6 Replies Latest reply on May 1, 2014 11:35 AM by byrona

    Network monitoring

    levez les mains

      My manager wants us to monitor the network for peaks network usage during the week and the duration of those usages, can anybody help me with this?

       

      I have tried everything I know but keep coming up short.

        • Re: Network monitoring
          darragh.delaney

          Hi There,

          When you say you want to monitor the network, is it the LAN, WAN or both?

           

          If its the WAN then you need to look at something like SolarWinds NTA which takes flow data from routers and some switches which support features like NetFlow. This flow data can then be used to show peaks in network usage.

           

          If you are looking to monitor the LAN and you don't have flow data available then you need to look at setting up a SPAN or mirror port and use nProbe which can convert the packet capture data to flow which can then be used by NTA. Another option is to use a third party product like LANGuardian which also plugs into a SPAN\Mirror port and its output can be displayed within Orion.

           

          Darragh

          • Re: Network monitoring
            nicole pauls

            If you want to do something like this with LEM, you can use the network traffic events generated from your firewall, but it's generally going to be looking for anomalies in a somewhat limited way:

            • Frequency of events - an excessive count of occurrences/hits from a specific host, to a specific host, on specific ports, or with proxy servers, to specific sites or hosts
            • Single events in unexpected ways - a host that shouldn't connect to another host, ports that shouldn't be used, websites/categories that shouldn't be visited

             

            As for straight up bandwidth usage, LEM is not going to be great, but some firewalls and proxy servers do include this detail in their events and you might be able to search for it.

             

            If you want to limit to just web activity, you can tell a LOT by frequency of events - if you report on web traffic by source machine (or user name), you can fairly easily see the most common offenders, though you'd need to weed out stuff like internal sites if those also route through your proxy, or sites that you expect people to visit like salesforce, for example.

             

            LEM can also do some basic top talkers-style flow analysis with netflow/sflow data, but it's nowhere near what NTA can do.

            • Re: Network monitoring
              lazzo

              With what intention/focus in mind? If you are concerned about the network performance itself, go for NPM, if your concern is, who does eat up your bandwidth, go for NTA, either way, you will get comprehensive information about the network. If you need to identify, who or what is causing the spikes, you should rule out all genuine traffic first and deal with what is left.