Another post in the records for the tech blog, this time all about opensource network monitoring with LibreNMS!

    • StarkZarnOP
      link
      fedilink
      English
      220 days ago

      Absolutely! I’d happily take any comments you have from running it in an enterprise setting, if you care to share.

  • slazer2au
    link
    fedilink
    English
    5
    edit-2
    19 days ago

    I only have one issue with the post.

    The conclusion says use long random SNMP community strings.

    Ideally you should be using SNMPv3 because snmp1/2/2c are all clear text.

    Apart from that, nice article

    • StarkZarnOP
      link
      fedilink
      English
      719 days ago

      You are absolutely correct, thank you. Sadly a bunch of devices still don’t support it, even in 2025 (like my microtik switch) for example. I will absolutely add a note about that though, thank you!

      • StarkZarnOP
        link
        fedilink
        English
        519 days ago

        Updated the post to reflect your feedback here. Thank you!

      • slazer2au
        link
        fedilink
        English
        119 days ago

        Really? SNMPv3 was ratified in 1998. How does anyone take them seriously without it?

        • StarkZarnOP
          link
          fedilink
          English
          619 days ago

          And IPv6 was codified in RFCs and first addresses issued in 1999 but look where we are now. I’d bet your corporate network doesn’t use IPv6 still. It’s unfortunate, but sometimes the wheels of change are slow.

          • slazer2au
            link
            fedilink
            English
            219 days ago

            My home, work, and mobile networks are all dual stacked.

            This is a difference in kind. IPv4 live was extended with Nat and cgnat, but nothing equivalent came for snmp.

            • StarkZarnOP
              link
              fedilink
              English
              619 days ago

              Hey good for you, that’s awesome! My home network is also dual stacked.

              You’re right about the apples to oranges comparison, but it’s not so wildly off, because the commentary is on adoption of new standards, regardless of bolt-on “fixes.” Unauthenticated SNMP went through three revisions prior to adding authentication and encryption support.

  • Harold
    link
    fedilink
    English
    320 days ago

    @StarkZarn@infosec.pub have you heard of NixOS? If you’d become a contributor with these bitesized posts that you’re doing you’d be increasing the repeatability of your work immensely.

    No pressure. Just doing some evangelization 🙂

    • StarkZarnOP
      link
      fedilink
      English
      319 days ago

      I absolutely have and used it for a while before landing on opensuse microos primarily. I absolutely see the benefit and enjoyed the git-centric nature, keeping flakes in repos with a flavor for each machine. What I didn’t enjoy, however, was the seemingly poor documentation. Quite frankly too, the drama surrounding the community doesn’t inspire confidence either. I decided I ought to try out guix but haven’t gotten to it yet. I do actually still have one nixos VM that hosts some services for me and is built entirely on the concept of the impermanence flake. That was pretty cool.

    • Possibly linux
      link
      fedilink
      English
      119 days ago

      Nix OS is way more pain than it is worth for me.

      There are plenty of alternatives that are much simpler. I prefer just a Debian install managed with tools like Ansible and pyinfra

    • StarkZarnOP
      link
      fedilink
      English
      519 days ago

      Nagios is a premium offering. They have some open source components, but the software model is absolutely not built around the spirit of GPL.

      Zabbix is the obvious alternative in my mind, and it is AGPLv3, so absolutely in the same spirit as the LibreNMS license. It’s a slightly different tool though, and less network-specific. Having used both, I prefer LibreNMS for specifically network monitoring, it’s laid out to cater more to an ISP-type entity running it, and I like that. Zabbix still gets my wholehearted stamp of approval though.

    • StarkZarnOP
      link
      fedilink
      English
      219 days ago

      Excellent! Let me know if there are specific things you’d like to hear about.