General discussion


Network monitoring - What to monitor? - Best practices

By thom0 ·
G'day, techrepublicans

I'm wondering with so many objects, counters & instances available to be monitored in a network, what opinions people in the industry have?

I guess alot would depend on what services are actually running on the network & maybe the way it's designed. But what about in general, what things are considered critical to monitor in a network?

Things like bandwith, CPU usage, memory usage both virtual & physical, page file usage. What about the hard drives? Which are the best counters to use to determine a HDDs performance?

So what do people who do this for a living actually recommend?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Basic stuff to look at

by J.C.Alexandres In reply to Network monitoring - What ...

Of course depending of the network topology as well as the devices involved, what you are looking at depends on what makes the backbone of the network (routers, firewalls, switches, wireless access points, hubs, etc), at first instance, then you want to monitor servers, printers, etc.

You basically monitor they are doing what they suppose to do in an efficient manner, and error-free.

In computers and peripherals you pretty much can base your monitoring with what the manufacturer specs say, per example, a hard drive with regular use (not full or fragmented), should have a thruput close to what it's specs say, and you can also find software to monitor performance.

You might want to take a look at the links below.

CyberGauge datasheet:

CyberGauge creates Quality of Service (QoS) and utilization reports:

Online tutorial

Collapse -

Wow, huge question

by jmgarvin In reply to Network monitoring - What ...

The links from the previous poster are pretty good and will help you understand a lot more of what you need to do.

However, keep in mind that too much information is far worse than no information. If you start trying to automate everything from temp monitoring every desktop to having an IDS with 80 bagillion sensors, you'll inundate yourself with tons of data, but no of it will be useful because you can't parse of all it.

So, my suggestions are:
A) Decide what is critical for your infrastructure to stay functional.

B) Decide what services are critical for your infrastructure as well as your customers

C) CLEARLY split up network monitoring and local machine monitoring. Also make sure that you have a logical reason for monitoring CPU usage, page file, etc. If you don't need to know, don't bother.

D) Start small and work your way up. Don't try to implement everything all at once. Work in a structured manner with clear milestones.

Good luck

Collapse -

The Big 3

by ristau5741 In reply to Network monitoring - What ...

There are three important areas keep in mind when monitoring servers.

in order of importance.

1. Hardware
2. Services
3. Applications

Collapse -

Great Monitoring Tools!

by mleach In reply to The Big 3

Our company has lots of WAN links and I was given the task to monitor them. I chose Bandwidth monitoring to see over all usage of our curcuits. I would highly recommend MRTG, however it is not so user friendly. There are company's that have GUI interfaces that still use MRTG. Check out the links below.



Collapse -

Denika from Somix

by rick_b In reply to Great Monitoring Tools!

I use Denika from Somix, what a great product. The have a ton of MRTG plug ins on thier site

Collapse -

Monitoring tools

by warez_willy In reply to Network monitoring - What ...

Try GFI network monitor..it's awesome

Collapse -

NOC Tools

by rishi.patel In reply to Monitoring tools

What about NOC tools like LPI (www.levelplatforms.com) or nAble (www.nable.com) or Kaseya (www.kaseya.com)? They give you remote monitoring and management...

Collapse -

Stuff we monitor

For all servers we monitor machines up/down, CPU utilization>99%, Memory utilization>90%, and Disk partitions >80% full. With some servers we monitor Active Directory, SQL, and Exchange. This is using AdventNet's Opmanager product.

Make sure your software is very flexible about its monitoring thresholds. Like a previous poster said, too much info is worse than not enough. It may take a while to get all the thresholds set up correctly but persistence pays off.
Once you have the basics down for all machines, you may have departments or individuals looking for more in-depth monitoring of specific applications like SQL and Exchange.

Collapse -

Network vs server monitoring

by kirbey.hess In reply to Network monitoring - What ...

Monitoring the network is different than monitoring the servers on the network. Network monitoring involves the network infrastructure i.e. routers, switches, WAN Links etc. What's important to me to monitor is:
1. Network Availability
2. Router CPU/Memory
3. WAN bandwidth utilization
4. Switch uplink utilization
5. Firewall availability
6. Firewall CPU/Memory
7. Syslog files from all networking devices.

There is a lot more that can be monitored within a network, but the ones listed above will tell me if the network is up and working within operational norms. I leave the server monitoring to the server guys.

Network Only

Collapse -

What to monitor

by sullijwiii In reply to Network monitoring - What ...

When I am monitoring a network, the things that are important to me are total bandwidth used (and available) as well as seeing any host bandwidth. Especially if the network is slow, I want the capability to see where the source of the excess usage is. When it comes to CPU, memory, and yes, even hard drive space, I like to monitor the servers and to even set up alarms when these things reach critical. Things to watch on a hard drive (my choices) is not only space available, but temperature and usage. It is ideal if the monitoring program keeps a running log that can be displayed as a graphical interface so you can quickly and easily see results. All of this being monitored and logged continuously and automatically gives you a history which makes it possible to roughly predict failure by seeing when and if things get too hot and how often (need more cooling?). Other counters are good for hard drives but you can spend a lot of time looking at all the parameters which can keep you quite busy and can be perceived as you not doing anything constructive. Of the 3 years as a Network Administrator for the Navy and the government contractors I worked for, I found that myself and my fellow administrators were too busy to spend any real time "monitoring" the network. Our supervisors and end customers kept us quite busy. I have always felt it is important to monitor the network, even the network printers, so I would automate as much as I could (batch files to connect to multiple remote computers to check for updates) and use a variety of programs available. I have yet to find any program that is designed to check everything and then you select just what you want. Most tech's I worked with just wait until there is a problem and then go fix it. That is the difference between someone that plans ahead to avoid disasters. Devices for the most part are very reliable today and will last many times for years without any problems. So looking at the maintenance history of all your devices you really have to ask yourself, is it that important that I monitor? I would say yes occasionally. As I said it can sometimes be very time consuming. Remember the logs for your servers and main hosts, they get filled up and also can indicate problems. Again, it can keep you to busy to keep up on real repairs and upgrades. Looking busy and showing results is what most businesses want in my opinion. Sorry, I think I got a little carried away.

Related Discussions

Related Forums