[mrtg] Re: Firewall monitoring
Graeme Fowler
G.E.Fowler at lboro.ac.uk
Fri Aug 20 13:01:35 MEST 1999
On 20-Aug-99 Martin Ansdell-Smith wrote:
> On Thu, 19 Aug 1999, Kyle Maxwell wrote:
>
>> I'm trying to monitor loads on firewalls.
<snip>
>
> An alternative might be that the information could be in the firewall
> logs and you might be able to get it from that (although it may not
> be available as frequently as every 5 minutes by default).
I was going to suggest that leaving an snmp agent running on a firewall
is pretty insecure in itself, unless you have *absolute* trust in the
firewall's internal protection. It would probably be better (if it can
be done) to have the firewall log via syslogd to a remote machine, then
park a script on the tail of the log to output a file to MRTG for
graphing.
If the firewall is some kind of Unix box this would be pretty easy, but
if it's a 'solid-state' one (like the Lucent Managed Firewall which
we're testing right now) then it'll be nigh-on impossible...
My £0.02
Graeme
--
Graeme Fowler
Network Officer, Infrastructure & Networks Group
Loughborough University Computing Services
+44 1509 228426
--
* To unsubscribe from the mrtg mailing list, send a message with the
subject: unsubscribe to mrtg-request at list.ee.ethz.ch
* The mailing list archive is at http://www.ee.ethz.ch/~slist/mrtg
More information about the mrtg
mailing list