Local network monitoring. Control over computers in the local network

Network monitoring software are indispensable assistants to every system administrator. They allow you to quickly respond to anomalous activity within the local network, keep abreast of all network processes and, thus, automate some of the administrator's routine activities: primarily those related to network security. Let's see which local network monitoring programs are the most relevant in 2019.

This top is opened by our own development TNM 2 - an extremely affordable and effective software solution for network monitoring of server machines, which strikes the perfect balance between convenience (most free solutions lack a GUI) and extensive functionality. One of the main programmable components of Total Network Monitor 2 are monitors that perform checks at the intervals you need. The list of available checks is impressive. They allow you to track almost any parameter, from the availability of servers on the network to checking the status of services.

It is noteworthy that these objects are able to independently eliminate the primary consequences of problems (that is, all this happens without the direct participation of the system administrator) - for example, restart individual services or user devices, activate antivirus, supplement the event log with new entries, etc. - in general, everything that the system administrator initially performed manually.

As far as reporting is concerned, it stores all the information related to each check that was carried out by the selected monitor. The cost for 1 copy of this application is only 5,000 rubles.

observium

The Observium application, which is based on the use of the SNMP protocol, allows not only to examine the state of a network of any scale in real time, but also to analyze its performance level. This solution integrates with equipment from Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp and other vendors. With a well-designed graphical interface, the software provides system administrators with a wealth of customization options, from ranges for autodiscovery to the SNMP protocol data needed to gather information about the network.

They also get access to data on the technical characteristics of all equipment that is currently connected to the network. All reports that are generated by analyzing the event log, Observium can present in the form of diagrams and graphs, clearly demonstrating the "weak" sides of the network. You can use either the demo version (which, in our experience, is not very feature rich) or the paid license, which costs £200 per year.

Nagios

Nagios is an advanced monitoring solution that is managed through a web interface. It is by no means easy to learn, however, thanks to its fairly large online community and well-researched documentation, it can be mastered in a few weeks.

With Nagios, system administrators can remotely control the amount of load on user equipment or equipment higher in the network hierarchy (switches, routers, servers), monitor the load on memory reserves in databases, monitor the physical indicators of parts of network equipment (for example, the temperature of the motherboard , the combustion of which is one of the most frequent breakdowns in this area), etc.

With regard to network anomaly detection, Nagios automatically sends alert notifications to a pre-set address by the system administrator - whether it is an email address or a phone number of a mobile operator. A free demo version will be available to you for 60 days.

PRTG Network Monitor

The PRTG software component, compatible with devices based on Windows OS, is designed to monitor networks. It is not free (only a 30-day trial period is free), it is used not only to scan devices that are currently connected to the local network, but can also serve as an excellent assistant in detecting network attacks.

Some of the most useful PRTG network services include: packet inspection, analysis and saving of statistical data to the database, viewing a network map in real time (it is also possible to obtain historical information about the behavior of the network), collecting technical parameters about devices connected to the network, as well as analysis load level on network equipment. Note that it is very easy to use - primarily due to the intuitive graphical interface that can be opened using any browser. If necessary, the system administrator can also get remote access to the application through a web server.

Kismet

Kismet is a useful open-source application for system administrators that allows you to comprehensively analyze network traffic, detect anomalies in it, prevent failures and can be used with *NIX/Windows/Cygwin/macOS based systems. Kismet is often used specifically for analyzing wireless local networks based on the 802.11 b standard (including even networks with a hidden SSID).

With it, you can easily find incorrectly configured and even illegally operating access points (which attackers use to intercept traffic) and other hidden devices that can potentially be "harmful" to your network. For these purposes, the application has a very well developed ability to detect various types of network attacks - both at the network level and at the level of communication channels. As soon as one or more attacks are detected, the system administrator will receive an alert and be able to take action to eliminate the threat.

WireShark

The free open-source network analyzer WireShark provides its users with incredibly advanced functionality and is rightfully recognized as an exemplary solution in the field of network diagnostics. It integrates perfectly with *NIX/Windows/macOS based systems.

Instead of web interfaces and CLIs that are not very clear for beginners, in which you need to enter queries in a special programming language, this solution uses a GUI (although if you need to modernize the set of standard WireShark features, you can easily program them in Lua).

By deploying and configuring it once on your server, you will have a centralized element for monitoring the smallest changes in network operation and network protocols. In this way, you will be able to detect and identify network problems early.

NeDi

NeDi is a completely free software that scans the network for MAC addresses (there are also IP addresses and DNS among the valid search criteria) and compiles its own database from them. To work, this software product uses a web interface.

Thus, you can monitor all physical devices and their location within your local network online (in fact, you will be able to extract data about any network node - from its firmware to configuration).

Some professionals use NeDi to find devices that are used illegally (for example, stolen). This software uses the CDP/LLDP protocols to connect to switches or routers. This is a very useful, albeit difficult to learn solution.

Zabbix

The Zabbix monitoring system is a versatile open source network monitoring solution that can be configured for individual network models. Basically, it is intended for systems that have a multi-server architecture (in particular, Zabbix integrates with Linux/FreeBSD/Windows servers).

This application allows you to simultaneously manage hundreds of network nodes, which makes it an extremely effective tool in organizing the work of system administrators working in large-scale enterprises. To deploy Zabbix on your local network, you will either need to run software agents (daemons) or use the SNMP protocol (or other protocol for secure remote access); and for management, you will have to master the web interface in PHP.

In addition, this software provides a complete set of tools for monitoring the status of network hardware. Note that in order to fully experience all the benefits of this solution, your system administrator will need to have at least basic knowledge of Perl or Python (or any other languages ​​​​that can be shared with Zabbix).

10-Strike: Network Monitoring

“Network Monitoring” is a Russian-language web-based software solution that fully automates all aspects of network security. With its help, system administrators can prevent the spread of virus software over the local network, as well as determine the cause of all kinds of technical malfunctions associated with cable breaks or the failure of individual units of the network infrastructure.

In addition, this software performs online monitoring of temperature, voltage, disk space and other parameters via SNMP and WMI. Among its shortcomings are a rather heavy load on the CPU (which the developer himself honestly warns about) and a high price.

Network Olympus

And our list closes one more our program. Unlike TNM, Network Olympus runs as a service and is web-based, giving you much more flexibility and ease of use. The main feature is the script constructor, which allows you to move away from performing primitive checks that do not allow you to take into account certain circumstances of device operation. With its help, you can organize monitoring schemes of any complexity in order to accurately identify problems and malfunctions, as well as automate the process of their elimination.

The scenario is based on a sensor, from which you can build logical chains, which, depending on the success of the check, will generate different alerts and actions aimed at solving your problems. Each element of the chain can be edited at any time and will immediately be applied to all devices to which the scenario is assigned. All network activity will be tracked using an activity log and special reports.

If you have a small network, then you do not need to buy a license - the program will work in a free mode.

How to choose a network monitoring program: summary

It is difficult to definitely choose a winner and name the best local network monitoring program. But we are of the opinion that our Network Olympus product has many advantages and a very low barrier to entry, because it does not require special training in order to start working with it. In addition, it does not have the disadvantages of open-source solutions, such as lack of updates and poor compatibility (both with OS and TX devices). Thus, thanks to such a solution, you will be able to control all events occurring within your local network and respond to them in a timely manner.

The mantra of the real estate world is Location, Location, Location. For the world of system administration, this sacred text should sound like this: Visibility, Visibility and once again Visibility. If you don't know exactly what your network and servers are doing every second of the day, you're like a pilot flying blind. A catastrophe awaits you. Lucky for you, there are a lot of good programs available on the market, both commercial and open source, that can do your network monitoring.

Since good and free is always more tempting than good and expensive, here is a list of open source programs that prove their worth every day in networks of any size. From discovering devices, monitoring network equipment and servers, to identifying network trends, graphing monitoring results, and even backing up switch and router configurations, these seven free utilities are likely to surprise you.

Cacti

First there was MRTG (Multi Router Traffic Grapher) - a program for organizing a network monitoring service and measuring data over time. Back in the 1990s, its author Tobias Oetiker saw fit to write a simple graphing tool using a ring database, originally used to display the throughput of a router on a LAN. So MRTG gave birth to RRDTool, a set of utilities for working with RRD (Round-robin Database, ring database), which allows you to store, process and graphically display dynamic information such as network traffic, processor load, temperature, and so on. Now RRDTool is used in a huge number of open source tools. Cacti is the modern flagship of open source network graphics software and takes the principles of MRTG to a whole new level.

From disk usage to power supply fan speed, if it can be tracked,Cacti will be able to display it and make this data easily accessible.

Cacti is a free program included in the LAMP suite of server software that provides a standardized software platform for plotting virtually any statistical data. If any device or service returns numeric data, then they can most likely be integrated into Cacti. There are templates for monitoring a wide range of equipment, from Linux and Windows servers to Cisco routers and switches, basically anything that communicates on SNMP (Simple Network Management Protocol). There are also collections of third-party templates that further expand the already huge list of Cacti compatible hardware and software.

While Cacti's standard data collection method is SNMP, Perl or PHP scripts can also be used. The software system framework cleverly separates data acquisition and graphical display into discrete instances, making it easy to reprocess and reorganize existing data for different visual representations. In addition, you can select specific time frames and parts of the charts by simply clicking and dragging them.

So, for example, you can quickly look at data from several years ago to see if the current behavior of the network equipment or server is anomalous, or if such indicators appear regularly. And with Network Weathermap, a PHP plugin for Cacti, you can effortlessly create real-time maps of your network showing the traffic between network devices using graphs that appear when you hover your mouse over a network channel image. Many organizations using Cacti display these maps on 42-inch wall-mounted LCD monitors 24/7, allowing IT to instantly monitor network traffic and link status.

In summary, Cacti is a powerful graphing and trending network performance toolkit that can be used to monitor virtually any monitored metric that can be graphed. The solution also supports almost limitless customization options, which can make it overly complex for certain applications.

Nagios

Nagios is an established network monitoring software system that has been in active development for many years. Written in C, it allows you to do almost everything that system and network administrators might need from a monitoring application package. The web interface of this program is fast and intuitive, while its back-end is extremely reliable.

Nagios can be a problem for beginners, but the rather complex configuration is also an advantage of this tool, as it can be adapted to almost any monitoring task.

Like Cacti, there is a very active community supporting Nagios, so various plugins exist for a huge variety of hardware and software. From the simplest ping checks to integration with complex software solutions, such as WebInject, a free Perl-based web application and service testing tool. Nagios allows you to constantly monitor the status of servers, services, network links and everything else that understands the IP network layer protocol. For example, you can monitor server disk space usage, RAM and CPU usage, FLEXlm license usage, server outlet air temperature, WAN and Internet latency, and more.

Obviously, any server and network monitoring system will not be complete without notifications. Nagios is fine with that: the software platform offers a customizable email, SMS, and instant messaging notification mechanism for most popular Internet messengers, as well as an escalation scheme that can be used to make intelligent decisions about who, how and when. what circumstances should be notified that with the right settings will help you ensure many hours of restful sleep. And the web interface can be used to temporarily suspend receiving notifications or acknowledging a problem that has occurred, as well as making notes by administrators.

In addition, the display feature shows all monitored devices in a logical, color-coded representation of their location on the network, allowing problems to be shown as they occur.

The disadvantage of Nagios is the configuration, as it is best done through the command line, which makes it much more difficult for beginners to learn. Although people who are familiar with the standard Linux/Unix configuration files should not have much trouble.

The possibilities of Nagios are huge, but the effort to use some of them may not always be worth the effort. But don't let the complexity intimidate you: the early warning benefits that this tool provides for so many aspects of the network cannot be overestimated.

Icinga

Icinga started as a fork of the Nagios monitoring system, but has recently been rewritten into a standalone solution known as Icinga 2. Both versions of the program are currently in active development and available for use, while Icinga 1.x is compatible with a large number of plugins and configuration Nagios. Icinga 2 was designed to be less bulky, performance oriented, and more user friendly. It offers a modular architecture and multi-threaded design that neither Nagios nor Icinga 1 has.

Icinga offers a complete monitoring and alerting software platform that is designed to be as open and extensible asNagios, but with some differences in the web interface.

Like Nagios, Icinga can be used to monitor anything that speaks the IP language, as deep as you can use SNMP, as well as custom plugins and add-ons.

There are several variations of the web interface for Icinga, but the main difference between this monitoring software solution and Nagios is the configuration that can be done through the web interface rather than through configuration files. For those who prefer to manage their configuration outside of the command line, this functionality will be a real boon.

Icinga integrates with a variety of monitoring and graphical display software packages such as PNP4Nagios, inGraph and Graphite to provide a robust visualization of your network. In addition, Icinga has advanced reporting capabilities.

NeDi

If you've ever had to Telnet to switches to find devices on your network and search by MAC address, or you just want to be able to determine the physical location of certain equipment (or perhaps even more it doesn't matter where it was located before), then it will be interesting for you to take a look at NeDi.

NeDi constantly scans the network infrastructure and catalogs devices, keeping track of everything it finds.

NeDi is a free LAMP-related software that regularly scans the MAC addresses and ARP tables on the switches in your network, cataloging each discovered device in a local database. This project is not as well known as some others, but it can be a very handy tool when dealing with corporate networks where devices are constantly changing and moving.

You can use the NeDi web interface to search for a switch, switch port, access point, or any other device by MAC address, IP address, or DNS name. NeDi collects all the information it can from every network device it encounters, pulling serial numbers, firmware and software versions, current times, module configurations, and more. You can even use NeDi to mark MAC- addresses of devices that have been lost or stolen. If they appear online again, NeDi will let you know.

Discovery is triggered by a cron process at specified intervals. The configuration is simple, with a single configuration file that allows for much more customization, including the ability to skip devices based on regular expressions or set network boundaries. NeDi typically uses the Cisco Discovery Protocol or Link Layer Discovery Protocol to discover new switches and routers and then connects to them to collect their information. Once the initial configuration is set, device discovery will be pretty fast.

Up to a certain level, NeDi can integrate with Cacti, so it is possible to link device discovery to the corresponding Cacti graphs.

Ntop

The Ntop project - now better known to the "new generation" as Ntopng - has come a long way in the last decade. But call it what you want - Ntop or Ntopng - as a result, you get a first-class tool for monitoring network traffic paired with a fast and simple web interface. It is written in C and is completely self contained. You start a single process configured on a specific network interface, and that's all it needs.

Ntop is a lightweight web-based packet sniffing tool that shows you real-time network traffic data. Information about the data flow through the host and about the connection to the host is also available in real time.

Ntop provides easy-to-digest graphs and tables showing current and past network traffic, including protocol, source, destination, and history of specific transactions, as well as hosts at both ends. In addition, you'll find an impressive array of graphs, charts, and real-time network usage maps, as well as a modular architecture for a huge number of add-ons, such as adding NetFlow and sFlow monitors. Here you can even find Nbox - a hardware monitor that embeds in Ntop.

In addition, Ntop includes an API for the Lua scripting programming language that can be used to support extensions. Ntop can also store host data in RRD files for ongoing data collection.

One of the most useful uses of Ntopng is to control traffic to a specific location. For example, when some of the network links are highlighted in red on your network map, but you don't know why, you can use Ntopng to get a minute-by-minute report on the problematic network segment and immediately find out which hosts are responsible for the problem.

The benefit of such network visibility is difficult to overestimate, and it is very easy to get it. Essentially, you can run Ntopng on any interface that has been configured at the switch level to monitor a different port or VLAN. That's all.

Zabbix

Zabbix is ​​a full-blown network and system monitoring tool that combines several functions in one web console. It can be configured to monitor and collect data from a wide variety of servers and network devices, maintaining and monitoring the performance of each site.

Zabbix allows you to monitor servers and networks using a wide range of tools, including monitoring of virtualization hypervisors and web application stacks.

Basically, Zabbix works with software agents running on monitored systems. But this solution can also work without agents, using the SNMP protocol or other monitoring capabilities. Zabbix supports VMware and other virtualization hypervisors by providing detailed hypervisor performance and activity data. Particular attention is also paid to the monitoring of Java application servers, web services and databases.

Hosts can be added manually or through an automatic discovery process. A wide range of default templates apply to the most common use cases such as Linux, FreeBSD and Windows servers; widely used services such as SMTP and HTTP as well as ICMP and IPMI for detailed network hardware monitoring. In addition, custom checks written in Perl, Python or almost any other language can be integrated into Zabbix.

Zabbix allows you to customize your dashboards and web interface to focus on the most important network components. Notifications and problem escalations can be based on custom actions that are applied to hosts or groups of hosts. Actions can even be configured to run remote commands, so some script of yours can run on a controlled host if certain event criteria are observed.

The program graphs performance data such as network bandwidth and CPU usage and collects it for custom display systems. In addition, Zabbix supports customizable maps, screens, and even slideshows showing the current status of monitored devices.

Zabbix can be difficult to implement initially, but judicious use of auto-discovery and various patterns can alleviate some of the integration difficulties. In addition to being an installable package, Zabbix is ​​available as a virtual appliance for several popular hypervisors.

observium

Observium is a program for monitoring network equipment and servers that has a huge list of supported devices using the SNMP protocol. As a LAMP related software, Observium is relatively easy to install and configure, requiring the usual Apache, PHP and MySQL installations, database creation, Apache configuration, and the like. It installs as its own server with a dedicated URL.

Observium combines system and network monitoring with performance trending. It can be configured to track almost any metric.

You can enter the GUI and start adding hosts and networks, as well as set up auto-discovery ranges and SNMP data so that Observium can explore the networks around it and collect data on each discovered system. Observium can also discover network devices via CDP, LLDP or FDP protocols, and remote host agents can be deployed on Linux systems to help with data collection.

All of this collected information is available through an easy-to-use user interface that provides advanced statistical display options as well as charts and graphs. You can get anything from ping and SNMP response times to throughput graphs, fragmentation, IP packet counts, and more. Depending on the device, this data can be available up to every discovered port.

As for servers, for them Observium can display information about the state of the central processor, RAM, data storage, swap, temperature, etc. from the event log. You can also enable data collection and performance graphing for various services including Apache, MySQL, BIND, Memcached, Postfix, and more.

Observium works great as a virtual machine, so it can quickly become the go-to tool for getting information about the status of servers and networks. This is a great way to add auto-discovery and graphical representation to any size network.

Too often, IT administrators feel they are limited in what they can do. Whether we're dealing with a custom software application or an "unsupported" piece of hardware, many of us feel that if the monitoring system can't handle it right away, it's impossible to get the data we need in that situation. This, of course, is not true. With a little effort, you can make almost everything more visible, accounted for, and controlled.

An example is a user application with a database on the server side, for example, an online store. Your management wants to see beautiful graphs and charts, designed in one form or another. If you are already using, say, Cacti, you have several options to display the collected data in the required format. You can, for example, write a simple Perl or PHP script to run queries against the database and pass those calculations to Cacti, or you can SNMP call the database server using a private MIB (Management Information Base). One way or another, but the task can be done, and done easily, if you have the necessary tools for this.

Most of the free network monitoring utilities listed in this article should not be difficult to access. They have bundled versions available for download for the most popular Linux distributions, unless they are originally included. In some cases, they may be pre-configured as a virtual server. Depending on the size of your infrastructure, configuring and configuring these tools can be quite time-consuming, but once they're up and running, they'll be a solid foundation for you. As a last resort, it is worth at least testing them.

Regardless of which of these above systems you use to keep an eye on your infrastructure and equipment, it will provide you with at least the functionality of another system administrator. Although it cannot fix anything, it will monitor literally everything on your network around the clock, seven days a week. The time spent on installation and configuration will pay off with a vengeance. Also, be sure to run a small set of standalone monitors on another server to observe the main monitor. This is the case when it is always better to keep an eye on the observer.

Always in touch, Igor Panov.

See also:

Total Network Monitor 2 is a program for continuous monitoring and administration of a local network, individual computers, Internet resources, network and system services. TNM will notify you in advance of the occurrence of problems through various means and generate a detailed report on what happened and when.

Network monitoring

you create monitors- objects that periodically check one or another aspect of the operation of a service, server, or file system. The monitors are flexibly configured and display the network status in real time.

If any indicators deviate from the norm, the monitor executes the script described in advance actions: for example, a beep, e-mail or IM notification with a detailed description of the incident, rebooting the remote computer, launching an application, etc.

Turning to network monitoring log, you can always see the history of readings of all monitors and a list of performed actions.

Download for free and start using right now and without functional limitations!

Health checks and problems

Checks- connection of Total Network Monitor 2 with the outside world. They provide monitors with data for analysis. In our network monitoring utility you will find many checks for all occasions. Querying over network protocols to monitor servers, checking services, checking the Windows event log and registry keys, searching for a string in a file on a remote computer, and much more - TNM does all this with ease.

List of checks

Internet: ICMP TCP HTTP FTP SMTP POP3 IMAP Telnet

Windows: Event Log Service Status Registry Status System Performance

File-based: File existence File size File comparison Number of files CRC32 file Content of file Disk space

Alerts and event history

Actions triggered when something doesn't go according to plan. They notify you so you can fix things in time. They can provide first aid in administering a local network: restart a service or a remote computer, launch an application, execute a script. Or they can just add an entry to a separate journal.

Action List

Alerts: Message box Notification Sound signal Write to file

Alerts: E-mail Jabber Event log

Action: Run the application Run the script Restart the service Restart the computer

All actions performed and all changes in observed parameters are continuously logged, forming a clear picture of the state of the network.

Logging Checks to the Monitor Log

Total Network Monitor 2 monitors all running monitors and records the necessary information about the operation of checks. Any change in the state of the monitor is captured in Monitor Log:

Statistics and Activity Chart

Statistics include the time when the selected monitor was started and last scanned, the total number and number of green, red, and black monitor states. A separate tool can be called activity chart, which graphically displays the results of checking the selected monitor.

Monitoring actions in the log

TNM logs every action performed and non-performed in Activity log, showing the timecode and the name and IP address of the target equipment:

Convenient map of network devices

Build a visual plan for your monitoring project with network maps: place icons of computers, devices and servers on a plant diagram or world map, and depict the structure of a network using connections.

Color indication next to each device on the network map allows you to quickly determine their status.

You probably know about the presence of a built-in firewall in it. Perhaps you also know how to allow and block access of individual programs to the network in order to control incoming and outgoing traffic. But did you know that Windows Firewall can be used to log all connections passing through it?

The Windows Firewall logs can be helpful for specific issues:

• The program you are using cannot connect to the Internet, even though other applications do not experience this problem. In this case, to fix the problem, you should check if the system firewall is blocking the connection requests of this program.
• You suspect that your computer is being used by malware and you want to monitor outbound traffic for suspicious connection requests.
• You have created new rules for allowing and blocking access and want to make sure that the firewall correctly processes the given instructions.

Regardless of the reason for using it, enabling event logging can be a tricky task, as it requires a lot of tweaking of the settings. Here is a clear algorithm of actions on how to activate the registration of network activity in the Windows firewall.

Access to firewall settings

First, you need to go to the advanced settings of the Windows firewall. Open the control panel (right-click on the Start menu, option “Control Panel”), then click the link “Windows Firewall”, if the view mode is small / large icons, or select the section “System and Security”, and then “Windows Firewall ” if the view mode is category.

In the firewall window, select an option from the left navigation menu “Advanced Options”.

You will see the following settings screen:

This is the internal technical side of the Windows firewall. This interface allows you to allow or block access of programs to the Internet, configure incoming and outgoing traffic. In addition, this is where the event logging function can be activated - although it is not immediately clear where this can be done.

Accessing log settings

First, select the “Windows Firewall with Advanced Security (Local Computer)” option.

Right-click on it and select the "Properties" option.

A window will open that may confuse the user. When you select three tabs (Domain Profile, Private Profile, Public Profile), you will notice that their content is identical, but refers to three different profiles, the name of which is indicated in the tab title. Each profile tab contains a logging configuration button. Each log will correspond to a different profile, but which profile are you using?

Consider what each profile means:

• A domain profile is used to connect to a Wi-Fi wireless network when the domain is set by a domain controller. If you are not sure what this means, it is better not to use this profile.
• The private profile is used to connect to private networks, including home or personal networks - this is the profile you are most likely to use.
• The public profile is used to connect to public networks, including restaurants, airports, libraries, and other institutions.

If you are using a computer on a home network, go to the "Private Profile" tab. If you are using a public network, go to the General Profile tab. Click the "Customize" button in the "Logging" section of the correct tab.

Event log activation

In the window that opens, you can configure the location and maximum size of the log. You can set a memorable location for the log, but the location of the log file doesn't really matter. If you want to start event logging, set both drop-down menus “Log missed packets” and “Log successful connections” to “Yes” and click the “OK” button. Running the feature all the time can lead to performance issues, so only enable it when you really need to monitor connections. To disable the logging function, set the value to “None (default)” in both drop-down menus.

Studying magazines

Now the computer will capture network activity controlled by the firewall. To view the logs, go to the "Advanced Options" window, select the "Monitoring" option in the left list, and then in the "Logging Options" section, click the "File Name" link.

Then the network activity log will open. The contents of the log can be confusing for an inexperienced user. Consider the main contents of the log entries:

1. Date and time of connection.
2. What happened to the connection. The “ALLOW” status means that the firewall allowed the connection, while the “DROP” status indicates that the connection was blocked by the firewall. If you're experiencing network connectivity issues with a single program, you'll be able to pinpoint that the cause of the problem is related to firewall policy.
3. Connection type - TCP or UDP.
4. In order: the source IP address of the connection (computer), the destination IP address (for example, web pages), and the network port used on the computer. This entry allows you to identify ports that require opening for the software to work. Also watch out for suspicious connections - they can be made by malware.
5. Whether the data packet was successfully sent or received.

The information in the log will help you determine the cause of connection problems. The logs may also log other activity, such as the target port or TCP acknowledgment number. If you want more details, check out the “#Fields” line at the top of the log to identify the meaning of each metric.

Don't forget to turn off the logging feature when you're done.

Advanced Network Diagnostics

By using the Windows Firewall log, you can analyze the types of data being processed on a computer. In addition, you can determine the causes of network problems related to the operation of the firewall or other objects that disrupt connections. The activity log allows you to familiarize yourself with the operation of the firewall and get a clear idea of ​​\u200b\u200bwhat is happening on the network.

Found a typo? Press Ctrl+Enter

We have compiled another list of great free server and network monitoring tools. They are very important for any business doing business through a website or network. Server and network monitoring allows you to be aware of all issues as they arise; and this, in turn, allows you to do the right thing.

Ganglia is a changeable monitoring system for high performance computing systems such as clusters and cells. It is built hierarchically, and is aimed at combining clusters.