Network Monitoring
A network monitor is auditing software that collects status and configuration information from network devices.
- distinct from network traffic monitoring
- network monitoring tools have a lot of functions:
- as input, can:
- capture and analyze traffic
- monitor interface and device metrics
- consolidate log data
- heartbeat message to indicate availability
- as output, can:
- alert you to events
- help define baselines
- analyze traffic patterns and congestion
- determine upgrade and forecast needs
- generate reports for management
- as input, can:
- data might be collected using the Simple Network Management Protocol (SNMP)
Performance Metrics
- metrics to tell if a host is operating normally:
- Bandwidth
- the rated speed of all the interfaces available to the device
- measured in Mbps or Gbps
- for wired Ethernet, usually will not vary
- WAN and wireless links can change over time
- the rated speed of all the interfaces available to the device
- Utilization/throughput
- the actual amount of data transferred
- utilization expresses this as a percentage of bandwidth
- throughput is the amount of data transferred per unit of time
- CPU and memory
- switches and routers perform lots of processing
- if CPU or memory utilization is consistently very high
- may need to upgrade
- high CPU utilization can indicate a problem with network traffic
- Storage
- measured in MB or GB
- servers depend on fast input/output (I/O) to run applications efficiently
- Bandwidth
Baseline Metrics
Baseline metrics establish the level of resource utilization at a point in time.
- e.g., measure at first install
- provides comparison to measure system responsiveness later
- need to review baselines to ensure it is still fit for purpose or whether to change
- changes to system usually require new baselines