Availability?
bigwa...@gmail.com
tool and came across CoyoteMonitoring.
Everything on the site seems to indicate this is exactly what I
want/need. Is there a way to start testing the development snapshots?
I don't see any downloads available on the site.
I'd prefer not to implement some other tool... only to come back an
implement this some day later.
Any status update would be great.
Thanks for your time!
Dave
duncan.m...@gmail.com
On Oct 2, 11:28 am, "bigwaved...@gmail.com" <bigwaved...@gmail.com>
wrote:
Dave,
Thanks for writing! I've been working with Zenoss and their monitoring
software (free, open-source). You can check them out here:
http://zenoss.com/
Lots of people in the community have started asking for NetFlow
capability, something that I would like to build for them. I would
encourage you to join the mail list and add your voice to the vote :-)
I would be thrilled to work on NetFlow again.
You may have seen the posts I made to the list about refactoring the
old code and rewriting the old, 3rd-party perl in modern, efficient
python (CoyMon3). I've made some good progress, but now it just needs
sponsorship to continue. I'm hoping Zenoss will provide that. We'll
see!
We had some funding to provide a releasable version of CoyMon, but it
fell through at the last minute. CoyMon2 was built with the heavy
sponsorship of the Department of Veterans affairs. Sadly, due to time
contraints, we ended up with a great deal of their system/network
specific code in the product, and for concerns of sensitivity, couldn't
release it as it was. The VA is still using CoyMon, though, so we are
quite happy with the ends if the means were somewhat rushed.
If we do end up making a CoyMon2 release from the old source, I will
certainly post an announcement on this list, the CoyMon site, and the
CoyMon development pages.
I've been doing a lot of work with Zenoss lately that is focused around
the same work I had planned for CoyMon3, so even if Zenoss decides not
to support NetFlow for a while, I may be able to put something
together. I can't make any promises in that regard, for obvious reaons
of time availability and the nature of software development, but, if I
were to make a functional alpha release of CoyMon3, what minimal set of
features would you need in order to make using it worth-while?
Thanks again for your interest, and I will keep the list posted on
future development advances.
d
duncan.m...@gmail.com
but some of the underlying concepts, assumptions, etc. that I believe
are really important.
On Oct 19, 2:12 pm, duncan.mcgreg...@gmail.com wrote:
> > Any status update would be great.
First of all, what got me started thinking along the "deep",
philosophical lines was the lateness of my reply to Dave. I have a poor
sense of time, but Dave emailed more than two weeks ago. For someone in
need, that's unkind and inconsiderate of me, no matter how busy things
have been.
> > I'm in the process of trying to find a good NetFlow data collection
> > tool and came across CoyoteMonitoring.
> > Everything on the site seems to indicate this is exactly what I
> > want/need.
This is great to hear, but even more so, it's special in this sense:
the CoyoteMonitoring corner of the Internet has addressed a certain
need. Many folks have that same need. That kind dynamic is the classic
one of the village and the blacksmith. The blacksmith can't eat iron,
and the miller can't shoe his horses with ground grain. Mutual benefit
is the kind of thing brings people and groups together, accomplishing
common good.
> Thanks for writing! I've been working with Zenoss and their monitoring
> software (free, open-source). You can check them out here:
> http://zenoss.com/
>
> Lots of people in the community have started asking for NetFlow
> capability, something that I would like to build for them. I would
> encourage you to join the mail list and add your voice to the vote :-)
> I would be thrilled to work on NetFlow again.
If I would be so thrilled to work on NetFlow, howcome I'm not?
I asked myself that all day today. The answer is that there is no good
reason. There are people out there who could really benefit from the
stuff that I have written and the stuff that I am writing in my down
time. Likewise, if I am able to fulfill some need that people in the
community are having, my quality of life has just increase n-fold.
> You may have seen the posts I made to the list about refactoring the
> old code and rewriting the old, 3rd-party perl in modern, efficient
> python (CoyMon3). I've made some good progress, but now it just needs
> sponsorship to continue.
That's a pile of crap. There's no good reason why I can't start doing
this now. There's all kinds of stuff I do in my life that 1) has no
purpose and is a waste of time, or 2) goes unappreciated. If I can bend
some code-iron to the needs of users, then I am both fulfilling a
purpose and will most likely be greeted with appreciation. And let me
tell you, that appreciation is worth more than money.
So, here's the deal: as of right now, I'm working for the village
again. I'm heating the forge up now, and breaking out the tools.
Timeline:
* Within the next month, I will release CoyMon2, free of the
VA-specific code, even though the codebase is not up to my standards
and some of the third-party tools are difficult to work with
* I will do my best to support you all with answers to your CoyMon2
questions
* Within the next 2 months, I will resume work on CoyMon3, given the
interest of users on the list
As for that last bullet, you could really help me out by responding to
this email and letting me know what your Top 2, Top 5 and Top 10
feature requests/wishlists would be.
Time to get to work :-)
d
bigwa...@gmail.com
<--snip-->>
> As for that last bullet, you could really help me out by responding to
> this email and letting me know what your Top 2, Top 5 and Top 10
> feature requests/wishlists would be.
>
Sorry for my delayed response, but for some reason missed this message
until I added the newsfeed.
Unfortunately the NetFlow "world" is new to me, and am still trying to
learn everything about what it can do for me. One aspect that I was
hoping to use it for (possibly incorrectly) was to identify where
traffic bursts were coming from/going to. Ideally there would be a way
to display per IP/host traffic, and a way to identify which ones are
causing more traffic than others. Perhaps even a way to specify a
query of source and destination ip range.
Does this sound reasonable or make sense?
Dave
duncan.m...@gmail.com
On Oct 21, 8:03 pm, "bigwaved...@gmail.com" <bigwaved...@gmail.com>
wrote:
> > As for that last bullet, you could really help me out by responding to
> > this email and letting me know what your Top 2, Top 5 and Top 10
> > feature requests/wishlists would be.Sorry for my delayed response, but for some reason missed this message
> until I added the newsfeed.
>
> Unfortunately the NetFlow "world" is new to me, and am still trying to
> learn everything about what it can do for me.
Ah, yes. Not a problem :-)
> One aspect that I was
> hoping to use it for (possibly incorrectly) was to identify where
> traffic bursts were coming from/going to. Ideally there would be a way
> to display per IP/host traffic, and a way to identify which ones are
> causing more traffic than others.
This information is contained within the NetFlow data, however, CoyMon
was intended for large campus deployments, so the current code focuses
on traffic across routers without providing pre-configured views at the
level of individual hosts.It's been a while since I looked at the UI
code, so I can't make any promises on being able to support
fine-grained views immediately. However, we did start work on that at
one point due to community interest and it shouldn't be too bad to pick
that up again.
At the risk of delving into too much detail, the problem rests between
the managment interface (often on a dedicated box) and the collectors
(usually running on boxes near the routers they are collecting for).
The collectors each have their own configurations for flow-tools,
Cflow, and CUFlow. The CUFlow configuration is what ultimately gives
you the graphical views (RRD) and is what you adjust for your network
and IP settings.This can be very, very tricky, depending on your
network Having CoyMon support the ability to make these adjustments on
the collectors from the management UI can fairly complicated, depending
on implementation.
> Perhaps even a way to specify a
> query of source and destination ip range.
Yes, that is possible now.
> Does this sound reasonable or make sense?
Absolutely -- thanks for sharing!
d
duncan.m...@gmail.com
On Oct 21, 8:03 pm, "bigwaved...@gmail.com" <bigwaved...@gmail.com>
wrote:
> Unfortunately the NetFlow "world" is new to me, and am still trying to
> learn everything about what it can do for me. One aspect that I was
> hoping to use it for (possibly incorrectly) was to identify where
> traffic bursts were coming from/going to. Ideally there would be a way
> to display per IP/host traffic, and a way to identify which ones are
> causing more traffic than others. Perhaps even a way to specify a
> query of source and destination ip range.
>
> Does this sound reasonable or make sense?
Dave,
You might be interested in looking at the "walk-through" here:
http://coyotemonitoring.com/about/screens/rel1/view_images
This does a pretty good job of describing the functionality available
in CoyoteMonitoring as of now. With the top-talkers page, you do get a
break-out by IP address.
d