Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Visualizing LAN traffic



Playing devil's advocate...

On Fri, Jan 20, 2012 at 04:34:42PM -0500, John Abreau wrote:
> Something bad starts to happen, and it may be five minutes before
> Nagios detects it. 

But, your network's behavior is likely constantly changing
throughout the day, with various spikes and lulls in activity.  Even
if the "warning" comes more quickly, I'm imagining that the human
minding the store will still take some time to decide that what's
being emitted is something to pay attention to, rather than some
random fluctuation that falls within the range of "normal" for that
network.  But I don't know how easy it is to filter out such things
with Peep; I think this is one area where hearing about someone's
experience with the system would be interesting.

> A lot of damage can be done in five minutes. 

Maybe, but a lot of events are rather binary.  If you, say, lose a
critical volume on a server, it's gonna be down (or run in degraded
mode) until you can restore it from some sort of back-up or rebuild it
or whatever.  Even if your company's website suffers catastrophic
failure, most users will just see that your down and try again later.
If your company's revenue depends on your website, surely you'll find
a way to make sure this never, ever happens.  A few minutes probably
doesn't matter much in I'd guess the vast majority of cases.
Certainly in 10 years of sysadmin experience, I can't remember too
many occasions where I thought, "Jeez, if we'd only gotten to this 4
minutes sooner!" :)

> And if you're using email alerts, you might not see the alert
> immediately if you're away from your computer when it arrives. 

I guess you're piping the sounds from Peep through your company-wide
PA system then? =8^)

Which brings up my final point: Even if this does offer substantial
benefits, you can only reap them while you're around to listen to it.
Unless you're staffed 24x7, you're still going to need some other form
of network monitoring and alerting for the times when the humans are
all out having a beer.  Does Peep still handle this?  If not, are the
benefits of this thing (if there are any) worth the time to set up and
maintain an entirely separate monitoring system?

I don't purport to know the answers, I really was hoping someone might
have used it and could comment on their experience.

-- 
Derek D. Martin    http://www.pizzashack.org/   GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.  Replying to it will result in
undeliverable mail due to spam prevention.  Sorry for the inconvenience.




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org