<div dir="ltr">Have you looked into any of the Windows-based solutions like Spiceworks (free ad-supported)? They do an amazing job with autodiscovery, not just of SNMP-enabled devices, but also UNIX/Linux and other Windows machines. I've been impressed, although I've never actually found the tools fit into my workflow, I appreciate what they do. <div>
<br></div><div>--Matt </div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Aug 3, 2013 at 4:13 PM, <span dir="ltr"><<a href="mailto:kurin@delete.org" target="_blank">kurin@delete.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I've toyed with the idea of applying machine learning to syslog alerts,<br>
trying to predict failures, but I never got off the ground. The whole<br>
thing has to be unsupervised, unless you're willing to sit there<br>
classifying every event.<br>
<div class="HOEnZb"><div class="h5"><br>
On Sat, Aug 03, 2013 at 03:52:41PM -0400, Alex Aminoff wrote:<br>
><br>
> I'm looking at SNMP-based network monitoring systems: cacti, zabbix,<br>
> some other similar ones. All of them seem to require you to configure<br>
> your devices on the system. There are some auto-discovery functions, but<br>
> they only work if you have loaded up the "profile" or "template" for<br>
> your particular network hardware.<br>
><br>
> So why is this necessary? Suppose instead there was a network monitoring<br>
> system that worked like this:<br>
><br>
> - Find any SNMP device on your subnet<br>
> - Walk its SNMP tree, collecting all data, no matter what it is:<br>
> interface counters, manufacturer's serial number, I dont care<br>
> - Save this data in some sort of time series storage, like RRD<br>
> - Then use statistics to throw an alert when a new value (or more<br>
> likely a group of new values) differs sufficiently in statistical terms<br>
> from the history of that value.<br>
><br>
> The great thing about this plan is you don't need to configure in<br>
> advance the MIBs and OIDs. When an alert happens, the system can include<br>
> the OID in the message. A human can then look it up or otherwise deal.<br>
><br>
> There will be false positives, but one should be able to filter those<br>
> out once they happen. A real network problem in my experience involved<br>
> some values jumping from 0-1-2-0 to 1,234,567 so you can dial the<br>
> sensitivity way down on the statistical tests.<br>
><br>
> My question is, why does this not exist? Is there some reason I have<br>
> overlooked why this would be impractical? Or does it exist and I just<br>
> have not found it?<br>
><br>
> - Alex<br>
><br>
> _______________________________________________<br>
> bblisa mailing list<br>
> <a href="mailto:bblisa@bblisa.org">bblisa@bblisa.org</a><br>
> <a href="http://www.bblisa.org/mailman/listinfo/bblisa" target="_blank">http://www.bblisa.org/mailman/listinfo/bblisa</a><br>
><br>
<br>
_______________________________________________<br>
bblisa mailing list<br>
<a href="mailto:bblisa@bblisa.org">bblisa@bblisa.org</a><br>
<a href="http://www.bblisa.org/mailman/listinfo/bblisa" target="_blank">http://www.bblisa.org/mailman/listinfo/bblisa</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>"Today, vegetables... Tomorrow, the world!"
</div>