Sep 14 2021

Understand How Network Monitoring Works to Conserve Resources

Improper configuration of network monitoring tools can overwhelm email, stress firewalls and stymie sophisticated checks.

Well-run IT operations are proactive about identifying problems and working on a fix — hopefully before end users notice. Network monitoring, an important tool in every IT manager’s toolbox, can help sound the alarm on potential problems. Here are some need-to-know facts and fallacies to help you get the most out of your network monitoring system.

Fallacy: Automatic Configuration Is Helpful

Most monitoring systems have network discovery built in to get you started, but automatic network discovery configuration is often far from what you want. If you launch discovery, you’ll end up monitoring a dozen counters on every network port — and most of those counters are meaningless in modern networks.

Click the banner below to unlock complimentary access to exclusive EdTech content.

This can, in fact, be harmful because low-end switches don’t necessarily have the CPU power and memory to withstand the network monitoring system pummeling them every few minutes. If you’re going across a district WAN, you can also waste a lot of bandwidth or stress your firewalls and VPN concentrators by monitoring too many remote switch ports too often.

For network devices — switches, routers and firewalls — it’s best to go through the configuration after network discovery and delete most of the monitored elements. Focus on the critical ports: links between devices and schools, production servers and every point where an outage would interrupt business continuity.

READ MORE: Network monitoring is important for protecting K–12 schools.

Fact: Network Monitoring Tools Are Noisy

It’s absolutely true that, left to themselves, network monitoring tools will overwhelm your email inbox or smartphone with alert messages. But this is very easy to fix, and the exercise is part of setting up the system properly in the first place.

A clean configuration that focuses on the devices and services to be monitored is a good starting point. Next, build your strategy around three types of alerts: log only, important and critical.

Many of the alerts coming from the network monitoring system are log only and should be sent to a log server, typically running SYSLOG or even just a local text file that you search when researching problems. Log only means that the alert doesn’t go to anyone’s mailbox or smartphone but is simply recorded in case it’s needed later.

Important and critical alerts are the ones that generate email and text messages. Important alerts should give you some breathing space; for example, you might not want to send the first alert email until a system or network link has been down or out of spec for 30 minutes or more. This gives you a chance to do a system reboot without lighting up everyone’s smartphones.

Critical devices or network elements, on the other hand, are ones where any service interruption is an emergency: a SAN outage, for example. Those alerts are the ones that wake you up in the middle of the night.

Fallacy: Most Systems Use Ping-Only Testing

The fact is, ping is just one of several options available with modern network monitoring tools. Agentless monitoring — where no software is installed on the device being monitored — can use network pings, SNMP queries or Intelligent Platform Management Interface to perform active checks against common services such as HTTP, printing, Domain Name System, Secure Shell, RADIUS, SQL, FTP and email.

In addition, many network monitoring tools also support a lightweight agent that you can install on servers to report on internal metrics such as memory and CPU usage, storage status and other performance measures. This gives you the option for additional visibility and is another area where you’ll need to manually tune discovery.

Basic services like HTTP and HTTPS are easy to discover, but if you have name services such as DNS, time services such as NTP, and authentication services such as LDAP or RADIUS, they usually need to be configured separately after autodiscovery has found the server or network appliances.

DISCOVER: Three tech solutions support the post-pandemic classroom.

Fact: Diverse Messaging Options Are Available

Years ago, network monitoring tools came to market with a narrow focus, but now these tools can be central alerting engines for everyone from software developers to remote IT support teams.

For example, many network monitoring tools now integrate with online messaging systems such as Slack. Software developers might prefer to get alerts via instant messages to fit into their day-to-day workflow. You can also add more specific alerts to specific teams, such as informing the IT group at a specific school when something is going wrong at their site.

Fallacy: Monitoring Measures Only Reachability

Reachability monitoring, which indicates if a component is up or down, is definitely part of every network monitoring tool. But modern tools can measure and alert on many other metrics, especially when SNMP is configured. For example, many network switches are able to send an SNMP trap or set an SNMP variable — or do both — when a fan goes out and needs to be replaced. The same is true for UPS systems, which inevitably churn through batteries. In school districts that may have dozens or even hundreds of UPSs, the network monitoring tool can alert when batteries need to be replaced.

Network monitoring tools can also do more sophisticated checks, such as noting network port speed — 1 gigabit per second or 100 megabits per second, for example — and sending a low-priority alert if the speed changes. This lets the network team know that a cable could be going bad, which is the most common reason for a device to suddenly switch to a lower speed.

Illustration by Jim Frazier/Theispot