Sensor alert monitor for the AMPT passive network tools monitor
Sensor alert reader for the AMPT passive network tools monitor.
AMPT is a practical framework designed to aid those who operate network IDS
sensors and similar passive security monitoring systems. A tailored approach
is needed to actively monitor the health and functionality of devices that
provide a service based on capturing and inspecting network traffic. AMPT
supports these types of systems by allowing operators to validate traffic
visibility and event logging on monitored network segments. Examples of
systems that can benefit from this type of monitoring are:
See AMPT for more information on the AMPT framework and the problems
it solves.
ampt-monitor functions as a healthcheck event reporting component in the
AMPT framework. It runs on network sensors or other hosts that have access to
event logs for monitored network segments and reports healthcheck alerts to
the AMPT manager. It is implemented in Python and is simple to deploy.
ampt-monitor is modular. The core monitor provides basic runtime
functionality, communication with the AMPT manager, and configuration
handling. Plugins read alert logs or related data for a given sensor
technology to extract AMPT healthcheck probe alerts.
ampt-monitor plugins can be found in the nids.io repositories under the
ampt-monitor-plugin topic.
Currently available plugins from the nids-io project:
This repository carries the ampt-monitor core. This package as well as one
or more monitor plugins should be installed.
See the Wiki for further documentation.
Other AMPT components include: