Sensor alert reader for the AMPT passive network tools monitor.
AMPT is a practical framework designed to aid those who operate network IDS sensors and similar passive security monitoring systems. A tailored approach is needed to actively monitor the health and functionality of devices that provide a service based on capturing and inspecting network traffic. AMPT supports these types of systems by allowing operators to validate traffic visibility and event logging on monitored network segments. Examples of systems that can benefit from this type of monitoring are:
See AMPT for more information on the AMPT framework and the problems it solves.
ampt-monitor functions as a healthcheck event reporting component in the AMPT framework. It runs on network sensors or other hosts that have access to event logs for monitored network segments and reports healthcheck alerts to the AMPT manager. It is implemented in Python and is simple to deploy.
ampt-monitor is modular. The core monitor provides basic runtime functionality, communication with the AMPT manager, and configuration handling. Plugins read alert logs or related data for a given sensor technology to extract AMPT healthcheck probe alerts.
ampt-monitor plugins can be found in the nids.io repositories under the ampt-monitor-plugin topic.
Currently available plugins from the nids-io project:
This repository carries the ampt-monitor
core. This package as well as one
or more monitor plugins should be installed.
See the Wiki for further documentation.
Other AMPT components include:
- ampt-manager - Management service for the AMPT passive network tools monitor
- ampt-generator - Healthcheck packet generator for the AMPT passive network tools monitor