[Novalug] pbnj and alternatives

Miguel Gonzalez miguel_3_gonzalez@yahoo.es
Fri Apr 2 09:32:14 EDT 2010


Maybe I haven't expressed myself clearly.
I'm not talking about a monitoring tool like Nagios (which we'll already have). We are not going to coutinously run this script (like every 5 minutes) but maybe once a day or week.
They aim is to to keep a baseline of the services that SHOULD BE open in our servers in a database and compare it to the scan we perform from time to time. A report should tell us two things:
- If a new port has been open. That way we can be sure that no new ports are open without being warned.
- If a port that should be open is closed.
I hope with this explanation (my english or my explanation maybe was not too good) you understand our goal.
Thanks,
Miguel

--- El vie, 2/4/10, Peter Larsen <plarsen@famlarsen.homelinux.com> escribió:

De: Peter Larsen <plarsen@famlarsen.homelinux.com>
Asunto: Re: [Novalug] pbnj and alternatives
Para: "Miguel Gonzalez" <miguel_3_gonzalez@yahoo.es>
CC: novalug@calypso.tux.org
Fecha: viernes, 2 de abril, 2010 09:25

On Fri, 2010-04-02 at 11:58 +0000, Miguel Gonzalez wrote:


> At work we are going to give a try a tool called pbnj. 

hehe - is that a joke name?? PBnJ?? :D Must be some sticky stuff.

> Essentially performs routine scans (with nmap) over a range of IPs and
> stores the results in a database. Then it tells you if a port has
> changed its state (from up to down or viceversa - however I'm digging
> the code to add a "new" state too). 

Very strange and maybe not too safe way of monitoring your network.
Scanning is usually a behavior that would trigger alarms. You also tax
your servers opening ports that aren't really used hence waiting for TCP
timeouts or resets - producing log entries warning of potential
problems.

>   Before reinventing the wheel, I'd like to know if there is any tool
> like this with better functionality (it's pretty basic, a perl script,
> the reports and the routine scans have to be configured manually). 

This is what NMS systems do - and do very well. There's a ton of them
out there. Nagios, OpenNMS to just mention a few. If you're looking for
just monitoring basic services, Webmin actually has a very nice
"clustered" feature where you monitor vital services on every server and
if something happens, from the node going down or a service failing you
can either have an automated script fire or notify someone. Nagios and
OpenNMS does the same thing too.

They do this without scanning the network. Instead they use one of
several approaches: SNMP, agent based or WMI (for windows). There are
also options to setup agents that does REAL Bind, SMTP or HTTP to test
that specific services are configured right. For instance, if your httpd
daemon is running but your virtual host configuration is in failure and
this advanced daemon would notify you of that. 

-- 
Best Regards
  Peter Larsen

Wise words of the day:
Linux is obsolete
    -- Andrew Tanenbaum



      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20100402/e09bac3e/attachment.htm>


More information about the Novalug mailing list