monitoring tools
DESCRIPTION
Monitoring Tools. Open Source Security Tools to monitor your network. Definition. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/1.jpg)
MONITORING TOOLSOpen Source Security Tools to monitor your network
![Page 2: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/2.jpg)
DEFINITION
Monitoring is defined as "observing and analyzing the status and behavior of the network, which involves end systems, intermediate systems and the core network. By monitoring a network the management entity can get the static, dynamic and statistical information of the network."
![Page 3: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/3.jpg)
NAGIOS WHY?
• Offers monitoring and alerting capability for servers, switches, applications, and services
• Very flexible in integrating with other third party programs• Many free plugins already developed by companies
![Page 4: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/4.jpg)
NAGIOS REALLY A SECURITY TOOL?
Can be compared as a policemen who does round-the-clock patrols
“ISPs claim heightened awareness and
vigorous monitoring have helped
reduce damage”
![Page 5: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/5.jpg)
NAGIOS ADD-ONS
Other projects extend the core functionality provided with a basic Nagios install
• NSTI + SNMPTT - For managing SNMP traps and receiving alerts• NagVis - A visualization program that can be used to visualize data• NagiosQL - A web based administration tool that helps you to easily build, manage, and use a
complex configuration with all options enabled• BPI - An advanced grouping tool that allows you to define more complex dependencies for
determining groups states
![Page 6: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/6.jpg)
CACTI WHY?
• Provides performance measurement and advanced data acquisition methods
• Many flexible graph templates already available• Keeps historical data collection for a long period of time• Little overhead and keeps storage requirements extremely low
![Page 7: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/7.jpg)
CACTI ADD-ONS
• Other plugins extend the core functionality provided by a basic Cacti installation
• Thold - A threshold Alert Module• Nectar - Plugin to send Graphs and Text to specified mail address(es)• Discovery - Adds auto host discovery to the software• Cycle - Automatically cycles through graphs• Boost - A large Site Performance Booster
![Page 8: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/8.jpg)
SNORT WHY?
• Offers a network intrusion prevention and detection system (IDS/IPS)
• The most widely deployed IDS/IPS technology worldwide• Perfect for quickly writing simple and powerful new rules• The de facto standard for IPS
![Page 9: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/9.jpg)
SNORT DEPLOYMENT SCENARIO 1
IDS Probe
DataGateway
Gateway
IDS Probe
Data
Gateway
Monitoring Server
Data
Remote site
Remote site
Main site
![Page 10: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/10.jpg)
SNORT DEPLOYMENT SCENARIO 2
Data
Switch
Data
Data
Mirrored port on the switch
Monitoring Server
![Page 11: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/11.jpg)
SNORT ADD-ONS
• Other projects extend the core functionality provided by a basic Snort install
• Snorby - A new and modern Snort IDS front-end• Barnyard2 - A dedicated spooler for Snort's unified2 binary output format• Pulled_Pork - Perl script that automatically updates Snort rules• bProbe - A Snort IDS configured to run in packet logger mode
![Page 12: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/12.jpg)
LOGSTASH WHY?
• Offers logs/event transport, processing, management, and search
• Very fast search results even on a billion logs (elasticsearch)• Can produce multiple personalized dashboards• Can easily parse text-based logs
![Page 13: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/13.jpg)
LOGSTASH ADD-ONS
• Other projects extend the core functionality provided by a basic Logstash install
• Elasticsearch – A distributed, RESTful, Real time analytics and search engine• Kibana - The visual front end for Logstash & Elasticsearch• RabbitMQ – An Advanced Message Queuing Protocol
![Page 14: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/14.jpg)
NTOP WHY?
• Shows traffic measurement, characterization and network usage in a real time
• Monitor high speeds (1 Gbit and above) with common PCs • Detection of network security violations• Work with NetFlow & sFlow protocols
![Page 15: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/15.jpg)
NTOP DEPLOYMENT SCENARIO 1
Network Probe
DataGateway
Gateway
Network Probe
Data
Gateway
Monitoring Server
Data
Remote site
Remote site
Main site
![Page 16: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/16.jpg)
NTOP DEPLOYMENT SCENARIO 2
Data
Switch
Data
Data
Mirrored port on the switch
Monitoring Server
![Page 17: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/17.jpg)
NTOP DEPLOYMENT SCENARIO 3
Monitoring Server
switch
![Page 18: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/18.jpg)
NTOP ADD-ONS
• Other projects extend the core functionality provided by a basic Ntop install.
• Packet Filter Ring (PF_RING) - High-speed packet capture, filtering and analysis• nProbe - An Extensible NetFlow v5/v9/IPFIX Probe for IPv4/v6
![Page 19: Monitoring Tools](https://reader036.vdocument.in/reader036/viewer/2022081503/56815c36550346895dca1f98/html5/thumbnails/19.jpg)
PRIVAL & BLESK WHY?
• Provides advanced technologies and solutions to its customers
• Blesk represents ten years of development & knowledge in Open Source• Resources to help you implement open source monitoring technologies in your enterprise• Provides support and updates of all open source monitoring components• Customize and Improve open source technologies for your needs