i kinda thought monitoring and alerting systems were or could be different,
were monitoring could be thought of as pro-active, and alerting would happen
after the fact. At some other company we used Openview to do monitoring. But
as a typical sys adm, trying to provide 24x7 on high profile production
machines we felt a syslog host running 'swatch' worked best for alerting. We
setup a single syslog host and pointed 70 servers to it. We were able to send
out alerts for typical kernel stuff (out of memory, cannot fork, out of
process), disk stuff (scsi errors, full file systems), and security stuff (we
ran courtney and wrapper and sent out alerts for scans, hostname spoofing) We
also had it tweaked for miscellaneous stuff like Volume Manager, EMC powerpath,
SRDF, and E10K messages. A lot of firewalls will send syslog messages, alerts
can be sent based on message types received (did this with the PIX and a LINUX
based firewall called SINUS). Don't know too much about NT, but it's possible
some form of syslog may be available for it.
Anyway it's free (except for the syslog host), and needs to be configured,
which could take time. We found that events, kinda, need to happen first so
the messages can be extracted and added.
-----Original Message-----
From: mouss [mailto:[EMAIL PROTECTED]]
Sent: Thursday, February 15, 2001 9:30 AM
To: ragu nandan; [EMAIL PROTECTED]
Subject: Re: Off the topic: Alerting software
At 12:38 14/02/01 -0800, ragu nandan wrote:
>Hi
>
> We use a commercial software called Whatsup Gold (
> <http://ipswitch.com/>http://ipswitch.com/Product/Whatsup) for monitoring
> our routers, unix and NT machines. It will notify the sys admins by
> pager/email/telephone if one of them were to go down ( I mean the
> machine). Offlate we are getting lots of false alarms etc. Wonder whether
> there is a more powerful, reliable commercial or freeware tool to do the
> same job. Our requirement will be to alert thro pager or cell. Thx in advance.
As of today, there is no technical solution that determines when an alarm
is to be sent. The only available
things are to ask the admin if some "coded" event should trigger an alarm
or not. given the cost of
pager/telephone alarms, this should be restricted to events that should
never happen. so you end
with a situation where: alarms and problems are not an equivalent thing.
so, only the marketing dept of
your software vendor can "convince" you.
guy, welcome to a wild world where you need to have an eye and there's no
tree to hide behind.
watch or get killed. no software will make you safe unless you collaborate.
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
