Re: Bridge Monitoring
- Original Message From: Jason Dixon ja...@dixongroup.net To: James Peltier james_a_pelt...@yahoo.ca Cc: OpenBSD Mail List misc@openbsd.org Sent: Tue, September 7, 2010 4:03:09 AM Subject: Re: Bridge Monitoring On Mon, Sep 06, 2010 at 09:26:09PM -0700, James Peltier wrote: Hi All, Now that I have my new bridge in place and happily filtering away I would like to look at monitoring and graphing it. I'd like to setup a monitor port style so that I can send the traffic over to another box for processing. I was thinking of installing symon on the bridge itself and sending it over to another box. Additionally, I was looking at setting up a pflow device and sending it to another box and analyze using something like netflow dashboard. We currently use a Cisco sending data to a GNU/Linux box running MRTG. We use arpwatch, IP Audit and other tools. Any ideas what might be best to use in this case? What are others using to monitor their network firewalls, bridges or networks in general? Off the top of my head (probably forgetting a lot): munin, symon, cacti, reconnoiter, nfsen, netflow dashboard -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/ Thanks for the responses. So it seems like using symon to capture the statistics and sending them to another box for processing is a workable solution. Could this also be done by using the pfsync device to mirror the traffic on another OpenBSD server. I do not want to install web server applications on the bridge or on my routers as that would increase the risk of compromise. Real-time analysis would be really nice and I think pfsync would allow for nearly that.
Re: Bridge Monitoring
On Mon, Sep 06, 2010 at 09:26:09PM -0700, James Peltier wrote: Hi All, Now that I have my new bridge in place and happily filtering away I would like to look at monitoring and graphing it. I'd like to setup a monitor port style so that I can send the traffic over to another box for processing. I was thinking of installing symon on the bridge itself and sending it over to another box. Additionally, I was looking at setting up a pflow device and sending it to another box and analyze using something like netflow dashboard. We currently use a Cisco sending data to a GNU/Linux box running MRTG. We use arpwatch, IP Audit and other tools. Any ideas what might be best to use in this case? What are others using to monitor their network firewalls, bridges or networks in general? --- James A. Peltier james_a_pelt...@yahoo.ca pfstat and nfsen. Ken
Re: Bridge Monitoring
On Mon, Sep 06, 2010 at 09:26:09PM -0700, James Peltier wrote: Hi All, Now that I have my new bridge in place and happily filtering away I would like to look at monitoring and graphing it. I'd like to setup a monitor port style so that I can send the traffic over to another box for processing. I was thinking of installing symon on the bridge itself and sending it over to another box. Additionally, I was looking at setting up a pflow device and sending it to another box and analyze using something like netflow dashboard. We currently use a Cisco sending data to a GNU/Linux box running MRTG. We use arpwatch, IP Audit and other tools. Any ideas what might be best to use in this case? What are others using to monitor their network firewalls, bridges or networks in general? Off the top of my head (probably forgetting a lot): munin, symon, cacti, reconnoiter, nfsen, netflow dashboard -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Bridge Monitoring
Hi All, Now that I have my new bridge in place and happily filtering away I would like to look at monitoring and graphing it. I'd like to setup a monitor port style so that I can send the traffic over to another box for processing. I was thinking of installing symon on the bridge itself and sending it over to another box. Additionally, I was looking at setting up a pflow device and sending it to another box and analyze using something like netflow dashboard. We currently use a Cisco sending data to a GNU/Linux box running MRTG. We use arpwatch, IP Audit and other tools. Any ideas what might be best to use in this case? What are others using to monitor their network firewalls, bridges or networks in general? --- James A. Peltier james_a_pelt...@yahoo.ca
