Automatic Network Health Monitoring and Reporting System: An Introduction Cisco Forum FAQ* Syslog
* SNMP (Simple Network Management Protocol)
* Netflow (Cisco specific)
Syslog
Typical business-grade network devices (i.e. routers, firewalls, switches) should be able to generate some kind of logs due to some event or incident such as up/down interface, routing updates, and configuration changes. This kind of logs in general are in the form of syslog messages. By default, these syslog messages are stored within the devices themselves.
When you have an automatic health monitoring system, the system should have a syslog server which collects all syslog messages generated by all network devices. To have this, following are the general idea.
* Install a syslog server
* Configure the server to receive and to store syslog messages from your network devices
* Configure your network devices to send syslog messages to syslog server
Note that you should be able to check syslog messages on the network devices themselves. However those devices are not designed to store syslog messages for a long time. Usually after a short period of time, the logs are deleted. Using a syslog server, you can store syslog messages much longer period (typically for 1 to 3 months) and even can back up the messages to other media such as tape backup.
SNMP (Simple Network Management Protocol)
In some cases, having a syslog server to collect syslog messages are insufficient. One case is that syslog messages don't provide more specific info regarding specific events or devices such as device CPU or memory utilization, bandwidth utilization, and device temperature. This is something that SNMP does provide.
SNMP is another essential part of your automatic health monitoring system. Similarly to Syslog, a SNMP server collects SNMP traps from SNMP clients. These SNMP clients could be any IP-based network devices such as routers, firewalls, switches, printers, and production servers (i.e. web or mail). As mentioned; up/down interface, CPU and memory utilization, port or bandwidth utilization, temperatures, and low on laser printer toner are just little things SNMP traps from specific devices can represent those device health condition.
Once SNMP server receives all of those SNMP traps, the server can generate reports on those specific conditions. If you like to see CPU and memory utilization on specific SNMP clients within certain time range for instance, you can pull a report regarding those. You can do similar task for switch port utilization.
Further, you can link your SNMP server to your mail server. This way you (or just anybody within your company) can receive mail alert when specific condition take place such as device temperature hits 80 degree Fahrenheit, CPU or memory utilization of a device hits 80% or more, and down devices.
Cisco Netflow
Specifically for bandwidth utilization, SNMP report only tells how much specific port or connection is utilized (i.e. 10% or 90% utilized). However the report does not tell you which traffic are utilizing the bandwidth.
When your network devices are Cisco that can provide Netflow reports, you can utilize Netflow to provide such specific details. In a nutshell, the Netflow reports show which traffic are utilizing the bandwidth from perspectives of source and destination IP address, TCP or UDP port, and how many IP packets are going through. For instance, your internal user (let's say 10.0.10.254 IP address) accesses your internal webserver (let's say 10.0.0.2 on TCP port 80) and www.yahoo.com on the Internet using 80% of available bandwidth.
Software To Choose
There are many software that can do Syslog, SNMP, and Netflow collection and report as mentioned. A lot of companies like to use Solarwind or Whatsup products. Some companies like to use CiscoWorks.
There are free SNMP software that are widely used such MRTG and Cacti. One popular free Syslog software is Kiwi Syslog.
Basically any software that you think work should do. Typically the "premium-pay" software is preferred when you have a large or complex networks, or you like details or thorough reports.
feedback form
by aryoba
last modified: 2008-03-11 09:44:43