Multi-Layer Network Monitoring and Analysis

Total Page:16

File Type:pdf, Size:1020Kb

Multi-Layer Network Monitoring and Analysis UCAM-CL-TR-571 Technical Report ISSN 1476-2986 Number 571 Computer Laboratory Multi-layer network monitoring and analysis James Hall July 2003 15 JJ Thomson Avenue Cambridge CB3 0FD United Kingdom phone +44 1223 763500 http://www.cl.cam.ac.uk/ c 2003 James Hall This technical report is based on a dissertation submitted April 2003 by the author for the degree of Doctor of Philosophy to the University of Cambridge, King's College. Some figures in this document are best viewed in colour. If you received a black-and-white copy, please consult the online version if necessary. Technical reports published by the University of Cambridge Computer Laboratory are freely available via the Internet: http://www.cl.cam.ac.uk/TechReports/ Series editor: Markus Kuhn ISSN 1476-2986 Abstract Passive network monitoring offers the possibility of gathering a wealth of data about the traffic traversing the network and the communicating processes generating that traffic. Significant advantages include the non-intrusive nature of data capture and the range and diversity of the traffic and driving applications which may be observed. Conversely there are also associated practical difficulties which have restricted the usefulness of the technique: increasing network bandwidths can challenge the capacity of monitors to keep pace with passing traffic without data loss, and the bulk of data recorded may become unmanageable. Much research based upon passive monitoring has in consequence been limited to that using a sub-set of the data potentially available, typically TCP/IP packet headers gathered using Tcpdump or similar monitoring tools. The bulk of data collected is thereby minimised, and with the possible exception of packet filtering, the monitor's available processing power is available for the task of collection and storage. As the data available for analysis is drawn from only a small section of the network protocol stack, detailed study is largely confined to the associated functionality and dynamics in isolation from activity at other levels. Such lack of context severely restricts examination of the interaction between protocols which may in turn lead to inaccurate or erroneous conclusions. The work described in this dissertation attempts to address some of these limitations. A new passive monitoring architecture | Nprobe | is presented, based upon ‘off the shelf' components and which, by using clusters of probes, is scalable to keep pace with current high bandwidth networks without data loss. Monitored packets are fully captured, but are subject to the minimum processing in real time needed to identify and associate data of interest across the target set of protocols. Only this data is extracted and stored. The data reduction ratio thus achieved allows examination of a wider range of encapsulated protocols without straining the probe's storage capacity. Full analysis of the data harvested from the network is performed off-line. The activity of interest within each protocol is examined and is integrated across the range of protocols, allowing their interaction to be studied. The activity at higher levels informs study of the lower levels, and that at lower levels infers detail of the higher. A technique for dynamically modelling TCP connections is presented, which, by using data from both the transport and higher levels of the protocol stack, differentiates between the effects of network and end- process activity. The balance of the dissertation presents a study of Web traffic using Nprobe. Data collected from the IP, TCP, HTTP and HTML levels of the stack is integrated to identify the patterns of network activity involved in downloading whole Web pages: by using the links contained in HTML documents observed by the monitor, together with data extracted from the HTML headers of downloaded contained objects, the set of TCP connections used, and the way in which browsers use them, are studied as a whole. An analysis of the degree and distribution of delay is presented and contributes to the understanding of performance as perceived by the user. The effects of packet loss on whole page download times are examined, particularly those losses occurring early in the lifetime of connections before reliable estimations of round trip times are established. The implications of such early packet losses for pages downloads using persistent connections are also examined by simulations using the detailed data available. 5 Acknowledgements I must firstly acknowledge the very great contribution made by Micromuse Ltd., without whose financial support for three years it would not have been possible for me to undertake the research leading to this dissertation, and to the Computer Laboratory whose further support allowed me to complete it. Considerable thanks is due to my supervisor, Ian Leslie, for procuring my funding, for his advice and encouragement, his reading and re-reading of the many following chapters, his suggestions for improvement and, perhaps above all, his gift for identifying central issues on the occasions when I have become bogged down in the minutiae. Thanks also to Ian Pratt who is responsible for many of the concepts underlying the Nprobe monitor, and who has been an invaluable source of day-to{day and practical advice and guidance. Although the work described here has been largely an individual undertaking, it could not have proceeded satisfactorily without the background of expertise, discussion, imaginative ideas and support provided by my past and present colleagues in the Systems Research Group. Special mention must be made of Derek McAuley who initially employed me, of Simon Cosby, who encouraged me to make the transition from research assistant to PhD student, and of James Bulpin for his ever-willing help in the area of system administration: to them, to Steve Hand, Tim Harris, Keir Fraser, Jon Crowcroft, Dickon Reed, Andrew Moore, and to all the others, I am greatly indebted. Many others in the wider community of the Computer Laboratory and University Computing Service have also made a valuable contribution: to Margaret Levitt for her encouragement over the years, to Chris Cheney and Phil Cross for their assistance in providing monitoring facilities, to Martyn Johnson and Piete Brookes for accommodating unusual demands upon the Laboratory's systems, and to many others, I offer my thanks. Thank you to those who have rendered assistance in proof-reading the final draft of this dissertation: to Anna Hamilton, and to some of those mentioned above | you know who you are. Very special love and thanks goes to my wife, Jenny, whose continual encouragement and support has underpinned all of my efforts. She has taken on a vastly disproportionate share of our domestic and child-care tasks, despite her own work, and has endured much undeserved neglect to allow me to concentrate on my work. My love and a big thank-you also go to Charlie and Sam who have seen very much less of their daddy than they have deserved, and to Jo and Luke, `my boys', with whom I have recently sunk fewer pints than I should. Finally, the r^ole of an unlikely player deserves note. In the early 1980's I was unwillingly conscripted into the ranks of Maggie's army | the hundreds of thousands made unemployed in one of the cruelest and most regressive pieces of social engineering ever to be inflicted upon this country. For many it spelled unemployment for the remainder of their working lives. With time on my hands I embarked upon an Open University degree, the first step on a path which lead to the Computer Laboratory, the Diploma in Computer Science, and eventually to the writing of this dissertation | I was one of the fortunate ones. 7 Table of Contents 1 Introduction 21 2 Background and Related Work 31 3 The Nprobe Architecture 45 4 Post-Collection Analysis of Nprobe Traces 79 5 Modelling and Simulating TCP Connections 111 6 Non-Intrusive Estimation of Web Server Delays Using Nprobe 141 7 Observation and Reconstruction of World Wide Web Page Downloads 159 8 Page Download Times and Delay 175 9 Conclusions and Scope for Future Work 193 A Class Generation with SWIG 201 B An Example of Trace File Data Retrieval 205 C Inter-Arrival Times Observed During Web Server Latency Tests 213 Bibliography 219 9 Contents Table of Contents 7 List of Figures 14 List of Tables 16 List of Code Fragments and Examples 17 List of Acronyms 18 1 Introduction 21 1.1 Introduction . 21 1.2 Motivation . 22 1.2.1 The Value of Network Monitoring . 22 1.2.2 Passive and Active Monitoring . 22 1.2.3 Challenges in Passive Monitoring . 23 1.3 Multi-Protocol Monitoring and Analysis . 26 1.3.1 Interrelationship and Interaction of Protocols . 26 1.3.2 Widening the Definition of a Flow . 27 1.4 Towards a More Capable Monitor . 27 1.5 Aims . 29 1.6 Structure of the Dissertation . 29 2 Background and Related Work 31 2.1 Data Collection Tools and Probes . 31 2.2 Wide-Deployment Systems . 33 2.3 System Management and Data Repositories . 34 2.4 Monitoring at Ten Gigabits per Second and Faster . 34 2.5 Integrated and Multi-Protocol Approaches . 35 2.6 Flows to Unknown Ports . 38 2.7 Measurement Accuracy . 39 2.8 Studies Based upon Passively Monitored Data . 39 2.8.1 A Brief Mention of some Seminal Studies . 39 2.8.2 Studies of World Wide Web Traffic and Performance . 40 2.9 Summary . 42 10 Contents 3 The Nprobe Architecture 45 3.1 Design Goals . 45 3.2 Design Overview . 46 3.2.1 Principal Components . 46 3.2.2 Rationale . 48 3.3 Implementation . 51 3.3.1 Packet Capture . 51 3.3.2 Scalability . 54 3.3.3 On-Line Packet Processing and Data Extraction .
Recommended publications
  • A Survey of Network Performance Monitoring Tools
    A Survey of Network Performance Monitoring Tools Travis Keshav -- [email protected] Abstract In today's world of networks, it is not enough simply to have a network; assuring its optimal performance is key. This paper analyzes several facets of Network Performance Monitoring, evaluating several motivations as well as examining many commercial and public domain products. Keywords: network performance monitoring, application monitoring, flow monitoring, packet capture, sniffing, wireless networks, path analysis, bandwidth analysis, network monitoring platforms, Ethereal, Netflow, tcpdump, Wireshark, Ciscoworks Table Of Contents 1. Introduction 2. Application & Host-Based Monitoring 2.1 Basis of Application & Host-Based Monitoring 2.2 Public Domain Application & Host-Based Monitoring Tools 2.3 Commercial Application & Host-Based Monitoring Tools 3. Flow Monitoring 3.1 Basis of Flow Monitoring 3.2 Public Domain Flow Monitoring Tools 3.3 Commercial Flow Monitoring Protocols 4. Packet Capture/Sniffing 4.1 Basis of Packet Capture/Sniffing 4.2 Public Domain Packet Capture/Sniffing Tools 4.3 Commercial Packet Capture/Sniffing Tools 5. Path/Bandwidth Analysis 5.1 Basis of Path/Bandwidth Analysis 5.2 Public Domain Path/Bandwidth Analysis Tools 6. Wireless Network Monitoring 6.1 Basis of Wireless Network Monitoring 6.2 Public Domain Wireless Network Monitoring Tools 6.3 Commercial Wireless Network Monitoring Tools 7. Network Monitoring Platforms 7.1 Basis of Network Monitoring Platforms 7.2 Commercial Network Monitoring Platforms 8. Conclusion 9. References and Acronyms 1.0 Introduction http://www.cse.wustl.edu/~jain/cse567-06/ftp/net_perf_monitors/index.html 1 of 20 In today's world of networks, it is not enough simply to have a network; assuring its optimal performance is key.
    [Show full text]
  • Best Practices for Network Monitoring
    White Paper Best Practices for Network Monitoring How a Network Monitoring Switch Helps IT Teams Stay Proactive 26601 Agoura Road, Calabasas, CA 91302 | Tel: 818.871.1800 | Fax: 818.871.1805 | www.ixiacom.com | 915-6509-01 Rev. B, June 2013 2 Table of Contents Monitoring Challenges in Today’s Business Environment .......................................... 4 Giving Monitoring Tools Full Visibility to the Network ............................................... 5 Easing the Path to Upgrade ........................................................................................ 6 Making Monitoring Tools Work Better ........................................................................ 7 Filtering ...................................................................................................................... 7 Load Balancing ........................................................................................................... 8 Packet De-duplication ................................................................................................ 8 Packet Trimming ........................................................................................................ 8 MPLS Stripping .......................................................................................................... 9 Keeping Network Data Secure ................................................................................... 9 Improving Productivity in IT ....................................................................................... 9 Filter Libraries
    [Show full text]
  • Large Scale Monitoring of Home Routers
    IEEE International Workshop on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications 21-23 September 2009, Rende (Cosenza), Italy Large scale monitoring of home routers S. Costas-Rodr´ıguez+,R.Mart´ınez-Alvarez´ +,F.J.Gonz´alez-Casta˜no∗+, F. Gil-Casti˜neira∗,R.Duro× +Gradiant, ETSI Telecomunicaci´on, Campus, 36310 Vigo, Spain ∗Departamento de Ingenier´ıa Telem´atica, Universidad de Vigo, Spain ×Grupo Integrado de Ingenier´ıa, Universidad de La Coru˜na, Spain Tel: +34 986 813788, fax: +34 986 812116 E-mail: {scostas,rmartinez}@gradiant.org,{javier,xil}@det.uvigo.es,[email protected] Abstract – This paper describes our experience with reception power, memory usage or uptime are useful to concurrent asynchronous monitoring of large populations of detect and fix many potential problems. end-user broadband-access routers. In our real tests we focused on home/office ADSL Despite of the wealth of research in large-scale monitoring, which assumes that it is possible to inquiry individual nodes routers, although our results are valid for any other access efficiently, end-user access routers usually have manual legacy technology. We monitored the routers of the Spanish ISP interfaces, either HTTP- or telnet-oriented. They seldom and VoIP operator Comunitel (www.comunitel.es). With offer a direct interface to other programs. Moreover, the our approach, a full monitoring cycle of 22,300 such uptime of end-user routers is unpredictable. For all these routers took less than five minutes. reasons, commercial large-scale monitoring tools such as SNMP collectors are useless. The rest of this paper is organized as follows: In This research is motivated by the fact that some telecom- section II we review the background, comprising academic munications operators do not let end-users buy their routers research and existing industrial solutions.
    [Show full text]
  • Network Monitoring Using Nagios and Autoconfiguration for Cyber Defense Competitions
    NETWORK MONITORING USING NAGIOS AND AUTOCONFIGURATION FOR CYBER DEFENSE COMPETITIONS Jaipaul Vasireddy B.Tech, A.I.E.T, Jawaharlal Nehru Technological University, India, 2006 PROJECT Submitted in partial satisfaction of the requirements for the degree of MASTER OF SCIENCE in COMPUTER SCIENCE at CALIFORNIA STATE UNIVERSITY, SACRAMENTO FALL 2009 NETWORK MONITORING USING NAGIOS AND AUTOCONFIGURATION FOR CYBER DEFENSE COMPETITIONS A Project by Jaipaul Vasireddy Approved by: __________________________________, Committee Chair Dr. Isaac Ghansah __________________________________, Second Reader Prof. Richard Smith __________________________ Date ii Student: Jaipaul Vasireddy I certify that this student has met the requirements for format contained in the University format manual, and that this Project is suitable for shelving in the Library and credit is to be awarded for the Project. __________________________, Graduate Coordinator ________________ Dr. Cui Zhang Date Department of Computer Science iii Abstract of NETWORK MONITORING USING NAGIOS AND AUTOCONFIGURATION FOR CYBER DEFENSE COMPETITIONS by Jaipaul Vasireddy The goal of the project is to monitor the services running on the CCDC (College Cyber Defense Competition) network, using Nagios which uses plugins to monitor the services running on a network. Nagios is configured by building configuration files for each machine which is usually done to monitor small number of systems. The configuration of Nagios can also be automated by using shell scripting which is generally done in an industry, where the numbers of systems to be monitored are large. Both the above methods of configuration have been implemented in this project. The project has been successfully used to know the status of each service running on the defending team’s network.
    [Show full text]
  • Deploying F5 with Nagios Open Source Network Monitoring System Welcome to the F5 and Nagios Deployment Guide
    DEPLOYMENT GUIDE Version 1.0 IMPORTANT: This guide has been archived. While the content in this guide is still valid for the products and version listed in the document, it is no longer being updated and may refer to F5 or 3rd party products or versions that have reached end-of-life or end-of-support. See https://support.f5.com/csp/article/K11163 for more information. Deploying the BIG-IP LTM with the Nagios Open Source Network Monitoring System Archived Deploying F5 with Nagios Open Source Network Monitoring System Welcome to the F5 and Nagios deployment guide. This guide provides detailed procedures for configuring F5 devices with the Nagios Open Source Network Monitoring System. Network Management Systems (NMS) provide insight to device and application performance, system stability, network trouble spots and a host of other items that affect a company's ability to provide computer network services. Recent advances in automated event correlation, data storage and retrieval, as well as open source systems that allow greater integration, have greatly improved today's Network Management Systems. The Nagios system and network monitoring application is an open source project. Nagios maintains network status information by polling objects for specific service responses. Examples of monitored network services include SMTP, DNS, HTTP, and so on. For more information on the Nagios project, see http://www.nagios.org/ or http://sourceforge.net/projects/nagios/. For further Nagios resources and information, see http://community.nagios.org/. For more information on F5 devices described in this guide, see http://www.f5.com/products/big-ip/. To provide feedback on this deployment guide or other F5 solution documents, contact us at [email protected].
    [Show full text]
  • Network Management
    Chapter 12: Network Management Jian Ren and Tongtong Li, Michigan State University Introduction 2 Network Scanners . 25 OSI Network Management Model . .3 Packet Filters . 26 Network Management Layers . .4 Wireless Network Management 26 ISO Network Management Functions 6 Cellular Networks . 27 Configuration Management . .6 Location Management for Cellular Fault Management . .6 Networks . 28 Security Management . .7 Accounting Management . .7 Policy-based Network Management 29 What Is a Policy? . 30 Performance Management . .7 Benefits of PBNM . 31 Network Management Protocols 7 Architecture of a PBNM System . 31 SNMP/SNMPv1 . .8 Conclusion 32 SNMPv2 . 13 SNMPv3 . 15 Glossary 33 Remote Network Monitoring (RMON) 23 Acknowledgements 34 Network Management Tools 24 Network Monitors . 25 Acronyms 37 Abstract: The continuous growth in scale and diversity of computer networks and network components has made network management one of the most challenging issues facing network administrators. It has become impossible to carry out network management functions without the support of automated tools and applications. In this chapter, the major network management issues, including network management requirements, functions, techniques, security, some well- known network management protocols and tools, will be discussed. Location management for the wireless cellular networks will also be briefly described. Finally, policy-based network management, which is a promising direction for the next generation of network management, will be briefly described. Keywords:
    [Show full text]
  • Comparative Analysis of Two Open Source Network Monitoring Systems: Nagios & Opennms
    Master Thesis Computer Science Thesis no: MCS-2010-37 December 2010 Comparative Analysis of two Open Source Network Monitoring Systems: Nagios & OpenNMS Muhammad Qadir Muhammad Adnan SchoolSchool of Computing of Computing BlekingeBlekinge Institute Institute of Technology of Technology SE –Box 371 520 79 Karlskrona SwedenSE – 372 25 Ronneby Sweden This thesis is submitted to the School of Computing at Blekinge Institute of Technology in partial fulfillment of the requirements for the degree of Master of Science in Computer Science. The thesis is equivalent to 20 weeks of full time studies. Contact Information: Author(s): Muhammad Qadir Folkparksvagen 18:03 Ronneby 372 40, Sweden [email protected] Muhammad Adnan Folkparksvagen 14:11 Ronneby 372 40, Sweden [email protected] University advisor(s): Jeff Winter School of Computing School of Computing Blekinge Institute of Technology Internet : www.bth.se/com SE – 371 79 Karlskrona Phone : +46 455 38 50 00 Sweden Fax : +46 455 38 50 57 1 ABSTRACT Context: Extensive and rapid continuous growth in Internet Protocol (IP) based networks and as the result of increasing dependencies on these networks makes them extremely challenging to manage and keep them running all the time. 24/7 non-stop monitoring is important to minimize the down time of the network. For this reason dependency on automated network monitoring has been increased. Objectives: There are many tools and systems available for network monitoring. This includes expensive commercial solutions to open source products. Nagios and OpenNMS are two of the most popular systems and they are considered to be close competitors. Comparison discussions about them are very common at different forums on internet.
    [Show full text]
  • Monitoring the I2P Network Juan Pablo Timpanaro, Chrisment Isabelle, Festor Olivier
    Monitoring the I2P network Juan Pablo Timpanaro, Chrisment Isabelle, Festor Olivier To cite this version: Juan Pablo Timpanaro, Chrisment Isabelle, Festor Olivier. Monitoring the I2P network. [Research Report] RR-7844, INRIA. 2011. hal-00653136 HAL Id: hal-00653136 https://hal.inria.fr/hal-00653136 Submitted on 18 Dec 2011 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE Monitoring the I2P network Juan Pablo Timpanaro, Isabelle Chrisment, Olivier Festor N° 7844 — version 1 initial version October 2011 — revised version Décembre 2011 Domaine 2 apport de recherche ISSN 0249-6399 ISRN INRIA/RR--7844--FR+ENG Monitoring the I2P network Juan Pablo Timpanaro, Isabelle Chrisment, Olivier Festor Domaine : Algorithmique, programmation, logiciels et architectures Equipe-Projet´ madynes Rapport de recherche n° 7844 | version 1 | initial version October 2011 | revised version D´ecembre 2011 | 15 pages Abstract: We present the first monitoring study aiming to characterize the usage of the I2P network, a low-latency anonymous network based on garlic routing. We design a distributed monitoring architecture for the I2P network and show through a one week long experiment the ability of the system identify a significant number of all running applications, among web servers and file- sharing clients.
    [Show full text]
  • DMP NETWORK MONITORING™ OPTIONS Application Note
    DMP NETWORK MONITORING™ OPTIONS Application Note INTRODUCTION DMP forged the way to a new era for the security and fire alarm industry with the first UL certifications for Network Monitoring™ for burglary in 2001 and for Commercial Fire in 2002. The ability to monitor alarm signals over the Internet offers many advantages for central stations and alarm subscribers. Data transmission is secure, extremely fast, and fully supervised. DMP offers all of this value at a significant cost savings over traditional dial-up or dedicated line communication. Sending alarm and system information to a central monitoring station through the Internet is not only superior to analog communication, but it is also a communication method approved and accepted by Underwriters Laboratories (UL) for Standard Line Security and for Commercial Fire using the communication protocol patented by DMP and protected under U.S. Patents 6,040,770 and 6,255,945. Before you configure your panel or central station for Network Monitoring, determine whether it must comply with Standard Line Security or ANSI/UL 864 Commercial Fire. All DMP XT Series and XR Series panels offer built-in network options. Each DMP SCS-104 Network Line Card is capable of monitoring 3,200 accounts that require check-in or up to 65,535 accounts that do not require check-in. This document demonstrates how to take advantage of the options for Network Monitoring using existing corporate Data Networks and the Internet. SERIES DMP XR Panel SCS-1R/SCS-VR Data Network Digital Central Station Receiver SERIES DMP XR Panel THE NETWORK MONITORING™ ADVANTAGE Network Monitoring offers a significant advantage for both central stations and alarm customers in terms of savings, speed, quality of service, and security.
    [Show full text]
  • Comparison of Network Monitoring Systems from Wikipedia, the Free
    Comparison of network monitoring systems From Wikipedia, the free encyclopedia Jump to: navigation, search This is a comparison of the some common network monitoring systems. [edit] Definition of Categories Product Name The name of the software, linked to its Wikipedia article. Any software listed without being linked to its article, demonstrating its notability, will be removed. IP SLAs Reports Does the software feature reports on IP SLAs? Logical Grouping Does the software support arranging the hosts or devices it monitors into user-defined groups? Trending Does the software provide trending of network data over time? Trend Prediction Does the software feature algorithms designed to predict future network statistics? Auto Discovery Can the software automatically discover hosts or network devices it is connected to? Agent Does the product rely on a software agent that must run on hosts it is monitoring, so that data can be pushed back to a central server? "Supported" means that an agent may be used, but is not mandatory. An SNMP daemon does not count as an agent. SNMP Is the software able to retrieve and report on SNMP statistics? Syslog Is the software able to receive and report on Syslogs? Plugins Is the architecture of the software based on a number of 'plugins' that provide additional functionality? Triggers/Alerts Is the software capable of detecting threshold violations in network data, and alerting the administrator in some form? WebApp Does the product run as a web-based application? • No: There is no web-based frontend for this software. • Viewing: Network data can be viewed in a graphical web-based frontend • Acknowledging: Users can interact with the software through the web-based frontend to acknowledge alarms or manipulate other notifications.
    [Show full text]
  • Automated System Monitoring
    Automated System Monitoring Josh Malone Systems Administrator [email protected] National Radio Astronomy Observatory Charlottesville, VA https://blogs.nrao.edu/jmalone 2 One night, about 8 or 9 years ago, the chiller in our DC failed. Co-worker arrive in the morning to find room was 90F ambient. Quickly set up fans to vent the room. Checked servers - found that main web server had lost both disks in its OS RAID mirror. (15k disks, ran hot) Main page was being served from memory, but the OS was freaking out. We had minimal monitoring scripts. No environment monitoring. No disk health checks. Failure caught us completely by surprise. We decided that we weren’t going to let this happen ever again. Over the next year or so we implemented 2 independent monitoring systems - one for servers/ services and one for environmentals. Set up each system to also monitor the other. WHAT IS AUTOMATED MONITORING? 7 Some sort of dedicated, automatic instrumentation to check services and/or servers Detect and report service problems, server hardware issues Usually provides a central “dashboard” to track problems Can be distributed; but still under control of a central daemon * Diferentiates it from “a bunch of scripts” used to check on things; that doesn’t have the ability to determine cause or eliminate false alarms. Automated Monitoring Workflow 8 Most packages implement this type of workflow Not all packages provide event handlers ack’ing page is important - let’s other admins know that someone is working on the problem so they don’t step on each other’s toes Monitoring Packages: Open Source • • Pandora FMS • Opsview Core • Naemon • • • • • • Captialware ServerStatus • Core • Sensu All Trademarks and Logos are property of their respective trademark or copyright holders and are used by permission or fair use for education.
    [Show full text]
  • {Download PDF} Customer-Based IP Service Monitoring with Mobile Software Agents
    CUSTOMER-BASED IP SERVICE MONITORING WITH MOBILE SOFTWARE AGENTS PDF, EPUB, EBOOK Manuel Günter | 160 pages | 01 Oct 2002 | Birkhauser Verlag AG | 9783764369170 | English | Basel, Switzerland Customer-based IP Service Monitoring with Mobile Software Agents PDF Book ManageEngine OpUtils is a system that takes care of all addressing matters on a network. These tools are highly rated by users and come with comprehensive features to make IP monitoring a thorough and automatic process. Unlike the disk counters, this property counts ready threads only, not threads that are running. We hope the information supplied here helps choosing the best IP address management tool for you. Enable Run on Agent option to run the ping monitor from multiple locations. Site24x7 A bundle of monitoring tools delivered from the cloud that checks on network and website performance. Devices that are up are signified by a green button whereas those which have gone down can be identified by a red button. With its lightweight program and versatile functions, it turn out to be quite user friendly and meet all your security needs perfectly. It also gives you an alert when some equipment is not working correctly. You can enable additional loggers as well. Thanks for letting us know. If you opt for subscription-based pricing, your are charged on a per monitored device basis. On top of those, other reasons to use IP monitoring software and tools include some of the following: Gives internal network visibility Identifies the slow and bandwidth-hungry applications, so you can plan better for future growth and procurement of new devices.
    [Show full text]