Full-stack open-source NMS built by engineers who manage real ASNs. TACACS+, SNMP, config backup, firewall management, and unified observability — one platform, zero vendor lock-in.
Built from the ground up for real-world network operations — not a checkbox SaaS product.
Full SNMPv3 AuthPriv support with SHA/AES. Poll CPU, memory, interfaces, errors, and custom OIDs from Cisco IOS, ASA, NX-OS, and more.
SHA · AES · MIB-IIFull TACACS+ management UI backed by tac_plus. Per-user privilege levels, command authorization, and per-session audit trails with AD/LDAP integration.
tac_plus · AD · Priv 15Automated config archival via Oxidized. Every change committed to Git with full diff viewer, rollback capability, and per-device history timeline.
Oxidized · Git · DiffVisual rule management for the NMS server's UFW firewall. Add, remove, and audit ingress/egress rules without touching the CLI.
UFW · iptables · PolicyReal-time intrusion detection dashboard. View active jails, banned IPs, ban/unban actions, and brute-force attempt timelines by source IP and service.
SSH · NGINX · TACACSFull Grafana Unified Alerting integration. Configure threshold alerts, SMTP/webhook notifications, silence windows, and alert routing — all from the portal UI.
Prometheus · Loki · PDCentralized syslog collection from all Cisco devices via rsyslog + Loki. Full-text search, filter by severity, device, facility. All correlated in Grafana.
rsyslog · Loki · SearchDeploy the full platform under your own brand. No 5NinesNet references. Complete theming, custom logos, customer-isolated tenants, and security transparency docs.
OEM · Multi-tenant · CustomCustomer-deployable packet capture and audit export. Prove to your clients exactly what data the NMS touches — a key differentiator over closed-source competitors.
PCAP · SBOM · SOC2-readyGrafana-powered panels fed by Prometheus, Loki, and SNMP Exporter. Real device data from your actual environment.
| Jail | Banned | Attempts 1h | Status |
|---|---|---|---|
| sshd | 11 | 243 | ● Active |
| nginx-http-auth | 2 | 18 | ● Active |
| tacacs-auth | 1 | 4 | ● Active |
| ft | priv 15 | 142 auth | RT-EG-01-A, SW-01-A, ASA |
| rmartinez | priv 7 | 98 auth | SW-01-A |
| achen | read-only | 39 auth | RT-EG-01-A |
| unknown | — | 5 fail | ASA-EG-01 |
Clone from GitHub. Edit a single config file with your device IPs, SNMP credentials, and SMTP settings.
git clone …One script installs all dependencies — FastAPI, Prometheus, Grafana, Loki, tac_plus, Oxidized, nginx, Fail2Ban, UFW.
./bootstrap.shAdd routers, switches, and firewalls via the portal UI. Apply & Restart auto-generates snmp.yml and prometheus.yml.
Portal → DevicesFull visibility from day one. Dashboards, alerts, TACACS audit logs, config diffs, and syslog — all live.
Dashboard → LiveScheduled PDF and CSV exports for network health, security posture, and compliance. Customer-ready on demand.
TACACS+ (Terminal Access Controller Access-Control System Plus) controls who logs into your routers, switches, and firewalls — what commands they can run, and creates a full audit trail of every action. It is the authentication backbone of every serious enterprise and ISP network.
| User | Device | Priv | Command | Time | Result |
|---|---|---|---|---|---|
| ft | RT-EG-01-A | 15 | show bgp summary | 09:41 | ✓ permit |
| ft | ASA-EG-01 | 15 | crypto key generate rsa | 09:38 | ✓ permit |
| rmartinez | SW-01-A | 7 | show interfaces | 08:52 | ✓ permit |
| rmartinez | SW-01-A | 7 | configure terminal | 08:53 | ✗ deny |
| unknown | ASA-EG-01 | — | — | 03:14 | ✗ auth fail |
Every login to every Cisco IOS, ASA, NX-OS, or other TACACS-capable device goes through the 5NinesNet TACACS+ server. Username and password validated against local users, Active Directory groups, or both. Failed auth attempts are logged, bannered, and trigger Fail2Ban rate limiting automatically.
Granular per-user and per-group command authorization. Privilege level 15 for senior engineers, level 7 for NOC read-only, level 1 for view-only. Specific commands can be permitted or denied per user per device — no more "give everyone enable" because it's easier.
Every command entered on every device is logged with timestamp, username, source IP, device, and result. The accounting log is ingested by Loki, queryable in Grafana, and exportable as PDF/CSV. Answers "who ran that command at 2am" in under 10 seconds.
Live Grafana dashboard shows authentication activity by hour (7-day heatmap), success/fail rates per user, top devices, and anomaly detection. Automated weekly PDF reports are customer-deliverable — show your client a signed, timestamped access audit without touching the CLI.
| Feature | 5NinesNet | SolarWinds | ClearBox | Auvik |
|---|---|---|---|---|
| Source Code Auditable | ✓ Full OSS | ✗ | ✗ | ✗ |
| TACACS+ Management UI | ✓ Full | ✗ | Partial | ✗ |
| Git-based Config Backup | ✓ Native | Add-on | ✗ | SaaS only |
| Fail2Ban / UFW Management | ✓ Built-in | ✗ | ✗ | ✗ |
| Self-Hosted | ✓ Always | Option | Cloud | Cloud |
| White-Label / OEM | ✓ Included | Enterprise | ✗ | ✗ |
| Zero-Trust Transparency | ✓ PCAP export | ✗ | ✗ | ✗ |
| Starting Price | $0 / mo | $18,000+/yr | $5,000+/yr | $199+/mo |
5NinesNet started as an internal toolset for managing Railhead's production ISP infrastructure — BGP peering, MPLS VPNv4, ASA firewalls, Catalyst switching, and TACACS+ AAA at scale. After years of duct-taping open-source tools together, I built a unified platform that actually fits how network engineers work.
Everything is open source because transparency isn't a feature — it's the foundation. Your team should be able to audit exactly what's running on your network management server. That's why 5NinesNet is built on tools with readable source code, not black boxes.
Built by network engineers. Deployed at ISP scale. Open source forever.
Username: admin · Password: demo123