190 likes | 360 Views
Monitoring Network Resources & Performance. IT:Network:Apps. Monitoring Network resources and Performance. What’s happening on the network Network Traffic Performance Logging Auditing Monitoring. What’s happening on the network?. Need to keep track of many things Traffic (packets)
E N D
Monitoring Network Resources & Performance IT:Network:Apps
Monitoring Network resources and Performance • What’s happening on the network • Network Traffic • Performance • Logging • Auditing • Monitoring
What’s happening on the network? • Need to keep track of many things • Traffic (packets) • Network load • Server load • Disk space • Log files • Availability of Servers/Services
Network Traffic • Protocol Analyzer • Network Monitor • http://www.microsoft.com/downloads/en/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en • Wireshark • Need to see all packets • Promiscuous ModeIn a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety. • Management port on switch
Network Traffic • Network Monitor
Network Traffic • Administrative Tools > Performance Monitor • IPv4 – Datagrams (sent/received) / sec • Network Interface – Bytes (sent/received/total) / sec
Network Traffic • Administrative Tools > Performance Monitor • IPv4 – Datagrams (sent/received) / sec • Network Interface – Bytes (sent/received/total) / sec
Logging • System keeps log files with important info • System; Application; Security; Others • Look at them!!! • EventRoverhttp://www.eventrover.com/ • EventAlarmhttp://eventalarm.com/
Auditing • Security Policy (Local, Domain, DC) • Local Policies – Audit Policy • What to watch • Account Logon Events – domain user auth by DC • Account Mgmt – • Logon Events – user auth by local machine • Object access – file system/reg key/ printer • (ntfs security – Adv – audit) • Policy Change • Privilege use • Process Tracking • System Events
Auditing • What should we audit? It Depends… • Security – watch for what “shouldn’t” happen • Tracking – watch for what “is” happening • Do we need to know Mary successfully logged in? • Do we need to know the server restarted? • Why did it restart? • When did it restart • Do we need to know a user was created? • who created it and why? • Watch Log File
Monitoring • Performance Monitor • Resource MonitorStartSearch All Programs and Files Resource monitor • NetProbehttp://www.net-probe.com/Net-Probe/Index.html
System Monitoring • SpiceworksDownloadable network inventory system…for free. • Manage all systems on your network from one portal
System Monitoring • Timeline views • Printer information • Software patch information
System Monitoring • VM Aware! • Select VM or device to get a detailed view of system.
System Monitoring • Network device support
System Monitoring • Configuration, interface, vlan views
Summary • Network monitoring should be a part of IT strategy. • Automated flagging systems reduce wasted time filtering through logs. • Audit what you are going to review. The more you log and audit the bigger the impact on system resources. Start small, and manage. • System monitoring/inventory systems can reduce workload dramatically when configured properly. • Reporting and documenting capabilities should be a primary need.