ZABBIX is an enterprise-class distributed monitoring solution designed to monitor and track performance and availability of network servers, devices, and other IT resources. It supports distributed and Web-based monitoring, auto-discovery, real-time monitoring, SLA assurance, trending, and more.
Snort is a network intrusion detection and prevention system. It is the most widely deployed technology of its kind in the world. It performs detection using a variety of methods including rules-based detection, anomaly detection, and heuristic analysis of network traffic. Its rules language is open source and available to the public as well.
pmacct is a small set of passive network monitoring tools to account, filter, classify, aggregate, and export IPv4 and IPv6 traffic. A pluggable and flexible architecture allows storing collected network data in memory tables, RDBMSs (MySQL, SQLite, PostgreSQL, BDB), and flat files, and also export via IPFIX, NetFlow, or sFlow protocols to remote collectors. pmacct features fully customizable historical data breakdown, sampling, BGP correlation, tagging, and triggers. Libpcap, ULOG, sFlow v2/v4/v5, NetFlow v1/v5/v7/v8/v9, and IPFIX are supported data capturing methods.
OpenNMS is the first enterprise-grade network management platform developed using the open source model. The three main functional areas of OpenNMS are service polling, which monitors services on the network and reports on their "service level"; data collection from the remote systems via SNMP in order to measure the performance of the network; and a system for event management and notifications.
The NET-SNMP (formerly UCD-SNMP) package contains various tools relating to the Simple Network Management Protocol including an extensible agent, an SNMP library, tools to request or set information from SNMP agents, tools to generate and handle SNMP traps, a version of the unix 'netstat' command using SNMP and a Tk/perl mib browser. It was originally based on the Carnegie Mellon University SNMP implementation (version 22.214.171.124), but has been greatly enhanced, ported and fixed and barely resembles the original package anymore.
Monit is a utility for managing and monitoring processes, programs, files, directories, and devices on a Unix system. It conducts automatic maintenance and repair and can execute meaningful causal actions in error situations. It can be used to monitor files, directories, and devices for changes, such as timestamps changes, checksum changes, or size changes. It is controlled via an easy to configure control file based on a free-format, token-oriented syntax. It logs to syslog or to its own log file and notifies users about error conditions via customizable alert messages. It can perform various TCP/IP network checks, protocol checks, and can utilize SSL for such checks. It provides an HTTP(S) interface for access.
GKrellM is a GTK-based stacked monitor program that charts SMP CPUs, disks, load, active net interfaces, and internet connections. There are also builtin monitors for memory and swap, file systems with mount/umount feature, mailbox checking including POP3 and IMAP, clock/calendar, laptop battery, sensors (temperatures, voltages, and fans), and uptime. It has LEDs for the net monitors and an on/off button and online timer for PPP. There is a GUI popup for configuration, plugin extensions can be installed, and many themes are available. It also features a client/server monitoring capability.
MoSShE (MOnitoring in Simple SHell Environment) is a simple, lightweight (both in size and system requirements) server monitoring package designed for secure and in-depth monitoring of a handful of typical/critical Internet systems. It supports email alerts and SLA monitoring out of the box, and whatever you can script. The system is programmed in plain (Bourne) SH, and made to be compatible with BASH and Busybox so it can easily be deployed on embedded systems. Monitoring is designed to be distributed over multiple systems, usually running locally. As no parameters are accepted from the outside, checks cannot be tampered or misused from outside. The system is designed to allow decentralized checks and evaluation as well as classical agent-based checks with centralized data accumulation. Agent data is transferred via HTTP, so available Web servers can be co-used for agent data transfer. Each agent creates simple (static) HTML pages with full and condensed status reports on each system, allowing simple local checks.
ntopmg is a network probe that shows network usage in a way similar to what top does for processes. It acts as a Web server, creating an HTML dump of the network status. It sports a flow collector, an HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics. Its C++ core can be scripted in Lua, for changing the appearance and extending functionality.