Need for Linux !
Any Network Engineer’s toolbox has one thing in common; a version of linux running. Either a Fedora client or Ubuntu or Solaris, you need one machine with a hard coded ipaddress running syslog, tftp server, snmp poller and snort.
First of all, I am not going to address the obvious. Terminal program or ,in the case of Solaris tip, is one program that you need to start configuring your devices. But, since all of distributions of Linux comes with one, this is hardly anything new.
But, other services are something that must be running all the time. Let me explain.
The syslogd or syslog daemon collects all the syslog info and you can parse it. In case of Cisco Works 2000, you have a built in syslog server parsing for specific message types. But, since you might have multi vendor devices, having a central syslog server is a must. You just have to define on your device the address of your syslog server.
tftp daemon is for your device config backup and IOS image upgrade. I tried Windows tftp servers, but the most reliable tftp server is Linux tftp daemon. It is a godsend as a backup image location when routers are booting.
Snmp poller like mrtg, is a great way to keep your eye on the ‘reach-ability’ of devices. It is not a fool proof way of monitoring, but, it beats icmp pings.
Lastly, you must have all of your backbone traffic spanned to a port and have your snort parse it out. It has a signature database you can modify easily to fit your need. It is not a central database of your packets. It is merely a snap shot parsing of your network to find out if there are any breakouts. It is an early warning system that must be deployed.
If you don’t have any of these, download a copy of Fedora or Ubuntu right now. Install and configure above services and start acting like a Network Engineer.