nanog mailing list archives
Re: Network monitoring/IDS rant - What's hot what's not?
From: Martin hepworth <martinh () solid-state-logic com>
Date: Wed, 26 Feb 2003 10:19:46 +0000
Christopher J. Wolff wrote:
Tivoli, Openview, Unicenter, ipmonitor, mrtg, nagios? There are many network monitoring options but each option has its pitfalls. I'm rapidly coming to the conclusion that any software Computer Associates publishes is designed for the criminally insane. However, there 'has' to be something that offers more visibility into amajor WAN than MRTG/RRDTOOL.Perhaps I'm on a Computer Associates rant today but can anyone share any positive experiences with E-trust intrusion detection? 5 MB of traffic flow paralyzes a dual P3 with gobs of ram and it still misses signatures that Snort does not miss. Originally I was going to blame this lousy performance on application tuning; however, it was a CA engineer that set this box up. Any IDS suggestions would be greatly appreciated as well. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
ChrisAll the reviews I've/heard of etc all say snort is the bestIDS. Now I'm not it is, just passing what I've heard as I've not had the opportunity to compare the things myself. (also remember that alot of CA software is aquired by merger not written by themselve so it normally takes a couple of iterations to get things into the CA way)
as to network monitoring I'll go with mrtg and/or nagios anytime (mainly 'cos of the price/performance issue). PSiNETEurope use MRTG to display router stats for their customers and so do alot of other people - it just works.
-- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com **********************************************************************
Current thread:
- Network monitoring/IDS rant - What's hot what's not? Christopher J. Wolff (Feb 25)
- Re: Network monitoring/IDS rant - What's hot what's not? Martin hepworth (Feb 26)
- Re: Network monitoring/IDS rant - What's hot what's not? Christopher L. Morrow (Feb 26)
- Re: Network monitoring/IDS rant - What's hot what's not? Pete Kruckenberg (Feb 26)
- Re: Network monitoring/IDS rant - What's hot what's not? Christopher L. Morrow (Feb 26)
- Re[2]: Network monitoring/IDS rant - What's hot what's not? Richard Welty (Feb 26)
- Re: Network monitoring/IDS rant - What's hot what's not? Petri Helenius (Feb 26)
- Re: Network monitoring/IDS rant - What's hot what's not? Pete Kruckenberg (Feb 26)
- Re: Network monitoring/IDS rant - What's hot what's not? Pete Kruckenberg (Feb 26)
- Re[2]: Network monitoring/IDS rant - What's hot what's not? Richard Welty (Feb 26)
- Re: Network monitoring/IDS rant - What's hot what's not? Christopher McCrory (Feb 26)
- <Possible follow-ups>
- Re: Network monitoring/IDS rant - What's hot what's not? Jeff Weisberg (Feb 26)
- Re: Network monitoring/IDS rant - What's hot what's not? Jared Mauch (Feb 26)