Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Free/inexpensive tools for monitoring systems/networks - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Free/inexpensive tools for monitoring systems/networks
I have been testing out Net/FSE. it collects syslog and netflow data. it is a new open source project and will be great once the bugs are out.
emueller

3 Posts
Since you are looking for a "free" solution then depending upon platform, Zenoss(Linux) or Spiceworks(Windows) both will monitor systems, software, applications, provide alerting, and much more!
I have used both and still use Spiceworks for a non-profit I support.
I would still be using Zenoss if it weren't for the company I work for balking at a Linux app.
I currently use Solarwinds NPM, APM, NCM which are all for pay systems, but it makes the higher ups happy and is a good system. Solarwinds offers many "free" versions of their tools. You can heck them out here: http://www.solarwinds.com/products/solarwinds_free_tools/

All of the free products are centrally managed and scalable to a point. Spiceworks is getting better at larger organizations, but Zenoss already has a grasp on scalability.
emueller
1 Posts
NetDisco does a pretty good job identifying new or changed computers and devices, and gives a pretty good shot at what has been discovered by MAC to vendor tables. I use it on a network with well over 1000 computers and it does fine.

MRTG should be mentioned as it does a great job of monitoring many things, including server loads, heat, bandwidth and alarm status on UPS devices, etc. Not an IDS, but watching interface load changes can give you a heads-up on things. You tend to develop a sense of normality, and when something changes you will see it.

-Al

I also use many of the other tools mentioned here. All have their advantages.

-Al
Al of Your Data Center

80 Posts
Syslog-ng to aggregate logs.
Splunk to make sense out of them.
Nagios to monitor just about anything/everything about processes/configuration/etc.
Ganglia to monitor performance stats.
OSSEC for file integrity monitoring and rootkit/strange files.
Nmap/Ndiff to monitor for rogue nodes.
Al of Your Data Center
1 Posts
Secunia OSI (Online Software Inspector) is free and does not seem to have corporate licensing restrictions. The web site states "Typical users: Home PC User", but does not restrict. While not as thorough as their PSI, it's still very good.
RichH

9 Posts
Before rushing out and buying/evaluating new tools, make sure to check what you already have. I've often found people only use a portion of the tools available to them, and with software features coming out all the time, it's easy to overlook something you already have. For example, many AV vendors now have the ability to scan for missing/applied patches, agent-based solutions will often log when a host is unreachable from the server, etc..
RichH
2 Posts
We use Spiceworks and Tembria Server Monitor to monitor our network. Tembria is great for monitoring computer logs, checking for file existence, and checking for rogue machines. It is also very useful for making sure services are running on specific machines.
RichH
1 Posts
Trisul Network Metering and Forensics for tracking network usage based on pcap or netflow. Both current and retro. Like ntop but very flexible metering mechanisms and long term storage. Keeps pcaps & flows around so you can get to raw packets. Linux + Web UI. Its new & different but worth checking out. Eval doesnt expire but restricts data to 3 day window.
RichH
1 Posts
I am looking into some of these nice tools. But it always occurs to me that for the Home and small business user the tool has to work out of the box with a learning curve as close to zero as possible. If it is not free or has any significant learning curve it is of no use for the Home or small business user.

Perhaps the list of tools could be sorted or marked for these attributes to assist the Home and small business user in their selection.
KBR

63 Posts
We are currently looking into putting OSSIM onto our network. So far it looks like a pretty good solution for network monitoring, log management, and correlation. It appears to scale well.
KBR
1 Posts
We use Intersect Alliance's SNARE to syslog Windows logs to a syslog server.
Just be careful installing it on a AD Domain Controller because it can modify audit policy settings.
CrAsH

1 Posts
Secunia has a "partner program". My understanding is that it is free to sign up a University as a PSI partner which allows use/distrib to University machines. I know the person asking works in government, but GEM (Government, Education and Military) are frequently offered the same deals. The acquisition price I saw was less than I would expect to pay for support.
Dan

1 Posts
I use Lansweeper and SpiceWorks for general monitoring. I greatly prefer Lansweeper.

OSSEC rocks my world.
ComputerX

6 Posts
If you liked the old Big Brother, you'll love xymon. All of the flexibility with a whole lot more scalability. And it's GPL, so no messing with the funky "better-than-free" license.
ComputerX
1 Posts
BitMeter OS is an open-source network bandwidth monitor, works on Linux, OSX and Windows and has a nice AJAX-y web interface as well as command-line tools: http://codebox.org.uk/bitmeteros
Anonymous
Splunk is the best tool for collecting logs of any type. You can use it to convert Windows logs into syslog format, you can watch application logs with it and you can log everything to a central location. <5G/day bandwidth log-wise is free. You can generate PDF reports, pie charts for management, run scripts based on log events, alerts, etc etc..

If you pay, you can e.g. run distributed searches across multiple log servers in different locations.

I have IDS logs, FW logs, AV logs, system logs, application logs all going to Splunk. You can create customized dashboards for different user roles that shows the data they need/want.

It's an awesome tool. And no, I don't work for Splunk, but I am a user + I love it.
Anonymous
I was using Prelude IDS from prelude technologies at my last job. I have not installed it here yet, but I plan to. great sensor based suite that can correlate events and has support for input from a number of other logging and security systems. i.e. snort, syslog, etc...
Blagarswinth

23 Posts
I also use PFsense for my firewall. good firewall built on freeBSD and includes a lot of network monitoring modules that can be installed directly onto the firwall. Nmap, snort, ntop, spamd, squid...tons of stuff. its a great little FREE setup and they do offer commercial support if you want to buy a support contract.
Blagarswinth

23 Posts
Splunk is amazing for log analysis, visualization, etc. However the previous poster mis-spoke, the free version will process 500MB/day, anything more then that requires a license. (Free version also removes some features, but still awesome.)

Mon for system/network monitoring is great. I think of it as a monitoring tool for unix sysadmins, its not pretty but it gets the job done and scales to amazing scales. 500K monitoring jobs per day? Dozens, hundreds, or thousands of hosts tested in each job? Mon can do that. Pretty reports for management on trends and average uptime, etc.? Mon can't do that, but if I was doing it from scratch today I'd look at sending Mon logs to Splunk for reporting. (Used Mon at my last job, current job is a Nagios shop. There is a splunk app for Nagios already built, planning to test it out soon.)

Cacti for network performance monitoring, bandwidth/error graphs, anything you want to do collect and graph with RRDtool.

If you've got Cisco routers, read up on the IP SLA feature set. It allows you to use your routers as a distributed monitoring grid for simple tests like ping, dns and http. We use it both to test our VOIP network for QOS issues and to provide distributed monitoring of our internal anycast DNS infrastructure from every satellite office.
Blagarswinth
2 Posts
Have a look at Sceccubus for analysing you Nessus and OpenVAS findings more efficiently.
Blagarswinth
10 Posts

Sign Up for Free or Log In to start participating in the conversation!