Monitoring Tools

download Monitoring Tools

of 19

  • date post

  • Category


  • view

  • download


Embed Size (px)


Monitoring Tools. Open Source Security Tools to monitor your network. Definition. - PowerPoint PPT Presentation

Transcript of Monitoring Tools

Monitoring Tools

Monitoring ToolsOpen Source Security Tools to monitor your networkDefinitionMonitoring is defined as "observing and analyzing the status and behavior of the network, which involves end systems, intermediate systems and the core network. By monitoring a network the management entity can get the static, dynamic and statistical information of the network."Observer, analizer le status et le comportement dun reseau2Nagios Why?Offers monitoring and alerting capability for servers, switches, applications, and services

Very flexible in integrating with other third party programsMany free plugins already developed by companies

Surveillance et alertage sur les appareils et services3Nagios really a security tool?Can be compared as a policemen who does round-the-clock patrols

ISPs claim heightened awareness andvigorous monitoring have helpedreduce damage

Nagios Add-onsOther projects extend the core functionality provided with a basic Nagios install

NSTI + SNMPTT - For managing SNMP traps and receiving alertsNagVis - A visualization program that can be used to visualize dataNagiosQL - A web based administration tool that helps you to easily build, manage, and use a complex configuration with all options enabledBPI - An advanced grouping tool that allows you to define more complex dependencies for determining groups statesCacti Why?Provides performance measurement and advanced data acquisition methods

Many flexible graph templates already availableKeeps historical data collection for a long period of timeLittle overhead and keeps storage requirements extremely low

Exemple: Surveillance avance des connexions VPN6Cacti add-onsOther plugins extend the core functionality provided by a basic Cacti installation

Thold - A threshold Alert ModuleNectar - Plugin to send Graphs and Text to specified mail address(es)Discovery - Adds auto host discovery to the softwareCycle - Automatically cycles through graphsBoost - A large Site Performance BoosterSnort why?Offers a network intrusion prevention and detection system (IDS/IPS)

The most widely deployed IDS/IPS technology worldwidePerfect for quickly writing simple and powerful new rulesThe de facto standard for IPS

Virus, Trojan, signature inconnue8Snort Deployment scenario 1

Sonde installee a distance (mirroir) qui envoie linformation au collecteur9Snort deployment scenario 2

Connexion physique entre le collecteur et le port de la switch10Snort add-onsOther projects extend the core functionality provided by a basic Snort install

Snorby - A new and modern Snort IDS front-endBarnyard2 - A dedicated spooler for Snort's unified2 binary output formatPulled_Pork - Perl script that automatically updates Snort rulesbProbe - A Snort IDS configured to run in packet logger modeLogstash why?Offers logs/event transport, processing, management, and search

Very fast search results even on a billion logs (elasticsearch)Can produce multiple personalized dashboardsCan easily parse text-based logs

Centralise tous les logs a une seul place12Logstash add-onsOther projects extend the core functionality provided by a basic Logstash install

Elasticsearch A distributed, RESTful, Real time analytics and search engineKibana - The visual front end for Logstash & ElasticsearchRabbitMQ An Advanced Message Queuing ProtocolRecherche a association (meme famile de composant, meme roles, etc..)13Ntop why?Shows traffic measurement, characterization and network usage in a real time

Monitor high speeds (1 Gbit and above) with common PCs Detection of network security violationsWork with NetFlow & sFlow protocols

Ntop deployment scenario 1

Ntop deployment scenario 2

Ntop deployment scenario 3

Ntop add-onsOther projects extend the core functionality provided by a basic Ntop install.

Packet Filter Ring (PF_RING) - High-speed packet capture, filtering and analysisnProbe - An Extensible NetFlow v5/v9/IPFIX Probe for IPv4/v6

Prival & blesk why?Provides advanced technologies and solutions to its customers

Blesk represents ten years of development & knowledge in Open SourceResources to help you implement open source monitoring technologies in your enterpriseProvides support and updates of all open source monitoring componentsCustomize and Improve open source technologies for your needs

Nous developpons, maintenons, supportons la solution pour vous.19