[BBLISA] statistics-based zero config network management: why doesnt this exist?

kurin at delete.org kurin at delete.org
Sat Aug 3 16:13:26 EDT 2013 

I've toyed with the idea of applying machine learning to syslog alerts,
trying to predict failures, but I never got off the ground.  The whole
thing has to be unsupervised, unless you're willing to sit there
classifying every event.

On Sat, Aug 03, 2013 at 03:52:41PM -0400, Alex Aminoff wrote:
> 
> I'm looking at SNMP-based network monitoring systems: cacti, zabbix, 
> some other similar ones. All of them seem to require you to configure 
> your devices on the system. There are some auto-discovery functions, but 
> they only work if you have loaded up the "profile" or "template" for 
> your particular network hardware.
> 
> So why is this necessary? Suppose instead there was a network monitoring 
> system that worked like this:
> 
>   - Find any SNMP device on your subnet
>   - Walk its SNMP tree, collecting all data, no matter what it is: 
> interface counters, manufacturer's serial number, I dont care
>   - Save this data in some sort of time series storage, like RRD
>   - Then use statistics to throw an alert when a new value (or more 
> likely a group of new values) differs sufficiently in statistical terms 
> from the history of that value.
> 
> The great thing about this plan is you don't need to configure in 
> advance the MIBs and OIDs. When an alert happens, the system can include 
> the OID in the message. A human can then look it up or otherwise deal.
> 
> There will be false positives, but one should be able to filter those 
> out once they happen. A real network problem in my experience involved 
> some values jumping from 0-1-2-0 to 1,234,567 so you can dial the 
> sensitivity way down on the statistical tests.
> 
> My question is, why does this not exist? Is there some reason I have 
> overlooked why this would be impractical? Or does it exist and I just 
> have not found it?
> 
>   - Alex
> 
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>

More information about the bblisa mailing list