UNIX System Administration Handbook - Evi Nemeth [384]
User interface quality:Expensive systems often offer a custom GUI or a web interface. The most well-marketed packages today all tout the ability to understand XML templates for data presentation. Although the UI often seems like just more marketing hype, it is important to have an interface that relays information clearly, simply, and comprehensibly.
Value:Some management packages come at a stiff price. HP’s OpenView is both one of the most expensive and one of the most widely adopted network management systems. For many corporations, there is a definite value in being able to say that your site is managed by a high-end commercial system. If that isn’t so important to your organization, you should look at the other end of the spectrum for free tools like MRTG and NOCOL.
Automated discovery:Many systems offer the ability to “discover” your network. Through a combination of broadcast pings, SNMP requests, ARP table lookups, and DNS queries, they are able to identify all your local hosts and devices. All the discovery implementations we have seen work pretty well, but none are very accurate on a complex (or heavily firewalled) network.
Reporting features:Many products can send alert email, activate pagers, and automatically generate tickets for popular trouble-tracking systems. Make sure that the platform you choose allows for flexible reporting; who knows what electronic devices you will be dealing with in a few years?
Configuration management:Some vendors step far beyond monitoring and alerting. They offer the ability to manage actual host and device configurations. For example, CiscoWorks provides an interface that lets you change a router’s configuration in addition to monitoring its state with SNMP. Because device configuration information allows for a deeper analysis of network problems, we predict that many packages will develop along these lines in the future.
1. If your machine hangs at boot time, boots very slowly, or hangs on inbound telnet connections, DNS should be a prime suspect.
2. The 1998 Ping of Death attack that could crash both UNIX and Windows systems was executed simply by transmission of an overly large ping packet. When the fragmented packet was reassembled, it filled the default memory buffer and crashed the machine.
3. Connections for “UNIX domain sockets” are also shown, but since they aren’t related to networking, we do not discuss them here.
4. This field has meaning only on broadcast-based networks such as Ethernet.
5. To get more details about memory usage by network services on Solaris and FreeBSD, try using the -m flag with netstat.
6. Score one for truth in command naming: “nettle, vt.: to irritate; vex,” American Heritage Dictionary of the English Language, Third Edition.
7. CPAN, the Comprehensive Perl Archive Network, is an amazing collection of useful Perl modules. Check it out at www.cpan.org.
20.10 RECOMMENDED READING
CISCO ONLINE. Internetworking Technology Overview: SNMP. http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/snmp.htm.
HUNT, CRAIG, AND GIGI ESTABROOK. TCP/IP Network Administration, Second Edition. Sebastopol: O'Reilly & Associates. 1998.
STALLINGS, WILLIAM. Snmp, Snmpv2, Snmpv3, and Rmon 1 and 2, Third Edition. Reading, MA: Addison-Wesley. 1999.
You may find the following RFCs to be useful as well. Instead of citing the actual titles of the RFCs, we have described their contents. The actual titles are an unhelpful jumble of buzzwords and SNMP jargon.
• RFC1155 – Characteristics of the SNMP data space (data types, etc.)
• RFC1156 – MIB-I definitions (description of the actual OIDs)
• RFC1157 – Simple Network Management Protocol
• RFC1213 – MIB-II definitions (OIDs)
• RFCs 1901-1910 – SNMPv2
• RFC2011 – SNMPv2 MIB for IP
• RFC2012 – SNMPv2 MIB for TCP
• RFC2013 – SNMPv2 MIB for UDP
• RFC2021 – RMON Version 2 using SMIv2
• RFC2570 – Introduction to SNMPv3
21 Security
UNIX was not designed with security in mind, and for that