home Windows Programs for system administrators, programs for the network. How to Monitor Network Activity Using Windows Firewall Logs Download LAN Monitoring Utilities

Programs for system administrators, programs for the network. How to Monitor Network Activity Using Windows Firewall Logs Download LAN Monitoring Utilities

The built-in OS administration tools are not always convenient or often do not have sufficient functionality, so the system administrator's arsenal is replenished over time with useful utilities, add-ons and scripts that greatly simplify everyday tasks. It is doubly gratifying when the solution found not only helps to cope with a certain problem, but is also distributed free of charge.

Advanced IP Scanner

The system administrator must know everything about the systems running on the network and quickly access them. This task is helped by Advanced IP Scanner, designed for fast multi-threaded scanning local network. AIPS is provided completely free of charge, without any reservations. The program is very simple and easy to use. After starting, AIPS checks the IP addresses of the network interfaces of the host on which it is installed, and automatically prescribes the IP range in the scan parameters; if the IP does not need to be changed, then it remains to start the scan operation. As a result, we get a list of all active network devices. For each, all possible information will be collected: MAC address, network card manufacturer, network name, user registered in the system, available shares and services (shared folders, HTTP, HTTPS and FTP). Almost all scanning options can be configured, such as changing the speed or excluding scanning of certain types of network resources (shared folders, HTTP, HTTPS and FTP). You can connect to any resource with one click, you just need to mark it in the list. AIPS integrated with Radmin program and during the scan it finds all machines running Radmin Server. The scan result can be exported to a file (XML, HTML or CSV) or saved to Favorites (drag-and-drop supported). In the future, if you need to access the desired client computer, you do not need to rescan the network. If the remote device supports the Wake-on-LAN function, it can be turned on and off by selecting the corresponding menu item.

NetWrix, a company specializing in the development of solutions for auditing IT infrastructure changes, offers ten free and very useful utilities designed to greatly simplify the administration of Windows. For example, NetWrix Inactive Users Tracker allows you to solve one of the most pressing security problems - the presence of inactive accounts that no one uses for some time (dismissed employees, business trips, promotions, temporary accounts, etc.). HR rarely alerts the IT department about changes, and an attacker can easily take advantage of such an account. The utility periodically checks all accounts in domains and reports those that have not been accessed for a certain time. In the Free version, it is possible to specify only a warning by e-mail as actions (it is enough to set the SMTP parameters), the admin performs all other operations manually, although a warning is enough in our case. In the paid version are available: automatic installation random password, deactivate an account and move to another OU, filter OU to search for accounts. A separate PowerShell cmdlet, get-NCInactiveUsers, is offered, which allows you to get a list of inactive users (the “lastLogon” attribute is checked) and simplify writing the corresponding scripts.

WinAudit Freeware

WinAudit is a free utility from Parmavex Services that allows you to perform a complete system audit. Does not require installation, can be run in command line mode. The program has a simple and localized interface, it is supported to run on all Windows versions, including 64-bit ones. Data collection takes about a minute (the duration of the process may vary depending on the operating system and computer configuration), the resulting report consists of 30 categories (customizable). As a result, the administrator can obtain information about the system, installed software and updates, indicating the version and vendor, connected devices; list of open network ports (number, service, program, etc.) and open folders; active sessions; security installations; access rights to the periphery; information about accounts and groups; list of tasks/services; startup programs; log entries and system statistics (uptime, memory usage, disk usage). You can also set the search for specific files by name. For example, to find music and videos on the user's hard drives, it is enough to set the appropriate extensions (avi, mp3, etc.). The result can be opened as a web page, exported to a file of many popular formats (txt, XML, CSV, PDF) or to a database (with the help of a wizard, all popular ones are supported: MS SQL, MS Access, MySQL, Oracle and others), send by email and print.

Computer accounting with CheckCfg

The problem of accounting for office equipment and software used is acute in any organization. It can be solved different ways, one of the options is offered by the developer Andrey TatukovCheckCfg . This solution periodically collects hardware, OS, and software data, including CPU type, RAM size, disk space, S.M.A.R.T. And so on. At the same time, CheckCfg easily copes with several hundred computers. The result is displayed in a convenient tree form, local directories are easy to access. Each PC can be assigned an inventory number, if necessary, it is easy to generate a report in RTF format.

CheckCfg is a whole complex of programs. For the direct collection of data about the computer, CheckCfg is responsible, which starts at OS startup and writes the result to a file. Management and archiving of information is carried out using the Sklad accounting program, which processes the files created by CheckCfg and saves it to its database, after which it is possible to generate reports. Using the Sklad_w program, you can conveniently view the current computer configurations and basic data on office equipment (by IP addresses, CPU, Memory, software). To analyze changes in the PC configuration and notify the administrator about this, another utility is used - Doberman. Perhaps the setup will seem not quite trivial, since you have to manually create the necessary configuration files, but the detailed description on the site and the available templates allow you to figure everything out without any problems.

MailArchiva Open Source Edition

Some mail servers, like MS Exchange, have mail archiving functions that allow you to find old messages if necessary, including to detect the leakage of confidential information when investigating incidents. In other cases, you have to provide these functions yourself. A solution option is the development of MailArchiva, which is compatible with most modern mail servers (Lotus Domino, MS Exchange, MDaemon, Postfix, Zimbra, Sendmail, Scalix, Google Apps). Archiving via SMTP, IMAP/POP3, WebDAV and via Milter protocols is supported (the program has a built-in SMTP and Milter server, IMAP/POP client). In order not to collect all mail, you can create any archiving rules. There are three levels of access to saved data - user (only own mail), administrator (settings and own mail) and auditor (all mail, can be limited by rules). In the Open Source version of MailArchiva, intuitive search functions are also implemented, including attachments (Word, PowerPoint, Excel, OpenOffice, PDF, RTF, ZIP, tar, gz). MailArchiva runs on Windows, Linux, FreeBSD and Mac OS X.

Performance Analysis of Logs

In case of problems with system performance, it is rather difficult to detect a bottleneck using the standard Windows Performance Monitor without experience. In order to figure out what metrics to take and how to correctly interpret the result, you will need to carefully go through the documentation. The PAL utility (Performance Analysis of Logs, pal.codeplex.com) greatly simplifies the search for a bottleneck. Once launched, it scans the logs and analyzes them using built-in templates. Currently there are settings for most popular MS products - IIS, MOSS, SQL Server, BizTalk, Exchange, Active Directory and others. After launch, the administrator activates the necessary counters in the PAL Wizard by simply selecting a template from the list of suggested ones, specifies the current server settings (the number of CPUs and others), the analysis interval and the directory for saving the result. After a while, a detailed report will be issued in HTML and XML, containing a description, counter name and indicators (Min, Avg, Max and Hourly Trend). The report can then be easily copied to any document. But you still have to understand further in the collected parameters yourself. Although if PAL shows that the characteristic is in the green sector, you should not worry. The request itself is stored in the PAL.ps1 PowerShell script, which can be saved for later use. Templates are XML files; taking any of them as an example, you can create your own version. To edit the parameters in the template, a built-in PAL Editor is offered.

Win7 is officially supported, but works on all OS from MS, starting with WinXP (32/64). Installation requires PowerShell v2.0+, MS . NET Framework 3.5SP1 and MS Chart Controls for Microsoft .NET Framework 3.5.

Create an Access Point with Virtual Router

The situation when a computer with a Wi-Fi card needs to be turned into an access point is by no means rare today. For example, you need to quickly deploy a WLAN or expand your Wi-Fi coverage. Initially, the operation of a wireless card was provided only in one of two modes: point-to-point, when clients connect to each other, or as an access point. Win7/2k8 (except Win7 Starter Edition) has the ability to virtualize network connections(Virtual Wi-Fi technology), which allows you to create several Wi-Fi modules with your own settings using one physical Wi-Fi adapter. Thus, a computer can be connected to Wi-Fi and at the same time act as an access point (SAPoint, Software Access Point). The connection to this virtual hotspot is secured using WPA2. You can turn a PC running Win7 / 2k8R2 into an access point using the Netsh console utility, through the Network and Sharing Center, or using the Virtual Router application, which has an intuitive GUI and very simple settings. After launching Virtual Router, you only need to specify the SSD and password to connect, and then activate the access point. If necessary, you can also stop the operation of the hot spot by pressing one button. Additionally, the window displays the current connections to the point, for each you can set your own icon and change some parameters.

Managing RDC Connections - RDCMan

For remote management of servers and PCs running Windows, the Remote Desktop Connection snap-in is intended. If you need to establish many RDP connections with different settings, then working with it becomes inconvenient. Instead of methodically saving individual settings for each remote computer, you can use free tool Remote Desktop Connection Manager RDCMan , which automates this process. After launch, you should specify the RDP connection settings that will be used by default and inherited by all connections. Here we set the general credentials, gateway, screen settings, security settings and much more. Next, we create the required number of system groups (for example, by purpose, location, OS version), for each of them you can specify specific connection settings. And the last step is to populate the groups with systems. To add a server, you only need to enter a domain name, if any parameter differs from the group settings, you can immediately override it. If necessary, systems can be easily moved between groups by simple drag and drop. If there are many systems, it is easier to create a text file, specifying one name per line, and then feed the blank to the utility. Now, to connect, just select the desired server and in context menu click "Connect". You can activate multiple connections at the same time and switch between them.

Free Active Directory Tools

Managing Active Directory settings using standard tools is not always easy and convenient. In some situations, the Free Active Directory Tools utility kit, developed by ManageEngine, will help. The kit consists of fourteen utilities that run from a single shell. For convenience, they are divided into six groups: AD USer Report, SharePoint Report, User Management, Domain and DC Info, Diagnostic Tools, and Session Management. For example, launching the Empty Password User Report will allow you to get a list of accounts with empty passwords, GetDuplicates - get accounts with the same attributes, CSVGenerator - save Active Directory account data to a CSV file. Other features: last logon time report, query-based AD data retrieval, reports on SharePoint installations, local account management, viewing and editing domain password policies, getting a list of domain controllers and their roles, managing their replication, monitoring them work (loading of CPU, RAM, hard disks, performance, etc.), terminal session management and much more.

Comodo Time Machine

The ability to restore the system using the System Restore component has been built into Windows since XP, but its functionality is, to put it mildly, limited, so backups are often used third party applications. The free utility Comodo Time Machine (comodo.com) allows you to roll back the OS to any previous state. Moreover, it will work even if the OS has completely stopped loading. During the CTM process, restore points are created (manually or scheduled), and all modified system files, the registry, and user files are entered into them. This is a big advantage over System Restore, which saves and restores only system files and the registry. The first copy has the maximum size, the remaining copies store only modified files. In order to save free disk space should periodically create a new checkpoint, deleting old archives. To be able to restore the OS, information about the CTM is written to the boot sector; To call up the corresponding menu, simply press the Home key. You can also restore the state of the OS according to a schedule, for example, configure the behavior of the utility so that each reboot automatically rolls back to a “clean” version of the system. This will be useful, for example, in Internet cafes, where users leave a lot of garbage in the system. Except full recovery OS, the utility provides the ability to get an earlier version of any file from the archive. Search is implemented, so you can find the necessary data without problems.

Amanda

The task of centralized backup of data from workstations and servers running Windows and *nix can be solved using AMANDA Advanced Maryland Automatic Network Disk Archiver). Initially, the program was created to work with tape drives, but over time, the developers proposed a mechanism called "virtual tapes" (vtapes), which allows you to save the collected data on hard drives and CD/DVD. AMANDA is a handy add-on to the standard Unix programs dump/restore, GNU tar, and some others, so its main characteristics should be considered in terms of the capabilities of these basic utilities. Works on a client-server scheme. All available authentication methods are used to access computers: Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp, or a Samba password. To collect data from Windows systems, a special agent or, alternatively, Samba is used. Compression and encryption (GPG or amcrypt) of information can be performed both directly on the client and on the server. All settings of the reservation parameters are made exclusively on the server, the delivery includes ready-made templates, so it's quite easy to figure it out.

Core Configurator 2.0 for Server Core

The initial configuration of a server running Win2k8/R2 in Server Core mode is done in the console using commands. To simplify the task, OS developers have added an interactive SCONFIG.cmd script to R2 that allows you to configure basic system settings. An alternative is available on Codeplex - the wonderful Core Configurator. For its operation, you will need the NetFx2-ServerCore, NetFx2-ServerCore and PowerShell components. After starting Start_CoreConfig.wsf, we get a menu, in it we find several items that provide access to the main settings that would have to be controlled from the command line: product activation, setting the screen resolution, clock and time zone, network interface, setting permissions for remote RDP connections , local account management, windows settings Firewall, enable / disable WinRM, change the computer name, workgroup or domain, configure the role, components, Hyper-V and launch DCPROMO. If you check the "Load at Windows startup" checkbox, then the program will be loaded along with the system.

Exchange 2010 RBAC Manager

Exchange 2010 introduces a new role-based access model that allows fine-grained control over the level of privileges for users and administrators based on the tasks they perform. The only negative is that the built-in management tools using PowerShell cmdlets may not seem convenient and understandable to everyone. More advanced is the free Exchange 2010 RBAC Manager (RBAC Editor GUI, rbac.codeplex.com), which provides a clean GUI for configuring the properties of all roles. It will not be difficult even for a beginner to understand its features. The program is written in C# and uses PowerShell. To work, you need the installed Exchange 2010 Management Tools.

PowerGUI

As soon as it appeared, the PowerShell command shell won the sympathy of Windows administrators, who have long needed a tool that allows them to automate many tasks. With the first versions of PowerShell, Microsoft developers were unable to offer a more or less functional editor, so several third-party projects filled the niche. The best of them today is PowerGUI, which provides a convenient graphical interface for efficiently creating and debugging PowerShell scripts. At the same time, the authors offer ready-made sets of scripts for solving many problems - they can be used in their developments.

Multi-Tabbed PuTTY

The freeware PuTTY client is well known to admins who need to connect to remote hosts via SSH, Telnet, or rlogin. This is a very handy program that allows you to save session settings for quick connection to the selected system. The only inconvenience is that with a large number of connections, the desktop is loaded with many open windows. This problem is solved by the Multi-Tabbed PuTTY add-on that implements the tab system.

INFO

PuTTY was originally developed for Windows, but was later ported to Unix.

Conclusion

Often there is no need to puzzle over a solution to a specific problem: most likely, other administrators have already encountered it and offered their own version - a specific utility or script, for which you don’t even need to pay.

You probably know about the presence of a built-in firewall in it. Perhaps you also know how to allow and block access of individual programs to the network in order to control incoming and outgoing traffic. But did you know that Windows Firewall can be used to log all connections passing through it?

Magazines Windows Firewall may be useful in solving individual problems:

The program you are using cannot connect to the Internet, even though other applications do not experience this problem. In this case, to fix the problem, you should check if the system firewall is blocking the connection requests of this program.
You suspect that your computer is being used to transmit data by malware and you want to monitor outbound traffic for suspicious connection requests.
You have created new rules for allowing and blocking access and want to make sure that the firewall correctly processes the given instructions.

Regardless of the reason for use, enabling event logging can be challenging task, as it requires many manipulations with the settings. Here is a clear algorithm of actions on how to activate the registration of network activity in the Windows firewall.

Access to firewall settings

First, you need to go to the advanced settings of the Windows firewall. Open the control panel (click right click click on the Start menu, the option “Control Panel”), then click the link “Windows Firewall”, if the view mode is set to small / large icons, or select the “System and Security” section, and then “Windows Firewall”, if the view mode is set to category .

In the firewall window, select an option from the left navigation menu “ Extra options”.

You will see the following settings screen:

This is the internal technical side of the Windows firewall. This interface allows you to allow or block access of programs to the Internet, configure incoming and outgoing traffic. In addition, this is where the event logging function can be activated - although it is not immediately clear where this can be done.

Accessing log settings

First, select the option “Windows Firewall in increased security(local computer).

Right-click on it and select the "Properties" option.

A window will open that may confuse the user. When you select three tabs (Domain Profile, Private Profile, Public Profile), you will notice that their content is identical, but refers to three different profiles, the name of which is indicated in the tab title. Each profile tab contains a logging configuration button. Each log will correspond to a different profile, but which profile are you using?

Consider what each profile means:

The domain profile is used to connect to the wireless WiFi networks when the domain is set by a domain controller. If you're not sure what that means, don't use this profile.
The private profile is used to connect to private networks, including home or personal networks - this is the profile you are most likely to use.
The shared profile is used to connect to public networks, including restaurant chains, airports, libraries and other institutions.

If you are using a computer on a home network, go to the "Private Profile" tab. If you are using a public network, go to the General Profile tab. Click the "Customize" button in the "Logging" section of the correct tab.

Event log activation

In the window that opens, you can configure the location and maximum size of the log. You can set a memorable location for the log, but the location of the log file doesn't really matter. If you want to start event logging, set both drop-down menus “Log missed packets” and “Log successful connections” to “Yes” and click the “OK” button. Running the feature all the time can lead to performance issues, so only enable it when you really need to monitor connections. To disable the logging function, set the value to “None (default)” in both drop-down menus.

Studying magazines

Now the computer will capture network activity controlled by the firewall. To view the logs, go to the "Advanced Options" window, select the "Monitoring" option in the left list, and then in the "Logging Options" section, click the "File Name" link.

The network activity log will then open. The contents of the log can be confusing for an inexperienced user. Consider the main contents of the log entries:

Date and time of connection.
What happened to the connection. The “ALLOW” status means that the firewall allowed the connection, while the “DROP” status indicates that the connection was blocked by the firewall. If you're experiencing network connectivity issues with a single program, you'll be able to pinpoint that the cause of the problem is related to firewall policy.
Connection type - TCP or UDP.
In order: the source IP address of the connection (computer), the destination IP address (for example, web pages), and the network port used on the computer. This entry allows you to identify ports that require opening for the software to work. Also watch out for suspicious connections - they can be made by malware.
Whether the data packet was successfully sent or received.

The information in the log will help you determine the cause of connection problems. The logs may also log other activity, such as the target port or TCP acknowledgment number. If you want more details, check out the “#Fields” line at the top of the log to identify the meaning of each metric.

Don't forget to turn off the logging feature when you're done.

Advanced Network Diagnostics

By using the Windows Firewall log, you can analyze the types of data being processed on a computer. In addition, you can determine the causes of network problems related to the operation of the firewall or other objects that disrupt connections. The activity log allows you to familiarize yourself with the operation of the firewall and get a clear idea of \u200b\u200bwhat is happening on the network.

The mantra of the real estate world is Location, Location, Location. For the world system administration this sacred text should sound like this: Visibility, Visibility and again Visibility. If you don't know exactly what your network and servers are doing every second of the day, you're like a pilot flying blind. A catastrophe awaits you. Lucky for you, there are many good programs available on the market now, both commercial and open source. source code that can set up your network monitoring.

Since good and free is always more tempting than good and expensive, here is a list of open source programs that prove their worth every day in networks of any size. From discovering devices, monitoring network equipment and servers, to identifying network trends, graphing monitoring results, and even backing up switch and router configurations, these seven free utilities, most likely, will be able to pleasantly surprise you.

Cacti

First there was MRTG (Multi Router Traffic Grapher) - a program for organizing a network monitoring service and measuring data over time. Back in the 1990s, its author Tobias Oetiker saw fit to write a simple plotting tool using the ring database originally used to display bandwidth router on the local network. So MRTG gave birth to RRDTool, a set of utilities for working with RRD (Round-robin Database, ring database), which allows you to store, process and graphically display dynamic information such as network traffic, processor load, temperature, and so on. Now RRDTool is used in a huge number of open source tools. Cacti is the modern flagship of open source network graphing software and takes the principles of MRTG to a whole new level.

From disk usage to power supply fan speed, if it can be tracked,Cacti will be able to display it and make this data easily accessible.

Cacti is a free program included in the LAMP suite of server software that provides a standardized software platform to build graphs based on almost any statistical data. If any device or service returns numeric data, then they can most likely be integrated into Cacti. There are templates for monitoring a wide range of equipment, from Linux and Windows servers to Cisco routers and switches, basically anything that talks on SNMP (Simple Network Management Protocol). There are also collections of third-party templates that further expand the already huge list of Cacti-compatible hardware and software.

While Cacti's standard data collection method is SNMP, Perl or PHP scripts can also be used. The software system framework cleverly separates data collection and graphical display into discrete instances, which makes it easy to reprocess and reorganize existing data for different visual representations. In addition, you can select specific time frames and parts of the charts by simply clicking and dragging them.

So, for example, you can quickly look at data from several years ago to see if the current behavior of the network equipment or server is anomalous, or if such indicators appear regularly. And with Network Weathermap, a PHP plugin for Cacti, you can effortlessly create real-time maps of your network showing the traffic between network devices using graphs that appear when you hover your mouse over a network channel image. Many organizations using Cacti display these maps 24/7 on 42-inch wall-mounted LCD monitors, allowing IT to instantly monitor network traffic and link status.

In summary, Cacti is a powerful graphing and trending network performance toolkit that can be used to monitor virtually any monitored metric that can be graphed. The solution also supports almost limitless customization options, which can make it overly complex for certain applications.

Nagios

Nagios is an accomplished software system for network monitoring, which has been in active development for many years. Written in C, it allows you to do almost everything that system and network administrators might need from a monitoring application package. The web interface of this program is fast and intuitive, while its back-end is extremely reliable.

Nagios can be a problem for beginners, but the rather complex configuration is also an advantage of this tool, as it can be adapted to almost any monitoring task.

Like Cacti, there is a very active community supporting Nagios, so various plugins exist for a huge variety of hardware and software. From the simplest ping checks to integration with complex software solutions, such as WebInject, a free Perl-based web application and service testing tool. Nagios allows you to constantly monitor the status of servers, services, network links and everything else that the protocol understands network layer IP. For example, you can monitor server disk space usage, RAM and CPU usage, FLEXlm license usage, server outlet air temperature, WAN and Internet latency, and more.

Obviously, any server and network monitoring system will not be complete without notifications. Nagios is fine with that: the software platform offers a customizable email, SMS, and instant messaging notification mechanism for most popular Internet messengers, as well as an escalation scheme that can be used to make intelligent decisions about who, how and when. under what circumstances must be notified that under correct setting will help you ensure many hours of restful sleep. And the web interface can be used to temporarily suspend receiving notifications or acknowledging a problem that has occurred, as well as making notes by administrators.

In addition, the display function shows all controlled devices in logical view posting them online, color-coded to show problems as they occur.

The disadvantage of Nagios is the configuration, as it is best done through the command line, which makes it much more difficult for beginners to learn. Although people who are familiar with the standard Linux/Unix configuration files should not have much trouble.

The possibilities of Nagios are huge, but the effort to use some of them may not always be worth the effort. But don't let the complexity intimidate you: the early warning benefits that this tool provides for so many aspects of the network cannot be overestimated.

Icinga

Icinga started as a fork of the Nagios monitoring system, but has recently been rewritten into a standalone solution known as Icinga 2. Both versions of the program are currently in active development and available for use, while Icinga 1.x is compatible with a large number of plugins and configuration Nagios. Icinga 2 was designed to be less bulky, performance oriented, and more user friendly. It offers a modular architecture and multi-threaded design that neither Nagios nor Icinga 1 has.

Icinga offers a complete monitoring and alerting software platform that is designed to be as open and extensible asNagios, but with some differences in the web interface.

Like Nagios, Icinga can be used to monitor anything that speaks the IP language, as deep as you can with SNMP, as well as custom plugins and add-ons.

There are several variations of the web interface for Icinga, but the main difference between this monitoring software solution and Nagios is the configuration that can be done through the web interface rather than through configuration files. For those who prefer to manage their configuration outside of the command line, this functionality will be a real boon.

Icinga integrates with many software packages for monitoring and graphical display, such as PNP4Nagios, inGraph and Graphite, providing a reliable visualization of your network. In addition, Icinga has advanced reporting capabilities.

NeDi

If you've ever had to Telnet to switches to find devices on your network and search by MAC address, or you just want to be able to determine the physical location of certain equipment (or perhaps even more it doesn't matter where it was located before), then it will be interesting for you to take a look at NeDi.

NeDi constantly scans the network infrastructure and catalogs devices, keeping track of everything it finds.

NeDi is a free LAMP-related software that regularly scans the MAC addresses and ARP tables on the switches in your network, cataloging each discovered device in a local database. This project is not as well known as some others, but it can be a very handy tool when dealing with corporate networks where devices are constantly changing and moving.

You can use the NeDi web interface to search for a switch, switch port, access point, or any other device by MAC address, IP address, or DNS name. NeDi collects all the information it can from every network device it encounters, extracting from them serial numbers, firmware and software versions, current timestamps, module configurations, and more. You can even use NeDi to mark device MAC addresses that have been lost or stolen. If they appear online again, NeDi will let you know.

Discovery is triggered by a cron process at specified intervals. The configuration is simple, with a single config file that allows for much more customization, including the ability to skip devices based on regular expressions or given network boundaries. NeDi typically uses the Cisco Discovery Protocol or Link Layer Discovery Protocol to discover new switches and routers and then connects to them to collect their information. Once the initial configuration is set, device discovery will be pretty fast.

Up to a certain level, NeDi can integrate with Cacti, so it is possible to link device discovery to the corresponding Cacti graphs.

Ntop

The Ntop project - now better known to the "new generation" as Ntopng - has come a long way in the last decade. But call it what you want - Ntop or Ntopng - as a result, you get a first-class tool for monitoring network traffic paired with a fast and simple web interface. It is written in C and is completely self contained. You start a single process configured on a specific network interface, and that's all it needs.

Ntop is a lightweight web-based packet sniffing tool that shows you real-time network traffic data. Information about the data flow through the host and about the connection to the host is also available in real time.

Ntop provides easy-to-digest graphs and tables showing current and past network traffic, including protocol, source, destination, and history of specific transactions, as well as hosts at both ends. In addition, you'll find an impressive array of graphs, charts, and real-time network usage maps, as well as a modular architecture for a huge number of add-ons, such as adding NetFlow and sFlow monitors. Here you can even find Nbox - a hardware monitor that embeds in Ntop.

In addition, Ntop includes a scripting language API Lua programming, which can be used to support extensions. Ntop can also store host data in RRD files for ongoing data collection.

One of the most useful uses of Ntopng is to control traffic to a specific location. For example, when some of the network links are highlighted in red on your network map, but you don't know why, you can use Ntopng to get a minute-by-minute report on the problematic network segment and immediately find out which hosts are responsible for the problem.

The benefit of such network visibility is difficult to overestimate, and it is very easy to get it. Essentially, you can run Ntopng on any interface that has been configured at the switch level to monitor a different port or VLAN. That's all.

Zabbix

Zabbix is a full-blown network and system monitoring tool that combines several functions in one web console. It can be configured to monitor and collect data from a wide variety of servers and network devices, maintaining and monitoring the performance of each facility.

Zabbix allows you to monitor servers and networks using a wide range of tools, including monitoring of virtualization hypervisors and web application stacks.

Basically, Zabbix works with software agents running on monitored systems. But this solution can also work without agents, using the SNMP protocol or other monitoring capabilities. Zabbix supports VMware and other virtualization hypervisors by providing detailed hypervisor performance and activity data. Particular attention is also paid to the monitoring of Java application servers, web services and databases.

Hosts can be added manually or through an automatic discovery process. A wide range of default templates apply to the most common use cases such as Linux, FreeBSD and Windows servers; widely used services such as SMTP and HTTP as well as ICMP and IPMI for detailed network hardware monitoring. In addition, custom checks written in Perl, Python or almost any other language can be integrated into Zabbix.

Zabbix allows you to customize your dashboards and web interface to focus on the most important network components. Notifications and problem escalations can be based on custom actions that are applied to hosts or groups of hosts. Actions can even be configured to run remote commands, so some script of yours can run on the controlled host if certain event criteria are met.

The program graphs performance data such as network bandwidth and CPU usage and collects it for custom display systems. In addition, Zabbix supports customizable maps, screens, and even slideshows showing the current status of monitored devices.

Zabbix can be difficult to implement initially, but judicious use of auto discovery and various templates can alleviate some of the integration difficulties. In addition to the installable package, Zabbix is available as virtual device for several popular hypervisors.

observium

Observium is a program for monitoring network equipment and servers that has a huge list of supported devices using the SNMP protocol. As a LAMP related software, Observium is relatively easy to install and configure, requiring the usual Apache installations, PHP and MySQL, database creation, Apache configuration and the like. It installs as its own server with a dedicated URL.

Observium combines system and network monitoring with performance trending. It can be configured to track almost any metric.

You can enter the GUI and start adding hosts and networks, as well as set up auto-discovery ranges and SNMP data so that Observium can explore the networks around it and collect data on each discovered system. Observium can also discover network devices via CDP, LLDP or FDP protocols, and remote host agents can be deployed on Linux systems to help with data collection.

All of this collected information is available through an easy-to-use user interface that provides advanced statistical display options as well as charts and graphs. You can get anything from ping and SNMP response times to throughput graphs, fragmentation, IP packet counts, and more. Depending on the device, this data can be available up to every discovered port.

As for servers, for them Observium can display information about the state of the central processor, RAM, data storage, swap, temperature, etc. from the event log. You can also enable data collection and performance graphing for various services including Apache, MySQL, BIND, Memcached, Postfix, and more.

Observium works great as a virtual machine, so it can quickly become your go-to tool for getting information about the status of servers and networks. This is a great way to add auto discovery and graphic representation to a network of any size.

Too often, IT administrators feel they are limited in what they can do. Whether we are dealing with a custom software application or an "unsupported" piece of hardware, many of us feel that if the monitoring system can't handle it right away, it's impossible to get the data we need in that situation. This, of course, is not true. With a little effort, you can make almost everything more visible, accounted for, and controlled.

An example is a user application with a database on the server side, for example, an online store. Your management wants to see beautiful graphs and charts, designed in one form or another. If you are already using, say, Cacti, you have several options to display the collected data in the required format. You can, for example, write a simple Perl or PHP script to run queries against the database and pass those calculations to Cacti, or you can SNMP call the database server using a private MIB (Management Information Base). One way or another, but the task can be done, and done easily, if you have the necessary tools for this.

Most of the free network monitoring utilities listed in this article should not be difficult to access. They have bundled versions available for download for the most popular Linux distributions, unless they are originally included. In some cases, they may be pre-configured as virtual server. Depending on the size of your infrastructure, configuring and configuring these tools can be quite time-consuming, but once they're up and running, they'll be a solid foundation for you. As a last resort, it is worth at least testing them.

Regardless of which of these above systems you use to keep an eye on your infrastructure and equipment, it will provide you with at least the functionality of another system administrator. Although it cannot fix anything, it will monitor literally everything on your network around the clock, seven days a week. The time spent on installation and configuration will pay off with a vengeance. Also, be sure to run a small set of standalone monitors on another server to observe the main monitor. This is the case when it is always better to keep an eye on the observer.

Always in touch, Igor Panov.

We have compiled another list of great free server and network monitoring tools. They are very important for any business doing business through a website or network. Server and network monitoring allows you to be aware of all issues as they arise; and this, in turn, allows you to do the right thing.

Ganglia is a changeable monitoring system for high performance computing systems such as clusters and cells. It is built hierarchically, and is aimed at combining clusters.

Monit is an affordable utility for managing and monitoring processes, programs, files, directories and file systems on a UNIX system. Monit performs automatic maintenance and repair, and when errors occur, it can take action appropriate to each specific case.

Nagios offers full control and alerting for servers, applications and services.

Collectd is a daemon that periodically collects system performance statistics and provides mechanisms for storing values in various forms, such as RRD files.

Cacti is a complete network graphics solution designed to take advantage of RRD tools' data storage and graphics functionality. Cacti provides the ability to create advanced chart templates, multiple data collection methods, and a new look at user control features. All this is wrapped up in an intuitive and simple interface that makes sense for both LAN networks and complex networks with hundreds of devices.

IT organizations use Zenoss server, network and cloud monitoring to manage dynamic data centers.

Argus is a system and network monitoring application.

Observium is an SNMP-based network monitoring auto-discovery platform written in PHP that includes support for a wide range of network hardware and operating systems, including Cisco, Windows, Linux, HP, Dell, FreeBSD, Juniper, Brocade, NetScaler, NetApp and more.

The smallest free tool for monitoring computers on the local network and any Internet hosts. You just need to start EasyNetMonitor, open the pop-up menu in the tray and get information about the status of computers on the network.

Network analyzer (packet sniffer) Capsa Free is a software for Windows platforms, service packages and analysis protocols, the best free analysis tool for network monitoring and troubleshooting.

Free internet proxy for bug fixing, suitable for any browser, system and platform.

Zenoss Core - management application corporate network and systems written in Python. Zenoss provides an integrated product for monitoring availability, performance, events and configuration across all layers and platforms.

Just about the complex. Programs. Iron. Internet. Windows