[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: MRTG

To: Gunnar Wolf <gwolf@campus.iztacala.unam.mx>
Subject: Re: MRTG
From: Mike Ayers <mike.ayers@earthling.net>
Date: Wed, 26 Sep 2001 19:42:18 -0700
Cc: andre@qweb.com.br, misc@openbsd.com
References: <Pine.BSO.4.33.0109260959330.944-100000@campus.iztacala.unam.mx>

Gunnar Wolf wrote:
> 
> I strongly suggest you NOT to use SNMP - It is a VERY insecure protocol.
> Use instead MRTG's operation mode where it connects to a specific TCP port
> and expects only two quantities... This allows you to use MRTG to monitor
> not only bandwith usage, but also other many factors, such as CPU/RAM/disk
> usage.

	Note that SNMP can be made reasonably[1] secure by using only SNMPv3 in
authPriv mode.  This can be done by appropriate VACM/USM configuration. 
There is, however, a bit of a learning curve.  Net-snmp (formerly
ucd-snmp) has a few tools to ease the pain, is recommended, and is in
the packages list.


/|/|ike

[1]  AES, wherefore art thou?  The IETF muckety-mucks are having trouble
figuring out who will be responsible for algorithm updates for SNMP, so
at present only HMAC-MD5 and HMAC-SHA are available for authentication,
and only CBC-DES for encryption.

References:
- Re: MRTG
  - From: Gunnar Wolf <gwolf@campus.iztacala.unam.mx>

Prev by Date: proc filesystem output hosed.?.?.
Next by Date: Reklam #0002 - A.B.D. Çeţitlilik Göçmen Vizesi (DV-2003)
Prev by thread: Re: MRTG
Next by thread: Re: MRTG
Index(es):
- Date
- Thread