[BBLISA] statistics-based zero config network management: why doesnt this exist?
Matt Simmons
bandman at gmail.com
Sat Aug 3 19:10:32 EDT 2013
Have you looked into any of the Windows-based solutions like Spiceworks
(free ad-supported)? They do an amazing job with autodiscovery, not just of
SNMP-enabled devices, but also UNIX/Linux and other Windows machines. I've
been impressed, although I've never actually found the tools fit into my
workflow, I appreciate what they do.
--Matt
On Sat, Aug 3, 2013 at 4:13 PM, <kurin at delete.org> wrote:
> I've toyed with the idea of applying machine learning to syslog alerts,
> trying to predict failures, but I never got off the ground. The whole
> thing has to be unsupervised, unless you're willing to sit there
> classifying every event.
>
> On Sat, Aug 03, 2013 at 03:52:41PM -0400, Alex Aminoff wrote:
> >
> > I'm looking at SNMP-based network monitoring systems: cacti, zabbix,
> > some other similar ones. All of them seem to require you to configure
> > your devices on the system. There are some auto-discovery functions, but
> > they only work if you have loaded up the "profile" or "template" for
> > your particular network hardware.
> >
> > So why is this necessary? Suppose instead there was a network monitoring
> > system that worked like this:
> >
> > - Find any SNMP device on your subnet
> > - Walk its SNMP tree, collecting all data, no matter what it is:
> > interface counters, manufacturer's serial number, I dont care
> > - Save this data in some sort of time series storage, like RRD
> > - Then use statistics to throw an alert when a new value (or more
> > likely a group of new values) differs sufficiently in statistical terms
> > from the history of that value.
> >
> > The great thing about this plan is you don't need to configure in
> > advance the MIBs and OIDs. When an alert happens, the system can include
> > the OID in the message. A human can then look it up or otherwise deal.
> >
> > There will be false positives, but one should be able to filter those
> > out once they happen. A real network problem in my experience involved
> > some values jumping from 0-1-2-0 to 1,234,567 so you can dial the
> > sensitivity way down on the statistical tests.
> >
> > My question is, why does this not exist? Is there some reason I have
> > overlooked why this would be impractical? Or does it exist and I just
> > have not found it?
> >
> > - Alex
> >
> > _______________________________________________
> > bblisa mailing list
> > bblisa at bblisa.org
> > http://www.bblisa.org/mailman/listinfo/bblisa
> >
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>
--
"Today, vegetables... Tomorrow, the world!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.bblisa.org/pipermail/bblisa/attachments/20130803/2a007a0d/attachment.htm
More information about the bblisa
mailing list