Monitoring my LAN: hardware + software?
-
G'day :P
Being an extremely happy user of Pfsense, I am now looking at going a little bit further, I want to feel like a real sysadmin ;D ;D ;D
No, seriously, if I want to know stuff about my machines, how well they are doing, I will need to log in to every individual machine and poke around there. Ideally I would want to have one machine that monitors my whole network, and where all the machines report to, so I can see in one 'eyeview' how well everybody is doing.
I have a couple of Synology NAS-machines, the PFsense box, a HP switch, a laptop, some desktops, some HTPC's, a PC-BSD 'puter, it would be nice if I could see in one central place, for all these machines:
- Status of hardware (like right now I have a script running on my Synologies that checks smartcl-data daily (as I had a huge, immense, hard disk problem), but you would also want to see temperature, (historical) load, and stuff ( know that technique is called 'snmp', Synology does support it, I don't know about my Windows-machines yet).
- Ideally of course also status of sofware, as in: who needs an update (of what).
I've looked around, I do understand that there are things like Nagios, but only from looking at the front page of their website I am getting rather intimidated as I am not a real tech guru :P
So, I was wondering, would anybody be willing to tell me in which area I'd need to look for the thing I am looking for, both hardware- and software-wise? There is a great man on this forum who helped me getting into Pfsense (and who still refuses to let me buy him a cup of coffee for that :-[), and I was hoping I could get the same kind of great help in this area also.
Thank you in advance for any answers,
Bye,
-
If looking for historic information - you could look into cati or prtg to give you graphs of stuff like network usage, temp, storage usage, etc.
http://www.cacti.net/
http://www.paessler.com/prtgthere is also http://munin-monitoring.org/
If you looking for eventlog and all your other stuff into one thing look to say http://www.splunk.com/
To get started with something quick - maybe something like http://www.spiceworks.com/
-
I use PRTG for work which is perfect for what you're looking to do.
They do have 10 sensors that you can use for free - https://shop.paessler.com/shop/standalone_free_license/
There is also hyperic which is opensource and is pretty decent.
http://www.hyperic.com/hyperic-open-source-download -
Its a simple email to them to get bumped up to free 20 for prtg as well.. Just have to put up something on a webpage and point to it, then they bump you up and you can pull down the web thing if you want.
have not heard of hyperic – have to take a look.
-
You may have a look at this article. Maybe some help for you.
http://www.anykeylogger.com/how-to-monitor-lan.html -
Fully Automated Nagios, takes nagios and cacti into one http://www.fullyautomatednagios.org/
For easy of configuration and sheer volume of data you can collect with the build in options, PRTG, it is awesome!!!!
Cacti was alright but always had the same issues as nagios on trying to get snmp strings for things to work right.
-
Thank you all of you for your replies, and sorry for not responding sooner: busy :-[
Could I ask one intermediate question first?
Because I can continue to buy computers to do all the things I want, but I was thinking sort of '[b]virtualization'. Now I am only a noob soho-user with limited knowledge in this area, so I might need a little guidance. I know what virtualization is as in Oracle Virtualbox, which I run on my W7-desktop to test Linux distros once in a while, and to run W95 in (for my wife, to play an old game she likes from back in those days). At the same time, I've noticed that in corporate environments they also use a lot of virtualisation, with all kinds of scaring sounding words ( ;D), like 'HyperV', and such. So clearly that is not my simple Oracle Virtualbox but something else.
My question is this: couldn't I use my current PFS-box (I am considering the CPU to an I5 or even a Xeon) to both run Pfsense on it and run the network-monitoring software on it, by means of 'some sort of virtualisation'?
- Would this be safe?
- What would I need for this? Additional hardware perhaps (extra NIC or something?)? What 'virtualization technology' would I need to use for this?
Thank you in advance for any help to help me understand what I am talking about ;D
Bye :P
-
Yeah you could clearly do that - I run pfsense virtual on a N40L, updated the ram and added 3 more nics.. So I can have multiple network segments other than just wan and lan.
I run esxi on it, its the business version of vmware workstation or player. Its free! you can download it from vmware.
Your only limitation on the number of machines you could run would be cpu power and ram. The N40L is not a power horse when it comes to cpu, and only have 8GB of ram, but I run pfsense and my nas and a linux distro 24/7/365 without any issues and also run other vms now and then when testing or doing something that needs them. Currently also running vserver (monitors and controls esxi) but you don't need to run that and can't really if your only on the free version.
You could also the free microsoft way and use hyper-V, also can be gotten FREE.
-
Don't forget to have a look on observium:
http://observium.org/wiki/Main_Page
-
Yeah you could clearly do that - I run pfsense virtual on a N40L, updated the ram and added 3 more nics.. So I can have multiple network segments other than just wan and lan.
I run esxi on it, its the business version of vmware workstation or player. Its free! you can download it from vmware.
Your only limitation on the number of machines you could run would be cpu power and ram. The N40L is not a power horse when it comes to cpu, and only have 8GB of ram, but I run pfsense and my nas and a linux distro 24/7/365 without any issues and also run other vms now and then when testing or doing something that needs them. Currently also running vserver (monitors and controls esxi) but you don't need to run that and can't really if your only on the free version.
You could also the free microsoft way and use hyper-V, also can be gotten FREE.
Thanks John ;D
So I spent some time googling the 'esxi'. As I only have a limited brain ( :-) I am having a little trouble grasping the concept. I of course do understand that the 'master OS' of my hardware then would not be PFsense, but esxi. The 'slave'-OS inside would be PFsense, and for example Nagios. But what I don't understand is this:
The master-OS controls the NICS. Yet PFsense has to issue a LAN-IP to the master-OS. So, in sequence of booting, FIRST the master-OS needs to have a LAN-IP, but this will be only be issued AFTER the 'slave'-OS, PFsense, has booted. I know I am having trouble explaining exactly my point (my limited brain ;D), I hope you understand what I mean.
Furthermore, currently my mobo (in my sig) has a dual NIC. Do I need to put in extra NICs for this to work?
And is it generally considered safe to operate PFsense like this? I've read somewhere that 'it is good practice' to keep your IPS on a dedicated box, but 'good practice' costs money and this is simply soho. What could go wrong from a security perspective? I take it the ESXI keeps the virtual machines completely separated (just like FreeBSD jails), so why should I need to have separate boxes?
It is not easy to be an IT-noob ;D ;D ;D
Thank you again, John :D
-
Don't forget to have a look on observium:
http://observium.org/wiki/Main_Page
Thank you ;D
-
"The master-OS controls the NICS. Yet PFsense has to issue a LAN-IP to the master-OS"
What? No why would you think that esxi would use dhcp on its interface used to control esxi? And who says it even has to be in on same lan segment as pfsense?
And master/slave is not the correct terms for talking about virtual machine and the host they run on, etc.
As to safe? We are not talking a DOD facility are we? Not sure what you feel the concerns would be.. Pfsense is a VM, it is completely isolated from the host os and other vms oses, etc.
Lets see if we can make it a little less hazy for your limited brain. Will use my setup as example. Keep in mind you can do this with only 2 nics - one wan, one lan and your vmkern and lan can be on the same vswitch tied to the physical lan nic. I just broke mine out to its own physical nic because I have 4 to play with. And uploading to the storage on the esxi does take a performance hit when shared on the same vswitch..
So you see vmnic0 this is tied to the Management nework, and this is the IP I use to access the host OS either via gui or ssh, etc. This is how you manage the host. Now this network that vmnic0 is connected does not have to be the same network that your VMs or other physical hosts are on. Its actually recommend from a security point of view that this be an isolated network.. But there is nothing say it has to be. You set your HOST ip statically to whatever network that is going to be on.
Now in my case this network 192.168.1.0/24 is the same I run my normal lan on, and this same lan that pfsense is connected too. See vmnic2 that is connected to vswitch3 (LAN) You see all the Vms that have an interface connected to this virtual switch. That nic is connected to the same physical network as vmnic0.. This is my lan.. And VMs get IPs via dhcp from pfsense, and so do other physical devices connected to the same switch vmnic2 and vmnic0 are connected too.
Pfsense is the gateway off this lan, but it has nothing to do with assigning an IP to the host, and mine just happen to be on the same network. Now if your machine is dhcp on this network, and pfsense vm does not come up. Then you would just need to give a machine an IP on that 192.168.1.0/24 network so you could connect to the host and troubleshoot. I run my normal workstation as static anyway.. So that would never be an issue for me.
Now you see the Wan, vswitch1 - this is connected to vmnic1 and is connected to my cable modem. The HOST does not use this nic, it is only connected to the vswitch and any vms that are connected to this vswitch. As you can see only pfsense has a interface connected to this – its wan interface.
Now I also have a wlan segment, connected to vswith2 on vmnic3 (physical nic on the host) This segment is physically different than my lan, and that nic is connected to a different switch where my wireless access points are connect. pfsense has a interface in this network as well - so that they can access the internet, and allows me to firewall between my lan and my wireless segments.
Then I have a dmz switch that is not connected to the physical network. See no adapters connected to that vswitch. But I can connect virtual machines to this switch so they can talk to each other on this network. So you see I have pfsense interface on that vswitch along with couple other vms, etc.
See all the vms connected to the lan vswitch. Any one those could be running any OS you want, and using any monitoring software you wanted to run on it. It could then monitor your pfsense vm via the interface pfsense has connected to that vswitch. Or since that vswitch is connected to the physical world via a real network adapter in the host - the vm could monitor any system on the physical network.
Hope that help??
-
Many LAN Monitoing Software are available in the internet.
Such as:
http://download.cnet.com/LAN-Employee-Monitor/3000-2162_4-10860381.html
http://www.lan-monitoring.com/
http://www.qqmonitor.com/lan-spy-monitor.htm
http://www.mysuperspy.com/lan-monitoring-software.htm -
Lets see if we can make it a little less hazy for your limited brain.
Your reply must have complete stayed of my radar, John; thank you very much for giving this explanation. I will study it and see where I get stuck
-
Off your radar for almost a year and a half?? Really? Were you in prison, do couple of tours in iraq? Secret mission to mars? Coma?
-
Off your radar for almost a year and a half?? Really? Were you in prison, do couple of tours in iraq? Secret mission to mars? Coma?
No, I'm an economist.
-
No, I'm an economist.
Nobody could imagine it would be that bad.
-
@KOM:
No, I'm an economist.
Nobody could imagine it would be that bad.
Yut, knowing what I know now I'd much rather had become a Vet. Now I'm a company doctor, being an animal doctor has a larger ROI.
However, luckily we are not on the bottom of the ladder, it could be worse: I could have been a self proclaimed 'IT-expert', with a pile of 'for Dummies' on my desk.
-
MBA
-
