[BBLISA] statistics-based zero config network management: why doesnt this exist?
Alex Aminoff
alex at basespace.net
Sat Aug 3 15:52:41 EDT 2013
I'm looking at SNMP-based network monitoring systems: cacti, zabbix,
some other similar ones. All of them seem to require you to configure
your devices on the system. There are some auto-discovery functions, but
they only work if you have loaded up the "profile" or "template" for
your particular network hardware.
So why is this necessary? Suppose instead there was a network monitoring
system that worked like this:
- Find any SNMP device on your subnet
- Walk its SNMP tree, collecting all data, no matter what it is:
interface counters, manufacturer's serial number, I dont care
- Save this data in some sort of time series storage, like RRD
- Then use statistics to throw an alert when a new value (or more
likely a group of new values) differs sufficiently in statistical terms
from the history of that value.
The great thing about this plan is you don't need to configure in
advance the MIBs and OIDs. When an alert happens, the system can include
the OID in the message. A human can then look it up or otherwise deal.
There will be false positives, but one should be able to filter those
out once they happen. A real network problem in my experience involved
some values jumping from 0-1-2-0 to 1,234,567 so you can dial the
sensitivity way down on the statistical tests.
My question is, why does this not exist? Is there some reason I have
overlooked why this would be impractical? Or does it exist and I just
have not found it?
- Alex
More information about the bblisa
mailing list