Goutham
asked on
centralized logging VS network monitoring tool
Dear Experts
What is the difference between audit log enabling like setting up centralised logging like Syslog server and Networking monitoring enabling and setting up, does both serve the same purpose, can you please help me to understand this. what each of these does , is it recommend both to be enabled in two different servers please suggest
What is the difference between audit log enabling like setting up centralised logging like Syslog server and Networking monitoring enabling and setting up, does both serve the same purpose, can you please help me to understand this. what each of these does , is it recommend both to be enabled in two different servers please suggest
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
CheckMK is an open source network monitor tool.
It takes some time to get used to it and to learn how to configure it, but it gets comfortable very quickly.
It takes some time to get used to it and to learn how to configure it, but it gets comfortable very quickly.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
can you please let me know which one is recommend is it SNOT or Nagios please
They do different things....
Nagios: probe elements on systems/network of existence, reachability, etc. and report/alert on missing/defective etc.
SNORT: Monitor network traffic (mostly on firewalls) and warn on anomalies in traffic, like virus signatures (not values in files, but traffic paterns, like sudden bulk connections to port 1433...)
So maybe both?
Nagios: probe elements on systems/network of existence, reachability, etc. and report/alert on missing/defective etc.
SNORT: Monitor network traffic (mostly on firewalls) and warn on anomalies in traffic, like virus signatures (not values in files, but traffic paterns, like sudden bulk connections to port 1433...)
So maybe both?
ASKER
thanks in the small network of very few systems but mpls vpn (hub and 2 spoke ) but very secured network is nagois needed or SNORT, please suggest.
This is like asking: For a weather forecast do i need a windspeed meter or a rain meter....
( depends on wether you dislike wind/rain the most..., or may you need both for better forecasting)
Or to drive a nail into the wood do i need a light hammer, a heavy hammer, or a sledge hammer.... (depends on nail size).
The real question then is WHAT do you want to accomplish....
Nagios: incident measurement, absence of service measurement, systems load measurement, ... and alert/report if threshholds are exceeded.
mostly active polling of components
Snort: network traffic measurement of packets passing through a server/firewall. If certain conditions are met act/report on observed issues.
Splunk: log analysis, watch logs for some trigger events, report/alert on observed issues
OpenVAS: poll all networked equipment and assess if certain KNOWN vulnerabilities exist. (f.e. logons without password, weak encryption methods, weak signing methods, known bugs in services seen)
fail2ban: monitor logs and if a certain amount of failures with Source Ip is reported either block the source and/or report on it.
Looked at Check_MK (didn't know it...) : short lookaround: a tool to help run a nagios environment. (web manager interface to nagios, complementary to nagios)
( depends on wether you dislike wind/rain the most..., or may you need both for better forecasting)
Or to drive a nail into the wood do i need a light hammer, a heavy hammer, or a sledge hammer.... (depends on nail size).
The real question then is WHAT do you want to accomplish....
Nagios: incident measurement, absence of service measurement, systems load measurement, ... and alert/report if threshholds are exceeded.
mostly active polling of components
Snort: network traffic measurement of packets passing through a server/firewall. If certain conditions are met act/report on observed issues.
Splunk: log analysis, watch logs for some trigger events, report/alert on observed issues
OpenVAS: poll all networked equipment and assess if certain KNOWN vulnerabilities exist. (f.e. logons without password, weak encryption methods, weak signing methods, known bugs in services seen)
fail2ban: monitor logs and if a certain amount of failures with Source Ip is reported either block the source and/or report on it.
Looked at Check_MK (didn't know it...) : short lookaround: a tool to help run a nagios environment. (web manager interface to nagios, complementary to nagios)
For network monitoring, PRTG is very good and a reasonable network can be monitored with the free version.
ASKER