[Snort-users] Performance Monitor Graphing Tool

Paul Halliday paul.halliday at ...11827...
Fri Sep 3 15:00:37 EDT 2010


On Fri, Sep 3, 2010 at 10:54 AM, Mike Lococo <mikelococo at ...11827...> wrote:
> On 09/02/2010 02:46 PM, Greg Lane wrote:
>> Does anybody had a good location to obtain a good perfmonitor graph tool
>> for snort?  Every link that I have tried doesn’t seem to work and
>> nothing is available.

> With my Zabbix setup, I have a single screen that shows the following
> data for all my snort sensors:
>
>  * Bandwidth at my taps (snmp)
>  * Bandwidth to my snort processses (agent custom item)
>  * Received/dropped packets for snort (agent custom item)
>  * stream/frag stats (agent custom item)
>  * CPU usage of various types (agent build-in item)
>  * RAM usage of various types (agent build-in item)
>  * Disk I/O activity in bytes and in iops (agent build-in item)
>  * Free disk space (agent build-in item)
>  * A list of the top-5 process-names that are using CPU-time (I
>    can't wait for iotop to work on RHEL so I can get this list
>    for io-consumers as well, this is an agent custom item).
>  * Other stuff I can't remember
>


I second Zabbix :)

I use a map to relay information about the sensors though:
http://www.pintumbler.org/onestop.png

All of the links you see in the picture are tied to numerous event
triggers. DB connectivity and stats, snort and sguil processes,
perfmon, CPU, MEM, I/O, BW and even latency make up the event
triggers.
All of this summarized with: "OK" or "Problem". I don't start looking
at graphs until there is a problem :).

The perfmon stuff is useful but it is only a small part of a much
larger picture.




More information about the Snort-users mailing list