The Complete Magazine on Open Source

An Overview of Open Source Tools for Network Monitoring

6.21K 0

Network monitoring is crucial in enterprises. This article discusses its various advantages and highlights a few network monitoring tools. Systems admins will benefit greatly by familiarising themselves with these tools.

Today, computers, smartphones and the Internet have become our lifelines. Many of us consider them necessary for our day to day life, especially this revolutionary 4G phenomenon. We get annoyed the instant our mobile Internet network degrades from 4G to 3G, resulting in slow buffering when downloading any video. Hence, it has become important and also a bit challenging for different network providers to meet the expectations of their customers by continuously providing uninterrupted network services. In order to be true to customers’ expectations, different network providers need to closely and continuously monitor the network services they provide to ensure network supply without any outages. Sometimes, an intermediate component may be slow or may even fail, leading to slow processing of data in the network. Since it is difficult to monitor and keep a track of each network service manually, different tools or systems are used to monitor performance and take corrective measures if it does not meet expectations.
According to Wikipedia, network monitoring is the usage of a system that constantly monitors a computer network for slow or failing components and notifies the network administrator via email, pager or other alarms in case of any outages or trouble.
In addition, network monitoring also takes care of the performance and utilisation of the network and predicts the possible outcomes of any threat to it, thereby preventing the system from a possible major outage in the future. Network failures, server downtime, service or application crashes can seriously threaten a business’ operations, resulting in the loss of thousands of rupees in revenue and productivity. Hence, by using network monitoring solutions, a company can deliver a better service as well as cut costs by fixing issues before any of its users notice a problem.

Figure 1: Network monitoring ensures all-round security for networks using firewalls

Why network monitoring?
Since we’re today well aware of the importance of network monitoring within any organisation, let’s have a look at some of the reasons for this:
1. Helps us plan for changes: Network monitoring solutions allow us to study any constant problem in more detail. For instance, if some hardware keeps constantly tripping, we may need to replace it. The same applies to a service that crashes repeatedly.
2. Keeps you informed: With a real-time monitoring system, if any failure or irregularity is detected, it can be immediately communicated by different means such as SMS, emails, pagers or a network message. Hence, we will be notified of any problem on our network, wherever we may be, which allows us to fix the issue swiftly. Without any network monitoring solution, we would have to look for issues on our own, or wait for the issue to be reported to us, to work towards a solution.
3. Reports issues: Network monitoring reports can help us spot specific trends in the system’s performance. These highlight the need for any upgrades or replacements, and document the otherwise ‘unseen’ work which keeps the IT systems we manage, running smoothly.
4. Diagnoses issues: Imagine a scenario where one of your company’s websites goes down. Without network monitoring, you may not be able to even tell if the problem is related to just the website, the Web server or the applications on which the website runs. Network monitoring will actually pinpoint the specific point of failure, saving your time and money, which you would otherwise have had to spend to diagnose the problem.
5. Remedies disasters: If you are immediately notified that there is some issue with one of your systems on a network, and the issue might take quite some time to fix, then the time saved by being alerted immediately can be actually used to bring in a backup system that can replace the current failure, thereby providing an efficient service to your customers. Some network monitoring solutions can even automatically move to correct the problem caused by restarting a service (or multiple services) upon failure.
6. Keeps track of your Web application: Many services that companies offer to their users or customers are actually just Web applications running on a server. Network monitoring solutions allow you to stay on top of different website problems, spot issues before users or customers notice them, and remedy those issues in a timely fashion.
7. Ensures the efficient operation of security systems: Although businesses spend a lot of money, resources and time on security hardware or software, without a network monitoring solution, they cannot be really sure that the security devices are working as expected. Network monitoring solutions can effectively monitor and manage the health of such critical software and hardware security systems. With the help of another feature that this product offers, i.e., patch management, we can also streamline the automation and management of different Microsoft software updates and patches.
8. Fixes problems, anytime, anywhere: Nowadays, network monitoring products are being shipped with different remote access features. They offer just one-click remote support for any server or workstation in your environment. Apart from providing a much faster service, remote access also helps in saving a lot of money without having to roam to branch offices or customer sites.
9. Saves money: Network monitoring products help in fixing issues faster with instant alerts, spot small and big issues, and eliminate the need for any manual checks on different event logs, backup systems, hard disks, antivirus systems and other devices. All this facilitates cost saving as well as revenue building.
10. Ensures uptime: Network monitoring maximises network availability by monitoring all systems on your network, including workstations, servers and network devices or applications. Whenever a failure is detected, you will immediately be notified via the alerts that you configure in the product, allowing you to take corrective action in a highly efficient manner.

Figure 2: Sample analysis report of the Hypervic tool

Monitoring security aspects of the network
It’s so important for IT administrators to be able to react as quickly as possible in order to protect a system from potential malware attacks. If installed antivirus systems and firewalls don’t discover these attacks in time, then the damage done can even bring all operations to a standstill. At that time, administrators will just be able to react to these problems, instead of being able to proactively take measures to prevent these problems before they occur. The fact is that these firewalls and virus scanners alone are not always sufficient to ensure the all-around security of the network. Companies that integrate a network monitoring solution in their security strategy are able to discover these potential dangers to the company network at early stages in the following ways.
1. Network monitoring solutions help to check the existing security systems, such as firewalls and virus scanners, for reliability. For example, the monitoring solution gathers detailed data regarding the performance as well as status of the firewall, around the clock. If the firewall is not working properly, then the risk of a malware attack on the network becomes high. To avoid this, the administrators are informed of abnormalities in the firewall at the early stages.
2. The monitoring software also checks different virus scanners running on the central mail server. This helps different companies to make sure that the scanner is continuously active. The monitoring solution even uses special sensors to check the Windows Security Center in order to ensure that the virus scanners and different anti-malware programs on each computer within the company are up-to-date. This ensures that the client computers are continuously protected against any malware as well.
3. Network monitoring solutions help the administrator measure the bandwidth for leased lines, devices (routers, switches), network connections, etc. Detailed monitoring of the bandwidth usage can also indirectly detect malware attacks. An indication of such an attack may be slow response times from different applications and websites, caused by a malware program that actually eats up a large amount of the bandwidth.

Figure 3: Status report of the Xymon tool

A few open source network monitoring tools
Here are some of the open source network monitoring tools widely available in the market.
Hyperic: This has originated at VMware. It has been developed for monitoring different custom Web applications and their performance across all physical, virtual and cloud environments. Hypervic works across Web servers, application servers, databases, operating systems, messaging servers, hypervisors and directory servers. This network monitoring tool offers an enterprise version that helps in improving the alerting functions and is also able to create better baselines.
Functionality and usage
It helps in:

  • OS monitoring
  • Detailed reporting
  • Application and middleware monitoring
  • Alerts and remediation workflows

Zenoss Core: This is another open source stalwart which gives network administrators a complete solution for tracking and managing various applications, servers, networking components, storage, virtualisation tools, etc. Administrators can make sure that the hardware is running efficiently and they can even take advantage of the modular design to plug in different ZenPacks for extended functionality. Zenoss Core 5 was released in February 2016 in order to improve the already powerful tool with an enhanced user interface and an expanded dashboard. It’s Web-based console and dashboards were already highly dynamic and customisable. The new version now helps administrators mash up various components’ charts onto a single chart. Hence, it’s actually the tool for better root cause analysis.

Functionality and usage
It helps in:

  • Network mapping
  • Monitoring device issues, daemon processes and production states by listing different event views
  • Out-of-band management and monitoring of all Zenoss components
  • Online backup, restore, snapshots and multi-host deployment

Xymon: This is a significant network monitoring tool which was formerly known as Hobbit. It was developed to address the shortcomings of tools like Big Brother and Big Sister. It’s actually very easy to deploy Xymon on any system and it is, of course, available free of cost.

Functionality and usage
It helps in:

  • Monitoring servers, applications and networks
  • Offering information about the health of the various components networked via Web pages

Security Onion: We should all be aware that network security monitoring is made up of many layers, just like an onion. Hence, no single tool will give us visibility into each and every attack or show us every reconnaissance or foot-print session on our company network. Security Onion actually bundles scores of different proven tools into one handy Ubuntu distro that allows us to see who is inside our network and helps keep the bad ones out. Whether we are taking a proactive approach to network security monitoring or even if we are following up on an attack, Security Onion can assist us.
Consisting of server, sensor and display layers, Security Onion combines full network packet capture with network-based and host-based intrusion detection. The network security toolchain also includes Netsniff-NG for packet capture; Suricata and Snort for rules-based network intrusion detection; OSSEC for host intrusion detection; Bro for analysis-based network monitoring; and Sguil, Snorby, Squert and ELSA (Enterprise Log Search and Archive) for display, analysis and log management. It’s actually a collection of tools, all wrapped into a wizard-driven installer and backed by thorough documentation that can help us get complete network monitoring as fast as possible.

Functionality and usage
It helps in:

  • Combining full network packet capture with the network-based and host-based intrusion detection
  • Serving all different logs for inspection and analysis
  • Analysis-based network monitoring
  • Log management

Figure 4: Part of an analysis done by the Big Sister tool

Big Sister: This tool was created by Thomas Abey, since he was really impressed by the network monitoring functions performed by another such tool called Big Brother. Thomas wanted to improve the performance of the tool and reduce the number of alarms when some system goes down, while making other enhancements. Big Sister uses Node Director, Deoxygen Filter and Big Sister Web application frameworks in order to work as part of different UNIX derivatives and Microsoft Windows versions.

Functionality and usage
It helps in:

  • Notifying admins when the system is in a critical state
  • Generating history of status changes and logs
  • Displaying a variety of system performance data

Benefits of network monitoring
Let’s look at the benefits that organisations get out of network monitoring and management.
1. It helps in optimising the availability and performance of any network that is being monitored.
2. Network monitoring also helps in lowering the expenses of any organisation implementing it by improving asset utilisation.
3. It minimises the risks associated with the whole system by providing a secure network which meets compliance guidelines
4. Monitoring of a network also ensures effective change management so that users can establish the solid baselines for its performance.
5. With optimal asset utilisation achieved by network monitoring, the terms of service level agreements are met and it is possible to document the performance using reports.