X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=website%2Frrdworld%2Fourmon.xml;fp=website%2Frrdworld%2Fourmon.xml;h=6a01cd9cdce6face43e508ff08f54b306beaea85;hb=d1e370000219d7f46144fcda05ff6884da89042f;hp=0000000000000000000000000000000000000000;hpb=ea3ebe6e517f024dd6c2a36898082ae4855becf7;p=rrdtool-all.git diff --git a/website/rrdworld/ourmon.xml b/website/rrdworld/ourmon.xml new file mode 100644 index 00000000..6a01cd9c --- /dev/null +++ b/website/rrdworld/ourmon.xml @@ -0,0 +1,31 @@ + + + Ourmon Networm Monitoring and Anomaly Detection System + Jim Binkley + +Ourmon is a statistically oriented open-source network monitoring and +anomaly detection system. It may be regarded as an open source +equivalent of SNMP RMON II. It is based on promiscuous mode packet +collection on Ethernet (typically) interfaces. Ourmon does not collect +all the packets because one principle design goal is to extract signal +from noise, and not store all the noise in a giant bag under the +assumption that you can look at it "later" (there is no later). +Instead it attempts to find important data and summarize it. Data +is displayed on the web via pictures or reports. Features include +RRDTOOL graphs built from user-defined BPF expressions, topn flow +lists, topn ports, topn synning IP hosts, top UDP error makers, top +scanners, and IRC channels and hosts. Ourmon's anomaly detection +features include TCP and UDP anomalous hosts, IRC "evil" networks +(botnets) and a lovely graph that displays the number of remote and +local scanners. TCP data also includes information about P2P using +hosts, and soon will allow traffic classification via user-suppled +PCRE pattern tags. + + http://ourmon.sourceforge.net + 2006 3 + BSD + + http://ourmon.cat.pdx.edu/ourmon + jrb@cs.pdx.edu + +