In network security, there are a few important tasks you just can’t ignore. They include things such as perimeter security (firewalls and proxies), disaster recovery (backups and redundant systems), and monitoring (packet analysis and system logs). In the area of monitoring, there are a few tools that you might consider evaluating for use in your own network.

Nagios: One example is Nagios, a highly configurable, flexible network resource monitoring tool. It’s open source (thus available for free), highly extensible, and very customizable to your needs. Unless otherwise noted, all of the following are open source software (and thus available for free).

Snort: Another is Snort, “the de facto standard for instrustion detection/prevention.” It is, in essence, exactly as advertised.

tcpdump: Don’t forget venerable standards such as tcpdump. Combined with a scripting language that provides powerful text filtering abstractions such as Perl, Python, or Ruby, or even with something a bit more basic like grep+sed+awk, it’s the expert’s packet analysis toolkit.

lsof: For more localized use, lsof can be an incredibly flexible and powerful tool. Again, you’ll need some text filtering to really make use of it.

syslog: It doesn’t get much more basic and ubiquitous than syslog. If you have to maintain security on any UNIX or UNIX-like system — such as a Linux distribution, FreeBSD, NetBSD, OpenBSD, OpenSolaris, or Darwin, for instance — you should learn how to put syslog’s facilities to good use (and, once again, how to effectively automate text filtering).
syslog: 没有必syslog更为基础的和普通的工具了。如果你不得不维护UNIX和类UNIX系统如Linux和 FreeBSD,NetBSD,OpenBSD,OpenSolaris或Darwin,例如–你需要学会如何如何用好syslog这个工具(如何更有 效的自动进行文字过滤)

event log: There’s also event log on Windows. It’s not open source, but it’s part of the system. You need to know something about it if you’re going to try to maintain security on Windows systems.
事件日志:在Windows中也有事件日志。 它不是开放源码的,但它是系统的一部分。你必须知道事件日志如果你想在Windows系统上维护安全。

EventSentry: Tools like EventSentry can be of incredible benefit to the Windows network administrator. For single-system monitoring, you might be able to get by with nothing more than the free trial version, which isn’t time-limited but does strip away many of the more powerful features of the full version. To monitor an entire network, you’ll want to invest in the complete package — or get something else. It’s not open source software, which means licensing issues must be dealt with.
事件警告:如 EventSentry这样的工具可以难以执行的造福于Windows网络管理员。对于单个系统监控,你也许能找不到免费版的软件,要不就是有时间限制和 或者功能上有限制的版本。要监控一个整个的网络,你需要一个完整的方案–或者别的。它不是开源软件就意味着必须购买许可证。

Eventlog to Syslog Utility: For “something else,” there’s always the open source Purdue University Eventlog to Syslog Utility, AKA “evtsys.” It’s a simple tool that you run on Windows systems to automatically read and reformat events in the event log, then send them to a UNIX system to be handled by syslog. It’s an excellent tool and makes the life of the busy netadmin much more easily managed by collecting all the necessary log events in one convenient place on the network.
Syslog程序的事件日志:其它 的有普度大学的开源的Syslog应用程序“AKA”。它是个运行于Windows系统的简单的工具,能够自动的读取和重新格式化事件日志,然后把它们发 送到UNIX系统中让syslog操作。它是一个杰出的工具,也使得忙碌的网络管理员更容易管理从单一网络中收集到的必要的日志文件。

glTail.rb:My inspiration for writing this article, however, was one I’ve only just discovered today. I’m not 100 percent certain it’s all that useful in practice, yet, but it sure as heck

is fun to watch it work. Get a load of glTail.rb, a “realtime logfile visualization.” It looks a lot better than similarly graphical (though not very similarly functioning) tools like EtherApe ever did. Check out the “xvid movie” link there — it’s an AVI video, so even Ubuntu users who haven’t figured out how to get WMV files working in MPlayer shouldn’t

have any trouble with it.It’s mesmerizing.
glTail.rb: 我写这篇文章的创作灵感,然而,我现在仅仅只是在发觉中。我不能100%的确定它在实际中能够有用,但从它的工作中来看它肯定非常有趣。一个“实时的日志 形象化”。它看上去可必简单的图形化工具如EtherApe要好许多。仔细检查“xvid电影”中的联系—这是一个AVI格式的电影,因此即使 ubuntu用户还没懂wmv格式的文件如何用Mplayer播放,应该也不会有任何问题。它是迷人的。

Share Your Thought