网络监控介绍
In network security, there are a few important tasks you just can’t ignore. They include things such as perimeter security (firewalls and proxies), disaster recovery (backups and redundant systems), and monitoring (packet analysis and system logs). In the area of monitoring, there are a few tools that you might consider evaluating for use in your own network. 在网络安全上,你有很多重要的工作不能忽视。这些工作包括边界安全(防火墙和代理设备),灾难恢复(备份和系统冗余)和监控(包分析和系统日志)。在监控这个部分,你可以考虑和评估许多工具针对你的网络。 Nagios: One example is Nagios, a highly configurable, flexible network resource monitoring tool. It’s open source (thus available for free), highly extensible, and very customizable to your needs. Unless otherwise noted, all of the following are open source software (and thus available for free). nagios:nagios的一个例子,高可配置性,易用的网络资源监控工具。它是开放源码的,高扩展性和容易的定制成你需要的。除非有特别注明,下面所有的都是开放源码软件。 Snort: Another is Snort, “the de facto standard for instrustion detection/prevention.” It is, in essence, exactly as advertised. Snort:”监控和防御方面的事实标准”。事实上,正是由于广告宣传 tcpdump: Don’t forget venerable standards such as tcpdump. Combined with a scripting language that provides powerful text filtering abstractions such as Perl, Python, or Ruby, or even with something a bit more basic like grep+sed+awk, it’s the expert’s packet analysis toolkit. tcpdump:不要忘记其它的标准,比如tcpdump。配合脚本语言就能提供强大的字符界面下的过滤提炼,比如配合Perl,Python以及Ruby甚至是基本的grep+sed+awk。它是专业级的包分析工具。 lsof: For more localized use, lsof can be an incredibly flexible and powerful tool. Again, you’ll need some text filtering to really make use of it. lsof:为了更能特定的使用,lsof一种灵活的强大的工具。作为字符界面的过滤工具你得使用它。 syslog: It doesn’t get much more basic and ubiquitous than syslog. If you have to maintain security on any UNIX or UNIX-like system — such as a Linux distribution, FreeBSD, NetBSD, OpenBSD, OpenSolaris, or Darwin, for instance — you should learn how to put syslog’s facilities to good use (and, once again, how to effectively automate text filtering). syslog: 没有必syslog更为基础的和普通的工具了。如果你不得不维护UNIX和类UNIX系统如Linux和 FreeBSD,NetBSD,OpenBSD,OpenSolaris或Darwin,例如–你需要学会如何如何用好syslog这个工具(如何更有 效的自动进行文字过滤) event log: There’s also event log on Windows. It’s not open source, but it’s part of the system. You need to know something about it if you’re going to try to maintain security on Windows systems. 事件日志:在Windows中也有事件日志。 它不是开放源码的,但它是系统的一部分。你必须知道事件日志如果你想在Windows系统上维护安全。 EventSentry: Tools like EventSentry can be of incredible benefit to the Windows network administrator. For single-system monitoring, you might be able to get by with nothing more than the free trial version, which isn’t time-limited but does strip away many of the more powerful features of the full version. To monitor an entire network, you’ll want to invest in the complete package — or get something else. It’s not open source software, which means licensing issues must be dealt with. 事件警告:如 EventSentry这样的工具可以难以执行的造福于Windows网络管理员。对于单个系统监控,你也许能找不到免费版的软件,要不就是有时间限制和 或者功能上有限制的版本。要监控一个整个的网络,你需要一个完整的方案–或者别的。它不是开源软件就意味着必须购买许可证。 Eventlog to Syslog Utility: For “something else,” there’s always the open source Purdue University Eventlog to Syslog Utility, AKA “evtsys.” It’s a simple tool that you run on Windows systems to automatically read and reformat events in the event log, then send them to a UNIX system to be handled by syslog. It’s an excellent tool and makes the life of the busy netadmin much more easily managed by collecting all the necessary log events in one convenient place on the network. Syslog程序的事件日志:其它 的有普度大学的开源的Syslog应用程序“AKA”。它是个运行于Windows系统的简单的工具,能够自动的读取和重新格式化事件日志,然后把它们发 送到UNIX系统中让syslog操作。它是一个杰出的工具,也使得忙碌的网络管理员更容易管理从单一网络中收集到的必要的日志文件。 glTail.rb:My inspiration for writing this article, however, was one I’ve only just discovered today. I’m not 100 percent certain it’s all that useful in practice, yet, but it sure as heck is fun to watch it work. Get a load of glTail.rb, a “realtime logfile visualization.” It looks a lot better than similarly graphical (though not very similarly functioning) tools like EtherApe ever did. Check out the “xvid movie” link there — it’s an AVI video, so even Ubuntu users who haven’t figured out how to get WMV files working in MPlayer shouldn’t have any trouble with it.It’s mesmerizing. glTail.rb: 我写这篇文章的创作灵感,然而,我现在仅仅只是在发觉中。我不能100%的确定它在实际中能够有用,但从它的工作中来看它肯定非常有趣。一个“实时的日志 形象化”。它看上去可必简单的图形化工具如EtherApe要好许多。仔细检查“xvid电影”中的联系—这是一个AVI格式的电影,因此即使 ubuntu用户还没懂wmv格式的文件如何用Mplayer播放,应该也不会有任何问题。它是迷人的。