Slashdot Mirror

Wireshark was already mentioned, so I'll list some other tools I've found useful:

Mtr is better than traceroute. It has ncurses and graphical versions.

For persistent ping tests, I can recommend SmokePing.

Any modern network should have SNMP monitoring capability in the switches and routers. Ask permissions to get read-only access on the devices and there's a wealth of information to be gathered. From basic information like port status, packet/byte counters, to more advanced like topologies learned by MAC learning and neighbor discovery protocols (CDP, LLDP). Or you can just buy one for the class. 100M 24-port managed switches are not that expensive and a Linux server can be used as a SNMP-enabled router (Install and configure snmpd).

To actually act on that data.. You can try one-off tools like Cacti for traffic monitoring, and NetDisco for device and topology discovery. Or a huge does-it-all tool like OpenNMS.

Managed network devices can also dump traffic, either using "monitoring ports" (that mirror traffic from other ports), sflow (sampled stream of packets, unless 1:1 sampling, only useful for statistical traffic measurements) or nflow/ipfix (aggregated flows).

I'm especially fond of nflow, in addition to previous tools. Nflows can be used to analyze, post-mortem, who contacted and where and how much data was transferred at what kind of approximate pattern. This kind of data can be dug out from a full dump, but it's usually infeasible to dump _everything_ to disk. I've used flow-tools.

OpenNMS?

The first section beneath the welcome section reads like this:

"New To OpenNMS? Start Here."
http://demo.opennms.org/opennms/
        * username: demo
        * password: demo

Much faster than reading marketing fluff.

Network management is hard. It's a part of the design that the effort is front-loaded: if you plan ahead and organize what gets monitored and collected according to rules, then the effort involved in adding nodes down the road approaches zero. It's an approach that doesn't make sense for everybody's environment, and you should absolutely use what works for you. All kinds of people find that OpenNMS works for them; a few who have written up their stories are listed here: http://www.opennms.org/wiki/OBP As for having somebody "to yell at", The OpenNMS Group sponsors the project and provides support, consulting, training, and custom development for OpenNMS; check opennms.com for details (disclosure: I'm an employee). We make two promises about OpenNMS: 1. It will never suck 2. It will always be Free (as in Freedom)

It's open source, it's free, it's a complete network management system, and you can import existing asset information as well as populate through network discovery. We use it here at the New Mexico Child Youth and Family Development Department, with 53 offices, 2500 workstations, and 80 servers.

http://opennms.org/

Open Source use OpenNMS: http://www.opennms.org/wiki/Main_Page

Want commercial software?: Solarwinds Orion with IP Monitor.

FYI, I work for OpenNMS, so I can't answer for all systems, but I can tell you how we stack up against your requirements:

Many solutions out there seems to have been developed in what can only be described as an "organic" process. I.E. a few scripts were used from start, were hooked up with some other scripts, were slammed into a web-interface, got some more features, then something central were ripped out and replaced to allow yet more features and so on and so forth.

OpenNMS was started by guys who did OpenView, NetCool, and other consulting for years and were tired of crappy tools that were hard to integrate with, so it was designed with scalability and "enterprise-ness" from the start. We've got folks monitoring hundreds of thousands of data points every 5 minutes from a single box. At this point the biggest bottleneck is not the code, but the I/O capabilities of your monitoring host, and how much data it can save to disk in a given amount of time.

Does anyone know a solution that can both receive from syslog and decode traps with a given MIB, and then do some simple logic, like squashing repeats, displaying on a web-page with archival-options, and dispatch to mail/sms based on configurable rules?

OpenNMS can do this, with a combination of our syslog daemon (which turns syslog messages into events), the event translator (which can parse those events and let you look for certain patterns to make more specific/different events), and alarms, which collapse multiple events of the same type into a single thing which you would then use to send notifications (which can span various groups, duty schedules, and notification types).

Modularity/Seamless Integration

OpenNMS has a number of ways to integrate external systems:

* traps - OpenNMS can receive SNMP traps and turn them into events internally

* event socket - OpenNMS has an event socket that you can push XML to that become events internally

* syslog (as mentioned earlier)

* "passive status" which lets you essentially "push" polled data instead of querying it from a remote device

I'm a coder, I don't do any of our field-implementation consulting, so there are probably more ways to integrate that I've forgotten, but basically at this point, there's nothing you'd want to integrate that couldn't be integrated with just a little glue scripting.

That said...

The Perfect Monitoring System

There is no perfect monitoring system. Everyone (including me... <g>) starts out thinking "eh, network management can't be that complicated" but it turns out everyone has wildly different networks, different needs, and in the end, will get the most out of different solutions. Any network management tool that says it can solve everyone's problems is lying. There are absolutely situations where some tool would work better for your specific needs than OpenNMS, but we've worked hard to provide a platform that eases integration, to cover as many of those needs as possible. So far, all of the stuff you've mentioned is doable in OpenNMS. Not all of it would happen out of the box, but all of the things you're wanting are possible due to our flexible integration points.

FYI, I work for OpenNMS, so I can't answer for all systems, but I can tell you how we stack up against your requirements:

Many solutions out there seems to have been developed in what can only be described as an "organic" process. I.E. a few scripts were used from start, were hooked up with some other scripts, were slammed into a web-interface, got some more features, then something central were ripped out and replaced to allow yet more features and so on and so forth.

OpenNMS was started by guys who did OpenView, NetCool, and other consulting for years and were tired of crappy tools that were hard to integrate with, so it was designed with scalability and "enterprise-ness" from the start. We've got folks monitoring hundreds of thousands of data points every 5 minutes from a single box. At this point the biggest bottleneck is not the code, but the I/O capabilities of your monitoring host, and how much data it can save to disk in a given amount of time.

Does anyone know a solution that can both receive from syslog and decode traps with a given MIB, and then do some simple logic, like squashing repeats, displaying on a web-page with archival-options, and dispatch to mail/sms based on configurable rules?

OpenNMS can do this, with a combination of our syslog daemon (which turns syslog messages into events), the event translator (which can parse those events and let you look for certain patterns to make more specific/different events), and alarms, which collapse multiple events of the same type into a single thing which you would then use to send notifications (which can span various groups, duty schedules, and notification types).

Modularity/Seamless Integration

OpenNMS has a number of ways to integrate external systems:

* traps - OpenNMS can receive SNMP traps and turn them into events internally

* event socket - OpenNMS has an event socket that you can push XML to that become events internally

* syslog (as mentioned earlier)

* "passive status" which lets you essentially "push" polled data instead of querying it from a remote device

I'm a coder, I don't do any of our field-implementation consulting, so there are probably more ways to integrate that I've forgotten, but basically at this point, there's nothing you'd want to integrate that couldn't be integrated with just a little glue scripting.

That said...

The Perfect Monitoring System

There is no perfect monitoring system. Everyone (including me... <g>) starts out thinking "eh, network management can't be that complicated" but it turns out everyone has wildly different networks, different needs, and in the end, will get the most out of different solutions. Any network management tool that says it can solve everyone's problems is lying. There are absolutely situations where some tool would work better for your specific needs than OpenNMS, but we've worked hard to provide a platform that eases integration, to cover as many of those needs as possible. So far, all of the stuff you've mentioned is doable in OpenNMS. Not all of it would happen out of the box, but all of the things you're wanting are possible due to our flexible integration points.

FYI, I work for OpenNMS, so I can't answer for all systems, but I can tell you how we stack up against your requirements:

Many solutions out there seems to have been developed in what can only be described as an "organic" process. I.E. a few scripts were used from start, were hooked up with some other scripts, were slammed into a web-interface, got some more features, then something central were ripped out and replaced to allow yet more features and so on and so forth.

OpenNMS was started by guys who did OpenView, NetCool, and other consulting for years and were tired of crappy tools that were hard to integrate with, so it was designed with scalability and "enterprise-ness" from the start. We've got folks monitoring hundreds of thousands of data points every 5 minutes from a single box. At this point the biggest bottleneck is not the code, but the I/O capabilities of your monitoring host, and how much data it can save to disk in a given amount of time.

Does anyone know a solution that can both receive from syslog and decode traps with a given MIB, and then do some simple logic, like squashing repeats, displaying on a web-page with archival-options, and dispatch to mail/sms based on configurable rules?

OpenNMS can do this, with a combination of our syslog daemon (which turns syslog messages into events), the event translator (which can parse those events and let you look for certain patterns to make more specific/different events), and alarms, which collapse multiple events of the same type into a single thing which you would then use to send notifications (which can span various groups, duty schedules, and notification types).

Modularity/Seamless Integration

OpenNMS has a number of ways to integrate external systems:

* traps - OpenNMS can receive SNMP traps and turn them into events internally

* event socket - OpenNMS has an event socket that you can push XML to that become events internally

* syslog (as mentioned earlier)

* "passive status" which lets you essentially "push" polled data instead of querying it from a remote device

I'm a coder, I don't do any of our field-implementation consulting, so there are probably more ways to integrate that I've forgotten, but basically at this point, there's nothing you'd want to integrate that couldn't be integrated with just a little glue scripting.

That said...

The Perfect Monitoring System

There is no perfect monitoring system. Everyone (including me... <g>) starts out thinking "eh, network management can't be that complicated" but it turns out everyone has wildly different networks, different needs, and in the end, will get the most out of different solutions. Any network management tool that says it can solve everyone's problems is lying. There are absolutely situations where some tool would work better for your specific needs than OpenNMS, but we've worked hard to provide a platform that eases integration, to cover as many of those needs as possible. So far, all of the stuff you've mentioned is doable in OpenNMS. Not all of it would happen out of the box, but all of the things you're wanting are possible due to our flexible integration points.

FYI, I work for OpenNMS, so I can't answer for all systems, but I can tell you how we stack up against your requirements:

Many solutions out there seems to have been developed in what can only be described as an "organic" process. I.E. a few scripts were used from start, were hooked up with some other scripts, were slammed into a web-interface, got some more features, then something central were ripped out and replaced to allow yet more features and so on and so forth.

OpenNMS was started by guys who did OpenView, NetCool, and other consulting for years and were tired of crappy tools that were hard to integrate with, so it was designed with scalability and "enterprise-ness" from the start. We've got folks monitoring hundreds of thousands of data points every 5 minutes from a single box. At this point the biggest bottleneck is not the code, but the I/O capabilities of your monitoring host, and how much data it can save to disk in a given amount of time.

Does anyone know a solution that can both receive from syslog and decode traps with a given MIB, and then do some simple logic, like squashing repeats, displaying on a web-page with archival-options, and dispatch to mail/sms based on configurable rules?

OpenNMS can do this, with a combination of our syslog daemon (which turns syslog messages into events), the event translator (which can parse those events and let you look for certain patterns to make more specific/different events), and alarms, which collapse multiple events of the same type into a single thing which you would then use to send notifications (which can span various groups, duty schedules, and notification types).

Modularity/Seamless Integration

OpenNMS has a number of ways to integrate external systems:

* traps - OpenNMS can receive SNMP traps and turn them into events internally

* event socket - OpenNMS has an event socket that you can push XML to that become events internally

* syslog (as mentioned earlier)

* "passive status" which lets you essentially "push" polled data instead of querying it from a remote device

I'm a coder, I don't do any of our field-implementation consulting, so there are probably more ways to integrate that I've forgotten, but basically at this point, there's nothing you'd want to integrate that couldn't be integrated with just a little glue scripting.

That said...

The Perfect Monitoring System

There is no perfect monitoring system. Everyone (including me... <g>) starts out thinking "eh, network management can't be that complicated" but it turns out everyone has wildly different networks, different needs, and in the end, will get the most out of different solutions. Any network management tool that says it can solve everyone's problems is lying. There are absolutely situations where some tool would work better for your specific needs than OpenNMS, but we've worked hard to provide a platform that eases integration, to cover as many of those needs as possible. So far, all of the stuff you've mentioned is doable in OpenNMS. Not all of it would happen out of the box, but all of the things you're wanting are possible due to our flexible integration points.

And this is why we (OpenNMS) don't play the per-node. It's not any harder to run OpenNMS when managing 1000 nodes than when managing 100, you only need to scale hardware appropriately. Per-node pricing is an artificial limitation.

We also don't play the "you get a special price behind closed doors" game, our support prices are public, fair, and the same for everyone -- and that's only if you need commerical support -- our prices are $0 if you don't need or want support.

If you do the math, it's $0 for the software, plus $14,995/year for support for any number of nodes, and the software is 100% open-source and fully capable of replacing or exceeding OpenView. ;)

This Just In: Many FOSS Businesses Started by People Who Assume You Can Apply a Support Model to Any Business

Just because people hopped on the bandwagon and forgot the "plan" part of business plan doesn't mean it's a broken model, only that it's a model that can't be applied to all things.

I work for The OpenNMS Group, a commercial consulting company based around the OpenNMS network management platform. We do the "traditional" open-source business model, and it works quite well. I guarantee it won't work for everyone, but in our specific case, network management is a very large discipline that tends to need custom configuration (and sometimes even code) for most environments. Everyone's network is different, and there is no one-size-fits-all solution.

That makes it ideal for the Free Software model; you'll end up spending $50k easy on solutions from HP and their ilk, and then twice that again to get consultants to actually make it do what you want. Making the software free still leaves plenty of room to add value, help scale, and teach NOC operators how to get the most out of it without screwing hobbyists and small companies willing to put the man-hours into doing it themselves when they can't afford the budget on consulting services.

Just because someone's trying to start a company selling support for the Gimp or something doesn't mean it's a good idea, but just because the service model doesn't work for some open-source software doesn't mean it's a bad one. You still have to have a business plan, and you still have to provide value to your customers. Just because the software itself is freely available and/or Free doesn't change that. That didn't stop a bunch of companies from popping up, riding the "open source" wave...

In the end, the companies that came out with a poor strategy will fail, and others will remain, and open source will be just another boring old business strategy like all the others. ;)

I don't know why OpenNMS doesn't get more credit, maybe because it's a Java app, but it's a damned good one.

Get a very basic OpenNMS configuration going, point it at a range of IP addresses, and it will auto-discover most of what's out there. If you've got your SNMP agents up and running properly, it'll automatically start checking the more important OID's for you and graphing them with an RRD back end. Most of the setup can be done through the web interface instead of through vi. You don't have to restart the daemon every time you add a node.

If Nagios drives you a bit batty, check out OpenNMS.

I work on the OpenNMS project and we have been participating in the GSoC. I have not been directly involved but I have seen some of the work done by our participants. It is interesting to watch them learn about how to interact and contribute to the project. Some of them had to learn some of the basics of the "work" environment like meetings, status reports, and meaningful commit messages, as well as how best to present their ideas. I watched one presentation by a student and it was better than most I have seen in my professional life. If this student was to ask me for a recommendation I would have no problem giving it based on the coding and communications skills he has demonstrated. I think that is where the real value.
Going and starting your own open source project is one thing, but you need to show how you work with others. I think there is more value in working on an existing project, showing how well you can work with others within a team. Plus you have an opportunity of networking with other developers.
For non-programmers, there are other ways to contribute to open source projects, through documentation, IRC, mailing lists, forum participation, and testing. Again you get a chance to interact and network with people. You never know when one of the people that you wrote documentation for or helped out on a mailing list might be your next boss or co-worker.

take a look at opennms. http://www.opennms.org/index.php/Main_Page

I agree zenoss was a little weird but I think nagios is great!

The original copyright of the OpenNMS 1.0 code was created by Oculan (they had a dual strategy: open-source OpenNMS, commercial packaged OpenNMS-as-appliance). They have since gone out of business, and Raritan bought the intellectual property to sell as another product, so they don't have much reason to give us copyright to the grandfather of our shared code, they still have a vested interest in it. =)

However, OpenNMS pure-open-source development has continued on quite a bit since (2002?) when Sortova went off on his own to keep the open-source product alive. A large part of the code is now copyright The OpenNMS Group, which is our for-profit company supporting OpenNMS training/support/custom-dev, along with plenty of code copyrighted by tons of other committers.

The OpenNMS Group is certainly viable, and has written plenty of the code in today's OpenNMS codebase, but like many small "don't charge for a stupid enterprise version of free software" companies, legal funds to go after such things are slim. We're profitable, and growing, but we're not VC funded; would we rather fund our developer's conference or pay a bunch of lawyers to enforce something that folks Doing The Right Thing should be doing anyways?

It seems, however, that to enforce that copyright, we need to be more organized. We'd love to create an Apache-like not-for-profit "foundation" to own the copyright so we can be proper stewards of the code and not have things fragmented between us, other community members who have submitted code, and Raritan/Oculan. With the history of the original codebase, though, it's not terribly possible to do it 100% at the moment. We're doing what we can.

Believe me, there's nothing we'd love more than for this to not be an issue of The OpenNMS Group "controlling" the code. We believe in doing things right by way of the GPL, and just want to make sure others using the code do the same.

Take a look at the Open NMS blog http://blogs.opennms.org/?p=171 and you will see the author is not clueless, he is just asking Slashdot to see if they know what the GPL is all about.

He knows Cittio [http://www.cittio.com/] was lying when they said they didn't include OpenNms and then they are not releasing the Cittio source code, which is a violation of the GPL (although you could ask them politely).

If taken to court, they would have to pay a license to all the open source projects they are using. Otherwise, they would have to release the source. Given their business model, they will prefer to give some money away rather than give all their money away.

Good catch!

THIS PROVES THAT OPEN SOURCE IS AN EXCELLENT BUSINESS MODEL, IF YOUR SOFTWARE IS USED BY OTHERS, BECAUSE THEY EVENTUALLY WILL USE YOUR SOFTWARE AND INCLUDE IT IN A COMMERCIAL PRODUCT.

Basically, there's not one bigreason SunRocket went under, but rather a few smaller reasons that added up. The main one being that there was too much focus on bringing in management from the outside (mostly from AOL) instead of promoting from within. Also, employee retention was a big problem. When you start seeing early employees of the company quitting or getting fired, it's very demoralizing to those still there.

I ended up leaving after I was involuntarily transferred to another department (which was supposed to be temporary, but my requests to go back to my previous department were ignored), I had a director-level non-techie jerk that had been hired from outside SunRocket placed as my immediate supervisor, and they decided to blow hundreds of thousands of dollars on network monitoring software when we in the process of doing the same thing with Nagios and/or OpenNMS & saved big money.

To all of the former customers of SunRocket, as well as anyone considering hiring a former SunRocket employee: just about all of the non-management folks (especially the support personnel based in the US, & the technical groups) were the most competent group of people I have ever worked with, and the majority of them did care about providing the best VOIP service possible.

Offtopic: I've played around with Zenoss, and I can tell you that it isn't a good enough NMS to replace http://www.opennms.org/ OpenNMS, and doesn't graph well enough to replace http://www.cacti.net/ Cacti.

OpenNMS has world-class SNMP support, and configuring it literally could not be simpler. Tell OpenNMS what IP address ranges to discover and what community strings (or SNMPv3 USM users and passphrases) to use. Once the nodes finish scanning, SNMP data collection automagically begins for MIB objects that the system knows about. After a couple of data collection cycles, you'll have beautiful graphs of all this data.

When SNMP is not an option, there are still many options for both monitoring ("are all the servers answering requests?") and data collection ("what kind of traffic are we seeing on the DSL line?"). The latest release has an HTTP collector that you can configure to pull stats from devices that lack SNMP support but have a web interface, such as many DSL / cable modems and SOHO routers. There is also a page sequence monitor for testing "chained" web pages. For more complex tests or custom applications, you can wrap any existing test scripts you have in a bit of code that implements the interface contract for the General Purpose poller monitor.

As for time invested, OpenNMS is like any other sophisticated tool -- you get out of it what you put into it. If you just want to watch services and collect data, it will do that with almost no configuration. But take the red pill, and you'll find that the rabbit-hole is bottomless and full of things you never thought possible. The people who use and develop OpenNMS come from many backgrounds, bringing a great diversity of experience and needs. If you can think of it, somebody has probably made OpenNMS do it.

OpenNMS has world-class SNMP support, and configuring it literally could not be simpler. Tell OpenNMS what IP address ranges to discover and what community strings (or SNMPv3 USM users and passphrases) to use. Once the nodes finish scanning, SNMP data collection automagically begins for MIB objects that the system knows about. After a couple of data collection cycles, you'll have beautiful graphs of all this data.

When SNMP is not an option, there are still many options for both monitoring ("are all the servers answering requests?") and data collection ("what kind of traffic are we seeing on the DSL line?"). The latest release has an HTTP collector that you can configure to pull stats from devices that lack SNMP support but have a web interface, such as many DSL / cable modems and SOHO routers. There is also a page sequence monitor for testing "chained" web pages. For more complex tests or custom applications, you can wrap any existing test scripts you have in a bit of code that implements the interface contract for the General Purpose poller monitor.

As for time invested, OpenNMS is like any other sophisticated tool -- you get out of it what you put into it. If you just want to watch services and collect data, it will do that with almost no configuration. But take the red pill, and you'll find that the rabbit-hole is bottomless and full of things you never thought possible. The people who use and develop OpenNMS come from many backgrounds, bringing a great diversity of experience and needs. If you can think of it, somebody has probably made OpenNMS do it.

OpenNMS has nothing to do with bandwidth. Looks like their website can't handle the stress, but the software itself is just designed to let you administer huge clusters of computers and get them back up and running quickly.

guess it worked

I can't get too http://www.opennms.org/. Their network management sucks!!!! :P

Add OpenNMS to the list of stuff that this duplicates or overlaps with. Not that anyone in OSS needs permission to reinvent the wheel. You've got an itch - you scratch as it pleases you.

To plug a few projects where I have gotten a lot of help when my knowledge of the subject has been limited. By all means they could have given me a RTFM response but instead they answered my questions throughly and respectfully.

Zope http://www.zope.org/
OpenNMS http://www.opennms.org/index.php/Main_Page
MailScanner http://www.sng.ecs.soton.ac.uk/mailscanner/
MailWatch http://mailwatch.sourceforge.net/doku.php
SipX http://sipx-wiki.calivia.com/index.php/Main_Page

Before Suse for Sparc died:
http://lists.suse.com/archive/suse-sparc/
(Too bad that is gone, it was a nice Sparc based distro)

Let me start by saying I work on the OpenNMS project. You could use OpenNMS very easily to accomplish your goals. OpenNMS does many things, the features that would be most useful to you for this problem would be service polling, service reponse time graphs, snmp performance graphs, and thresholding. Here is a quick run down on each of these -

Service Polling
OpenNMS can be configured to poll services on your servers. It will do checks for many protocols such as HTTP, SMTP, FTP, HTTPS, DNS. NTP, RADIUS, and others. Some of the pollers are more advanced than others, but they all at the very least do a TCP SYN, SYN ACK, ACK type thing.

Service Response Time Graphs -
OpenNMS will collect the response times from the polls it completes. The data is stored so that it can be displayed from the web interface for any device/service/date selection. OpenNMS uses RRDTool or jRobin to store the data. RRDTool is MRTG's big brother, and jRobin is their cousin written in java. These are the basis for most of the statistical data storage in OpenNMS.

SNMP Performance Graphs -
SNMP is a wonderful system for presenting performance data about network attached devices. Unfortunatly it has gotten a bad reputation over the years. SNMP can seem to be overly complex but, OpenNMS makes it easier. If devices have SNMP turned on and are configured with default values(not recommended from a security perspective), OpenNMS will be able to discover the SNMP data and will begin collecting it. OpenNMS will store the data it collects in RRDTool/jRobin format for display in the web interface. What can I get from SNMP, you migh ask. It all depends on the device being monitored. Devices had SNMP MIBs that contain information on what data they will provide via SNMP. OpenNMS has many of the most common MIBs all ready setup. The basic things you should be able to see for the server side will be network utilization, load, CPU, memory and some disk information. Being a network geek, I would also make sure your network infrastructure is also setup to be collected from. In many cases you can watch how the traffic is flowing through the network to determine the source of the problem.

Thresholding -
OpenNMS thresholding could be used to look at the data collected and send you an alert when a threshold is crossed.

In addition, OpenNMS now supports NRPE, to be honest I am not sure to what extent, but if that type of functionality is needed it is there. If there is something needed for NRPE it can always be added.
There are many more features to OpenNMS check out the web site for mote information. For me the big things are performance, stability and scalability. Given enough hardware I don't think there are too many networks that OpenNMS could not handle. Once you understand it you will see how endless the possibilities are.

When the 2.2.5 version of Nessus was released, Brian Weaver (formerly of OpenNMS fame) was puzzled why the GPL version wouldn't scan. After hacking through the source code, Weave found the answer: strong evidence suggesting Tenable Security, the sponsors of the GPL version of Nessus as well as a commercial version, deliberately crippled the GPL version of Nessus. With stunts like this, would you trust Tenable to protect your network?

Opennms

Mon

Big Brother

For system information polling I'd go with:

Cacti hands down this is the best polling system out there and it's simple to setup and run.

I have had good results from OpenNMS.

While I haven't had the pleasure of working with any of these $10M install of a network management suite, I've been able to accomplish much of what you talk about using an assortment of the following open source tools:

OpenNMS
cfengine
nagios

Granted, none of these have real slick guis, and there is a bit of a learning curve to get over before you master them. However, for somebody who knows how to use the above tools, it's amazing the number of machines can be administered by one person.

I had good experience with the following tools: cacti
It's based on RRD the successor of MRTG (not much developed anymore, but still a good tool). Thanks Tobi btw.
OpenNMS is a really powerful realtime monitoring tool
Nagios also...
Don't forget snort for your IDS needs and add acidlab for good visualization of snort's results.

You face a similar problem to pretty much any hardware specific driver issue when it comes to Linux: the O/S tends to be ignored by the vendor.

Open-source tools tend to be (gasp) based on open protocols, whereas hardware tends to have its own specific, closed methods for determining state (such as temperature, etc.). The only real way to solve the problem is to reverse engineer the available methods or patronize those vendors that offer either an open solution or wider selection of supported O/S's. I believe that Compaq embeds some code from BMC Software for monitoring low level hardware information, so it is doubtful you will ever see the source for it.

Off the top of my head, only Dell's OpenManage is available for Linux.

If you can find a way to access the information from the command line, you can always use net-snmp to integrate it into an SNMP agent that can be accessed by most management products.

Good luck, and if you get it working you may want to check out OpenNMS as your monitoring solution. It supports CIM out of the box (as well as Dell OpenManage).

I'll probably get marked as a troll by those linux zealot moderators among us, but oh well.

Not necessarily a troll, but I definitely disagree. And your attitude will likely get you troll status no matter how true or false your argument is. Anyways...

This "study" is preposterous. While Linux has a lower TCO in small lab or workgroup environments it is highly unsuited for real enterprise environments.

I think it would be the other way around. Small environments don't have the manpower for setup, but enterprise environments usually have to custom-build solutions no matter what they start with, be it Windows or Linux.

While Linux has many of the same feature analogs that Windows 2000 does, the Linux ones are usually incomplete or far inferior to their Microsoft counterparts and require a significant amount of time to install (In order to install software X I have to recompile these libraries too?!? But software Y relies on them, oh? I have to recompile that also?), maintain, and upgrade.

If this is your impression of linux, then you must be doing it wrong. You almost never need to hand-compile stuff nowadays. Most distributions not only have most of the stuff you need out of the box readily available, but have sane upgrade systems as well.

- A Distributed Directory Service. OpenLDAP with SSL? PLEASE! Active Directory works well, right out of the box.

And where exactly is your argument as to why LDAP doesn't work?

- Client Policy Management. Uh, I can install Samba and hack away to get ntconfig.pol to work, which is a seriously out of date policy scheme from the NT/9x days, or Active Directory.

I'm really not sure what you're saying here.

- Remote Software Installation? In Linux, whichever hack you choose, it's going to require a lot of administrator time. With Windows 2000, you've got the package installation via GPO's. Easy to setup, and you can automaticaly configure clients with software packages based on the organizational unit (eg. Lab 1 in building 4) they're in.

apt-get update; apt-get dist-upgrade

- Centralized Management Tools. There are a few crappy third party tools for Linux, but they suck, to be frank. With Windows 2000, you have the MMC tool. Heavily upgraded since the NT4 days, this tool allows you to generate custom toolsets to administer your entire organization from one window, if you choose. Just add a snap-in and go.

There's a number of centralized management tools that get the job done, although I agree they're not as pretty as some of the Windows stuff. They're not unusable though.

- Remote Administration. Linux? X11 or VNC. Windows? The excellet Remote Desktop/Terminal Services software. Much more stable, smoother (movies & sound via RDP anyone?), and not clunky.

Maybe you can argue clunky, but unstable? X11 and VNC are perfectly stable.

- Kerberos, with no dicking around, nuff said.

Yeah, kerberos is still a bit of a pain, but much improved in recent distros.

- Enterprise monitoring utilities. With Linux, you have things like BB and syslog, yippee. With Windows 2000, you have BB, but also excellent tools like Microsoft Operations Manager, and the numerous other network monitoring tools (like the cool ones from Solar Winds).

OpenNMS. 'Nuff said.

- Automatic Updates & Patching. I think Red Hat still has that crappy update utility, sucks if you've gotta update 50 servers that way, though. Microsoft? Software Update Services and Automatic Updates right now. Not the perfect solution, but much better than what Linux has going for it.

sudo apt-get update; sudo apt-get dist-upgrade

With an even moderately competent Win2k administrator a network can be almost completely managed from his desktop.

Wasn't the whole point that a moderately competent Linux administrator managed more servers well than a moderately competent Win2k administrator? It's not like they made it up, they did a survey.

One can even argue that, with a competent administrator for each, Windows 2000 can be made more secure (while still being perfectly usable). I won't even get into the whole debate about the number of Linux exploits compared to the fewer Windows 2000 exploits on Bugtraq, because that really doesn't mean much overall.

Yeah, a good administrator can secure either OS reasonably well.

When it comes to pure software price, sure Linux is cheaper. When it comes to the enterprise? Please! Linux can't compete, right now. Microsoft software appears expensive (and most certainly is overpriced), but when you figure in man hours installing, updating, and maintaining, salaries for those people, and downtime while you recompile app x and lib y and app z that depends on y, Windows 2000 starts to look very attractive.

I think the whole point was that even counting all those things you're mentioning, Linux came out cheaper. You can always make an argument either way, but the point is, they went to real companies and asked them about their costs.

OpenNMS has some pretty good builtin functionality, and tries to make it easy to plugin more intelligence.

Larry

And OpenNMS.

Create a separate VLAN or management network for your LAN infrastucture.

Protect this management network from the rest of the network via a firewall or at a minimum access-list.

Use access-list or similar technology to limit SNMP access to your WAN infrastructure from your management network, or better yet specific network management servers.

Use SNMPv3 if at all possible.

Just like any other security matter, make sure that you are running the appropriate version of code and or patches on your systems.

Hope this was helpful!

Fred Reimer

I think that we should want only ONE repository of information about each computer. I think that, philosophically, a repository should not be anything else than a repository. We don't want the database of information to go out and start changing things. We don't want this because of a realization that the program that takes action based on information should be different than the program that contains the information.

Sure, but Ganymede actually is designed to actively respond to data loaded into it. If you want a simple repository, you want something like MySQL, or PostgresSQL, or a simple LDAP server.

For software distribution and management, tools like apt-get or rpm, when combined with something like cfengine or OpenNMS might make better sense, I would think.

I think modesty is fine, but not when it becomes misleading. The facts seem to be that Ganymede is an excellent start on something that needs to be everywhere.

Well, I'm pleased that you have a high opinion of Ganymede, and I certainly wouldn't want to discourage anyone from making a go of building something like what you are suggesting based on it, but as I say, it's not really what I was designing for.

If you'd like to throw ideas of this kind around, by all means, send email to the Ganymede-dev mailing list and see if you can find someone else who's interested in pursuing this sort of thing. If nothing else, it would be more appropriate for me to respond in depth there.

OpenView and Tivoli are for either very large budgets, or very large, distributed companies. NNM is pretty neat and all. It discovers your network for you, draws a really inaccurate map that you have to manually tweak. Then you find out that most of the features you want aren't part of NNM. You have to buy ITO (now called VantagePoint, IIRC). Then, you want to graph loads and network utilization. Guess what? Another $5-15k down the tubes. As far as I've been told Tivoli is the same way.

My point is that no matter which of those two you buy, you're going to need to do some substantial work to get them set up properly. Why not invest your time into something that is cheaper and, in most cases where you're monitoring
Where I work, I ousted OpenView and replaced it with NetSaint and Cricket. I also wrote a bunch of other CGI scripts to search my syslog archives and things of that nature. They aren't very difficult to maintain once you get the hang of it, and they're free.

If you're really set on something grand, I've been keeping an eye on OpenNMS which is more to the scale of NNM or Tivoli. Give their page a readover - they're nearing a 1.0 release, last I checked. Remember, you can always spend that cool million that's burning the hole in your pocket to hire the lead developer of one of those projects to come in to your company and 'Make it So.'

Good Luck!

It can be run from cron (so root gets e-mail reports) and you can configure it to just download the updates (it does also update the updates so the older ones get deleted) or to install them automatically for you. It can compare the remote updates against those installd on your system or against a set or rpms you specify. It can even upgrade your kernel updating the LILO or GRUB configuration if you tell it to do so.

I'm using it to download and (for some of them) install all the Red Hat official updates for 6.2 and 7.2., also Ximian GNOME (w/o the Red Carpet bloat and using FTP or [S]HTTP so no proprietary server portion as in up2date is necessary), the unofficial HDE 2.2.x rpms maintained by Benjamin Reed at ftp://ftp.opennms.org/people/ben/, ..

It really shines when the repository maintainer does publish the dependency database (created by using nothing more than rpm and the autoupdate script itself) along the packages.

Give it a try, you will not regret.

The author is Gerald Teschl

The URL is:

http://www.mat.univie.ac.at/~gerald/ftp/autoupdate /index.html

-- Ramiro

1. Fluke networks have a tool that is designed to map switched ethernet networks (no WAN). It can be found at their website.
2. The opennms project is considering adding this, there is a discussion list for it on their website that talks about some of the technology involved.
3. 3com network supervisor. This can do some basic mapping of the network, see their webpage.

/me mutters something *very nasty* about Bero

If its like KDE 2.2.0, Bero built them for 7.2. If you're silly enough to be running the stable release, you should rebuild every SRPM by hand, and then install a bunch of nonstable non-KDE apps

That's REALLY REALLY DUMB and is wasting vast quantities of everyone's time on the various KDE mailing lists.

Go here to get properly built, working 2.2 packages for 7.1. With any luck our mate ben should make 2.2.1 ones real soon.

Otherwise, ask the Freshrpms guy. Need a working package for anything for a Red Hat system? This guy is nice enough to take requests too.

You might consider booking Shane O'Donnell from the OpenNMS Project.

He's an excellent speaker, and the project is fascinating - with a really refreshing, practical approach. He came to speak at the Pikes Peak LUG in September, and gave a very polished presentation. He does an excellent job of tailoring his level of detail appropriately for the audience.

If you are looking for software to create a cluster, there are several, depending upong what type of cluster you are trying to create. If you are creating a service-based cluster, check out TurboLinux Cluster Server, Linux Virtual Servers, PolyServe Understudy, and Legato. There are many others available, including hardware solutions from Cisco, F5, and Alteon. I'm not too familiar with Beowulf-type clusters.

If you are looking for software to manage groups of systems, that's a whole different story. You might look into Enlighten DSM, Tivoli, or OpenNMS. I'm sure there's a lot of competition in that field as well, but I don't have any experience with those products.

I think this is the article you asked my opinion on? If not, here is my opinion anyhow. Take it with a grain of salt, and let me apologize for the length of this post in advance.

I agree, except on the software part. Books, magazines, music, movie etc help people learn (besides entertain), and apply the ideas they learn as they like, without charges. I think of most software as a tool. I don't expect to be able to borrow it out of the library and keep a copy forever, the same way I don't expect to borrow a bulldozer and keep it forever.

The perception of Software as a tool is one that the Software Industry has been pushing for a very long time now. The truth is Knowledge in general is a tool. Software is just a different method of recording a set of instructions. The computer interpretting those instructions is the tool.

An odd example: If I wrote a flowchart to show the way that _I_ made a peanut butter and jelly sandwich (I did this once as a kid!), and attempted to sue all the kids in the world who told their parents they wanted theirs made the same way(with potato chips in them!), everyone would agree that I was nuts. What if I had actually thought of this first (I admit I pirated the idea from the little girl next to me), and had actually patented it? You'd still think I was nuts, and anyone who wanted to put potato chips on their PB&J would continue to do so anyway.

Ok, fine, I lost that lawsuit. I'm gonna go sue the Producers of the movie that popularized my idea without giving me my royalties, and the authors of the 1000 or so cookbooks, that rudely took my flowchart and made recipes out of it.

Still think it's absurd? Yeah, because it is.
Even if I legitimately thought of the idea first.
Even if I was legitimately the first to do it.
Even if I had spent 100 hours of my own time, and bought 500 loaves of bread and 50 jars of PB&J, most people would think I was nuts to demand payment of them, just because they built their sandwiches the same way.

You could use similar logic to argue against letting people borrow books, magazines, etc, but I think there's a difference. Software, like MS Word doesn't help you learn. You don't really need MS Word. There's nothing you can do with MS Word that you can basically do without it.

But there is still a way to profit off of it, without directly selling it. If you (as a company) spend time to develop a product, then nobody is going to know that product better than you, and generally they are going to come to you for training and support for that product. Additionally, when that product doesn't do exactly what they want, but damn close, they're going to pay you money to figure out how to make that product do what they want. They may even pay you money to teach them how to make that product do what they want. Example: OpenNMS.

Another possibility is that you develop software that absolutely kick ass, everybody loves it, and you give it away for free, under a fully functional, but request (not demand) payment, "If you want to see it get better, send me money so I can keep making it". See WinAMP.

Or best of all, do it because it's what you love to do, and because you believe it should be done, and because you want to contribute to the world you live in. Package it with cool and unique but cheap stuff (Stickers), sell T-Shirts, and give recognition to the individuals or companies that support your efforts. I bought a copy of OpenBSD just to have a CD with a Pufferfish on it.

Books contain ideas that you can't expect to get on your own. I'm at a loss to explain it better. One way to look at is that books impart knowledge, and software and equipment are facilitators.

As I said computers are the tool, software just the instructions to make them work. If anybody should be funding software development, it's the computer manufacturers who are selling you a tool, and making you buy the manual from someone else.

It did actually used to be this way, I might add, before M$. Apple computers came with Apple's OSs on them(and still do). Mainframes with Unix. IBMs with IBM-DOS. However, once people started buying M$ to replace the installed OSs, the computer manufacturers eventually began selling computers without OSs. Do you think they removed the cost associated with the development of the software?

With those books, you can obtain the knowledge to build the software and equipment you think you need.

We as a society should be supporting the growth of that society, not reinventing the wheel, if it has already been done, the knowledge that you need to do it again should be freely available, I think that software falls into the category of this Knowledge. Building equipment, a physical undertaking is different.

Also, I think software in libraries is a good idea if the idea is for trial use, use the software until you return it. Pay for it afterwards.

Why pay for it afterwards? You haven't cost anybody any money by not paying for it. Instead, pay a company to better it, something they may not be able to do without the necessary funding.

Open Source is nice, but there's a lot of other nice software we wouldn't have because it takes too much time and skill to produce for free.

Free is relative. If computer manufacturers or corporations were paying to have it developed to begin with (for the purposes of their own profits), then it would already be paid for.

Copy machines in libraries is a good point though, and has significance to the software industry. Even though you can copy an entire book in the library, people still buy books. Though, sometimes it is just as expensive to photocopy a book, not to mention it's time consuming.

Indeed, I would buy a copy of an Operating System from the company that created it, if that cost was fair, and they were only profitting minorly from the cost of distribution.

Lasty, I should mention I'm a bit of a hypocrite because I use some pirated software. Almost all the software I use often (once a month or more), I buy, if it's not free that is. I'm not sure if this is good or bad, but, for instance, I don't want to pay $100+ bucks for MS Word, when I use it rarely to view and lightly edit a Word file someone sent me in an email. Also, I have no stolen software that I would buy to use if I wasn't able to steal it.

Excactly the point of this whole diatribe. Software is not priced fairly. Value is a relative thing, and one thing may have many different values to many different people. Perhaps if the software industry were to open it's eyes and see this, and build a more morally correct business model, then we wouldn't have the problems that we face now.

-Tommy

Have a look at the OpenNMS project. It looks to be very close to what you are looking for. I recently heard Steve Giles, one of their lead technical people, give a presentation at the local LUG meeting, and I was quite impressed.

We just went through these exact discussions prior to deciding to shift our "strategic language direction" to Java from C/C++. I think we hit most of the arguments made here, as well as a few others:

• We predicted (and are realizing) a considerably shorter development cycle in Java.
• We anticipate that writing in a "portable" language will bring us to market MONTHS faster on multiple platforms, versus the time it would take to port our GUI/EUI components.
• Performance: Do you design your applications to scream on today's hardware, or to run on today's and scream on tomorrows? We voted for the latter. (And new, high-quality JITs (referenced earlier) helped support this decision)

The major drawback we're finding is that ANY of the GUI-builder environments that we've worked with generate enough superfluous code (or worse yet, platform/environment-specific code!) that we've resorted to vi. As an aside, vi rocks, but it doesn't do drag-n-drop GUI development as well as it could...;-)

Enough rambling, back to the Revolution!

We just went through these exact discussions prior to deciding to shift our "strategic language direction" to Java from C/C++. I think we hit most of the arguments made here, as well as a few others:

• We predicted (and are realizing) a considerably shorter development cycle in Java.
• We anticipate that writing in a "portable" language will bring us to market MONTHS faster on multiple platforms, versus the time it would take to port our GUI/EUI components.
• Performance: Do you design your applications to scream on today's hardware, or to run on today's and scream on tomorrows? We voted for the latter. (And new, high-quality JITs (referenced earlier) helped support this decision)

The major drawback we're finding is that ANY of the GUI-builder environments that we've worked with generate enough superfluous code (or worse yet, platform/environment-specific code!) that we've resorted to vi. As an aside, vi rocks, but it doesn't do drag-n-drop GUI development as well as it could...;-)

Enough rambling, back to the Revolution!