What's your take on monitoring multi-vendor networks? Consolidate everything to single software, pipe everything from vendor's different tools to single software or just have them all running and send emails?
We have few different vendors, and for example we have Cisco and Aruba in the wireless. I guess we can't really get rid of Prime or Aruba's Airwave/MM stuff as they're used to manage the networks also and not just monitor. Also they of course have lot's of pre-built stuff to analyze their own devices, so leveraging that would be great. Meaning that Prime/Airwave can probably do a lot better analysis of the wireless network that for example Solarwinds could do if we sent logs there.
However running multiple different monitoring systems is complex and you're never really sure if everything is monitored similarly on the Cisco side as it's on Aruba side. Or how the other vendors are monitored...
Airwave, Prime or IMC aren't that good for polling constantly the interface usage or monitorings syslogs, so we'd need an AKiPS/LibreNMS installation and maybe some sort of SIEM or Graylog too, so more softwares to the mix. And let's throw in a Zabbix to consolidate all the alarms (but not the logs) :)
I'm wondering if it would make sense to have the vendor stuff for their gear, and figure out if Prime or Airwave is better for those other vendors (to get the basic ping etc monitoring going too). Then configure LibreNMS to just poll interface usage and error info, nothing else. And then glue everything together with FortiSIEM (which can also take configuration backups from the devices). FortiSIEM could also do PING/SNMP monitoring but not really sure if it's the right tool to use as NMS. Maybe we could even save some money on the SIEM licensing as it would be something like 160 EUR per device perpetual with 5y support if we just send logs from Airwave and Prime to the SIEM
Any ideas or thoughts? Thanks!
No comments:
Post a Comment