Free/inexpensive tools for monitoring systems/networks
Tom wrote in to the handlers list today and asked a question that I think our readers can help with (especially since we've gotten so many great ideas from the diary asking for suggestions for Cyber Security Month). He is looking for tools to allow for more proactive monitoring of his systems, but given shrinking budgets (he works in government, but the situation isn't much better anywhere else), he's looking for something free or, at least, inexpensive. What are you using to monitor patch status? application versions? A/V? behavior? strange files? network devices? anything else? Is it centrally managed? Does it scale?
---------------
Jim Clausing, jclausing --at-- isc [dot] sans (dot) org
FOR408 Computer Forensics Essentials coming to central OH in Sept, see http://www.sans.org/mentor/details.php?nid=22353
LINUX Incident Response and Threat Hunting | Online | US Eastern | Jan 29th - Feb 3rd 2025 |
Comments
Gilbert Sebenste
Aug 9th 2010
1 decade ago
Alex W
Aug 10th 2010
1 decade ago
ngrep for your network forensics;
syslog-ng for your log aggregation;
tcpdump and tshark with some cron kungfu are you friends for capture;
IPTABLES/NETFILTER for your firewalling;
and last but NOT least snort for your IDS.
Amar
Aug 10th 2010
1 decade ago
John
Aug 10th 2010
1 decade ago
Jeff C
Aug 10th 2010
1 decade ago
elazar
Aug 10th 2010
1 decade ago
Tuffer
Aug 10th 2010
1 decade ago
Jesse
Aug 10th 2010
1 decade ago
Very comprehensive set of tools to deal with network and system monitoring.
Ben N
Aug 10th 2010
1 decade ago
For SMTP, an hourly email is sent from a remote site, and 5 minutes later I test to ensure it was received, and also that it hasn't hit any new SpamAssassin tests (which has often identified DNS or configuration issues at either end).
For something more flexible I've been moving most tests to 'mon', but some (such as ping and HTTP) are even better done from 'SmokePing', giving historical RRD graphs of reliability and performance.
Steven Chamberlain
Aug 10th 2010
1 decade ago