Network Monitoring Servers
- SSH and RDP allow administrators to log on and manage hosts and switches/routers/firewalls remotely
- For a network to run smoothly, it is important to gather information regularly from these systems
- remote monitoring can identify an actual or possible fault more quickly
Simple Network Management Protocol
The Simple Network Management Protocol (SNMP) is a framework for management and monitoring network devices.
- consists of a management system and agents
- agent is a process running on a switch, router, server, or other SNMP-compatible network device
- maintains a database called a management information base (MIB) that holds statistics relating to the activity of the device
- E.g., stat could be number of frames per second handled by a switch
- also capable of initiating a trap operation where it informs the management system of a notable event (port failure, for instance)
- threshold for triggering traps can be set for each value
- maintains a database called a management information base (MIB) that holds statistics relating to the activity of the device
- management system monitors all agents by polling them at regular intervals for information from their MIBs and displays the information for review
- also displays any trap operations as alerts for the network administrator to assess and act upon as necessary
- agent is a process running on a switch, router, server, or other SNMP-compatible network device
- SNMP device queries take place over port UDP/161
- traps are communicated over port UDP/162
Syslog
- Effective network management often entails capturing logs from different devices
- more efficient to review logs and respond to alerts if the logs are consolidated on a single system
- log collector aggregates event messages from numerous devices to a single storage location
- system can be configured to run one or more status and alerting dashboards
Syslog is an example of a protocol and supporting software that facilitates log collection.
- has become a de facto standard for logging events from distributed systems
- E.g., syslog messages can be generated by routers and switches, as well as UNIX or Linux servers and workstations
- usually listens on port UDP/514
- provides an open format for event data
- syslog message comprises:
- a PRI code
- calculated from the facility and a severity level
- a header containing a timestamp and host name
- a message part
- contains a tag showing the source process plus content
- format of the content is application dependent
- a PRI code