Ive been looking at monitoring for a while. My org didnt have any before i came other than 'whered my yahoo go'. It appears that most packages out there focus on negative monitoring (ie, this service/host was up and now its not). This seems like a valid first step, but what can you look at past that for positive monitoring (ie that port wasnt up, and now it is, or hey look thats a new DHCP host)? I suppose its possible to have a declaration for every single port/network address in nagios, but that seems cumbersome.
Does anyone know of a better tool for monitoring ports/hosts for affirmatively down?
Best Answer
We use nmap for this. We have a simple script wrapping nmap that scans our entire network and stores the XML output. The next night it runs again and compares the output. If any new hosts or ports show up, an email is sent to the admin staff.
The just-released Nmap 5.0 includes a utility for just this purpose called Ndiff.