• An EduGeek Roundup of Free Network Monitoring Tools

    Zabbix
    I have to admit that Zabbix was a new one to me, and like several other open source monitoring setups require quite a bit of Linux know how to get up and running correctly, but thankfully there is a readily available virtual machine (VMWare format) you can download to try it out, or even run it full time from should you choose to (see bottom of article for download link), so, given the time I had to look over the system this was the option I chose.

    Zabbix has been around for almost 6 years now and follows the pattern of most *nix based network monitoring solutions in that it is run via a web GUI. It supports detection and monitoring via SNMP, TCP (ping) and ICMP. The VM was very easy to setup and configure and once up and running you are faced with a rather industrial interface, which, it must be said it rather non-intuitive, and it’s default dashboard page in the fresh install shows only the stats from the local Zabbix installation itself. Clicking on the ‘discovery’ tab underneath the ‘Monitoring’ link revealed nothing at first, and so a quick trip to ‘Configuration’ was in order I thought. Within here was a tab marked ‘Hosts’ and I thought this would probably be the best place for me to start. This is where the little niggly problems with Zabbix started to come to light. I was presented with a page listing no hosts and it took me a while to find the ‘Add host’ button. It was hidden under the status updates that appear on the right hand side of the screen.

    Once found I was on my way. Now, you can have Zabbix auto-discover clients on your network (although I never once got this feature to work) or you can create them manually, as I was pushed for time and wanted the configuration done correctly I chose the manual option. Creating a host is quite simple. Give it a name, add it to a group if you wish (I chose ‘Discovered hosts’ by default), DNS name, IP address and then you can link it to a template. This is where the bells and whistles are added. Temples are preconfigured monitoring rules and save a lot of time and effort as they will automatically configure your client within Zabbix. For example, if I were to create a Windows host I would then add the Template_Windows template as part of the setup and then Zabbix would know exactly what to scan the host for as part of its jobs. You can also fill out a profile for the machine containing its MAC address, serial number and other details. Using this method it didn’t take me long to list the meagre resources of the Edugeek office LAN with Zabbix. You can also install a Zabbix client to Windows and Linux/Unix clients by creating a configuration file and installing it as a service via command line, however as I was just getting an overview of the system and it utilises SNMP this was all the information I was currently requiring.


    The Edugeek office devices being monitored by Zabbix.

    It was after I had completed all of these steps and saw information coming into Zabbix that I began to lose patience with it. It wasn’t just that it could ‘see’ my clients, but not show them on the network map until I found that I had to manually add each client to a map and configure it (a very time consuming process), or that trying to create custom screens/graphs and reports sometimes leads you to dead ends, or that it was at one point reporting an error that too many users were connected to the Zabbix server (myself and 9 client devices!?) it is simply let down by a lack of usability and ease of workflow.


    Applying a template to a host (monitored device).

    Yes, you can sit down and read through the readily available documentation, but for many of the tasks you want to do you shouldn’t have to, but it is quite apparent that Zabbix, due to its scale needs quite a bit of configuring by the end user to get working correctly, and given that many newer network monitoring packages out there do not I found myself wanting to shy away from it. By all means do not discount it as a choice as it does work, and very well once configured, but given the size of networks we manage there are better choices given the amount of time you would have to spend getting Zabbix up and running.


    Creating a network map in Zabbix.

    Pros

    • Lots of configuration options
    • Not as fiddly as some Linux based monitoring systems to setup


    Cons

    • Takes a lot of work setting up devices to be monitored
    • Clients required for more in depth monitoring of servers/computers


    Download from: www.zabbix.com
    Download VM from: www.zabbix.com/download.php

    Comments 17 Comments
    1. pete's Avatar
      pete -
      ....at the risk of the comments thread turning into a "Oi, what about......?"

      You missed out OSSIM: (Snort, Ntop, OpenVAS, P0f, Pads, Arpwatch, OSSEC, Osiris, Nagios and OCS rolled into one).

      OSSIM, the Open Source SIEM
      OSSIM, the Open Source SIEM

      Which, if you're thinking of an all-in-one setup, is pretty handy because it handles intrusion detection and auditing too.
    1. mattx's Avatar
      mattx -
      Spooky........ I was just re-configuring The Dude on an old laptop.....
    1. Dos_Box's Avatar
      Dos_Box -
      Quote Originally Posted by pete View Post
      ....at the risk of the comments thread turning into a "Oi, what about......?"

      You missed out OSSIM: (Snort, Ntop, OpenVAS, P0f, Pads, Arpwatch, OSSEC, Osiris, Nagios and OCS rolled into one).

      OSSIM, the Open Source SIEM
      OSSIM, the Open Source SIEM

      Which, if you're thinking of an all-in-one setup, is pretty handy because it handles intrusion detection and auditing too.
      I'm sure you will be the first of many to suggest tools I have missed out, but OSSIM is promoted primarily as a security tool rather than a monitoring tool. I shall keep it in mind though as a network security tools article could be interesting.
    1. glennda's Avatar
      glennda -
      For Free tools Zabbix is brilliant. For paid software's I have used GFI Max and more recently N-Able's NCentral but this is more geared towards MSP's market.
    1. pete's Avatar
      pete -
      Quote Originally Posted by Dos_Box View Post
      I'm sure you will be the first of many to suggest tools I have missed out, but OSSIM is promoted primarily as a security tool rather than a monitoring tool. I shall keep it in mind though as a network security tools article could be interesting.
      If you want a review of Ossec, we've been using it for a few years now.
    1. DMcCoy's Avatar
      DMcCoy -
      Bonus points for any that can report status back to a server via http proxy....
    1. glennda's Avatar
      glennda -
      Quote Originally Posted by DMcCoy View Post
      Bonus points for any that can report status back to a server via http proxy....
      N-central can I presume Zabbix can as I believe it uses the linux system proxy but don't use it anymore.

      EDIT: N-Central isnt free
    1. Jamo's Avatar
      Jamo -
      For completeness have you had a look at cacti?

      For long term network monitoring and base-lining I don't think it can be beat! Its also much kinder on resources than the larger solutions like spiceworks which really hammer the server its running on!
    1. matt40k's Avatar
      matt40k -
      Do not run the monitor solution on your virtual platform. How will it be able to alert you to a problem with the virtual infrastructure if it's running on it!
    1. localzuk's Avatar
      localzuk -
      One thing I'd say - if you want to use Nagios, take a look at NConf. Web based setup for it, makes life very easy!
    1. browolf's Avatar
      browolf -
      Quote Originally Posted by pete View Post
      ....at the risk of the comments thread turning into a "Oi, what about......?"

      You missed out
      I also vote
      Cacti - Cacti® - The Complete RRDTool-based Graphing Solution
      kind of like nagios but a 1000 times easier.
    1. soapyfish's Avatar
      soapyfish -
      I am torn between MRTG and Cacti for monitoring network traffic per port on my switches. I prefer to use Nagios3 for everything else, when combined with NRPE. so I can monitor internal systems processes on windows servers as well as external services. I get alerts when things are down and warnings in advance of failure for most things. I am also able to monitor printers and get advance warnings of low toner and drum problems so I can ensure that I have parts in stock. Nagios is abit tricky to configure but its easily worth it. I have used the historical record it provides to illustrate to SLT that there is a need to replace hardware. There is also alot of free plugins for nagios. I especially like the "Check_Procurve_loop" plugin so that I can quickly and easily locate network loops when the students decide to swap network cables around... The other bit of software not mentioned so far is "Smokeping" which gives really nice latency graphs between the server and any other device. I use this to monitor the quality of the schools internet connection as well as the performance of the internal LAN.
    1. oalcock's Avatar
      oalcock -
      I apologise in advance if this is very thick of me, but I am struggling to find the download link??? Can anybody assist? Thanks.
    1. oalcock's Avatar
      oalcock -
      I apologise in advance if this is very thick of me, but I am struggling to find the download link??? Can anybody assist? Thanks.
      This was very thick of me, just read the title of this feed again and realised this isn't anything specific, I can see download links in other fellow edugeeker's comments.
    1. Steve21's Avatar
      Steve21 -
      Quote Originally Posted by oalcock View Post
      I apologise in advance if this is very thick of me, but I am struggling to find the download link??? Can anybody assist? Thanks.
      For which one?

      Steve
    1. Fazza's Avatar
      Fazza -
      I just installed The Dude the other day on what is now our System Monitoring PC and within a few minutes I was monitoring our 50+ servers! Very quick and easy to install and setup with no messing about.
    1. junaid's Avatar
      junaid -
      Unauthorised advertising.