatar of Goutham

ASKER

thanks in the small network of very few systems but mpls vpn (hub and 2 spoke ) but very secured network is nagois needed or SNORT, please suggest.
This is like asking: For a weather forecast do i need a windspeed meter or a rain meter....
( depends on wether you dislike wind/rain the most..., or may you need both for better forecasting)
Or to drive a nail into the wood do i need a light hammer, a heavy hammer, or a sledge hammer.... (depends on nail size).

The real question then is WHAT do you want to accomplish....
Nagios: incident measurement, absence of service measurement, systems load measurement, ... and alert/report if threshholds are exceeded.
           mostly active polling of components
Snort: network traffic measurement  of packets passing through a server/firewall. If certain conditions are met act/report on observed issues.
Splunk: log analysis, watch logs for some trigger events, report/alert on observed issues
OpenVAS: poll all networked equipment and assess if certain KNOWN vulnerabilities exist. (f.e. logons without password, weak encryption methods, weak signing methods, known bugs in services seen)
fail2ban: monitor logs and if a certain amount of failures with Source Ip is reported either block the source and/or report on it.

Looked at Check_MK (didn't know it...) : short lookaround: a tool to help run a nagios environment. (web manager interface to nagios, complementary to nagios)
For network monitoring, PRTG is very good and a reasonable network can be monitored with the free version.