Network Monitoring/Ten Best Practices

From charlesreid1

Revision as of 06:14, 18 April 2017 by Admin (talk | contribs) (Created page with "Ten best practices for network monitoring: the short list: 1. Establish baseline behavior 2. Perform network inventory 3. Avoid network alert sawtoothing/flapping 4. Don't fil...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Ten best practices for network monitoring: the short list: 1. Establish baseline behavior 2. Perform network inventory 3. Avoid network alert sawtoothing/flapping 4. Don't filter your email alerts 5. Monitor deltas 6. Provide details 7. Escalation 8. Parent-Child 9. Event Correlation 10. View traffic from application endpoint

Establish baseline behavior

Establishing a network baseline is important to establishing a sense of how the network performs normally. (Note that, to this end, Bro can be used for network baselining, even though it is designed as an intrusion detection system, not as a network monitoring tool.)

Perform network inventory

Keep an inventory of devices on the network:

  • Network devices
  • Ports
  • Interfaces being used for network connections
  • Network hardware (links, switches, controllers, power supplies)
  • Servers
  • Virtual machines
  • SAN devices

If you don't know what's on your network, you can't monitor it very well!

Avoid network alert sawtoothing

Alert sawtoothing is where an element's numerical value hovers right around the threshold, causing the alert to be triggered multiple times. This is a sign the threshold needs to be changed (higher if false alarm, lower if "too late").








Defcon.png
network monitoring
tools and techniques for monitoring networks to avoid pain and suffering


Network Monitoring

Network Monitoring/Ten Best Practices


Network Monitoring Tools:

Ping  · SNMP  · ICMP  · Syslog

Bro (network baselining): Bro

Snort (IDS): Snort


Category:Network Monitoring  · Category:Networking  · Category:Linux

Flags  · Template:NetworkMonitoringFlag  · e





Defcon.png
linux networking
all the pages for linux networking


General networking in linux: Linux/Networking

Diagnosing network interfaces: Linux/Network Interfaces

Connecting to nodes with ssh: Linux/SSH

Bridging networks with ssh tunnels: Linux/SSH

Linux file server nfs/smb/sshfs: Linux/File Server

Samba on linux: Linux/Samba

Automounting network shares on linux: Linux/Automount Network Shares

Monitoring system resources: Linux/System Monitoring

Linux systemd: Linux/Systemd


Linux networking services: Linux/Networking Services

IP Schema (ipcalc): Linux/IP Schema

DHCP Server: Linux/DHCP

DNS Server: Linux/DNS

NTP Server: Linux/NTP


GNS3 Software Defined Networks: GNS3


Python Port Scanner: Python/Scanner



Category:Networking  · Category:Wireless


Flags  · Template:LinuxNetworkingFlag  · e



Retrieved from "https://charlesreid1.com/w/index.php?title=Network_Monitoring/Ten_Best_Practices&oldid=16902"