Network Management Introduction to Network Monitoring and Management using Open Source Tools Who am I? Jorge Paramo Network / Security Administrator LeanLogistics, Inc. jorge@madspaniard.com Why Monitor the Network • • • • • detect Faults, and send notifications maintain Configuration revisions Accounting information (logins / logouts) maintain Performance information manage the Security on the network FCAPS Fcaps FAULT The goal of fault management is to recognize, isolate, correct and log faults that occur in the network. Fault management is concerned with detecting network faults, logging this information, contacting the appropriate person, and ultimately fixing a problem. fCaps CONFIGURATION The goals of configuration management are to gather/set/track configurations of the devices. Configuration management is concerned with monitoring system configuration information, and any changes that take place. This area is especially important, since many network issues arise as a direct result of changes made to configuration files, updated software versions, or changes to system hardware. fcAps ACCOUNTING The goal is to gather usage statistics for users. Accounting management is concerned with tracking network utilization information, such that individual users, departments, or business units can be appropriately billed or charged for accounting purposes. fcaPs PERFORMANCE The goal is to both prepare the network for the future, as well as to determine the efficiency of the current network. Performance management is focused on ensuring that network performance remains at acceptable levels. This area is concerned with gathering regular network performance data such as network response times, packet loss rates, link utilization, and so forth fcapS SECURITY The goal of security management is to control access to assets in the network. It uses firewalls to monitor and control external access points to one's network.Security management is not only concerned with ensuring that a network environment is secure, but also that gathered security-related information is analyzed regularly. Ways to Manage • Static information – • Documentation Dynamic information – – – – SNMP RMON NetFlow/sflow EMM (Cisco Embedded Event Manager) What Options do I have? • Commercial Software • • Feature-limited packages • • PRTG, Spiceworks, Solarwinds... Free Vendor tools • • OpenView, Tivoli, CiscoWorks, SiteScope... Cisco Network Assistant... Open Source What is Open Source? • • License free computer software that makes its source code available to the community. Users can study, change and improve the software. Should I use Open Source? • It is not malware! Source code is available for modification Not tied to a specific company Community Support Usually it is license free • Some packages only run on Linux • • • • Common Software Reqs. • Linux – – – • Apache MySQL php Windows – – – IIS / Apache PostgreSQL JDK (Java) Deployments • Centralized – – • Easier to deploy Scalability pains Distributed – – Reliability of components More complex deployment Some OpenSource Tools Fault OpenNMS zenoss Nagios Munin Zabbix spiceworks Change Management Mercurial Rancid RCS SVN Netdisco Accounting TACACS Performance Cricket IFPFM MRTG arts (netflow/sflow) ntop smokeping Security SNORT Samhain splunk OSSEC Nessus Untangle Backtrack SiLK Demonstration How do I use OpenSource tools.. Zenoss Smokeping RANCID Cacti phpIP Netflows splunk Links of interest Where to find software: http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html http://www.networkbones.com/ Bootable CDs: CactiEZ - http://cactiez.cactiusers.org/ SiLK - http://tools.netsa.cert.org/silk/livecd.html Backtrack4 - http://www.backtrack-linux.org/downloads Questions….. Anything goes...