Monitoring the health and status of network components is a big part of any network administrator's job, and it’s a constantly ongoing process. There are many devices that make up a network: workstations, servers, routers, switches, firewalls, WAPs, cables, UPSs and other components that are more or less critical to the operation of the network.
Even in a small network, manually checking each of these on a daily (or more frequent) basis can be tedious and time consuming. In the enterprise environment, automating the monitoring process is essential.
Why you should monitor
The purpose of monitoring is to catch problems — or potential problems — which they’re small and rectify them before damage is done. The consequences of a downed mail server or file server or a bandwidth bottleneck can be hours or even days of lost productivity. A hardware problem such as a disk failure could result in data loss (if appropriate backup measures aren’t in place or don’t work properly). The more quickly you know what’s going on, the more quickly you can fix it.
What to monitor
The first decision in creating an effective monitoring strategy, which will be crucial in determining what methods and software package(s) to use, is exactly what aspects of the network you want to monitor. At the least, you’ll probably want to monitor some or all of the following:
- Hardware failures on servers
- Software problems on servers
- Resource usage by servers
- Operation of mission-critical services and applications on servers
- Disk space on servers and workstations
- CPU and memory usage; performance metrics
- Network bandwidth usage
Selecting a monitoring solution
If your network is small and you’re on a tight budget, you can use tools built into the operating system and/or free utilities to keep tabs on your systems and network. A comprehensive monitoring strategy on a shoestring may require that you implement a combination of several software solutions to cover all bases.
Built-in and free monitoring tools
For example, you can use the System Monitor/Performance Monitor that’s included with the Windows server operating systems to identify any performance bottlenecks that may spell trouble now or in the future. You can select from a huge number of counters to measure the performance of many of the server’s services as well as processor, memory, network interface(s), physical disk and so forth. And you can monitor counters from remote computers as well as the local one. The Performance Logs and Alerts feature can be used to log events and to send a network message when a specified threshold value is reached.
The Windows event logs are also useful tools for monitoring system and application activities, as well as security-related events. Warnings and error messages can indicate brewing or extant problems.
You can view the event logs on remote Windows computers using WMI or with third-party software products such as the (free) Event Log Explorer.
There are many free network and server monitoring tools available. Some of these include:
- Sysinternals monitoring utilities: includes CPUMon, DiskMon, FileMon (for Windows or Linux), PMon, PortMon, Process Explorer, RegMon, TCPView, TDIMon, TokenMon and others.
- Big Brother: free (for non-commercial use) "little brother" of the more robust Big Brother Professional Edition, displays information about the status of your systems via a web page or WML pages for WAP-enabled devices, with a sophisticated notification feature.
- WaveXMonX: Easy to install, examines event logs, backups, disk space, CPU, memory, services, newly added or removed applications. When a problem is detected, the software queries the WaveX database and emails a notification. Works with NT4, Windows 2000, Server 2003 and SBS 2000/2003. You can download a free version on the site.
- ManageEngineOpManager: monitors CPU, memory, disk space, event logs and services, firewall and UPS, switch and printers, URL monitoring, WAN link, application monitoring for Oracle, MS SQL, Exchange, Lotus Notes. Supports email and SMS notification. Free version allows you to monitor and manage up to 20 network devices. More info at Commercial monitoring solutions
- In addition to all the free monitoring programs out there, you can find even more commercial software packages with prices and features to fit the budget of almost any business. Some well suited for small and medium businesses include:
- Servers Alive: works on Windows 2000, XP and Server 2003, features monitoring of popular services (TCP/UDP, DNS, web services, databases), SNMP support, ability to write custom checks. Standard edition costs $139, free add-ons are available for applications such as MySQL, Lotus Notes/Domino database, SMTP2/POP3 and others. Free evaluation with no time limit.
- Power Admin Server Monitor Pro: includes disk space monitor, web page monitor, event log monitor, ping monitor, log file monitor, file and directory monitor, mail server monitor, performance monitor, service monitor, and more. Can send alerts to mail boxes, mobile phones and devices, pagers. Can start applications, start or stop services, reboot the server, and execute scripts. Pro site license (unlimited use at a site) costs $699, or $299 for five monitored servers.
Some examples of enterprise level monitoring tools include:
- GFI Network Server Monitor: monitors important services such as Exchange, IIS, SQL, terminal services as well as Linux servers. Can restart services or reboot the server, or run a script or batch job when a failure is detected and provides alerts via email, pager or SMS. Costs $750 for up to 25 IPs.
- NimBUS: server monitoring for Windows, Linux, UNIX, Netware and AS400 from a centralized console; supports compliance reporting, notification options, can support up to thousands of servers.
- Tembria Enterprise Edition: Includes 35 core event monitors, graphs and trend data, customizable dashboards and web based reports. Monitors Windows servers and workstations as well as Linux and network devices (e.g., switches). Agentless and easy to use. Costs $995 (base price) for unlimited number of network devices.
Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 additional books on subjects such as the Windows 2000 and Windows 2003 MCSE exams, CompTIA Security+ exam, and TruSecure's ICSA certification.