Network Monitoring Options? 42
Nom du Keyboard asks: "We have a LAN network of 7 servers and about 400 PCs. Every so often I'll notice immense slowdowns, from minutes to occasional delays of a couple hours, while getting data from various servers, and it happens from more than just my PC. So far we haven't had any way of determining if a server has suddenly gotten tied up, or if there is some failure in the communications backbone. Without a lot of money to spend on this (I think it's more important than others right now), what cheap or free monitoring options are there available that can map and isolate problems in a network of this size?"
some options (Score:4, Informative)
OpenNMS - Probably the most trouble-free NMS I've found so far. No, not "trouble-free". But the closest to it.
Nagios - The most flexible, but also the biggest royal pain in the ass to set up & maintain. Almost infinitely scalable, though, if you are willing to take the time to write some perl scripts to automate most administrative tasks and divide the monitoring work up (several "slave" hosts can harvest monitoring data for a subset of your network and push it to your central Nagios server which greatly lessens the load on your main monitoring server). Some really great monitoring possibilities are out there if you look into NRPE with Nagios.
OpManager - We bought this commercial solution at my last job. Great for monitoring Windows servers. A real pain in the ass to monitor anything else with any level of sophistication. It also has some fatal bugs that cause it to quietly orphan nodes if it misses a scheduled poll!
Re:some options (Score:3, Informative)
Before you get into network monitoring software, start at layer 1. Look at the physical topology of the network. Do you have network/switch maps? If not, get some. If there are none, make some. How is your network configured? Is it a high speed backbone (1G? 10G?) with low or high speed desktop connections (10Mbit? 100Mbit?) Is WIFI in play? Are you using VLANs? Are you connected to
Re:some options (Score:2)
!!!!!!!!!!MOD PARENT UP!!!!!!!!!! (Score:1)
Re:some options (Score:2, Informative)
Service Polling
OpenNMS can be configured to poll services on your servers. It will do checks for many protocols such as HTTP, SMTP, FTP, HTTPS, DNS. NTP, RADI
Re:some options (Score:1)
Re:Pinging (Score:3, Informative)
Also using ping to check servers if they are up and down is a bad idea as well, a mission critical service could go down, but the server would still return a ping, and you would be the first one to know via one of your users, for instance. Using a tool such as nagios to check all services on a server including
tried (Score:3, Insightful)
etherape (Score:3, Interesting)
Just network? (Score:5, Informative)
Cheap = ethereal and a hub (Score:5, Informative)
If the network is the issue, the cheapest and simplest is a good laptop running Ethereal [ethereal.com] or Snort [snort.org]. Also pick up (or scrounge up) a dumb hub and if possible a fiber tap, since you're probably running in a mixed-media switched infrastructure (or maybe you're not - hence the problems
This should go withot saying, but those packet captures will be useless unless you know WHERE each mac address is on the network. That said:
1) maintain reliable L1/L2/L3 mappings
2) Tag both ends of long cables and make sure all wallports are numbered, and
3) beat the shit out of anyone who brings personal equipment in and plugs it in. It screws up your records and is probably less secure.
Snort it. (Score:1)
Try these tools (Score:3, Informative)
Nagios [nagios.org]
MRTG [ee.ethz.ch]
Cacti [cacti.net]
chatty windows machines (Score:2, Interesting)
At work our network setup recently changed from static-IP based to DHCP based. I run a debian machine, and not all that much seems different for me, just that the machine gets its info from a server at bootup.
However, running various network sniffing tools shows that all the windows machines on the network have become insanely chatty -- every windows machine seems to be constantly sending out packets, regardless of whether they're actually d
Re:chatty windows machines (Score:1)
My immediate suspicion would be a virus/worm/spywarebot calling home.
For all its many other faults, Windows usually seems to handle DHCP reasonably well.
Re:chatty windows machines (Score:2)
I really don't think it's that. Despite their use of windows, most of the users are quite technically savvy (most are doing software development and/or chip design), and they seem to be quite good about doing what's necessary to avoid nastiness. There's also an organized structure for making sure people keep their machines up to date, and the admins actually follow through to make sure people do it. When there's a virus outbreak in the
Re:chatty windows machines (Score:2)
get port numbers and packet bodies. its amazing what you can paste in
to google and get an immediate answer.
Re:chatty windows machines (Score:2)
Re:chatty windows machines (Score:2)
Or it could be a misconfigured DHCP setup that doesn't provide the correct or enough information causing the machines to send broadcasts. Looking at
Re:chatty windows machines (Score:1)
Jesus Fucking Christ. How about you look at the traffic? You appear to know about sniffing tools. LOOK AT THE RESULTS. What kind of traffic are they sending? Souce? Destination? Port? Protocol?
So why can't I get a job when numbnuts like you have one?
Probably because I'm bitter.
Re:chatty windows machines (Score:2)
Your steps should be something as follows;
Netbios (Score:2)
Re:chatty windows machines (Score:1)
I suspect your workstations are running Windows XP, which creates quite a bit more traffic than its predecessors as it attempts to discover network resources such as file shares and printers.
On your workstations, from Windows Explorer:
Whiz-bang-boom! Instantly quieter XP :
Re:chatty windows machines (Score:1)
Yes, they are planning world domination for Microsoft! Oh wait....
network or hosts? (Score:3, Informative)
If your intent is to detect network troubles, I recommend using some system like Cricket or MRTG to graph the interfaces as well as the Errors on the interfaces within the network. This may require some finesse in setting up for the first time.
Aside from that, Sysmon was written primarily to monitor hosts and the host based services, but was morphed also to monitoring networks. It may fit your needs as you can set up SNMP thresholds of network errors and other things.
If you want to be super-lazy, I would download the trial of Intermapper [intermapper.com] it may be able to find these troubles for you if you can SNMP poll the devices and has auto-discovery. I've not used it in awhile, so hopefully it has support for the platforms that you are using.
Many tools, many types of monitoring (Score:2, Informative)
Assuming you have managed switches, collecting per-port data with SNMP is a great first start. I think Cricket (http://cricket.sourceforge.net/ [sourceforge.net] is a great system for collecting this data, but I prefer Drraw (http://web.taranis.org/drraw [taranis.org]) for graphing the data. For an example of the power available by combining these two tools, see http://stats.net.cmu.edu/ [cmu.edu]
Once you've got that
More important than others? (Score:2)
the simple answer (Score:1)
Pretty easy (Score:2)
In the short-term you need to break out a sniffer. A few people suggested this. What most of the people are suggesting are service/service monitor tools. These really won't help your problem
Simple, powerful and scalable (Score:1)
holy vague questions, batman! (Score:3, Informative)
5-4-3 rule? (Score:2)
Are all the servers Windows-based? Set up 1 master Perfmon screen with NIC and CPU usage stats for
My $0.02 (Score:2)
If you need more complex system/router data, Cacti is a really good way to centralize the collection of SNMP data.
Free option (Score:3, Insightful)
If you don't know how this tool works, please resign and hire a high school MCSE who does. But just in case you do want to use
I don't mean to flame but monitoring performance is not complicated and certainly not something that should qualify for an Ask Slashdot.
What will we see next on Ask Slashdot?
"I am an Administrator for a medium sized busines with 100 workstations and 8 servers. We have a new employee starting next week, and I have been told this employee does not wish to use an existing user account, instead management wants the new starter to have an account with her own name on it. I have read through all the manuals but I want to know, is it possible to have a new user account on the network? Management don't want to spend any more money on licenses so this should be a cheap solution."
"I am running a local area network with about 10 desktops and 2 servers. Suddenly last week all the computers stopped communicating. I looked at the core network switch but it appears normal, although all the lights have turned off. Management would like this fixed as soon as possible but they are on a tight budget. Are there any open source solutions, or any readers who have seen similar problems?"