Managing a Darknet
Managing a Darknet shouldn't be an arduous task. There is the usual health checking of both the router and the Darknet server. We recommend using SNMP on both to monitor interface usage. It is unlikely to ever be zero bps or pps. We also strongly recommend monitoring the processes on the Darknet server, to include cron, syslog, Argus, and tcpdump. Keep a close eye on the disk space on the Darknet server, as that can fill up rapidly during periods of high network stress.
Tools such as rancid, netsnmp, and Big Brother can be of great use here. Any tool should integrate with your existing network management and monitoring, of course.
We recommend rotating the created logfiles, as they can become quite large. tcpdump can be told to rotate the log file when it reaches a set size with the -C flag. This example rotates the file and names it "darkdumpN" (where N is an incrementing number) when it reaches 150MB in size.