View previous topic :: View next topic |
Author |
Message |
confusion Tux's lil' helper
Joined: 24 Mar 2004 Posts: 132
|
Posted: Sun Apr 23, 2006 10:44 pm Post subject: Snort alternative for U5 network traffic monitoring? |
|
|
Hi there, i'm looking for a network traffic monitoring solution for my home network. Simply put, i'd like to know what hosts are using most of the bandwidth at what times, what protocols they predominantly use aswell as a history (im thinking graphs) of network use. I'd also like some kind of intrusion detection.
Up until recently my U5 has been running (really reliably i might add) as my mail server, my router, my firewall, my dns server, and my webserver (for webmail). I see that snort is not supported on sparc at the minute, so im after alternatives.
Even if you guys just point me in the direction of some docs to read i'd appreciate it. I'm new to the whole network monitoring thing and the pleathora of packages is a little confusing. I'd really like not to have to retire my 400mhz U5 in favour of a 650mhz PIII.
Cheers guys,
John |
|
Back to top |
|
|
Weeve Retired Dev
Joined: 30 Oct 2002 Posts: 641
|
Posted: Mon Apr 24, 2006 12:08 am Post subject: |
|
|
The more recent versions of snort may be usable on SPARC again. I haven't had time to test them extensively, but often things like port scans used to cause snort to seg fault quite regularly in the past. My initital testing showed favorable results.
The only NIDS alternative that comes to mind at the moment would be prelude-nids, which was deprecated by the prelude folks in favor of snort. |
|
Back to top |
|
|
kyphros n00b
Joined: 20 Jan 2006 Posts: 10
|
Posted: Mon Apr 24, 2006 5:43 pm Post subject: |
|
|
Snort works ok on Sparc. I find that 2.4.x crashes occasionally, so you'll want a watchdog to restart it when it dies. 2.3.x works pretty well.
If all you care about is traffic flows, use ntop. Great piece of software, but it gets flaky when you start monitoring ~200mbps+ |
|
Back to top |
|
|
Weeve Retired Dev
Joined: 30 Oct 2002 Posts: 641
|
Posted: Tue Apr 25, 2006 12:03 am Post subject: |
|
|
Just out of idle curiosity, what kernel are you running where you see snort 2.4.x crash? I have no reason to believe this necessarily has anything to do with it, but just wanted to collect a little more info. |
|
Back to top |
|
|
Toady Apprentice
Joined: 21 Dec 2004 Posts: 161 Location: South Wales, UK
|
Posted: Tue Apr 25, 2006 2:20 pm Post subject: |
|
|
I run ntop on my box - runs ok on 2.4.31 _________________ Toady
Gentoo Laptop
3.1.10-gentoo-r1, Intel Core 2 Duo (32bit)
Gnome on the desk, Intel in the box, on-board everything, but it all works! |
|
Back to top |
|
|
krugger n00b
Joined: 14 Sep 2003 Posts: 10
|
Posted: Tue Apr 25, 2006 4:25 pm Post subject: |
|
|
I haven't done any sort of network statistics, but maybe Iptraf would be a nice option. |
|
Back to top |
|
|
kyphros n00b
Joined: 20 Jan 2006 Posts: 10
|
Posted: Fri Apr 28, 2006 9:58 pm Post subject: |
|
|
Snort 2.4 won't run properly on the Sparc, whether it's Linux or Solaris. It doesn't run great on an x86_64 box either, so I imagine it's something wrt 32 vs 64 bit.
For the record, the v210s I'm using it on are running gentoo-sources-2.6.15-r1. |
|
Back to top |
|
|
gust4voz Retired Dev
Joined: 09 Sep 2003 Posts: 373 Location: Buenos Aires, Argentina
|
Posted: Fri Apr 28, 2006 11:24 pm Post subject: |
|
|
Give 2.6.16-gentoo-r4 a spin on your v210 - it should run MUCH better than the 2.6.15 series (specially wrt to that nagging "eat my memory" issue on dual UltraSPARC-IIIi boxes). Oh yeah, and you can dual-bank the memory too. _________________ Gustavo Zacarias
Gentoo/SPARC monkey |
|
Back to top |
|
|
|