Blogging from USENIX 2005
I flew from my home in northern Virginia to Anaheim, CA this morning to attend part of USENIX 2005. I managed to join Practical System and Network Monitoring by John Sellens of Syonex. I looked forward to this talk because I typically do not deal with the network performance side of monitoring.
John had to rush the end of his talk because he spent too much time discussing network monitoring projects that he did not recommend or didn't like. I still found his content useful, and I expect his talk tomorrow on System and Network Monitoring: Tools in Depth to be rewarding. Probably the most important lesson from his talk was the need to try out Nagios. I also started thinking about interesting ways to use Net-SNMP to retrieve information from systems running SNMP agents.
John explained that no one has written a definitive text on network performance monitoring. Perhaps I will tackle that subject in the future, or will integrate the key theories, tools, and techniques into a future edition of one of my existing book lines?
Finally, in the spirit of Aaron Higbee's recent Secureme blog rant on conference attendees, I offer this thought. What's the deal with people who attend conferences, especially day-long tutorial sessions, but never look up from their laptop? I bet 1/4 to 1/3 of the people in my session spent more than half their time staring at the LCD screens while John spoke. I guess these attendees don't care to concentrate on the speaker's message when the attendees aren't paying for the privilege of being in a class. Alternatively, if you already know the material, why sit through the class at all?
If you're attending USENIX too, stop by my Thursday class Network Security Monitoring with Open Source Tools. I think I'll also be signing copies of my book on Thursday during class breaks or lunch.
John had to rush the end of his talk because he spent too much time discussing network monitoring projects that he did not recommend or didn't like. I still found his content useful, and I expect his talk tomorrow on System and Network Monitoring: Tools in Depth to be rewarding. Probably the most important lesson from his talk was the need to try out Nagios. I also started thinking about interesting ways to use Net-SNMP to retrieve information from systems running SNMP agents.
John explained that no one has written a definitive text on network performance monitoring. Perhaps I will tackle that subject in the future, or will integrate the key theories, tools, and techniques into a future edition of one of my existing book lines?
Finally, in the spirit of Aaron Higbee's recent Secureme blog rant on conference attendees, I offer this thought. What's the deal with people who attend conferences, especially day-long tutorial sessions, but never look up from their laptop? I bet 1/4 to 1/3 of the people in my session spent more than half their time staring at the LCD screens while John spoke. I guess these attendees don't care to concentrate on the speaker's message when the attendees aren't paying for the privilege of being in a class. Alternatively, if you already know the material, why sit through the class at all?
If you're attending USENIX too, stop by my Thursday class Network Security Monitoring with Open Source Tools. I think I'll also be signing copies of my book on Thursday during class breaks or lunch.
Comments
Also unlike Nagios, you don't have to write plug-ins to check items and exit with a certain code. You simply tell Zabbix to run a command on a remote host, such as:
vmstat | awk '{ print $9 }' | tail -1
.. and then in the web interface define what numbers should trigger certain events.
Zabbix is fairly new, and honestly, only the 1.1 alpha's are really worth it, but it's something to keep an eye on in the next 6-12 months. I've migrated my network from Nagios to it so I wouldn't have to setup mrtg/cricket on all of the hosts to gather trend data.
Another thing that gets me is the guys (and yes, it's always been guys, women don't seem to do this...) who huddle around a laptop and chatter away while you're presenting, and then ask, "what happens if...?" My stock response is something along the lines of, "why don't you try it and then share your results with us?" After all, you've got a system right there to try it on!
I agree with you, though...why sit in on a presentation if you already know the info, and all you're interested in doing is checking your email/IM?
H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
jsyn