A hack employee is a disaster for any enterprise or company. Therefore, the question constantly arises of how to control an employee at his work computer and ensure that there are no unauthorized actions.

We note right away that the employee must be informed (in writing, with a signature) that a computer is being secretly monitored on the local network. Perhaps only this fact will already help to avoid violations and put the employee on the path of a “hard worker”. If not, then here is the solution for full control over computers on the local network.

Local network control program

So, software called "Mipko Employe Monitor" - a version specifically for corporate networks.

After installation and launch, and you can run it from the desktop or by pressing "ctrl + alt + shift + k", you need to configure user interface- what exactly needs to be monitored and controlled in the local network.

1. 1. On the top left is a section where you select a user from your network whose log is tracked in this moment: When expanded, a list of recorded actions will be displayed (depending on settings).

1. 2. Now directly about the functionality "Tools" - "Settings". For each user, the “tracking” parameters can be configured individually.

Monitoring allows you to track the following actions:

• - keystrokes;
• - screenshots;
• - activity in social networks;
• - messaging in "skype";
• - visited websites;
• - saving the clipboard;
• - program activity;
• - pictures from the webcam;
• - call recording;
• - operations with files.

Pretty broad functionality. The main thing that usually interests an employer when monitoring users on a local network is screenshots and visited websites.

In order not to face claims for interference with personal information (for example, if you set browsing for visited web pages and saw private correspondence on social networks), set the blocking of all social networks and chats, as well as a ban on installing third-party software - just what is required for work.

Remote monitoring of a computer on a local network

As a rule, the employer is only interested in two aspects - this is a screenshot of the user's computer on the local network and browsing the web (as mentioned above, employees are familiar with this information).

1. 3. Screen capture settings include the following:

• - selection of the time interval, indicated either in minutes or in seconds;
• - take a picture when opening a window;
• - take a picture at the click of a mouse;
• - do not take a picture when not active;
• - snapshot mode ( Full Screen, window);
• - and image quality.

1. 4. In the "visited websites" section, it's even easier: select the "interception type" and whether to save a screenshot.

1. 5. Now about where all this will be saved or sent. In the settings section "Sending":

• - first, set the "Type of log" and pop-up list;
• - set in what format the report "HTML" or archive "ZIP" will be saved;
• - select the type of sorting and the time interval for sending the report;
• - the most important thing is where the report will be sent: to mail / ftp / folder on the computer.
• - then enter your username and password, click "Apply".

That's it, now the employees, as they say, "Under the hood" - you can monitor the users of the local network.

Network monitoring software are indispensable assistants for everyone system administrator. They allow you to quickly respond to anomalous activities within the local network, to be aware of all network processes and, thus, automate some of the routine activities of the administrator: primarily those related to ensuring network security. Let's see which local network monitoring programs are the most relevant in 2019.

This top opens with our own development TNM 2 - an extremely affordable and effective software solution for network monitoring activity of server machines, which displays perfect balance between convenience (in most free solutions there is no GUI) and extensive functionality. One of the main programmable components of Total Network Monitor 2 are monitors that perform checks at the frequency you need. List available checks impressive. They allow you to track almost any parameter, from the availability of servers on the network to checking the status of services.

It is noteworthy that these objects are able to independently eliminate the primary consequences of problems (that is, all this happens without the direct participation of the system administrator) - for example, restart individual services or user devices, activate antivirus, supplement the event log with new entries, etc. - in general, everything that the system administrator initially performed manually.

As for reporting, it stores all the information related to each check that was carried out by the selected monitor. The cost for 1 copy of this application is only 5,000 rubles.

observium

The Observium application, which is based on the use of the SNMP protocol, allows not only to examine the state of a network of any scale in real time, but also to analyze its performance level. This solution integrates with equipment from Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp and other vendors. With a well-designed graphical interface, the software provides system administrators with a wealth of customization options, from ranges for autodiscovery to the SNMP protocol data needed to gather information about the network.

They also get access to data on the technical characteristics of all equipment that is currently connected to the network. All reports that are generated by analyzing the event log can be presented by Observium in the form of diagrams and graphs, clearly demonstrating the "weak" sides of the network. You can use either the demo version (which, in our experience, is not very feature rich) or the paid license, which costs £200 per year.

Nagios

Nagios is an advanced monitoring solution that is managed through a web interface. It is by no means easy to learn, however, thanks to its fairly large online community and well-researched documentation, it can be mastered in a few weeks.

With the help of Nagios, system administrators can remotely control the amount of load on user or higher-level equipment in the network hierarchy (switches, routers, servers), monitor the level of memory reserves in databases, monitor physical indicators parts of network equipment (for example, temperature motherboard, the combustion of which is one of the most frequent breakdowns in this area), etc.

As far as network anomaly detection is concerned, Nagios automatically sends alert notifications to a pre-set address by the sysadmin, be it an email address or a phone number. mobile operator. A free demo version will be available to you for 60 days.

PRTG Network Monitor

Software component PRTG, compatible with devices based on Windows OS, is designed for network monitoring. It is not free (only a 30-day trial period is free), it is used not only to scan devices that are currently connected to the local network, but can also serve as great helper and in discovering network attacks.

Some of the most useful PRTG network services include: packet inspection, analysis and saving of statistical data to the database, viewing a network map in real time (it is also possible to obtain historical information about the behavior of the network), collecting technical parameters about devices connected to the network, as well as analysis load level on network equipment. Note that it is very easy to use - primarily due to the intuitive graphical interface that can be opened using any browser. If necessary, the system administrator can also get remote access to the application through a web server.

Kismet

Kismet is a useful open-source application for system administrators that allows you to comprehensively analyze network traffic, detect anomalies in it, prevent crashes and can be used with *NIX/Windows/Cygwin/macOS based systems. Kismet is often used specifically for analyzing wireless local networks based on the 802.11 b standard (including even networks with a hidden SSID).

With it, you can easily find incorrectly configured and even illegally operating access points (which attackers use to intercept traffic) and others. hidden devices, which could be potentially "harmful" to your network. For these purposes, the application has a very well developed ability to detect various types network attacks - both at the network level and at the level of communication channels. As soon as one or more attacks are detected, the system administrator will receive an alert and be able to take action to eliminate the threat.

WireShark

Free open source WireShark traffic analyzer provides its users with incredibly advanced functionality and is rightfully recognized as an exemplary solution in the field network diagnostics. It integrates perfectly with *NIX/Windows/macOS based systems.

Instead of web interfaces and CLIs that are not very understandable for beginners, in which you need to enter queries in a special programming language, this solution uses a GUI (although if you need to upgrade the set standard features WireShark, you can easily program them in Lua).

By deploying and configuring it once on your server, you will have a centralized element for monitoring the smallest changes in network operation and network protocols. In this way, you will be able to detect and identify network problems early.

NeDi

NeDi is a completely free software that scans the network for MAC addresses (there are also IP addresses and DNS among the valid search criteria) and compiles its own database from them. To work, this software product uses a web interface.

Thus, you can monitor all physical devices and their location within your local network online (in fact, you will be able to extract data about any network node - from its firmware to configuration).

Some professionals use NeDi to find devices that are used illegally (for example, stolen). This software uses the CDP/LLDP protocols to connect to switches or routers. This is a very useful, albeit difficult to learn solution.

Zabbix

System Zabbix monitoring- This one-stop solution for network monitoring with open source code, which can be configured for individual network models. Basically, it is intended for systems that have a multi-server architecture (in particular, Zabbix integrates with Linux/FreeBSD/Windows servers).

This application allows you to simultaneously manage hundreds of network nodes, which makes it extremely effective tool in organizing the work of system administrators working in large-scale enterprises. To deploy Zabbix on your local network, you will need to either run software agents (daemons) or use the SNMP protocol (or another protocol for secure remote access); and for management, you will have to master the web interface in PHP.

In addition, this software provides a complete set of tools for monitoring the status of network hardware. Note that in order to fully experience all the benefits of this solution, your system administrator will need to have at least basic knowledge Perl or Python languages ​​(or any other languages ​​that can be shared with Zabbix).

10-Strike: Network Monitoring

“Network Monitoring” is a Russian-language web-based software solution that fully automates all aspects of network security. With its help, system administrators can prevent the spread of virus software over the local network, as well as determine the cause of all kinds of technical faults associated with cable breaks or failure of individual units of the network infrastructure.

In addition, this software performs online monitoring of temperature, voltage, disk space and other parameters via SNMP and WMI. Among its shortcomings are enough heavy load on the CPU (which the developer himself honestly warns about) and a high price.

Network Olympus

And our list closes one more our program. Unlike TNM, Network Olympus runs as a service and is web-based, giving you much more flexibility and ease of use. The main feature is the script constructor, which allows you to move away from performing primitive checks that do not allow you to take into account certain circumstances of device operation. With its help, you can organize monitoring schemes of any complexity in order to accurately identify problems and malfunctions, as well as automate the process of their elimination.

The scenario is based on a sensor, from which you can build logical chains, which, depending on the success of the check, will generate different alerts and actions aimed at solving your problems. Each element of the chain can be edited at any time and will immediately be applied to all devices to which the scenario is assigned. All network activity will be tracked using an activity log and special reports.

If you have small network, then you do not need to buy a license - the program will work in free mode.

How to choose a network monitoring program: summary

Definitely choose the winner and name the best program LAN monitoring is difficult. But we are of the opinion that our Network Olympus product has many advantages and a very low barrier to entry, because it does not require special training in order to start working with it. In addition, it does not have the disadvantages of open-source solutions, such as lack of updates and poor compatibility (both with OS and TX devices). Thus, thanks to such a solution, you will be able to control all events occurring within your local network and respond to them in a timely manner.

This article will be, to some extent, devoted to security. I recently had an idea, but how to check which applications use the Internet connection, where traffic can flow, through which addresses the connection goes, and much more. There are users who also ask this question.

Let's say you have an access point to which only you are connected, but you notice that the connection speed is somehow low, call the provider, they note that everything is fine or something like that. What if someone is connected to your network? You can try using the methods in this article to find out what programs that require an Internet connection he uses. In general, you can use these methods however you like.

Well, let's analyze?

netstat command to analyze network activity

This method without using any programs, we just need the command line. Windows has special utility netstat which analyzes networks, let's use it.

It is desirable that the command line be run as an administrator. In Windows 10, you can right-click the Start menu and select the appropriate item.

At the command line, enter the netstat command and see a lot of interesting information:

We see connections, including their ports, addresses, active and pending connections. It's cool, of course, but it's not enough for us. We would like to know which program is using the network, for this, together with the netstat command, you can use the -b parameter, then the command will look like this:

netstat -b

Now the utility that uses the Internet will be visible in square brackets.

This is not the only parameter in this command to display complete list enter the command netstat -h .

But, as practice shows, many utilities command line do not give the information that we would like to see, and it is not so convenient. As an alternative, we will use a third party software - TCPView.

Monitor network activity with TCPView

You can download the program from here. You don't even need to install it, you just unpack it and run the utility. It is also free, but does not support the Russian language, but this is not particularly necessary, from this article you will understand how to use it.

So, TCPView utility monitors networks and shows in the form of a list all programs connected to the network, ports, addresses and connections.

In principle, everything is very clear here, but I will explain some points of the program:

• Column process, of course, shows the name of the program or process.

• Column PID points to the process ID of the process connected to the network.

• Column Protocol indicates the process log.

• Column local address – local address process on this computer.
• Column local port- local port.

• Column remote address indicates the address to which the program is connected.

• Column State– indicates the state of the connection.

• Where specified Sent Packets and Rcvd Packets indicates the number of packets sent and received, the same with the columns bytes.

With the help of the program, you can right-click on the process and end it, or see where it is located.

Address names as shown in the image below can be converted to a local address by pressing hotkeys ctrl+r.

With other parameters, there will also be a change - with protocols and domains.

If you see lines different color, for example, green, it means starting a new connection, if red color appears, then the connection is completed.

That's all the main settings of the program, there are still crayon options, such as setting the font and saving the connection list.

If you like this program, then be sure to use it. Power Users find exactly for what purpose to use it.

You probably know about the presence of a built-in firewall in it. Perhaps you also know how to allow and block access of individual programs to the network in order to control incoming and outgoing traffic. But do you know that windows firewall can be used to log all connections passing through it?

The Windows Firewall logs can be helpful for specific issues:

• The program you are using cannot connect to the Internet, even though other applications do not experience this problem. In this case, to fix the problem, you should check if the system firewall is blocking the connection requests of this program.
• You suspect that the computer is being used to transfer data malware and want to monitor outbound traffic for suspicious connection requests.
• You have created new rules for allowing and blocking access and want to make sure that the firewall correctly processes the given instructions.

Regardless of the reason for use, enabling event logging can be challenging task, as it requires many manipulations with the settings. Here is a clear algorithm of actions on how to activate registration network activity in the windows firewall.

Access to firewall settings

First, you need to go to the advanced settings of the Windows firewall. Open the control panel (right-click on the Start menu, option “Control Panel”), then click the link “Windows Firewall”, if the view mode is small / large icons, or select the section “System and Security”, and then “Windows Firewall ” if the view mode is category.

In the firewall window, select the option on the left navigation menu"Extra options".

You will see the following settings screen:

This is the internal technical side of the Windows firewall. This interface allows you to allow or block access of programs to the Internet, configure incoming and outgoing traffic. In addition, this is where the event logging function can be activated - although it is not immediately clear where this can be done.

Accessing log settings

First, select the option “Windows Firewall in increased security(local computer).

Right-click on it and select the "Properties" option.

A window will open that may confuse the user. When you select three tabs (Domain Profile, Private Profile, Public Profile), you will notice that their content is identical, but refers to three different profiles, the name of which is indicated in the tab title. Each profile tab contains a logging configuration button. Each log will correspond to a different profile, but which profile are you using?

Consider what each profile means:

• The domain profile is used to connect to the wireless WiFi networks when the domain is set by a domain controller. If you're not sure what that means, don't use this profile.
• The private profile is used to connect to private networks, including home or personal networks- this is the profile you will most likely use.
• The shared profile is used to connect to public networks, including restaurant chains, airports, libraries and other institutions.

If you are using a computer in home network, click the Private Profile tab. If used public network, click the General Profile tab. Click the "Customize" button in the "Logging" section of the correct tab.

Event log activation

In the window that opens, you can configure the location and maximum size magazine. You can set a memorable location for the log, but the location of the log file doesn't really matter. If you want to start event logging, set both drop-down menus “Log missed packets” and “Log successful connections” to “Yes” and click the “OK” button. Permanent job feature can lead to performance issues, so only enable it when you really need to monitor connections. To disable the logging function, set the value to “None (default)” in both drop-down menus.

Studying magazines

Now the computer will capture network activity controlled by the firewall. To view the logs, go to the "Advanced Options" window, select the "Monitoring" option in the left list, and then in the "Logging Options" section, click the "File Name" link.

Then the network activity log will open. Log content can be confusing inexperienced user. Consider the main contents of the log entries:

1. Date and time of connection.
2. What happened to the connection. The “ALLOW” status means that the connection was allowed by the firewall, while the “DROP” status indicates that the connection was blocked by the firewall. If you're experiencing network connectivity issues with a single program, you'll be able to pinpoint that the cause of the problem is related to firewall policy.
3. Connection type - TCP or UDP.
4. In order: the IP address of the connection source (computer), the IP address of the destination (for example, a web page), and the one used on the computer network port. This entry allows you to identify ports that require opening for the software to work. Also watch out for suspicious connections - they can be made by malware.
5. Whether the data packet was successfully sent or received.

The information in the log will help you determine the cause of connection problems. The logs may also log other activity, such as the target port or TCP acknowledgment number. If you want more details, check out the “#Fields” line at the top of the log to identify the meaning of each metric.

Don't forget to turn off the logging feature when you're done.

Advanced Network Diagnostics

By using the Windows Firewall log, you can analyze the types of data being processed on a computer. In addition, you can determine the causes of network problems related to the operation of the firewall or other objects that disrupt connections. The activity log allows you to familiarize yourself with the operation of the firewall and get a clear idea of ​​\u200b\u200bwhat is happening on the network.

Found a typo? Press Ctrl+Enter

The mantra of the real estate world is Location, Location, Location. For the world system administration this sacred text should sound like this: Visibility, Visibility and again Visibility. If you don't know exactly what your network and servers are doing every second of the day, you're like a pilot flying blind. A catastrophe awaits you. Lucky for you, there are a lot of good programs available on the market, both commercial and open source, that can do your network monitoring.

Since good and free is always more tempting than good and expensive, here is a list of open source programs that prove their worth every day in networks of any size. From discovering devices, monitoring network equipment and servers, to identifying network trends, graphing monitoring results, and even backing up switch and router configurations, these seven free utilities, most likely, will be able to pleasantly surprise you.

Cacti

First there was MRTG (Multi Router Traffic Grapher) - a program for organizing a network monitoring service and measuring data over time. Back in the 1990s, its author Tobias Oetiker saw fit to write a simple plotting tool using the ring database originally used to display bandwidth router on the local network. So MRTG gave birth to RRDTool, a set of utilities for working with RRD (Round-robin Database, ring database), which allows you to store, process and graphically display dynamic information, such as network traffic, CPU usage, temperature, and so on. Now RRDTool is used in a huge number of open source tools. Cacti is the modern flagship of open source network graphics software and takes the principles of MRTG to a whole new level.

From disk usage to power supply fan speed, if it can be tracked,Cacti will be able to display it and make this data easily accessible.

Cacty is free program, included in the LAMP suite of server software that provides a standardized software platform to build graphs based on almost any statistical data. If any device or service returns numeric data, then they can most likely be integrated into Cacti. There are templates for monitoring a wide range equipment - from Linux and Windows servers to routers and Cisco switches, - basically everything that communicates on SNMP (Simple Network Management Protocol, a simple network management protocol). There are also template collections from third party developers, which further expand the already huge list compatible with Cacti hardware and software.

Despite the fact that standard method Cacti data collection is an SNMP protocol, and Perl or PHP scripts can also be used for this. The framework of the software system skillfully divides the collection of data into discrete instances and their graphic display, which makes it easy to reprocess and reorganize existing data for different visual representations. In addition, you can select specific time frames and parts of the charts by simply clicking and dragging them.

So, for example, you can quickly look at data from several years ago to see if the current behavior of the network equipment or server is anomalous, or if such indicators appear regularly. And with Network Weathermap, a PHP plugin for Cacti, you can effortlessly create real-time maps of your network showing the traffic between network devices using graphs that appear when you hover your mouse over a network channel image. Many organizations using Cacti display these maps on 42-inch wall-mounted LCD monitors 24/7, allowing IT to instantly monitor network traffic and link status.

In summary, Cacti is a powerful graphing and trending network performance toolkit that can be used to monitor virtually any monitored metric that can be graphed. This solution also supports almost endless possibilities for customization, which can make it overly complicated for certain applications.

Nagios

Nagios is an accomplished software system for network monitoring, which has been in active development for many years. Written in C, it allows you to do almost everything that system and network administrators might need from a monitoring application package. The web interface of this program is fast and intuitive, while its server part- extremely reliable.

Nagios can be a problem for beginners, but the rather complex configuration is also an advantage of this tool, as it can be adapted to almost any monitoring task.

Like Cacti, there is a very active community supporting Nagios, so various plugins exist for a huge variety of hardware and software. From simple ping checks to integration with complex software solutions, such as, for example, written in Perl for free software tools WebInject for testing web applications and web services. Nagios allows you to constantly monitor the status of servers, services, network links and everything else that the protocol understands network layer IP. For example, you can control the use disk space on the server, RAM and CPU utilization, FLEXlm license usage, server outlet air temperature, WAN and Internet latency, and more.

Obviously, any server and network monitoring system will not be complete without notifications. Nagios is all right with this: the software platform offers a customizable notification mechanism via email, SMS and instant messages most popular Internet messengers, as well as an escalation scheme that can be used to make intelligent decisions about who, how and under what circumstances should be notified, which, if properly configured, will help you ensure many hours of restful sleep. And the web interface can be used to temporarily suspend receiving notifications or confirming a problem has occurred, as well as making notes by administrators.

In addition, the display function shows all controlled devices in logical view posting them online, color-coded to show problems as they occur.

The disadvantage of Nagios is the configuration, as it is best done through the command line, which makes it much more difficult for beginners to learn. Although people who are familiar with the standard Linux/Unix configuration files should not experience much of a problem.

The possibilities of Nagios are huge, but the effort to use some of them may not always be worth the effort. But don't let the complexity intimidate you: the early warning benefits that this tool provides for so many aspects of the web cannot be overestimated.

Icinga

Icinga started as an offshoot of the system Nagios monitoring, but has recently been rewritten to independent decision, known as Icinga 2. At the moment, both versions of the program are in active development and available for use, while Icinga 1.x is compatible with large quantity plugins and Nagios configuration. Icinga 2 was designed to be less bulky, performance oriented, and more user friendly. It offers a modular architecture and multi-threaded design that neither Nagios nor Icinga 1 has.

Icinga offers a complete monitoring and alerting software platform that is designed to be as open and extensible asNagios, but with some differences in the web interface.

Like Nagios, Icinga can be used to monitor anything that speaks the IP language, as deep as you can use SNMP, as well as custom plugins and add-ons.

There are several variations of the web interface for Icinga, but the main difference between this software solution monitoring from Nagios is a configuration that can be done through the web interface, not through configuration files. For those who prefer to manage their configuration outside of the command line, this functionality will be a real boon.

Icinga integrates with many software packages for monitoring and graphical display, such as PNP4Nagios, inGraph and Graphite, providing a reliable visualization of your network. In addition, Icinga has advanced reporting capabilities.

NeDi

If you've ever had to Telnet to switches to find devices on your network and search by MAC address, or you just want to be able to determine the physical location of certain equipment (or perhaps even more it doesn't matter where it was located before), then it will be interesting for you to take a look at NeDi.

NeDi is constantly browsing network infrastructure and catalogs devices, keeping track of everything it finds.

NeDi is a free LAMP-related software that regularly scans the MAC addresses and ARP tables on the switches in your network, cataloging each discovered device in a local database. This project is not as well known as some others, but it could become very handy tool when working with corporate networks, where devices are constantly changing and moving.

You can use the NeDi web interface to search for a switch, switch port, access point, or any other device by MAC address, IP address, or DNS name. NeDi collects all the information it can from every network device it encounters, extracting from them serial numbers, firmware and software versions, current timestamps, module configurations, and more. You can even use NeDi to mark device MAC addresses that have been lost or stolen. If they appear online again, NeDi will let you know.

Discovery is triggered by a cron process at specified intervals. The configuration is simple, with only one configuration file, which allows you to significantly increase the number of settings, including the ability to skip devices based on regular expressions or given boundaries networks. NeDi usually uses Cisco protocols Discovery Protocol or Link Layer Discovery Protocol to discover new switches and routers and then connect to them to collect their information. Once the initial configuration is set, device discovery will be pretty fast.

Up to a certain level, NeDi can integrate with Cacti, so it is possible to link device discovery to the corresponding Cacti graphs.

Ntop

The Ntop project - now better known to the "new generation" as Ntopng - has come a long way in the last decade. But call it whatever you want - Ntop or Ntopng - as a result, you will get a first-class monitoring tool. network traffic paired with fast and simple web interface. It is written in C and is completely self contained. You start a single process configured for a specific network interface and that's all he needs.

Ntop is a lightweight web-based packet sniffing tool that shows you real-time network traffic data. Information about the data flow through the host and about the connection to the host is also available in real time.

Ntop provides easy-to-digest graphs and tables showing current and past network traffic, including protocol, source, destination, and history of specific transactions, as well as hosts at both ends. In addition, you'll find an impressive array of graphs, charts, and real-time network usage maps, as well as a modular architecture for a huge number of add-ons, such as adding NetFlow and sFlow monitors. Here you can even discover Nbox - hardware monitor, which embeds in Ntop.

In addition, Ntop includes a scripting language API Lua programming, which can be used to support extensions. Ntop can also store host data in RRD files for ongoing data collection.

One of the most useful uses of Ntopng is to control traffic to a specific location. For example, when some of the network links are highlighted in red on your network map, but you don't know why, you can use Ntopng to get a minute-by-minute report on the problematic network segment and immediately find out which hosts are responsible for the problem.

The benefit of such network visibility is difficult to overestimate, and it is very easy to get it. Essentially, you can run Ntopng on any interface that has been configured at the switch level to monitor a different port or VLAN. That's all.

Zabbix

Zabbix is ​​a full-blown network and system monitoring tool that combines several functions in one web console. It can be configured to monitor and collect data from the most different servers and network devices, providing maintenance and monitoring of the performance of each object.

Zabbix allows you to monitor servers and networks using a wide range of tools, including monitoring of virtualization hypervisors and web application stacks.

Basically, Zabbix works with software agents running on monitored systems. But this solution can also work without agents, using the SNMP protocol or other monitoring capabilities. Zabbix supports VMware and other virtualization hypervisors by providing detailed hypervisor performance and activity data. Special attention also given to server monitoring Java applications, web services and databases.

Hosts can be added manually or through an automatic discovery process. A wide range of default templates apply to the most common use cases such as Linux, FreeBSD and Windows servers; widely used services such as SMTP and HTTP as well as ICMP and IPMI for detailed network hardware monitoring. Besides, custom checks, written in Perl, Python, or almost any other language, can be integrated into Zabbix.

Zabbix allows you to customize your dashboards and web interface to focus on the most important network components. Notifications and problem escalations can be based on custom actions that are applied to hosts or groups of hosts. Actions can even be configured to run remote commands, so some script of yours can run on a controlled host if certain event criteria are observed.

The program graphs performance data such as network bandwidth and CPU usage and collects it for custom display systems. In addition, Zabbix supports customizable maps, screens, and even slideshows showing the current status of monitored devices.

Zabbix can be difficult to implement on initial stage, but judicious use of auto-discovery and different patterns can alleviate some of the integration difficulties. In addition to being an installable package, Zabbix is ​​available as a virtual appliance for several popular hypervisors.

observium

Observium is a program for monitoring network equipment and servers that has a huge list of supported devices using the SNMP protocol. As a LAMP related software, Observium is relatively easy to install and configure, requiring the usual Apache installations, PHP and MySQL, database creation, Apache configuration and the like. It is installed as own server with dedicated URL.

Observium combines system and network monitoring with performance trending. It can be configured to track almost any metric.

You can log in GUI and start adding hosts and networks, as well as setting up auto-discovery ranges and SNMP data so that Observium can explore the networks around it and collect data on each discovered system. Observium can also discover network devices via CDP, LLDP or FDP protocols, and remote host agents can be deployed on Linux systems to help with data collection.

All of this collected information is available through an easy-to-use user interface that provides advanced statistical display options as well as charts and graphs. You can get anything from ping and SNMP response times to throughput graphs, fragmentation, IP packet counts, and more. Depending on the device, this data can be available up to every discovered port.

As for servers, for them Observium can display information about the state of the central processor, random access memory, storage, swap, temperature, etc. from the event log. You can also enable data collection and performance graphical display for various services, including Apache, MySQL, BIND, Memcached, Postfix and more.

Observium works great as a virtual machine, so it can quickly become the go-to tool for getting information about the status of servers and networks. This is great way add auto-discovery and graphic representation to a network of any size.

Too often, IT administrators feel they are limited in what they can do. Whether we are dealing with a custom software application or an "unsupported" piece of hardware, many of us feel that if the monitoring system can't handle it right away, it's impossible to get the data we need in that situation. This, of course, is not true. With a little effort, you can make almost everything more visible, accounted for, and controlled.

An example is a user application with a database on the server side, for example, an online store. Your management wants to see beautiful graphs and charts, designed in one form or another. If you are already using, say, Cacti, you have several options to display the collected data in the required format. You can, for example, write a simple Perl or PHP script to run queries against the database and pass those calculations to Cacti, or you can make an SNMP call to the database server using a private MIB (Management Information Base). control information). One way or another, but the task can be done, and done easily, if you have the necessary tools for this.

Most of the free network monitoring utilities listed in this article should not be difficult to access. They have bundled versions available for download for most popular distributions Linux, unless they are natively included. In some cases, they may be pre-configured as a virtual server. Depending on the size of your infrastructure, configuring and configuring these tools can be quite time-consuming, but once they're up and running, they'll be a solid foundation for you. As a last resort, it is worth at least testing them.

Regardless of which of these above systems you use to keep an eye on your infrastructure and equipment, it will provide you with at least functionality another system administrator. Although it cannot fix anything, it will monitor literally everything on your network around the clock, seven days a week. The time spent on installation and configuration will pay off with a vengeance. Also, be sure to run a small set of standalone monitors on another server to observe the main monitor. This is the case when it is always better to keep an eye on the observer.

Always in touch, Igor Panov.

See also: