SlideShare a Scribd company logo

Network Monitoring Basics

Rob Dunn
Rob Dunn

A quick overview of some basics going over network monitoring, why you should do it, what to look for and more...! This is a presentation I made to our local network professionals group awhile back.

1 of 17
Download to read offline
Some basics
•   WAN links between sites
•   Links between core network devices
•   Important devices like servers and core appliances
•   Websites
•   Drive space, CPU and memory utilization
•   Log files (for errors or other text)
•   Network utilization and bandwidth
•   Important services and processes
•   Internal or External website availability
“My Internet is slow”
  Measure bandwidth or CPU of firewall, outbound connections (virus?)

“I can’t get any email, is the server down?”
       Check Exchange services, monitor outbound mail traffic per sec.

“We are paying $900 per month to connect our satellite office with
a high speed connection. Is it worth it?”
            Watch for peak bandwidth usage during day, week, month.

“Everyone here can’t print. You did something, didn’t you?”
      Monitor spooler service, watch for errors in system log regarding
                                                                printers
A good monitoring system will query a device for a specific
set of statistics, retain this data and report to an appropriate
administrator if those statistics exceed an acceptable
threshold…

                                          …if a drive is 90% full, let
                                          the IT administrator know
                                          via email so they can
                                          begin to remedy the
                                          situation.
What do monitoring systems use to get their data?

SNMP – Linux, Network Hardware, Windows
WMI – Windows
Performance Counters – Windows
SSH – Linux
Ad

Recommended

Best Network Performance Monitoring Tool
Best Network Performance Monitoring ToolBest Network Performance Monitoring Tool
Best Network Performance Monitoring ToolJoe Shestak
 
10 Steps to Improve Your Network Monitoring
10 Steps to Improve Your Network Monitoring10 Steps to Improve Your Network Monitoring
10 Steps to Improve Your Network MonitoringHelpSystems
 
Network monitoring tools
Network monitoring toolsNetwork monitoring tools
Network monitoring toolsQaswarBosan
 
network monitoring system ppt
network monitoring system pptnetwork monitoring system ppt
network monitoring system pptashutosh rai
 

More Related Content

What's hot

The 3 aspects of network performance management
The 3 aspects of network performance managementThe 3 aspects of network performance management
The 3 aspects of network performance managementManageEngine
 
Software Defined Networks
Software Defined NetworksSoftware Defined Networks
Software Defined NetworksShreeya Shah
 
Software Defined Network - SDN
Software Defined Network - SDNSoftware Defined Network - SDN
Software Defined Network - SDNVenkata Naga Ravi
 
Automating for Monitoring and Troubleshooting your Cisco IOS Network
Automating for Monitoring and Troubleshooting your Cisco IOS NetworkAutomating for Monitoring and Troubleshooting your Cisco IOS Network
Automating for Monitoring and Troubleshooting your Cisco IOS NetworkCisco Canada
 
Networking infrastructure
Networking infrastructureNetworking infrastructure
Networking infrastructureKerry Cole
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authenticationdkaya
 
Tcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport LayerTcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport Layertmavroidis
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkVuz Dở Hơi
 
Troubleshooting complex layer 2 issues ppt 16 bsit098
Troubleshooting complex  layer 2 issues ppt 16 bsit098Troubleshooting complex  layer 2 issues ppt 16 bsit098
Troubleshooting complex layer 2 issues ppt 16 bsit098Quratulain baloch
 
COMPUTER NETWORKING
COMPUTER NETWORKINGCOMPUTER NETWORKING
COMPUTER NETWORKINGKiran Buriro
 

What's hot (20)

The 3 aspects of network performance management
The 3 aspects of network performance managementThe 3 aspects of network performance management
The 3 aspects of network performance management
 
Network management
Network management Network management
Network management
 
Osi model 7 Layers
Osi model 7 LayersOsi model 7 Layers
Osi model 7 Layers
 
Software Defined Networks
Software Defined NetworksSoftware Defined Networks
Software Defined Networks
 
Software Defined Network - SDN
Software Defined Network - SDNSoftware Defined Network - SDN
Software Defined Network - SDN
 
Automating for Monitoring and Troubleshooting your Cisco IOS Network
Automating for Monitoring and Troubleshooting your Cisco IOS NetworkAutomating for Monitoring and Troubleshooting your Cisco IOS Network
Automating for Monitoring and Troubleshooting your Cisco IOS Network
 
TCP/IP – Transmission Control Protocol/ Internet Protocol
TCP/IP – Transmission Control Protocol/ Internet ProtocolTCP/IP – Transmission Control Protocol/ Internet Protocol
TCP/IP – Transmission Control Protocol/ Internet Protocol
 
Networking infrastructure
Networking infrastructureNetworking infrastructure
Networking infrastructure
 
Implementing 802.1x Authentication
Implementing 802.1x AuthenticationImplementing 802.1x Authentication
Implementing 802.1x Authentication
 
Token ring
Token ringToken ring
Token ring
 
Sdn ppt
Sdn pptSdn ppt
Sdn ppt
 
Network Management System and Protocol
Network Management System and Protocol Network Management System and Protocol
Network Management System and Protocol
 
Bluetooth security
Bluetooth securityBluetooth security
Bluetooth security
 
Tcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport LayerTcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport Layer
 
Software Defined WAN – SD-WAN
Software Defined WAN – SD-WANSoftware Defined WAN – SD-WAN
Software Defined WAN – SD-WAN
 
CCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the networkCCNAv5 - S4: Chapter8 monitoring the network
CCNAv5 - S4: Chapter8 monitoring the network
 
Network monitoring tools
Network monitoring toolsNetwork monitoring tools
Network monitoring tools
 
IP Routing Tutorial
IP Routing TutorialIP Routing Tutorial
IP Routing Tutorial
 
Troubleshooting complex layer 2 issues ppt 16 bsit098
Troubleshooting complex  layer 2 issues ppt 16 bsit098Troubleshooting complex  layer 2 issues ppt 16 bsit098
Troubleshooting complex layer 2 issues ppt 16 bsit098
 
COMPUTER NETWORKING
COMPUTER NETWORKINGCOMPUTER NETWORKING
COMPUTER NETWORKING
 

Similar to Network Monitoring Basics

network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.pptAssadLeo1
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyAmazon Web Services
 
Kaseya Connect 2012 - THE ABC'S OF MONITORING
Kaseya Connect 2012 - THE ABC'S OF MONITORINGKaseya Connect 2012 - THE ABC'S OF MONITORING
Kaseya Connect 2012 - THE ABC'S OF MONITORINGKaseya
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System AdministrationDuressa Teshome
 
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008ClubHack
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learnedamiable_indian
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementNovell
 
New OpManager v12
New OpManager v12New OpManager v12
New OpManager v12Inuit AB
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesAmazon Web Services
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Opmanagertechnicaloverview 160128123947
Opmanagertechnicaloverview 160128123947Opmanagertechnicaloverview 160128123947
Opmanagertechnicaloverview 160128123947Sandeep Kumar Yadav
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSMd Abu Syeem Dipu
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...RootedCON
 

Similar to Network Monitoring Basics (20)

network-management Web base.ppt
network-management Web base.pptnetwork-management Web base.ppt
network-management Web base.ppt
 
Opmanager Workshop - Middle East
Opmanager Workshop - Middle EastOpmanager Workshop - Middle East
Opmanager Workshop - Middle East
 
Operations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your CompanyOperations: Security Crash Course — Best Practices for Securing your Company
Operations: Security Crash Course — Best Practices for Securing your Company
 
Operations: Security
Operations: SecurityOperations: Security
Operations: Security
 
Kaseya Connect 2012 - THE ABC'S OF MONITORING
Kaseya Connect 2012 - THE ABC'S OF MONITORINGKaseya Connect 2012 - THE ABC'S OF MONITORING
Kaseya Connect 2012 - THE ABC'S OF MONITORING
 
Introduction to Network and System Administration
Introduction to Network and System AdministrationIntroduction to Network and System Administration
Introduction to Network and System Administration
 
Opmanager technical overview
Opmanager technical overviewOpmanager technical overview
Opmanager technical overview
 
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
Chris - Network Vulnerability Assessments: Lessons Learned - ClubHack2008
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Preventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log ManagementPreventing The Next Data Breach Through Log Management
Preventing The Next Data Breach Through Log Management
 
ISSA Siem Fraud
ISSA Siem FraudISSA Siem Fraud
ISSA Siem Fraud
 
New OpManager v12
New OpManager v12New OpManager v12
New OpManager v12
 
OpManager - Technical overview
OpManager - Technical overviewOpManager - Technical overview
OpManager - Technical overview
 
Start Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best PraticesStart Up Austin 2017: Security Crash Course and Best Pratices
Start Up Austin 2017: Security Crash Course and Best Pratices
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Opmanagertechnicaloverview 160128123947
Opmanagertechnicaloverview 160128123947Opmanagertechnicaloverview 160128123947
Opmanagertechnicaloverview 160128123947
 
Overview OpManager
Overview OpManagerOverview OpManager
Overview OpManager
 
OpManager Technical Overview
OpManager Technical OverviewOpManager Technical Overview
OpManager Technical Overview
 
BASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESSBASIC IT AND CYBER SECURITY AWARENESS
BASIC IT AND CYBER SECURITY AWARENESS
 
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
Jaime Blasco - Fighting Advanced Persistent Threat (APT) with Open Source Too...
 

Recently uploaded

How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxInfosec
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1Inbay UK
 
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...MarcovanHurne2
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor FesenkoFwdays
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...htrindia
 
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Product School
 
Power of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfPower of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfkatalinjordans1
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Product School
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stackSummit
 
10 things that helped me advance my career - PHP UK Conference 2024
10 things that helped me advance my career - PHP UK Conference 202410 things that helped me advance my career - PHP UK Conference 2024
10 things that helped me advance my career - PHP UK Conference 2024Thijs Feryn
 
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro KozhevinFwdays
 
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...DianaGray10
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringMassimo Talia
 
My sample product research idea for you!
My sample product research idea for you!My sample product research idea for you!
My sample product research idea for you!KivenRaySarsaba
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotelPhilippines
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanDatabarracks
 
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Product School
 
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner,  Challenge Like a VC by former CPO, TripadvisorAct Like an Owner,  Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner, Challenge Like a VC by former CPO, TripadvisorProduct School
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Product School
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceSusan Ibach
 

Recently uploaded (20)

How AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptxHow AI and ChatGPT are changing cybersecurity forever.pptx
How AI and ChatGPT are changing cybersecurity forever.pptx
 
IT Nation Evolve event 2024 - Quarter 1
IT Nation Evolve event 2024  - Quarter 1IT Nation Evolve event 2024  - Quarter 1
IT Nation Evolve event 2024 - Quarter 1
 
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
Digital Transformation Strategy & Plan Templates - www.beyondthecloud.digital...
 
"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko"Platform Engineering with Development Containers", Igor Fesenko
"Platform Engineering with Development Containers", Igor Fesenko
 
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
HBR SERIES METAL HOUSED RESISTORS POWER ELECTRICAL ABSORBS HIGH CURRENT DURIN...
 
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
Synergy in Leadership and Product Excellence: A Blueprint for Growth by CPO, ...
 
Power of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdfPower of 2024 - WITforce Odyssey.pptx.pdf
Power of 2024 - WITforce Odyssey.pptx.pdf
 
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
Harnessing the Power of GenAI for Exceptional Product Outcomes by Booking.com...
 
How we think about an advisor tech stack
How we think about an advisor tech stackHow we think about an advisor tech stack
How we think about an advisor tech stack
 
10 things that helped me advance my career - PHP UK Conference 2024
10 things that helped me advance my career - PHP UK Conference 202410 things that helped me advance my career - PHP UK Conference 2024
10 things that helped me advance my career - PHP UK Conference 2024
 
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
"DevOps Practisting Platform on EKS with Karpenter autoscaling", Dmytro Kozhevin
 
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
Automation Ops Series: Session 1 - Introduction and setup DevOps for UiPath p...
 
Dynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineeringDynamical systems simulation in Python for science and engineering
Dynamical systems simulation in Python for science and engineering
 
My sample product research idea for you!
My sample product research idea for you!My sample product research idea for you!
My sample product research idea for you!
 
Campotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company ProfileCampotel: Telecommunications Infra and Network Builder - Company Profile
Campotel: Telecommunications Infra and Network Builder - Company Profile
 
How to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response PlanHow to write an effective Cyber Incident Response Plan
How to write an effective Cyber Incident Response Plan
 
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
Cultivating Entrepreneurial Mindset in Product Management: Strategies for Suc...
 
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner,  Challenge Like a VC by former CPO, TripadvisorAct Like an Owner,  Challenge Like a VC by former CPO, Tripadvisor
Act Like an Owner, Challenge Like a VC by former CPO, Tripadvisor
 
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...Relationship Counselling: From Disjointed Features to Product-First Thinking ...
Relationship Counselling: From Disjointed Features to Product-First Thinking ...
 
Confoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data scienceConfoo 2024 Gettings started with OpenAI and data science
Confoo 2024 Gettings started with OpenAI and data science
 

Network Monitoring Basics

  • 2. WAN links between sites • Links between core network devices • Important devices like servers and core appliances • Websites
  • 3. Drive space, CPU and memory utilization • Log files (for errors or other text) • Network utilization and bandwidth • Important services and processes • Internal or External website availability
  • 4. “My Internet is slow” Measure bandwidth or CPU of firewall, outbound connections (virus?) “I can’t get any email, is the server down?” Check Exchange services, monitor outbound mail traffic per sec. “We are paying $900 per month to connect our satellite office with a high speed connection. Is it worth it?” Watch for peak bandwidth usage during day, week, month. “Everyone here can’t print. You did something, didn’t you?” Monitor spooler service, watch for errors in system log regarding printers
  • 5. A good monitoring system will query a device for a specific set of statistics, retain this data and report to an appropriate administrator if those statistics exceed an acceptable threshold… …if a drive is 90% full, let the IT administrator know via email so they can begin to remedy the situation.
  • 6. What do monitoring systems use to get their data? SNMP – Linux, Network Hardware, Windows WMI – Windows Performance Counters – Windows SSH – Linux
  • 7. SNMP Usually requires MIB (management information base) files to monitor advanced system statistics WMI Typically available by default, but highly security conscious network admins may have this locked down Performance Counters If you can view it in Windows Perfmon, you can track it in some monitoring tools SSH SSH Requires root access to run commands
  • 8. • Monitor threshold – at what point does something trigger an alert? • Alert – When a threshold is met for a period of time, go into „Alert‟ status. • Action – Send an email, SMS, restart a service, run a script, etc.
  • 9. • Historical trending and reporting • Maintenance windows • Multiple notification methods • Ability to perform action in response to an alert • NOC (Network Operation Center) view • Large variety of monitor types that support WMI, SNMP, etc. • Ability to produce alerts based a defined span of time
  • 10. • Company shared drive size and availability • Ensure Exchange service and Accounting system DB is accessible after backups • Make sure outgoing Internet connection is not saturated • Keep invalid domain logon attempts at bay • Watch for system errors
  • 11. • How long until something is considered an emergency? • Will the condition return to normal without your intervention? • How do you want to be notified – email, SMS, page, IM, Net Send? • Do you want the monitoring tool attempt to remedy the situation automatically?
  • 12. • Configure your monitors with high thresholds while you determine what is “normal” • Watch these monitors over time to get an idea of normal peaks and valleys of performance stats • Tweak your monitors according to trending and growth patterns
  • 13. 1. The Death Star depends on tractor beam 2. The IT Admin sets up a monitor to watch service: “tractor_beam” 3. He then configures the alert to “Email” Darth Vader when the tractor beam goes down 4. Obi-Wan disables the tractor beam 5. 5 minutes later, the Millenium Falcon escapes 6. Tractor beam is down for an additionl 5 minutes, then monitoring system sends email 7. Vader is busy choking one of his employees, and has his BlackBerry set on “vibrate”… “…probably should have set the monitoring system to restart the service before Han got awa-aaacccchhdhhshhpfffft” – IT admin speaking with Darth Vader
  • 14. ===================================== Time: 2010/10/05 20:34:22 Object: DC-ROA-01(DC-ROA-01) Monitor: Security events ===================================== Status: Alarm Message: Found matching eventlog record This is an example of an event log Event id: 529 Computer: DC-ROA-01 report when a user attempted to log Source: Security in with an invalid password. User: SYSTEM Time Generated: 2010/10/05 20:06:27 Message: Logon Type: 8 means the password was passed using Logon Failure: ClearText Reason: Unknown user name or bad password User Name: amyv@mydomain.com Caller Process is the PID of the executable on the server Domain: mydomain.com processing the logon attempt. Logon Type: 8 Logon Process: Advapi Source network address is the user‟s Comcast IP. Authentication Package: Negotiate Workstation Name: DC-ROA-01 Caller User Name: DC-ROA-01$ Caller Domain: MYDOMAIN Caller Logon ID: (0x0,0x3E7) Caller Process ID: 7708 Transited Services: - Source Network Address: 67.184.244.32 Source Port: 56049
  • 15. It is important to be able to keep a history of trending, especially with storage devices and service outages. This will help determine future needs for backup and DR processes. You can get an idea of heavily used volumes/resources, allowing you to organize planned downtime when moving them.
  • 16. Windows based • Total Network Monitor http://www.softinventive.com/products/total-network-monitor/ • MicroTik‟s “The Dude” http://www.mikrotik.com/thedude.php • Hyperic HQ Open Source http://www.hyperic.com/products/open-source-systems-monitoring • Spotlight on Windows (realtime monitoring only) http://www.quest.com/spotlight-on-windows/ - free registration required • Splunk (logfile indexing) http://www.splunk.org • Spiceworks (general activity monitoring) http://community.spiceworks.com Linux based • Zenoss http://www.zenoss.com/ • Nagios http://www.nagios.org
  • 17. This presentation will be available from www.ninp.org (via SlideShare) Rob Dunn: uphold2001@hotmail.com

Editor's Notes

  1. SNMP – protocol, WMI – set of extensions to the Windows Driver Model that provides an interface which the instrumented components provide information and notification.
  2. Cisco uses an access list to allow SNMP traffic to and from a specific host via Read only or Read-Write community strings
  3. Time intervals – like if an threshold is tripped 10 times over 20 minutes, then produce an alert.
  4. You can have many monitoring tools run a script, restart a service, send a notification, etc. in response to an alert. In the case of event log monitors, you can set it to perform what is called a ‘looping list’, which resets itself after every event log scan. This allows it to scan event log dates and remember the last place it scanned before running another check.