Hi Magnus, When it comes to monitoring throughput on routers and switches, MRTG along with RRD is the natural choice. First of all it is free, second there is a tremendous community to help support. In its current incarnation, WUG does not do throughput trending. It can however monitor certain thresholds on interfaces (ifInOctet and ifOutOctet). Most likely you want to have a look at the trends over time for a particular interface. In one of your earlier posts you asked about Denika. Well, Denika does exactly that (and lots more). It does use MRTG/RRD and gives you a fairly easy way of doing trending. It does not stop at interfaces, it can trend any SNMP variable over time. As a matter of fact, with a little help from a script, it can trend anything over time. If you don't need the nice interface and want to dig a bit deeper into trending, MRTG/RRD can do all of this under Windows and under Linux. See http://people.ee.ethz.ch/~oetiker/webtools/mrtg/ for more info.
What also could be done is to report on bandwidth usage. One would need to count the bits and bytes over time. Again, this can be done with MRTG/RRD and a little scripting work. When it comes to identifying which traffic goes where, things are a bit more involved. Cisco has something like sflow where when processed, one could identify what kind of traffic went where and when. This is particular interesting when you have several critical applications fighting for the same bandwidth. Unfortunately, whilst sflow gains popularity, every router/switch vendor does it slightly different. I hope this gives you some more pointers. Luz Berger Berger Network Consult http://www.bergerl.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Finbom Magnus Sent: Friday, July 30, 2004 12:25 PM To: '[EMAIL PROTECTED]' Subject: SV: [WhatsUp Forum] How to know what to look for? Thanks you very much Luz! You are right on that it really not is up to the IT-departement but the needs of the business that controlls. An SLA is a good start, even for a small organization just to point out what's the more important. But in my case the organization is very poor in telling a realistic goal. Of course I too want everything to be up 24/7... Althogh I have been thinking of trying once again to ask. As it is now my curiosity (and some free time) of whats can be done thats guides me on what we should monitor. When I started at this work they had no monitoring at all. And they were satisfied when I gave the WUG with the simple up/down alerts. My experience in computing goes way back but SNMP is something I hav ekept away from becuse of lack of time. For a server it is easy for me to state that most of the parts can be monitored with SNMP. I just asume that everything that the system log in the eventlogg are also possible to get through SNMP. For a switch I think that port-states, errors can be monitored.. But im unsure wheter its possible to monitor bandwith-load.. But some reading about it will tell me. (Or asking here in this forum :-) Im realizing that monitoring can take a full time job. And if monitoring everything and creating reports more than lots of time would be needed. SNMP is hard a first, but very "exciting" when getting into it. And just when starting to figure out that It not was as difficult as I thought I understand that it is very time-consuming and demanding of lots of R.T.F.M. I will save and search through the links you provided and will hopefully find many usefull things. Regards, Magnus Finbom -----Ursprungligt meddelande----- Fr�n: Luz Berger [mailto:[EMAIL PROTECTED] Skickat: den 30 juli 2004 11:21 Till: [EMAIL PROTECTED] �mne: RE: [WhatsUp Forum] How to know what to look for? Hi Magnus, Unfortunately it is not so easy to give an all encompassing view on what has to be monitored and how to know about it. First of all, you need to look at your business. Group your infrastructure along the lines of business. Talk to the line managers on what exactly they view as absolutely important to have in terms of service. Agree with them on a SLA ( not easy and certainly not fast to get) or at least derive from their answers a sort of base line on what part of the infrastructure is business critical. Once you have this information, try to map this towards your infrastructure. This will get you an idea on what you need to look at in terms of systems (i.e. router, switches, server, etc.). The next step is to define what parameters to look at for any given device or device group and how to monitor those. A very important part is to define what sort of reporting is necessary in order to verify whether a SLA is adhered to or not. Another important area is the notification (escalation). Again, there is no all size fits all approach. It heavily depends upon the SLAs and the requirements of your business. Yes, the size and depth of your IT organisation has an impact as well. Only if above has been sufficiently defined and agreed upon can you go to define the technical aspects of the monitoring and reporting. Lets take a server as an example. You will need to look at CPU usage, memory usage, disk subsystem, NICs, etc. How exactly depends upon the role of the server. Most likely would you like to know about any exception as soon as possible. Well, this gets you into monitoring events (traps, syslog, winevent, etc.). One advise, monitor only those items which are necessary in order to adhere to any SLA. One could monitor everything and then one would need a lot of manpower and/or systems to make sense out of all those information. Now for the bad message. You can not tell in general what sort of mibs and mib variables to use. It depends upon the make, model and brand of the device. Everybody does it different. If you use equipment from the big ones like HP, IBM, Dell, Cisco and the like, things are reasonably easy. All of them have a lot of info on their web sites and in their documentation. Not always easy to find, but it is usually there. A good place to start looking for general SNMP knowledge is http://www.wtcs.org/snmp4tpc/default.htm. An excellent set of documentation regarding general system management and monitoring is here. Network management 1. Introduction - http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap1.pdf 2. Network monitoring - http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap2.pdf 3. Network control - http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap3.pdf 4. SNMP Network Management Concepts - http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap4.pdf 5. ASN.1 notation - only in French 6. SNMP Management Information - http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap6.pdf SMI: Structure of Management Information MIB: Management Information Base 7. SNMP protocol principles - http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap7.pdf 8. RMON basic principles - http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap8.pdf 9. RMONv2, SNMPv2, SNMPv3 improvements - http://www.montefiore.ulg.ac.be/~leduc/cours/ISIR/ISIR-chap9.pdf This may not be exactly what you have asked for, but this gets you certainly going into the right direction. I hope this helps Luz Berger Berger Network Consult http://www.bergerl.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Finbom Magnus Sent: Friday, July 30, 2004 10:05 AM To: '[EMAIL PROTECTED]' Subject: [WhatsUp Forum] How to know what to look for? Hi! The world of SNMP is quite nice to work with and im learning more every day. One thing that feels like the heavy part of SNMP is to know what to look for. A server has many parts that can break. Both software and hardware. There is the cpu(and maybe MPU), drives in a raid. Raid-card, several nic's, memory, power and more... On the switches there are surely many things that can be monitored as well. What is the easiest way to find out what things that can be monitored an a device? The only ways I know this far is to download a MIB, complie and then browse through it and with help of mibdepot.com find out what every OID is usefull for. I dont want to miss anything. Would be boring if I thought of having a good WUG-config and the a server breaks down becuse I missed that there was that special OID to monitor.. Best regards Magnus Finbom IT-Engineer(Microsoft MCP, MCP+I, MCSE-NT4) Lansforsakringar Skaraborg Bank and Insurance Radhusgatan 8 54129 Skovde Sweden phone 0500 77 70 65, gsm 0708 71 70 60, fax 0500 77 70 30 [EMAIL PROTECTED] http://www.lansforsakringar.se/skaraborg Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/whatsup_forum%40list.ipswitch.com/
