Basics

Terminology

• Element - the fundamental unit of network monitoring, an element consists of a single metric that is being monitored. There are usually hundreds or thousands of elements in a given network.

• Acquisition - the process of actually obtaining the observational data from the element

• Frequency - related to acquisition, what is the frequency at which data arrives? what kind of data is being sent? under what conditions?

• Data warehousing - depending on the size of the network and the amount of data, you can end up with a big storage problem on your hands. For purposes of monitoring, you may decide not to store the data at all, you may decide to keep it for a short amount of time, or you may decide to archive it somewhere.

• Threshold - this gets into the "what" part of your monitoring. What, exactly, are you monitoring, and what is the value of the element that will trigger an alert? (What constitutes an emergency?)

• Reset - opposite of threshold, what is the value of the element that will un-trigger an alert and signify the "all clear"?

• Response - what is the response when a threshold is reached and an alert is triggered?

• Requester - the entity that is requesting the monitoring data, and where it lives (may be on-board the machine, or may be a networked data store)

List of Monitoring Tools

Cross-platform tools:

• Ping - checks if a target machine is online/up and running, and how long it takes to reach the machine

• SNMP - simple network management protocol, this tool can generate data about elements on a network

• ICMP - internet control messaging protocol, used by routers/switches to send error messages about unreachable hosts

• Syslog - of course, the system log is a useful place for data about what's happening on a particular machine and can yield data about elements

• Other log files - programs will typically provide a way to log information to a log file, so this is another source of data about various elements on the network

• Scripting - scripting is the best way to collect information, and allows for custom element data to be collected and sent off to the receiver

• Flow - understanding the flow of traffic on a network (where it comes from, where it goes, and what kind of traffic it is) is important to understanding the network

Platform-specific tools:

• (cisco) IP SLA - internet protocol service level agreements are usually found onboard Cisco routers, and can keep the WAN running smoothly

• (windoze) WMI - windows management instrumentation is a windoze scripting language for collecting information about a target system

• (windoze) PerfMon - performance monitor that gives information about the machine's current state, as well as information about errors

• (windoze) Event log - the event log in Windows is the equivalent of the syslog, recording everything happening onboard the machine

network monitoring tools and techniques for monitoring networks to avoid pain and suffering Network Monitoring Network Monitoring/Ten Best Practices Network Monitoring Tools: Ping  · SNMP  · ICMP  · Syslog Bro (network baselining): Bro Snort (IDS): Snort Category:Network Monitoring  · Category:Networking  · Category:Linux Flags  · Template:NetworkMonitoringFlag  · e