[KLUG Members] Question on network monitors (i.e. big brother, etc).

Adam Williams members@kalamazoolinux.org
Wed, 7 Nov 2001 09:16:36 -0500 (EST)

Previous message: [KLUG Members] Question on network monitors (i.e. big brother, etc).
Next message: [KLUG Members] Question on network monitors (i.e. big brother, etc).
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>I've got a question.  Currently, my company is running "Big Brother" to
>watch for connections, etc on my network.  It monitors for http, ftp, smtp,
>ssh, telnet, etc.
>Big Brother Sucks.
>It is the bane of my existence, and more often than not, deprives me of
>sleep for no reason.  I get 99.99999999 percent false positives, it freaks
>out all the time, etc.
>I need a replacement. A good one. Fast.

We used BB for some time,  and never got a false positive,  and BB is used
by MANY agencies so I think you have a problem with your configuration.

On the other hand we gave up on BB because configuration is a pain,  the
whole thing is comprised (or *was* comprised to be fair) of a seemling
disorganized mash of scripts.

>I'm told about netsaint.  Is this good?  I'm going to set it up tomorrow at

Never used it.

I always recommend MRTG.

I'm playing with OpenNMS which is a REAL INDUSTRIAL GRADE package
requiring a stand alone machine and 256Mb of RAM.  But it appears to be
able to monitor the number of angels dancing on the head of a pin located
somwhere over the pacific ocean,  and determine if those angels are
seraphim, cherubim,  or your common divine-message types.

>work, but I can't deploy it until I cahnge the minds of the "powers that
>be".  I'd rather not build one myself from scratch, since that's not very
>income-producing, and I'd like to not have to de-bug.
>One thing is for sure: big brother stinks!  If ever there was a boy who
>cried wolf, this is it.
>Anyway, I need useable, viable solutions.  I must replace big brother!  I
>can't be paged every time it loses a packet!  Please!  I'm getting paged

BB supports two failure phases,  yellow and red (if I recall correctly).
It should only page on a red condition.  It really sounds like you just
need to adjust your threshholds.

>every 5 minutes, folks!  Please save me!  Please use my excessive use of
>exclaimation points as proof!

Pager batteries must no last long.... :)

-- 
-----------------------------------------------------------
Ximian GNOME, Evolution, LTSP, and RedHat Linux + LVM & XFS
-----------------------------------------------------------

Previous message: [KLUG Members] Question on network monitors (i.e. big brother, etc).
Next message: [KLUG Members] Question on network monitors (i.e. big brother, etc).
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]