Полезная информация

LogoNetwork Monitoring with Linux

This page is a resource of the Networking Group of the BTC, affiliated with the College of Computing of Georgia Tech.

Taxonomy

All of these programs monitor the machines and routers on a network and report their status. They differ in their manner of presentation, the variety of monitoring techniques available, the

Detailed Descriptions

Multi Router Traffic Grapher
Home page:http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/mrtg.html
Screen shot:http://www.ee.ethz.ch/stats/mrtg/
Source code:http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/pub/
Requires:Perl 5 and the GD library.
License:GNU General Public License

This utility, which is available for Windows NT as well as for Unix, monitors any numeric SNMP variable and produces a web page containing four graphs of the variable's activity, covering the last day, week, four weeks, and year. It is typically used to monitor the amount of traffic encountered at one or more network connections. It seems efficient, well planned, and offers a reasonable degree of customization through its configuration file.

MRTG expects to be run every five minutes to collect data, which it compiles in log files; it may be run by any user. It automatically consolidates its log files so that older data is kept for only as long as necessary to produce the graphs.

The application compiles without complaints under Linux. Note that the GD package required by MRTG is available both as source, which you can get by following the link from the MRTG home page, and also as Red Hat packages (both i386 and source) from their contrib directory.

PyNG - the Python Network Grapher
Home page:http://www.cb.hva.nl:81/PyNG/
Screen shot:http://www.hva.nl/Traffic/se0.html
Source:http://www.cb.hva.nl/PyNG/download/PyNG.py
http://www.cb.hva.nl/PyNG/download/PyIV.py (an auxiliary utility)
Requires:the Python language.

This is a remote management utility which uses the Python SNMPY package (see the Query Tools). It is designed to be run periodically (say, every five minutes) on each host, for which it will generate a Web page giving network interface and server statistics over time intervals ranging from days to a year or more. At HvA (where it was developed) they use a clickable map to navigate among the hosts on which PyNG is set up. The latest version of PyNG was released in May 1996.

mon - Service Monitoring Daemon
Home page:http://ftp.kernel.org/software/mon/
Source:ftp://ftp.kernel.org/pub/software/admin/
License:GNU General Public License.
Requires:Perl and one or two Perl modules from the CPAN archive. A full installation of all of mon's monitors requires a Linux-patched SATAN installation; see mon's README for details.

This flexible monitoring tool is a collection of Perl scripts. Like NOCOL it allows you to add to its collection of monitors that each test the availability of a different network service, but it has alarm and paging features similar to those of Spong and Big Brother.

But mon goes beyond these other tools by also providing more that one interface through which the network status may be obtained. They include a command-line client, a utility that displays nicely-formatted columnar output, a SkyTel 2-Way password-protected paging interface, an operational status web page, and an interactive web interface that lets you not only view information but modify mon's behavior while it is running.

mon is currently in development, with new versions appearing every month or so.

Big Brother
Home page:http://www.iti.qc.ca/iti/users/sean/bb-dnld/
Screen shot:http://taex001.tamu.edu/bb/
Source code:User registration requested for download; see http://www.iti.qc.ca/iti/users/sean/bb-dnld/new-dnld.html.
License:Free software.

Big Brother monitors the status of remote devices and generates a web page reporting its findings, much like Spong. The page it generates is a table with one row for each device and one column for each service. A green dot in a table cell indicates that the service is up and running; a more severe color such as yellow or flashing red indicates a problem. The severity computations are user-configurable. For each device you can specify which tests it should be subjected to. Finally, BB allows you to specify conditions under which it should dial your pager.

BB includes several external tests, such as connectivity (via ping) and whether certain services are running on other machines. It also comes with a small daemon that you can run on Unix machines to monitor the cpu load and disk utilization, and determine whether specific system processes are running.

Big Brother uses port 1984.

Spong - Son of Pong
Home page:http://strobe.weeg.uiowa.edu/~edhill/public/spong/
Screen shot:http://strobe.weeg.uiowa.edu/~edhill/public/spong/example/main.html
Source code:http://strobe.weeg.uiowa.edu/~edhill/public/spong/spong.tar.gz
Requires:Recent version of Perl.
License:Artistic License or GNU General Public License.

Spong is similar to Big Brother, with more features but not as much attitude. Both are designed to be simple and reliable, and both programs can email or page when problems arise. Differences include:

NOCOL/NetConsole - Network Operation Center On-Line
Home page:http://www.navya.com/
Source Code:ftp://ftp.navya.com/pub/nocol-4.01.tar.gz
Requires:Perl.
License:Free software.

NOCOL is designed to monitor network devices. It consists of a collection of stand-alone monitors, which gather status information and store it in a common format, and a curses-based display agent which administrators can use to view this data. It is designed to be flexible and includes a Perl interface to its monitor data format to make it easier to develop new monitors. More than a dozen monitors come with the package (covering more capabilities than those offered by the above two programs). In particular it includes an SNMP monitor (a modified version of the CMU SNMP package).

The user can customize the alarm computations performed when he runs the display program, including the specification of threshold values. The display program is written so that multiple users may run it at the same time.

Reader Frank Keeney reports that NOCOL compiles and runs very well under Linux; you can email him about his experience at frank@pasadena.net.

Argus
Source:ftp://ftp.sei.cmu.edu/pub/argus-1.5
Copyright:Permits noncommercial use, duplication, modification, and distribution.

From its own README file: ``Argus is a generic IP network transaction auditing tool that has has been used by thousands of sites to perform a number of powerful network management tasks that are currently not possible using commercial network management tools.

``Argus runs as an application level daemon, promiscuously reading network datagrams from a specified interface, and generates network traffic audit records for the network activity that it encounters. It is the way that Argus categorizes and reports on network activity that makes this tool unique and powerful.''

SNMP Sniff
Home Page:http://elektra.porto.ucp.pt/snmpsniff/
Source:http://elektra.porto.ucp.pt/snmpsniff/snmpsniff-0.5b.tar.gz
Requires:The libpcap library, whose source is at ftp://ftp.ee.lbl.gov/libpcap.tar.Z and which is also available as libpcap-0.4a4-2.i386.rpm, libpcap-devel-0.4a4-2.i386.rpm, and libpcap-static-0.4a4-2.i386.rpm. It also requires CMU SNMP, version 1.7 later.
Copyright:Freely redistributable and modifiable.
RPM:http://elektra.porto.ucp.pt/snmpsniff/snmpsniff-0.5b-6.i386.rpm

SnmpSniff is a promiscuous SNMP PDU sniffer. Because it is dedicated to the SNMP protocol, it offers exhaustive analysis of its packets. I recommend it for anyone analyzing SNMP transactions, and for anyone involved in teaching or instruction about network management. Version 0.5 was released in May, but I have not been able to run the RPM version on my machine due to an error it produces about a badly formed MIB.

Sniffit
Home page:http://reptile.rug.ac.be/~coder/sniffit/sniffit.html
Source:http://reptile.rug.ac.be/~coder/sniffit/files/sniffit.0.3.5.tar.gz

This sniffer program is more specialized than the general tcpdump program that comes with Linux. While the latter is designed to decode all types of packets that might come in on your user interface, sniffit is meant to monitor the actual content of (primarily) TCP-based connections. So instead of just seeing the packets go by you can view the content of the stream of data they represent. This program uses an ncurses-based user interface that permits interactive selection of which data streams to view.


Generated 11 March 1999 by Brandon Craig Rhodes, who may be contacted at brandon@rhodesmill.org.