Monitor Your Network the GPL Way with LibreNMS
(roguesecurity.dev)
from starkzarn@infosec.pub to selfhosted@lemmy.world on 13 May 23:57
https://infosec.pub/post/28196930
from starkzarn@infosec.pub to selfhosted@lemmy.world on 13 May 23:57
https://infosec.pub/post/28196930
Another post in the records for the tech blog, this time all about opensource network monitoring with LibreNMS!
threaded - newest
Works in a enterprise setting as well
Absolutely! I’d happily take any comments you have from running it in an enterprise setting, if you care to share.
My college system is working on implementing it as our network monitoring utility, so far so good
Thanks! Adding to my list to check out. Grabbed the RSS feed for your blog as well!
Excellent! Let me know if there are specific things you’d like to hear about.
@StarkZarn@infosec.pub have you heard of NixOS? If you’d become a contributor with these bitesized posts that you’re doing you’d be increasing the repeatability of your work immensely.
No pressure. Just doing some evangelization 🙂
I absolutely have and used it for a while before landing on opensuse microos primarily. I absolutely see the benefit and enjoyed the git-centric nature, keeping flakes in repos with a flavor for each machine. What I didn’t enjoy, however, was the seemingly poor documentation. Quite frankly too, the drama surrounding the community doesn’t inspire confidence either. I decided I ought to try out guix but haven’t gotten to it yet. I do actually still have one nixos VM that hosts some services for me and is built entirely on the concept of the impermanence flake. That was pretty cool.
Nix OS is way more pain than it is worth for me.
There are plenty of alternatives that are much simpler. I prefer just a Debian install managed with tools like Ansible and pyinfra
I only have one issue with the post.
The conclusion says use long random SNMP community strings.
Ideally you should be using SNMPv3 because snmp1/2/2c are all clear text.
Apart from that, nice article
You are absolutely correct, thank you. Sadly a bunch of devices still don’t support it, even in 2025 (like my microtik switch) for example. I will absolutely add a note about that though, thank you!
Updated the post to reflect your feedback here. Thank you!
Really? SNMPv3 was ratified in 1998. How does anyone take them seriously without it?
And IPv6 was codified in RFCs and first addresses issued in 1999 but look where we are now. I’d bet your corporate network doesn’t use IPv6 still. It’s unfortunate, but sometimes the wheels of change are slow.
My home, work, and mobile networks are all dual stacked.
This is a difference in kind. IPv4 live was extended with Nat and cgnat, but nothing equivalent came for snmp.
Hey good for you, that’s awesome! My home network is also dual stacked.
You’re right about the apples to oranges comparison, but it’s not so wildly off, because the commentary is on adoption of new standards, regardless of bolt-on “fixes.” Unauthenticated SNMP went through three revisions prior to adding authentication and encryption support.
Isnt nagios and a dozen others also GPL?
Nagios is a premium offering. They have some open source components, but the software model is absolutely not built around the spirit of GPL.
Zabbix is the obvious alternative in my mind, and it is AGPLv3, so absolutely in the same spirit as the LibreNMS license. It’s a slightly different tool though, and less network-specific. Having used both, I prefer LibreNMS for specifically network monitoring, it’s laid out to cater more to an ISP-type entity running it, and I like that. Zabbix still gets my wholehearted stamp of approval though.