Hello There, Guest! Login Register
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

Intrusion Detection

I've been watching the category 5 show for quite a while now. Thanks for the hard work. Always full of great information. Your work with Nagios on the pi interests me, I'll try the system out today. I've used Nagios before but always struggled.

Being we use Nagios to monitor the health of servers etc. A simultaneous monitoring option would be network traffic as often the result of a server tipping over is some sort of intrusion to the network (internal or external). Do you feel the integration of tools like Snort or Bro IDS into your monitoring suite could be viable. I'm looking for an integrated hardware monitoring and intrusion detection system.  Do you think the pi could handle the double duty on a network of 60 clients or so? 

Thanks for your time and work on this and your informative and entertaining show! 

Thanks mpacey. I appreciate the kind words.

Now, I understand your reasoning here, but at first glance I'd picture this to be something more security related than performance/asset related. I very much like the idea, but like you I wouldn't want to over-tax my Raspberry Pi and find NEMS struggling to keep up.

I'll add it to the ideas list for NEMS Visionary, with no promises. I would like to see how something like Snort would perform on a Pi, and if it is reasonable to put this on a NEMS Server (unlikely). I feel it would make a good base for a security appliance and may not be doable on NEMS.

Will see what I can do. Thanks again for the post! Great idea.

Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
Thanks Robbie, 

I've been playing with 'security onion' and NEMS. Together they really do make an amazing and complete solution for what I was looking for. The biggest hurdle with adding the network security to NEMS might actually be storage as logs grow fast with pcap data.

Unless I've missed how to setup in NEMS, I remember why Nagios was a challenge for me getting device SNMP traps. Nagios XI has the nice web UI, core does not. I see there appear to be a few community extensions for Nagios (which I have not completely researched) as yet but these may be something to consider in future development of NEMS to make dealing with the full potential of SNMP configuration and visualization. (and keep with your projects focus on performance rather than security). 

SNMP and NEMS might make for a great show idea as well If you haven't done one already.

During the NEMS 1.3 release cycle (later this year) NEMS will support separate storage, so that shouldn't be an issue. The Pi 3 will support USB 2.0 storage, where the XU4 will support USB 3.0 (all models) and SATA drives (if using the CloudShell 2 case).

As far as SNMP goes, I'd love to know more about the plugins you desire so I can see if they can be integrated for you.

Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
I haven't done extensive research yet, but here is where I've started looking for community solutions:
Thanks. I've added it to the To-Do list. It'll probably be out with 1.3 and if not will be part of a rolling release shortly thereafter.


Robbie Ferguson // The Bald Nerd

Did I help you out? Appreciate what I do? Please consider saying thanks:
What is the situation with this today?

Basically I would like to see snmptrapd and snmptt preconfigured and working out of the box, so I can just send all my traps to NEMS and it lists the problems under each respective host. The last part I assume is done with NSTI or something.

Pretty much the same thing that CheckMK does out of the box.

one old guide I found: http://www.drdobbs.com/snmp-trap-handlin.../199102017

Forum Jump:

Users browsing this thread: 1 Guest(s)