PACE-IT: Network Monitoring (part 1) - N10 006

362 views

Published on

CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)

"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
362
On SlideShare
0
From Embeds
0
Number of Embeds
41
Actions
Shares
0
Downloads
23
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

PACE-IT: Network Monitoring (part 1) - N10 006

  1. 1. Network monitoring I.
  2. 2. Page 2 Instructor, PACE-IT Program – Edmonds Community College Areas of expertise Industry Certifications  PC Hardware  Network Administration  IT Project Management  Network Design  User Training  IT Troubleshooting Qualifications Summary Education  M.B.A., IT Management, Western Governor’s University  B.S., IT Security, Western Governor’s University Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.
  3. 3. Page 3 PACE-IT. – The why of network monitoring. – Tools to monitor the network.
  4. 4. Page 4 Network monitoring I.
  5. 5. Page 5 How do you know what is going on in your network? Is it healthy or is it about to crash? Network administrators hate to be surprised by failures in their networks—especially ones that could have been foreseen and, therefore, forestalled. How do they keep from being surprised? They enact a plethora of procedures and tools to monitor their networks and keep track of how they are behaving. Network monitoring I.
  6. 6. Page 6 Network monitoring I.
  7. 7. Page 7 Network monitoring I. – Log files. » All operating systems offer a means of viewing events that occur to that specific machine. • This includes networking equipment. » Some applications have been developed to monitor systems and networks that also generate log files (among other actions). » Log files can be used to help pinpoint when a problem occurred and help to narrow down the cause of an issue. » Log files can also be used to help create a baseline of network behavior. » Log files can usually be classified as being: system logs, general logs, or history logs. • As a general rule, log files are an after-the-fact means of monitoring the network and are not very good for real time analysis, partially due to the amount of information that they generate.
  8. 8. Page 8 Network monitoring I. – Event viewer. » Windows Server and most other Windows operating systems use this tool to keep track of and to log events. The most important logs contained in the tools are: Application, Security, and System logs. – Application logs. » Contain events triggered by the actions of applications. • For example, LiveUpdate will create log entries based on actions taken. – Security logs. » Contain events triggered by security events. • For example, logs are created for successful and unsuccessful logon attempts. – System logs. » Contain events triggered by Windows system components. • For example, when drivers start or fail to start, a log entry will be created.
  9. 9. Page 9 Network monitoring I. – Syslog. » Developed in the 1980s, provides devices that normally would not be able to communicate with a means of delivering performance and problem information to system administrators. » Permits there to be separation between the software that generates the message, the storage of the message, and the software that analyzes the generated message. • This allows syslog to be highly configurable and has allowed it to continue to be a vital tool for monitoring networks. » The Internet Engineering Task Force (IETF) standardized syslog in 2009. » It generates log messages based on the types of service and includes a severity level from zero (most severe) to seven (least severe). » Syslog can generate a lot of log messages, most network administrators configure it so that they only get alerted when a minimum severity level has been reached. • Network administrators may receive alerts via SMS or email.
  10. 10. Page 10 Network monitoring I. – SNMP (Simple Network Management Protocol). » An application layer (OSI model Layer 7) protocol used to monitor and manage a network’s health. » Network or systems administrator configures monitors—often called traps—on devices that view the operation of a specific item (e.g., is the interface up or down?). • The monitors periodically communicate with a network management station (NMS) through GET messages that the NMS sends out. • The response from the monitors is stored in a Management Information Base (MIB), which is a type of log file. • The administrator can configure the monitors with SET messages sent from the NMS. » When an event occurs (the interface goes down), the trap is tripped and the event is logged. • It can be configured to just log the event or it can be configured to contact a network administrator (via email or SMS). » This ability provides a more real time monitoring method.
  11. 11. Page 11 Network monitoring I. – SIEM (Security information and event management). » A term for software products and services that combine security information management (SIM) and security event management (SEM). • SIEM may be provided by a software package, a network appliance, or as a third party service. » It is used as a means of monitoring and providing real-time analysis of security alerts. • This is an example of the SEM functionality. » It can be used to as a tool to analyze long-term data and log files. • This is an example of the SIM functionality. » Can be highly configured to the needs of the individual network needs.
  12. 12. Page 12 Network monitoring I. As network administrators are responsible for keeping the network up and running, they hate to be surprised by network failures—especially ones they could have foreseen and, therefore, have forestalled. To prevent this, they will deploy a variety of tools to keep track of the network’s health and behavior. Topic The why of network monitoring. Summary Log files are an important tool that network administrators can use to track how their network and systems are running. Almost all operating systems are capable of generating log files, which are usually a more passive and after-the-fact type of monitoring. Event Viewer is a Microsoft tool used to track and organize log files. Syslog was created in the 1980s to provide a method of communication between devices that would not normally communicate. Syslog events are rated on a scale of zero to seven, based on the severity of the event (with zero being the most severe). SNMP is a protocol that takes a more active approach in monitoring the network and systems. With SNMP, a trap is set on a device. When the trap is tripped, a message is sent to the NMS, which stores the event in the MIB. Depending on the severity, a message may be sent to an administrator via SMS or email. Tools for monitoring the network.
  13. 13. Page 13 THANK YOU!
  14. 14. This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53. PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.

×