North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Network monitoring/IDS rant - What's hot what's not?
On Wed, 26 Feb 2003, Pete Kruckenberg wrote: > > On Wed, 26 Feb 2003, Christopher L. Morrow wrote: > > > CA-Unicenter/OVW/Tivoli are not IDS systems... > > (traditionally) but they can normally monitor the heck > > out of 'decent' sized networks (less than 500 components > > was my last experience with OVW atleast, tivoli and CA > > we never got working correctly with less than 1 metric > > butt ton of LOE to keep it running) > What are the options and recommendations for networks > 500 > components? i've done this sort of stuff successfully with Aprisma Spectrum. issues: 1) it's not cheap. on the other hand, Aprisma did used to have a service provider oriented pay-per-number-of-notes-monitored pricing plan, which is how we did it back when i was running a Spectrum based NMS shop. 2) it runs only on W2K and Solaris, and for large installations, runs much better on Solaris. sizing depends on number of nodes being monitored. "enough RAM" is important. multiple spindles with well chosen file system partitioning, and 2 CPUs, also make a difference. 3) getting it to run well requires experience. some default settings are not very suitable for monitoring large WANs, and it is definitely not "set up and forget it" software. 4) apropos to 3, budget for training. one or two smart guys who've been through class can handle it (no need for Aprisma Professional services.) 5) reporting used to be clumsy, although are were some add-ons available to improve this. 6) the database used to be a proprietary network database based on the old VistaDB. they've been migrating towards MySQL, although the migration isn't complete yet. archived polling data does go into MySQL, but the database of monitored nodes was still in the proprietary database the last time i looked at this. note also that there are a bunch of up-and-coming NMS systems that may or may not be better than Spectrum. the last time i did an evaluation, Spectrum was the best in the cost-no-object model, but that was a while ago. richard -- Richard Welty firstname.lastname@example.org Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security