[펌] NMS 툴

MIDAS NMS라고 open source NMS 겸 침입탐지 솔루션이 있군.

http://blog.empas.com/freekang74/6804508

에 누군가가 삽질하면서 인스톨해본 수기가 있고,

홈페이지는 http://midas-nms.sourceforge.net/  이다.

=====

이거 말고 bigsister라고 있는데... 이것도 막강한 것 같군, 특히 command들이 쓸만한 듯. NT도 되고.

홈페이지 : http://bigsister.graeff.com/

여기는 설명이 잘 나와 있는 곳 : http://www.joerg.cc/html/bigsis/index.html

요건 깔아본 놈의 수기 : http://blog.empas.com/freekang74/1410465?d=2004-09

====

Tripwire 라는 것도 있음.

홈페이지 : http://www.tripwire.com/

소스코드 : http://sourceforge.net/projects/tripwire/

=====

각종 NMS 관련 솔루션들...

http://www.findnetworkmonitoring.com/services/monitoring/profilehelp.php

Big Sister: Big Sister is an SNMP-aware network and system monitor. It provides a simple view of the current network status, notifies you of problems, generates status history, and can display a variety of system performance data.
Big Sister Website: (http://bigsister.graeff.com/)

Cacti: Cacti is a PHP frontend to Tobias Oetiker's RRDTool software, which is used for network monitoring/graphing. Monitoring information is stored in a database, allowing you to display the data in graph format as you see fit.
Cacti Website: (http://www.raxnet.net/products/cacti/)

Dsniff:

Dsniff is a collection of tools for network auditing and penetration testing.

Dsniff Website: (http://naughty.monkey.org/~dugsong/dsniff/)

Ethereal:

Ethereal is an Open Source network protocol analyzer and packet dumper.

Ethereal Website: (http://www.ethereal.com/)

Ettercap:

Ettercap is a multipurpose sniffer/interceptor/logger for switched LANs. It supports active and passive dissection of several protocols and includes many features for network and host analysis.

Ettercap Website: (http://ettercap.sourceforge.net/)

Ganglia:

Ganglia is a scalable distributed monitoring system for high-performance computing systems such as clusters and Grids. It is based on a hierarchical design targeted at federations of clusters. It relies on a multicast-based listen/announce protocol to monitor state within clusters and uses a tree of point-to-point connections amongst representative cluster nodes to federate clusters and aggregate their state. It leverages widely used technologies such as XML for data representation, XDR for compact, portable data transport, and RRDtool for data storage and visualization. It uses carefully engineered data structures and algorithms to achieve very low per-node overheads and high concurrency. The implementation is robust, has been ported to an extensive set of operating systems and processor architectures, and is currently in use on over 500 clusters around the world. It has been used to link clusters across university campuses and around the world and can scale to handle clusters with 2000 nodes.

Ganglia Website: (http://ganglia.sourceforge.net/)

Honeyd:

Honeyd is an Open Source "honeypot", which is capable of detecting and responding to network attacks. Honeyd improves security by providing mechanisms for threat detection and assessment. It also deters adversaries by hiding real systems in the middle of virtual systems.

Honeyd Website: (http://www.honeyd.org/)

JFFNMS:

JFFNMS is a Network Management System that can be used to monitor any standards compilant SNMP device, server, TCP port or custom poller. It is written in PHP and features a database backend (MySQL or PostgreSQL), graphical interface (interface traffic, monitoring status, event console, etc.) and integrated syslog logging.

JFFNMS Website: (http://www.jffnms.org/)

MIDAS:

MIDAS is a cross-platform network monitoring and intrusion detection server. It has many features, including failover support, RRD graphing, support for Nagios plugins and Big Brother clients, and a wide range of built-in checks.

MIDAS Website: (http://midas-nms.sourceforge.net/)

Mon:

mon is a general-purpose scheduler and alert management tool used for monitoring service availability and triggering alerts upon failure detection. mon was designed to be open and extensible in the sense that it supports arbitrary monitoring facilities and alert methods via a common interface, all of which are easily implemented with programs in C, Perl, shell, etc., SNMP traps, and special mon traps. mon provides support for distributed monitoring servers.

Mon Website: (http://www.kernel.org/software/mon/)

MRTG: MRTG is a tool primarily designed to monitor the level of traffic on network links, although it can be used to graph a variety of different metrics (e.g. temperature). It generates HTML pages containing graphical images of traffic statistics for reporting purposes.
MRTG Website: (http://www.mrtg.org)

Nagios:

Nagios is a popular open source host, service and network monitoring program. It offers many features, including a plugin architecture for custom checks, customizable notifications, notification escalation, problem acknowledgements, flap detection, reporting tools, and more. It includes a web interface front-end, which allows user-level "views" of the monitoring system. Nagios has support for distributed and redundant/failover monitoring configurations.

Nagios Website: (http://www.nagios.org)

Nessus:

Nessus is a vulnerability scanner which can remotely audit a given network and determine whether it can be broken in to or misused it in some way. It is very fast, reliable and has a modular architecture that allows you to fit it to your needs.

Nessus Website: (http://www.nessus.org/)

Nmap:

Nmap ("Network Mapper") is an Open Source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against small networks and single hosts. Nmap can determine what hosts are available on the network, what services (application name and version) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Nmap Website: (http://www.insecure.org/nmap/)

ntop: ntop is a network traffic probe that is capable of displaying network traffic statistics, capturing (dumping) network traffic, etc. Includes a web interface with traffic reporting tools.
ntop Website: (http://www.ntop.org)

OpenNMS:

OpenNMS is an open source project dedicated to the creation of an enterprise grade network management platform. In addition to providing traditional SNMP-based functionality, OpenNMS has the ability to actively monitor services being provided on the network.

OpenNMS Website: (http://www.opennms.org)

Prelude:

Prelude is a full featured Intrusion Detection System distributed under the GPL License. Prelude is developed primarily under GNU/Linux, but also supports the *BSD, as well as any POSIX compliant platforms. It has been designed from the ground up to be optimized for distributed environments, completely modular, robust, and fast.

Prelude Website: (http://www.prelude-ids.org/)

Samhain: Samhain is an innovative Hybrid Intrusion Detection system designed to be very modular, distributed, rock solid and fast.
Samhain Website: (http://la-samhna.de/samhain/)

Snort:

Snort is an open source network intrusion detection system, capable of performing real-time traffic analysis and packet logging on IP networks. It can perform protocol analysis, content searching/matching and can be used to detect a variety of attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, OS fingerprinting attempts, and much more.

Snort can be used as a packet sniffer, a packet logger, or as a network intrusion detection system.

Snort Website: (http://www.snort.org/)

tcpflow:
tcpflow Website: (http://www.circlemud.org/~jelson/software/tcpflow/)

Zabbix: Zabbix is an all-in-one 24x7 monitoring solution. Some of its features include system integrity monitoring, SNMP monitoring, data visualization, mapping, capacity planning, and alerts. It can be installed on any UNIX platform and support monitoring agents on most popular operating systems.
Zabbix Website: (http://www.zabbix.com/)

출처 : http://blog.naver.com/leejaku?Redirect=Log&logNo=20013362248