Introduction to Network Monitoring and Management using Open Source Tools Network Management

Network Management
Introduction to Network
Monitoring and Management
using Open Source Tools
Who am I?
Jorge Paramo
Network / Security Administrator
LeanLogistics, Inc.
[email protected]
Why Monitor the Network
•
•
•
•
•
detect Faults, and send notifications
maintain Configuration revisions
Accounting information (logins / logouts)
maintain Performance information
manage the Security on the network
FCAPS
Fcaps
FAULT
The goal of fault management is to recognize,
isolate, correct and log faults that occur in the
network.
Fault management is concerned with detecting
network faults, logging this information,
contacting the appropriate person, and
ultimately fixing a problem.
fCaps
CONFIGURATION
The goals of configuration management are to
gather/set/track configurations of the devices.
Configuration management is concerned with
monitoring system configuration information, and
any changes that take place. This area is
especially important, since many network issues
arise as a direct result of changes made to
configuration files, updated software versions, or
changes to system hardware.
fcAps
ACCOUNTING
The goal is to gather usage statistics for users.
Accounting management is concerned with
tracking network utilization information, such that
individual users, departments, or business units
can be appropriately billed or charged for
accounting purposes.
fcaPs
PERFORMANCE
The goal is to both prepare the network for the
future, as well as to determine the efficiency of
the current network. Performance management
is focused on ensuring that network
performance remains at acceptable levels. This
area is concerned with gathering regular
network performance data such as network
response times, packet loss rates, link utilization,
and so forth
fcapS
SECURITY
The goal of security management is to control
access to assets in the network. It uses firewalls
to monitor and control external access points to
one's network.Security management is not only
concerned with ensuring that a network
environment is secure, but also that gathered
security-related information is analyzed
regularly.
Ways to Manage
•
Static information
–
•
Documentation
Dynamic information
–
–
–
–
SNMP
RMON
NetFlow/sflow
EMM (Cisco Embedded Event Manager)
What Options do I have?
•
Commercial Software
•
•
Feature-limited packages
•
•
PRTG, Spiceworks, Solarwinds...
Free Vendor tools
•
•
OpenView, Tivoli, CiscoWorks, SiteScope...
Cisco Network Assistant...
Open Source
What is Open Source?
•
•
License free computer software that
makes its source code available to the
community.
Users can study, change and improve the
software.
Should I use Open Source?
•
It is not malware!
Source code is available for modification
Not tied to a specific company
Community Support
Usually it is license free
•
Some packages only run on Linux
•
•
•
•
Common Software Reqs.
•
Linux
–
–
–
•
Apache
MySQL
php
Windows
–
–
–
IIS / Apache
PostgreSQL
JDK (Java)
Deployments
•
Centralized
–
–
•
Easier to deploy
Scalability pains
Distributed
–
–
Reliability of components
More complex deployment
Some OpenSource Tools
Fault
OpenNMS
zenoss
Nagios
Munin
Zabbix
spiceworks
Change Management
Mercurial
Rancid
RCS
SVN
Netdisco
Accounting
TACACS
Performance
Cricket
IFPFM
MRTG
arts (netflow/sflow)
ntop
smokeping
Security
SNORT
Samhain
splunk
OSSEC
Nessus
Untangle
Backtrack
SiLK
Demonstration
How do I use OpenSource tools..
Zenoss
Smokeping
RANCID
Cacti
phpIP
Netflows
splunk
Links of interest
Where to find software:
http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html
http://www.networkbones.com/
Bootable CDs:
CactiEZ - http://cactiez.cactiusers.org/
SiLK - http://tools.netsa.cert.org/silk/livecd.html
Backtrack4 - http://www.backtrack-linux.org/downloads
Questions…..
Anything goes...