Hi,
I have some questions regarding on Nagios XI.
Can you answer this for me.
1. Does Nagios XI provide the ability to limit bandwidth used for transmitting event data from remote sites?
2. Does Nagios XI provide the ability to throttle bandwidth (traffic shaping, caching, CBR, scheduling different configurations, etc.)?
3. Does Nagios XI provide the ability to enable advanced security to allow cryptographic modules and Common Access Card (CAC) authentication?
4. Does Nagios XI provide options for log collection high-availability without the need for additional hardware (an example would be a syslog agent, whereby the two agents could be deployed to send events to the same security information manager, offering diverse destinations for every event source)?
5. How much log data is stored locally on disk?
6. Does the solution provide integration with SAN?
7. Does Nagios XI store log data in a highly compressed format?
8. Describe how Nagios XI scale to larger environments considering the increase of additional event sources?
Thank you so much.
Request for Information
Re: Request for Information
Additional questions:
1. Does Nagios XI provide an intuitive reporting interface that can leverage existing reports or the creation of new reports that does not require complex SQL queries
2. Does Nagios XI provide a level of confidence that reporting will continue to work and not have to be modified if a particular technology, such as a Firewall or IDS product, is replaced with a newer product or vendor?
3. Does Nagios XI provide the framework to report on ISO or NIST compliance items that can be mapped directly to any regulatory standard or enterprise security policy?
4. Does Nagios XI provide the ability to profile data for use with baselines and increase the performance of ad-hoc reporting?
5. Does the product provide the ability to import graphics from applications such as Visio and overlay chart objects to provide logical visualization of the enterprise network architecture, business processes or application specific components?
6. Does Nagios XI provide value in assisting in adhering to audit requirements, alerting of non-compliance and providing necessary reports that can be used during an audit?
7. Does Nagios XI provide the ability to monitor and visually display statistics for all dependent components used by business applications from start to end of a transaction?
8. Does Nagios XI includes the ability to monitor latency between components excessive resource usage, errors during process flow and other business logic required to troubleshoot business applications?
9. Does the product provide automatic detection of a 0-day worm outbreak across the enterprise when IDS or Antivirus signatures are unable to detect the incident? Can the system immediately send alerts and automatically start the incident triage and workflow?
10. Is Nagios XI capable of collecting log data from physical access devices such as card readers, biometrics and security cameras and correlate this information with logical network and security devices?
11. Does Nagios XI provide the ability to synchronize with authentication directories to collect information regarding user roles and responsibilities and correlate this data with all user activity?
12. Is Nagios XI able to track user activity and ultimately bind an individual to an action?
13. Does Nagios XI provide the ability to correlate information regarding users that are logged into the domain and their generic or service account usage within the enterprise?
14. Does Nagios XI provide a mechanism whereby in the event of generic account violations, the solution can contain the threat in real-time using quarantine methods such as disabling the user’s switch port, adding filters to firewalls, disabling user accounts, etc?
15. Is Nagios XI able to detect suspicious activity, such as printing large numbers of files outside of business hours, emailing large attachments to personal email accounts, employee communication with competitors or the clearing of system audit logs to cover up malicious activity?
16. Is the product capable of allowing investigators to restore a year’s worth of historical log files to a single appliance and then perform complex pattern searches and reporting against terabytes of data in a short period of time?
17. How much time the entire process from restoring the data to reporting results must take?
18. Is the solution capable of correlating activity between enterprise users and source code repositories?
19. Does the product provide the ability monitor online banking applications, banking infrastructure devices and user transaction activity?
20. Is the solution capable of not only detecting attacks but also provide a mechanism to respond and mitigate the attacks in real-time?
Thank you in advance,
I just need and want to know the answer from these questions, because we have a client that is asking the capabilities of Nagios XI with this question.
I hope that you will be able to help me.
1. Does Nagios XI provide an intuitive reporting interface that can leverage existing reports or the creation of new reports that does not require complex SQL queries
2. Does Nagios XI provide a level of confidence that reporting will continue to work and not have to be modified if a particular technology, such as a Firewall or IDS product, is replaced with a newer product or vendor?
3. Does Nagios XI provide the framework to report on ISO or NIST compliance items that can be mapped directly to any regulatory standard or enterprise security policy?
4. Does Nagios XI provide the ability to profile data for use with baselines and increase the performance of ad-hoc reporting?
5. Does the product provide the ability to import graphics from applications such as Visio and overlay chart objects to provide logical visualization of the enterprise network architecture, business processes or application specific components?
6. Does Nagios XI provide value in assisting in adhering to audit requirements, alerting of non-compliance and providing necessary reports that can be used during an audit?
7. Does Nagios XI provide the ability to monitor and visually display statistics for all dependent components used by business applications from start to end of a transaction?
8. Does Nagios XI includes the ability to monitor latency between components excessive resource usage, errors during process flow and other business logic required to troubleshoot business applications?
9. Does the product provide automatic detection of a 0-day worm outbreak across the enterprise when IDS or Antivirus signatures are unable to detect the incident? Can the system immediately send alerts and automatically start the incident triage and workflow?
10. Is Nagios XI capable of collecting log data from physical access devices such as card readers, biometrics and security cameras and correlate this information with logical network and security devices?
11. Does Nagios XI provide the ability to synchronize with authentication directories to collect information regarding user roles and responsibilities and correlate this data with all user activity?
12. Is Nagios XI able to track user activity and ultimately bind an individual to an action?
13. Does Nagios XI provide the ability to correlate information regarding users that are logged into the domain and their generic or service account usage within the enterprise?
14. Does Nagios XI provide a mechanism whereby in the event of generic account violations, the solution can contain the threat in real-time using quarantine methods such as disabling the user’s switch port, adding filters to firewalls, disabling user accounts, etc?
15. Is Nagios XI able to detect suspicious activity, such as printing large numbers of files outside of business hours, emailing large attachments to personal email accounts, employee communication with competitors or the clearing of system audit logs to cover up malicious activity?
16. Is the product capable of allowing investigators to restore a year’s worth of historical log files to a single appliance and then perform complex pattern searches and reporting against terabytes of data in a short period of time?
17. How much time the entire process from restoring the data to reporting results must take?
18. Is the solution capable of correlating activity between enterprise users and source code repositories?
19. Does the product provide the ability monitor online banking applications, banking infrastructure devices and user transaction activity?
20. Is the solution capable of not only detecting attacks but also provide a mechanism to respond and mitigate the attacks in real-time?
Thank you in advance,
I just need and want to know the answer from these questions, because we have a client that is asking the capabilities of Nagios XI with this question.
I hope that you will be able to help me.
Re: Request for Information
Nagios XI does not directly offer these, however Nagios XI does have the ability to handle events based on check returns, so it is feasible to setup some sort of event handler to handle these situations.1. Does Nagios XI provide the ability to limit bandwidth used for transmitting event data from remote sites?
2. Does Nagios XI provide the ability to throttle bandwidth (traffic shaping, caching, CBR, scheduling different configurations, etc.)?
I've never used a CAC, but Nagios XI does support SSL, if you could elaborate further on this perhaps I can help you further3. Does Nagios XI provide the ability to enable advanced security to allow cryptographic modules and Common Access Card (CAC) authentication?
One can configure multiple Nagios instances, in your case, one Nagios instance could be sending check data to another Nagios instance, both logging the event data. I'm not sure if is what you're asking, let me know if its not.4. Does Nagios XI provide options for log collection high-availability without the need for additional hardware (an example would be a syslog agent, whereby the two agents could be deployed to send events to the same security information manager, offering diverse destinations for every event source)?
The RRDs used for generating performance graphs are stored locally, NagiosXI however has built in MySQL support, so check log data can be stored on a remote MySQL database.5. How much log data is stored locally on disk?
If you have a SAN that you're running a MySQL database, then sure.6. Does the solution provide integration with SAN?
The RRDs are very compressed, the other log data is stored as plain text in the database.7. Does Nagios XI store log data in a highly compressed format?
Nagios XI can scale very well for a couple reasons. You can setup Nagios XI to be the 'master' of a multiple other NagiosXI (or Nagios Core) instances so that these other Nagios instances do the intensive jobs of doing the active checks and then passively push the results of these checks to some master Nagios instance. Or, if they want something bigger they can check out Nagios Fusion, which is designed specifically for instances of large monitoring environments.8. Describe how Nagios XI scale to larger environments considering the increase of additional event sources?
Have you checked out the Reports section? That seems to be what you want, give that a look. No SQL knowledge is required and its quite comprehensive.1. Does Nagios XI provide an intuitive reporting interface that can leverage existing reports or the creation of new reports that does not require complex SQL queries
As long as the fundamentals of TCP/IP are not changing, changing a firewall to a different vendor will not change anything. If you are monitoring that firewall with SNMP however you will need to resetup how you monitoring that particular firewall (as SNMP MIBs and OIDs change per vendor) but you will not have to worry about anything else behind that firewall (provided its a normal firewall.) IDS can be a bit tricky, and I cannot take a stance on those as they very too much from vendor to vendor.2. Does Nagios XI provide a level of confidence that reporting will continue to work and not have to be modified if a particular technology, such as a Firewall or IDS product, is replaced with a newer product or vendor?
Could you elaborate more on these?3. Does Nagios XI provide the framework to report on ISO or NIST compliance items that can be mapped directly to any regulatory standard or enterprise security policy?
Are you talking about SLA? If so then yes.4. Does Nagios XI provide the ability to profile data for use with baselines and increase the performance of ad-hoc reporting?
Yes, NagVis, HyperMap, Network Status Map, these are all great tools for what you describe.5. Does the product provide the ability to import graphics from applications such as Visio and overlay chart objects to provide logical visualization of the enterprise network architecture, business processes or application specific components?
Yes, once again I highly suggest you take a close look at the reports section, both the Current and Legacy reports. They are very comprehensive.6. Does Nagios XI provide value in assisting in adhering to audit requirements, alerting of non-compliance and providing necessary reports that can be used during an audit?
There is a addon called BPI that allows grouping of processes that constitute a product. From there you check how each process is doing and drill down tot see the graphs of each service and their status. Its a very handy addon that sounds like what you're asking for:7. Does Nagios XI provide the ability to monitor and visually display statistics for all dependent components used by business applications from start to end of a transaction?
http://assets.nagios.com/downloads/exch ... os_BPI.pdf
Again, look at BPI.8. Does Nagios XI includes the ability to monitor latency between components excessive resource usage, errors during process flow and other business logic required to troubleshoot business applications?
This is note innately coded into Nagios XI, because lets be frank, if you're dedicated hardware IDS does not pick it up, thats its job. However, if you did have some sort of method to pick such incidents up, some sort of condition that was always true when it happened, the extensibility of Nagios allows once to write a check command to check for that condition. So in a way yes, but nothing is built in for that very purpose.9. Does the product provide automatic detection of a 0-day worm outbreak across the enterprise when IDS or Antivirus signatures are unable to detect the incident? Can the system immediately send alerts and automatically start the incident triage and workflow?
I'm not really sure what you asking here. But if the object has an IP address, Nagios can monitor it and glean information from it.10. Is Nagios XI capable of collecting log data from physical access devices such as card readers, biometrics and security cameras and correlate this information with logical network and security devices?
This is a very open ended question, which I can only answer with Nagios is very open ended as well and can do pretty much anything as long as there is a plugin written to do just that.11. Does Nagios XI provide the ability to synchronize with authentication directories to collect information regarding user roles and responsibilities and correlate this data with all user activity?
I'm assuming you mean track user activity inside NagiosXI. And there is a logger when objects are edited inside the Core Config Manager. However, everybody will need separate accounts for that too work.12. Is Nagios XI able to track user activity and ultimately bind an individual to an action?
Not at this time.13. Does Nagios XI provide the ability to correlate information regarding users that are logged into the domain and their generic or service account usage within the enterprise?
It is feasible to reason that one could setup nagios to monitor users logged into a system. It would take some doing to monitor what they were doing inside that system, but it is also possible to setup an event handler to trigger certain actions given certain conditions.14. Does Nagios XI provide a mechanism whereby in the event of generic account violations, the solution can contain the threat in real-time using quarantine methods such as disabling the user’s switch port, adding filters to firewalls, disabling user accounts, etc?
There is nothing built into Nagios XI for this, but once again, there is always the possibility of writing a simple check command for it.15. Is Nagios XI able to detect suspicious activity, such as printing large numbers of files outside of business hours, emailing large attachments to personal email accounts, employee communication with competitors or the clearing of system audit logs to cover up malicious activity?
With proper backup methods of course. Doing SQL dumps, properly tarring folders. Its all up to how you organize your backups.16. Is the product capable of allowing investigators to restore a year’s worth of historical log files to a single appliance and then perform complex pattern searches and reporting against terabytes of data in a short period of time?
However long it would take to restart a MySQL database, which is largely hardware dependent. As long as you do (daily? weekly? ,monthly? yearly?) database dumps, all it would require is a mysql -u root -p nagios < mysqlbackup.sql to restore an old SQL file for analyzing.17. How much time the entire process from restoring the data to reporting results must take?
I don't understand this question.18. Is the solution capable of correlating activity between enterprise users and source code repositories?
I don't know what specific applications this bank is using, but NagiosXI does have comprehensive database, web transaction and network monitoring solutions so I would say I would be surprised if they would not find a solution for their needs.19. Does the product provide the ability monitor online banking applications, banking infrastructure devices and user transaction activity?
Once again, there are event handlers that are designed for this exact situation.20. Is the solution capable of not only detecting attacks but also provide a mechanism to respond and mitigate the attacks in real-time?
http://assets.nagios.com/downloads/nagi ... ndlers.pdf
I <i>strongly</i> encourage your client to download the <i>free</i> demo of Nagios XI to test it as they seem to have some very specific needs and they will only be able to see if it fits if they try it out.
Nicholas Scott
Former Nagios employee
Former Nagios employee
Re: Request for Information
Thank you so much sir. This will help us to answer our client.
Re: Request for Information
Good Day Sir,
when it comes to:
Log Management, Storage, and Retention
1. Is the log management system an appliance-based?
2. Is the product capable of providing an autonomous log management platform without the need for correlation or a management server?
3. Describe this product’s performance in terms of handling peak event rates.
4. How does this product handle a fail-over without stopping real-time analysis of data?
5. Does the log management system capable of indexing terabytes of normalized log data and provide performance in both indexed and table scans that exceeds search results of 1 million records a second.
6. Does the log management system capable of providing logical segregation of log data that can be viewed by different teams (various operating teams can only see “their” device event data but no other event data beyond that, which provides separation of duties)?
7. Does the log management system provide the ability to create multiple policies for automated retention and disposal of log data?
8. Does the log management system provide audit quality integrity mechanisms?
9. Does the log management system provide a simple, intuitive search interface usable by different users with varying skill sets?
10. Does the log management system search interface provide the ability to drilldown on output data?
11. Does the log management system search interface provide support for simple Boolean-style search patterns as well as complex regular expressions?
12. Does the log management system search performance capable of searching through millions of structured (indexed) log messages in less than a minute?
13. Does the log management system search interface provide the option to allow combined search queries using a combination of methods?
14. Does the log management system search interface provide the option to search for any element in a log message such as strings (i.e. Microsoft) or integers (i.e. IP Address) and provide the ability to perform Regular Expression wildcard boundary matches (i.e. \d{1-3}\.\d{1-3}\.\d{1-3}\.\d{1-3})?
15. Does the log management system search interface provide the ability to combine Boolean search operators (i.e: “ANDs” and “ORs” and “NOTs”) into a single search expression?
16. Does the log management system search interface provide the option to search across time ranges using either a custom time (date / time start, end) or dynamic time variables ($Now – 2h)?
17. Is the log management system capable of generating alerts based on filter pattern matches for operational health monitoring?
Thank you
when it comes to:
Log Management, Storage, and Retention
1. Is the log management system an appliance-based?
2. Is the product capable of providing an autonomous log management platform without the need for correlation or a management server?
3. Describe this product’s performance in terms of handling peak event rates.
4. How does this product handle a fail-over without stopping real-time analysis of data?
5. Does the log management system capable of indexing terabytes of normalized log data and provide performance in both indexed and table scans that exceeds search results of 1 million records a second.
6. Does the log management system capable of providing logical segregation of log data that can be viewed by different teams (various operating teams can only see “their” device event data but no other event data beyond that, which provides separation of duties)?
7. Does the log management system provide the ability to create multiple policies for automated retention and disposal of log data?
8. Does the log management system provide audit quality integrity mechanisms?
9. Does the log management system provide a simple, intuitive search interface usable by different users with varying skill sets?
10. Does the log management system search interface provide the ability to drilldown on output data?
11. Does the log management system search interface provide support for simple Boolean-style search patterns as well as complex regular expressions?
12. Does the log management system search performance capable of searching through millions of structured (indexed) log messages in less than a minute?
13. Does the log management system search interface provide the option to allow combined search queries using a combination of methods?
14. Does the log management system search interface provide the option to search for any element in a log message such as strings (i.e. Microsoft) or integers (i.e. IP Address) and provide the ability to perform Regular Expression wildcard boundary matches (i.e. \d{1-3}\.\d{1-3}\.\d{1-3}\.\d{1-3})?
15. Does the log management system search interface provide the ability to combine Boolean search operators (i.e: “ANDs” and “ORs” and “NOTs”) into a single search expression?
16. Does the log management system search interface provide the option to search across time ranges using either a custom time (date / time start, end) or dynamic time variables ($Now – 2h)?
17. Is the log management system capable of generating alerts based on filter pattern matches for operational health monitoring?
Thank you
Re: Request for Information
jbmaliwat,
Perhaps I mispoke, nagios has the capability to monitor some logs, but it is certainly not a central feature to Nagios. There are are a few plugins, such as this one for Windows Event Logs,
http://exchange.nagios.org/directory/Ad ... on/details
But if they are looking for a dedicated log monitoring solution, they will have to create their own Nagios plugins to do so.
Perhaps I mispoke, nagios has the capability to monitor some logs, but it is certainly not a central feature to Nagios. There are are a few plugins, such as this one for Windows Event Logs,
http://exchange.nagios.org/directory/Ad ... on/details
But if they are looking for a dedicated log monitoring solution, they will have to create their own Nagios plugins to do so.
Nicholas Scott
Former Nagios employee
Former Nagios employee