Network monitor: all you need to know
This post is also available in: Spanish
Network monitor with Pandora FMS
In this article we’re going to take a look at the main characteristics that a network monitor should have, their pros and cons, and how to know if it’s time to install one to oversee your company’s network. Plus, we’ll talk about the specific network monitor, Pandora FMS, a network monitor operating since October 2004 (first public release).
Pandora FMS offers both an open source version and an Enterprise version, which can be expanded with many other features according to a company’s needs.
What is a network monitor?
The main function that a network monitor carries out is monitoring all types of traffic among all types of devices. By device we understand any component that can be connected to a network (printers, servers, desktop PCs, switches, firewalls, etc).
At it’s simplest, a monitoring system checks whether a device in your network is working; the tool sends a message to a device and receives a “ping” if the status is OK. Alerting, diagnostics and trend-prediction are the principal tasks of higher-end and business-level network monitoring. Alerts are issued when there’s a network problem, such as an unresponsive application, or when there’s about to be a problem, such as an impending bottleneck in a process. Diagnostics is giving the system administrator the information they need to debug the problem, or configuring the system to act autonomously when designated thresholds are reached. Trend-prediction is based on analysing the data collected in the system to make predictions about, for example, bandwidth usage, future bandwidth requirements, when there is high-intensity traffic, and other metrics. Many monitoring tools also have network topology mapping features, and graphical capabilities, allowing the system administrator to “see” where the problem is occurring.
Outside of pure functionality, monitoring tools also share other characteristics, such as scalability, meaning the ability to operate on networks that range from 5 components (or devices), up to 10,000, and the ability to grow your network without the need for new elements in the form of plugins and addons, or extra expense. Another non-functional characteristic of any network monitoring software is the community of users which grows up around it, and which contribute to the knowledge base.
When can I use a network monitor?
On many occasions it’s thought that a network monitor is solely for large companies that manage thousands of different network elements on various networks and subnetworks.
At Pandora FMS we always insist on the fact that, independently of the chosen solution, network monitoring is a core activity for any company. If your business is to provide customer service, and this service depends on your infrastructure, then you absolutely have to monitor your network to be able to detect and predict issues and prevent your clients from suffering a service downtime.
In case your customer service is independent from your networks and devices, you must keep in mind that the moment you start using your own personal email server, DHCP systems, DNS or otherwise, then your network must be monitored.
It’s very important not to delay a network monitoring installation to avoid hasty decisions when management and error detection issues are already on top of us.
If you’re a large company or wish to be so, I recommend you continue reading this article, where you can see our opinion on the best network monitoring tools.
Main characteristics of a network monitor
It’s very important to know what characteristics we need to take into account when choosing a network monitor. Whether or not the network monitor has the following features will be vital in ensuring that the tool we choose is the correct one. Use this checklist if you’re evaluating network monitors.
- Must be able to configure and send alerts to the largest possible amount of channels (mail, SMS, Push, Whatsapp, etc.).
- User-friendliness means networks and their components which appear on the dashboard must be identifiable and easy to use.
- Possibility to detect devices and components automatically means time saved.
- The tool must be able to escalate without reducing performance. With Pandora FMS up to 10,000 elements have been monitored with the open version and 100,000 with the Enterprise edition.
- The tool itself must be able to understand and analyze the largest number of protocols possible: UDP, TCP, IP, SNMP, HTTP, DNS, Radius, etc.
- Let’s not forget that virtual devices also belong to a network and in the same physical device you can emulate various digital devices. Because of this we must check that our network monitor correctly integrates with virtual devices.
- If your company has cloud servers, then you’ll also need to check that the network monitor integrates with the company that offers said cloud service.
A network topology with 5000 nodes, as seen with Pandora FMS
Benefits of using a network monitor
The first benefit that a good network monitor will bring is cost reduction. Being able to view all the components of a network on the same panel, as well as knowing the network traffic status will allow us to:
- Improve demand management on our HW devices.
- Find old devices we may not have known the existence of, with consequent recovery.
- Inventory our components in order to manage them with more ease.
- Detect network issues in a simple way, to tackle them as soon as possible.
Automated alarms relieve demands on IT teams and also reduce time solving instances, while impacting as little as possible on the service offered by our applications.
Control panel view for a monitored sample network.
How does a network monitor work?
As their name suggests, network monitors are tools which “listen to”, or monitor, networks. It may seem simple, another automated tasks which computers do so handily, but the sheer amount of data flowing through a network, and the different ways it’s packaged, means it isn’t so easy. To monitor all the throughflow of information, Pandora FMS uses NetFlow, a protocol designed by CISCO Systems, and which represents the industry standard.
Which KPIs to monitor with a Network Monitor?
When it comes to installing a monitoring system it’s important to know beforehand exactly what we want to monitor, if we want to get the best out of our tool. The following are some of the most important KPIs to monitor
- Bandwidth: the amount of information our network is capable of carrying, which is always going to have a limit. Monitoring the bandwidth can alert us to when we are surpassing the limits of our network, or when we are about to, and help us to avoid slowdowns or downtimes due to lack of bandwidth. For example, if we have a bandwidth of 1GB per second, and we are approaching this threshold, our monitoring tool can warn us in time, allowing us to take action like reducing non-essential tasks which may be occupying too much bandwidth.
- Latency, or the time it takes for a bit to get from A to B in our network.
- Packet loss: data is transferred over networks in packets. It is important to know what percentage of packets, and their data, get lost, because the more packets lost, the more slowly our network will go. Keep in mind also that some packets are recoverable if they have the required protocol, but others no.
- Hardware component fail. Using SNMP it’s possible to find out if any devices are misbehaving.
- Application and/or process bandwidth consumption. Useful when it comes to the plumbing of our system; discovering bottlenecks and overloads, and also warning us of suspicious activity in our network (intruders, virus, DDoS attacks, etc.).
- Server response time. Critical information for evaluating the status of our infrastructure. Our chosen network monitoring solution should be capable of measuring the response time of our servers to ensure that our users are enjoying a seamless experience.
How much to invest in a Network Monitor?
That depends on what you want to monitor. There are three standard objectives for monitoring tools:
- Listening to the flow-through of traffic on your network, applying filters and finding specific problems, done with network commands usually to be found in the OS. Zero cost.
- 24/7 monitoring to detect network issues such as bandwidth congestion, DDoS attacks, packet-routing problems, connectivity drop-outs and so on. For this kind of meat-and-potatoes monitoring there are plenty of open versions available, although, if we are responsible for a large and complex infrastructure it could be a good idea to look at an Enterprise package, offering better performance and support. If this is the path we decide to follow, we have to consider the license cost. Our proprietary software, the Enterprise version is very keenly priced (among its many other advantages), and follows a “one-tool, one-price” policy. No extra costs, yes extra features. Check out our prices
- 360° network monitoring; servers, applications, network and systems. In this case, although there are free options out there it’s best to go with a fully-featured and supported Enterprise version. They may seem more costly going in, but, once the initial installation or migration is done, having a road-map and a support team is going to save money in the long run in terms of maintenance expenses, incorporating new features and/or infrastructures (for more information about how a monitoring system can save you money read this).
As you can see, depending on the volume of our project, the cost of monitoring our network ranges from zero to the cost of the license associated with the tool we choose, plus the cost of our IT team.
Benefits and ROI using a network monitor
As previously mentioned, at first sight a network monitoring tool may seem like an unnecessary or extravagant expense, especially the initial installation. However, beyond the initial phase the price drops off steeply, and savings start to kick in, especially if we are resolving incidents that would have impacted on our business.
What problems can adopting a network monitor have?
If the network monitor we’re going to use is as simple as the basic network commands mentioned above then the costs of incorporating one won’t be too costly. But the bigger the network, the bigger the cost. A cost we can save if we go with a training program which allows our system administrators to subsequently take command of the tool with only the necessary occasional back up. The alternative is having super-specialists on our IT team, who don’t come cheap. Of course, Pandora FMS offers full training in installation and use of the tool.
How to get the network monitor Pandora FMS
If you’re interested in the open source version, go to the Community website and download the latest version. In the wiki all the information necessary to configure and manage the product is freely available.
On the other hand, if you’d like a close look at the Enterprise version, follow the link.
If you’d like to know more about the main differences between the open and the Enterprise version, this article will be of interest.
Installing and configuring the network monitor
A network monitor is one of the parts and services that Pandora FMS software offers. It’s important within the architecture and it was one of the first components created for Pandora FMS.
It doesn’t matter if your network has five, 100 or 10,000 elements. Visit the following links to find information on installing Pandora FMS on CentOS and Suse or, if you prefer, access this page where you’ll be able to download the network monitor on an image in order to start working right away. The .iso file includes a modified version of CentOS with Pandora FMS preinstalled. More information here. The documents on version 6.0 will be needed to fully understand Pandora FMS and how to install it on different environments, and can be found in our documents page.
Network Monitor Architecture
We hope this article is useful whether or not you decide to choose Pandora FMS as your network monitor. A little advice; if you think that the number of elements to monitor might increase significantly, make sure that the tool you choose can also increase the number of features along with your demand.
Finally, don’t forget that in order to perform good monitoring, we must unite network and system monitoring. Although we’re going to leave that second part for our next article.