1 / 19

Monitoring Tools

Monitoring Tools. Open Source Security Tools to monitor your network. Definition.

moriah
Download Presentation

Monitoring Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Monitoring Tools Open Source Security Tools to monitor your network

  2. Definition Monitoring is defined as "observing and analyzing the status and behavior of the network, which involves end systems, intermediate systems and the core network. By monitoring a network the management entity can get the static, dynamic and statistical information of the network."

  3. Nagios Why? • Offers monitoring and alerting capability for servers, switches, applications, and services • Very flexible in integrating with other third party programs • Many free plugins already developed by companies

  4. Nagios really a security tool? Can be compared as a policemen who does round-the-clock patrols “ISPs claim heightened awareness and vigorous monitoring have helped reduce damage”

  5. Nagios Add-ons Other projects extend the core functionality provided with a basic Nagios install • NSTI + SNMPTT - For managing SNMP traps and receiving alerts • NagVis- A visualization program that can be used to visualize data • NagiosQL - A web based administration tool that helps you to easily build, manage, and use acomplex configuration with all options enabled • BPI - An advanced grouping tool that allows you to define more complex dependencies for determining groups states

  6. Cacti Why? • Provides performance measurement and advanced data acquisition methods • Many flexible graph templates already available • Keeps historical data collection for a long period of time • Little overhead and keeps storage requirements extremely low

  7. Cacti add-ons • Other plugins extend the core functionality provided by a basic Cacti installation • Thold - A threshold Alert Module • Nectar - Plugin to send Graphs and Text to specified mail address(es) • Discovery - Adds auto host discovery to the software • Cycle - Automatically cycles through graphs • Boost - A large Site Performance Booster

  8. Snort why? • Offers a network intrusion prevention and detection system (IDS/IPS) • The most widely deployed IDS/IPS technology worldwide • Perfect for quickly writing simple and powerful new rules • The de facto standard for IPS

  9. Snort Deployment scenario 1

  10. Snort deployment scenario 2

  11. Snort add-ons • Other projects extend the core functionality provided by a basic Snort install • Snorby - A new and modern Snort IDS front-end • Barnyard2 - A dedicated spooler for Snort's unified2 binary output format • Pulled_Pork- Perl script that automatically updates Snort rules • bProbe - A Snort IDS configured to run in packet logger mode

  12. Logstash why? • Offers logs/event transport, processing, management, and search • Very fast search results even on a billion logs (elasticsearch) • Can produce multiple personalized dashboards • Can easily parse text-based logs

  13. Logstash add-ons • Other projects extend the core functionality provided by a basic Logstash install • Elasticsearch – A distributed, RESTful, Real time analytics and search engine • Kibana - The visual front end for Logstash & Elasticsearch • RabbitMQ – An Advanced Message Queuing Protocol

  14. Ntop why? • Shows traffic measurement, characterization and network usage in a real time • Monitor high speeds (1 Gbit and above) with common PCs • Detection of network security violations • Work with NetFlow & sFlow protocols

  15. Ntop deployment scenario 1

  16. Ntop deployment scenario 2

  17. Ntop deployment scenario 3

  18. Ntop add-ons • Other projects extend the core functionality provided by a basic Ntop install. • Packet Filter Ring (PF_RING) - High-speed packet capture, filtering and analysis • nProbe- An Extensible NetFlow v5/v9/IPFIX Probe for IPv4/v6

  19. Prival & blesk why? • Provides advanced technologies and solutions to its customers • Blesk represents ten years of development & knowledge in Open Source • Resources to help you implement open source monitoring technologies in your enterprise • Provides support and updates of all open source monitoring components • Customize and Improve open source technologies for your needs

More Related