Network Services - Network Monitoring Servers Flashcards
Syslog
Enables different appliances and software applications to transmit logs to a centralized server. It’s the defacto standard for logging events. It contains a PRI code, Header, and message.
Old Syslog
Relied on UDP
Lacked security controls
New Syslog
Uses TCP
Uses TLS (Transport Layer Security)
Uses MD5 and SHA1
syslog-ng/rsyslog
newer versions of syslog
Simple Network Management Protocol (SNMP)
TCP/IP protocol that aids in monitoring network-attached devices and computers. Broken down into 3 components
SNMP - Managed Devices
Computers and other network-attached devices monitored through the use of agents by a network management system
SNMP - Agents
Software that is loaded on a managed device to redirect information to the network management system
SNMP - Network management System (NMS)
Software running on one or more servers to control the monitoring of network-attached devices and computers
In-band
Management data is sent over the same network that carries your corporate information and normal data
out-of-band
Secondary network where all the management occurs. Has a primary in band network where all the data that the user is gonna get occurs. Management should be conducted on an out-of-band network to increase security