What tools do u use to monitor your network ??

What tools do you use to monitor your network ? What type of things do u look out for when monitoring your network ??

We use CiscoWorks, Cisco Transport Controller (shows status of Sonet ring), have PIX logs firing off on another monitor and the Network Admins have their pagers going off any time a core switch or router goes down. We also have a "ping monitor" which is just a custom-coded web page that sends out pings to all switches and routers at regular intervals and displays their status on one page with green and red lights. They also have Cisco CallManager that monitors the VoIP network with real time graphs.

My main concern is the PIX log and with that I just look out for suspicious port activity (i.e. port 445).

I use mainly Nagios and MRTG to monitor all services and equipment through the company. With Nagios, I currently monitor around 50 different nodes, including a wide range of Cisco equipment such as routers, switches, content switches, Call Managers e.t.c and our main servers.

MRTG is used to generate graphs showing the current and previous utilisation of our links.

These two tools are enough for me to get an overall idea on whats happening any time in the network.

Regarding the VoIP part of the network, the Cisco Call manager monitoring tool is a great companion that shows me total number of registered IP Phones, calls in progress, resources on the call managers and much more.

LooseCannon, I would be very interested in seeing a screen shot or two from your Ciscoworks/Pix monitoring tool. Would this be possible? If so, you can send me the pictures and I can upload them on the server aswell.

Cheers,

Snort on the IDS front
Solarwinds for some SNMP and address management stuff
MRTG for the routers

WhatsupGold for some things

Nothing major.

Hi Chris, the PIX log is actually just sent to a syslog server running Solaris 8 and from there I have written a basic awk script to filter out the junk and display the pertinent info on one line to make it easier to read. We just use a 'tail -f' command to have it updated it real time.

As for CiscoWorks we use that to plot graphs for switch/router ports to monitor their utilization, errors, etc. I can try and get a few screenshots of those if you like.

Also, I have been looking at www.syslog.org , and more specifically a tool called sensorTrends that can take information from a file, such as a syslog, and plot a graph and some tables with that info. I'm thinking this give me a lot better overall view of the log activity then having to grep through a syslog every morning 8) .

Day-to-day stuff:
HP Openview
MRTG
Troubleshooting:
Fluke OneTouch (portable diagnostic tool)
Network Instruments Observer Suite and/or Ethereal
Security:
NMAP
Nessus
Snort
Logwatcher
Tripwire
Automation:
Perl scripts
Other:
Lots of little bits of freeware etc for this and that