Monitoring Websites – Create Web Trackers

Create Web Trackers in Netmon

 

Have any of your website or web applications gone down, been hacked, or defaced? When and how did you find out?

In this post, we will show you how Netmon monitors your websites (or web applications) in our complete Network Monitoring Solution.

There are a few types of monitoring that are going to take effect when you create web trackers / url in Netmon.

  • ICMP / PING will provide you with: latency and status (up / down)
  • Pattern Match: will let you select a string of text on your website / URL that Netmon will check against to make sure that your site has not been defaced. Alternatively, your server where your site is residing may be operational and responsive but the site itself may be down or content may not be resolving.

Most importantly, when you create a Web / URL tracker you can create an email alert and be notified should any of the above trackers fail.

You can also run historical reports on your sites / URLs; for example: what was the latency for my website over the course of the week? What was the uptime of the website for the month?
 
 
web trackers 2

Adding A Web / URL Tracker in Netmon

 

When signed into your Netmon Device you will need to navigate to the Web Trackers tab:
Click Add Web Tracker

 
add web tracker
 

On the Add/Edit Web Tracker pop up fill in the fields below:

URL: This is the website URL that you want to monitor
Pattern to Match: A string of text on the URL page that Netmon will check to see exists every sample interval

Once your Web Tracker is created and Netmon has a chance to poll your new tracker and go through the pattern match, you will see a Status: Match like below:

 
web tracker match

 
addurl

Creating a Web / URL Tracker Alert

To create your Web Tracker alert click the alerts button on the right hand side of your created tracker and fill in the required fields as illustrated on right.

Should your website url or web application go down, be defaced or hacked you will be immediately notified so that you can take action and resolve the issue.

 
create alert

There are many more uses, configurations and examples of what can be done with Netmon’s Network Monitoring Solution. Please don’t hesitate to contact us should you have any questions.

You can also go to our demo where you can navigate through a live and working instance of netmon from our HQ, and finally, we can even do a phone and web session where we give you a full demo of the product.

Centralized SYSLOG and Windows Event Log

Configuring SYSLOG / Event Log on a Windows Device

 

Netmon’s complete Network Monitoring Solution can also be used as a centralized SYSLOG and Windows Event Log Server where you can quickly look through many Servers, Workstations or other Network devices’ SYSLOG and Event Log information without having to log into each individual device to see the same information.

Furthermore, with Netmon, you can create and generate email alerts based on any string of text pattern found within a specific event log, allowing you to be notified when that event occurs. This becomes very valuable if you know that a certain issue is recurring on a device and would like to catch it the next time it happens or if you simply want to be alerted when there are any issues on your network devices, including of course Windows Servers and workstations.

Unlike SYSLOG, Microsoft uses a different standard called Windows Event Logs. In order to import Windows Event Logs we have to install an agent on the Windows Server / Workstation in question which then will be pointed to your Netmon.

Download Windows Event Log Agent

Start by going to netmon.com/support/ and download the “SNARE Event Log Agent for Windows”.

You will now run the SNARE for Windows executable and run through the setup wizard

When presented with the Snare Auditing option as shown below, ensure the default option Yes is chosen to have Snare take control of your Event Log Configuration.

At the next screen leave the default option Use System Account as shown below.

download snare

 
Snare Auditing

 
Snare Account

 
You can now configure Remote Control of the SNARE application, we recommend Enabling Web Access, Disabling Password authentication & Local access only as shown below.

 
Remote Control Interface
 

You can now continue the installation by choosing the default options until the installation is complete.

 
After the installation has completed you can access the application by going to the start menu and looking for Intersect Alliance and choosing Snare for Windows.

 

snare for windows

 
You can also access Snare by going to http://localhost:6161 in your web browser.

Once you have access to Snare web interface you will want to navigate to the Network Configuration page.

Here you will configure Snare to send event logs to your Netmon device by filling in the below fields:

Destination Snare Server address:
Destination Port: 514
Enable SYSLOG Header?:
SYSLOG Priority: DYNAMIC

 
Snare Network Configuration

After configuration changes have been made click Change Configuration and you also need to click Apply the Latest Audit Configuration on the left side of you screen to complete the configuration changes.

Next you will choose Objective Configuration on the left side of you screen and apply the following changes:

Identify the high level events: Any event(s)
Identify the event types to be captured: Error, Warning & Critical
Identify the event logs: Application & System
Select the Alert Level: Critical

Snare filtering

After configuration changes have been made click Change Configuration and you also need to click Apply the Latest Audit Configuration on the left side of you screen to complete the configuration changes.

You have now completed the Snare configuration and can now create the Netmon device to capture the syslog events.

After signing into your Netmon device navigate to the Devices page and choose New Device. Fill in the fields and ensure you have the Enable Syslog option checked off. The Severity option you choose will capture any events above the selected option.

Notice: you can filter what type of event logs by minimum “severity” or “security” level you want to import into netmon. If you don’t care about any “Info” event logs you can ignore them and only import “warning” and above for example.

Now, when viewing the newly created device you can choose the Event Log tab in the device dashboard and see the syslog events that the Netmon is now capturing.

 
syslog in netmon
 

With Netmon you will be able to quickly browse through many Servers’, Workstations’ and other devices’ event logs all in one centralized platform.

 
add device syslog

syslog event log

 
Lastly, now that netmon is capturing these event logs, you can also create alerts based on events and text patterns by choosing the Manage Alerts button under the Event Logs Tab.

 
add syslog alerts

There are many more uses, configurations and examples of what can be done with Netmon’s Network Monitoring Solution. Please don’t hesitate to contact us should you have any questions.

You can also go to our demo where you can navigate through a live and working instance of netmon from our HQ, and finally, we can even do a phone and web session where we give you a full demo of the product.

Monitoring Cisco Devices on your Network with Netmon

Cisco Network Devices

 
We feel that it is crucial for any Sysadmin or IT professional to have quick access to, and information about any given networked device in their environment.

Having a centralized platform where you can get specific details about each monitored device will greatly reduce troubleshooting time by being able to access and get critical information about it, or even finding the malfunctioning device. We will focus on cisco devices for this post and what type of information is available to user’s.

In Netmon we have created dashboards for cisco and other specific (the most popular and common) manufacturers so that when a device is added, it automatically polls “dashboard” or preset trackers. Additional trackers can be added to the dashboard using SNMP walk.

Netmon utilizes several industry standard technologies including PING / ICMP, SNMP, NetFlow that come into play when talking about cisco devices (you will have to have SNMP enabled on the cisco device before you can add the device into netmon).

 
We will take a look at:

• Cisco Firewalls
• Cisco Routers
• Cisco Switches
• Cisco APs

The dashboards will look very similar for the family of cisco devices with a few notable differences that we will point out.

When adding a new device in Netmon you will need to enter the device’s information such as IP address and SNMP configurations, polling interval, etc.

Cisco Add Device

Cisco Switches

 
Here is what the default dashboard looks like for a cisco switch, in this case a 2901.

 
Cisco Switch Dashboard

 

You will notice that this dashboard provides you with crucial system information about the switch including its CPU % utilization, System Uptime, Description, etc. You can quickly identify and establish the status of the switch including the load it’s experiencing on a 5 second, 1 minute, and 15 minute average. This would quickly tell you if the switch is overloaded.

This information that you are seeing is in real time, or rather, last poll data (if your interval is set to 3 minutes, it means that data is current as of 3 minutes - that is our default log level for regular monitored devices).

If you require additional information on the dashboard that may be accessible through SNMP on your device, you can add it by running a SNMP walk and selecting to “graph / log” OID tracker you wish to add.

In order to track any of these items on the dashboard historically (rather than view the last poll, for reporting purposes) you can create a tracker out of any of these items that are listed on this dashboard. This will give you the ability to run a historical report - for example, what was my CPU % utilization for this device last week?

Cisco CPU Percent Utilization Last week

Because this is a switch, we are going to be interested in the network interfaces that are on this switch - navigate to the “Network” tab in the device’s dashboard.

On the right hand side of this tab you will see every single interface, physical or virtual, along with the bandwidth in and out as well as what is connected in that specific interface (this will either display as a resolved name, IP or MAC address). These fields can be renamed and customized to your liking.

As mentioned above, this is real-time (last poll data) and in order to track bandwidth utilization across one of these interfaces, you simply create a tracker and tell it to “graph / log results”. We will come back to this in the firewall section a little further down this post.

Cisco Switch Dashboard

On the left hand side you will find PING / ICMP and TCP trackers and just below it you will find Bandwidth trackers. Again, once a tracker is created it gets stored in Netmon and you are able to run historical reports for any given timeframe.

 

Cisco Network Services

Cisco Firewalls (ASA in this example)

 
Most of the dashboard for the cisco devices are going to look very similar to each other in terms of the information they provide with the exception of a few added features depending on the device in question. For example for cisco firewalls we have a little more information available on the dashboard. Cisco firewalls give us the addition of % RAM used and give us VPN Session information right on the main dashboard. This is very useful if you need to see what’s configured and who’s actively connected.

Cisco ASA Dashbaord

Cisco VPN Sessions

As mentioned above for switches, when we go to the Network tab of the firewall we can access all our bandwidth trackers, PING / ICMP Trackers.

It is great seeing everything in real time and being able to report on these parameters, especially bandwidth on a cisco ASA since this is where our Internet connections are distributed and monitored… however, for every tracker that is created, we can create alerts to notify us if for example:

• The device is unresponsive (PING / ICMP) tracker
• Bandwidth utilization for our internet connection reaches 80%
• The CPU % utilization of the device exceeds 90%
• Etc.

Cisco ASA Network Tab

Cisco Wireless Access Points

 
Cisco WAPs will once again give us more or less the same information as well as the addition of specific Device Information - Radio, Client and SSID broadcast. This lets you easily identify what group / mesh and location this WAP belongs to.

 

Cisco WAP Dashboard

 

Cisco Routers

 
Again, more of the same information can be obtained, tracked and reported on, with a very similar look so that everything is quickly and easily accessible for information gathering, troubleshooting or checking up on. From here you can create parameters and thresholds and be altered anything that exceeds these thresholds. You can even import SYSLOG information into netmon for each device so that is also accessible, reviewable and of course ALERTABLE on.

Each device dashboards also contains a “notes” section where you can log any events or information about this device in text form.

 
 
Cisco Notes

 
There are many more uses, configurations and examples of what can be done with Netmon’s Network Monitoring Solution. Please don’t hesitate to contact us should you have any questions.

You can also go to our demo where you can navigate through a live and working instance of netmon from our HQ, and finally, we can even do a phone and web session where we give you a full demo of the product.

How to configure SNMP on Debian

This will be a fairly straight forward to tell you how to configure SNMP on Debian operating systems.

Warning: Configuration of your linux server is your responsibility. Please don’t damage your linux servers.

Download SNMPd

SNMPd is not installed by default. You must first install snmpd.

apt-get update; apt-get install snmpd

You should see many lines;

The following NEW packages will be installed:
libsensors4 libsnmp-base libsnmp15 snmpd
0 upgraded, 4 newly installed, 0 to remove and 1 not upgraded.
Need to get 1,659 kB of archives.
After this operation, 4,210 kB of additional disk space will be used.
Do you want to continue [Y/n]?

You click just hit enter. It will download and install snmp. When this is done.

Configure SNMP on Debian

Open the configuration file:

nano /etc/snmp/snmpd.conf

The first thing to change will be at the top of the configuration file.

# AGENT BEHAVIOUR
#

# Listen for connections from the local system only
#agentAddress udp:127.0.0.1:161
# Listen for connections on all interfaces (both IPv4 *and* IPv6)
agentAddress udp:161,udp6:[::1]:161

You are changing 2 things here. By default:
#agentAddress udp:127.0.0.1:161 will be agentAddress udp:127.0.0.1:161

AND

agentAddress udp:161,udp6:[::1]:161 will be #agentAddress udp:161,udp6:[::1]:161

Simply make the change to make it appear like above in blue.

Further down the configuration file you can add the following.

Add the following for your internal ip addresses:

rocommunity secret 10.0.0.0/8
rocommunity secret 172.16.0.0/12
rocommunity secret 192.186.0.0/16

Press ctrl+x to exit. Type y to save, and press Enter for the file name.

Restart the SNMP agent:

/etc/init.d/snmpd restart

This should be all you need to do in most cases. Now from Netmon add your server:

There are many more uses, configurations and examples of what can be done with Netmon’s Network Monitoring Solution. Please don’t hesitate to contact us should you have any questions.

You can also go to our demo where you can navigate through a live and working instance of netmon from our HQ, and finally, we can even do a phone and web session where we give you a full demo of the product.

How to configure Netflow on a Cisco device for Netmon

Warning: Configuration of the Cisco device is your responsibility and you can potentially do damage to your device so please make backups of your router before making any changes. Commands can vary with different Versions of Cisco firmwares.

Why NetFlow?

The traditional way is to mirror all traffic in its entirety on your switch for analysis. This requires an interface capable of speeds equivalent of the traffic you wish to monitor. NetFlow (and similar protocols) instead summarize and break traffic down for analysis resulting in much less data required.

In this blog I will set up NetFlow on a Cisco 2901 and configure it to export NetFlow in a very basic way (no security) to provide Netmon a remote view of a network at another location – on the other side of an internet connection.

These are the commands will be used:

 snmp-server community public RO

ip flow-cache timeout active 1

ip flow-export source Vlan1

ip flow-export version 5

ip flow-export destination 10.10.1.50 9996

ip flow ingress

ip flow egress

 

How to configure Netflow

Let me show you where to put them. First elevate your privileges to configure the router.

 Cisco2901(config)#

 # snmp-server community public RO

This enables the SNMP community string of ‘public’ and is Read Only. If you have already done this you can skip this step.

 # ip flow-cache timeout active 1

This breaks up the NetFlow traffic into 1 minute blocks.

# ip flow-export source Vlan1

In Netmon Vlan1 will be the ip address the device has been configured. In my case this ip address is 10.66.0.2. The device in Netmon is configured as 10.66.0.2

 # ip flow-export version 5

Netflow version 5 is the most common version of NetFlow used by many manufacturers of routers.

 # ip flow-export destination 10.10.1.50 9996

10.10.1.50 is the private ip address of http://demo.netmon.ca and 9996 is the default port Netmon uses for NetFlow traffic.

User ID: demo
Password: demo742

 Next I have to decide which interface I wish to monitor. I could choose multiple. In my case I have Vlan 111 as a collector MPLS interface which represents all traffic for this network.

# interface Vlan111

 Cisco2901(config-if)#

 # ip flow ingress

# ip flow egress

 Cisco2901(config-if)#

*Hold Control + Z*

 Cisco2901# write mem

Everything is done on the Cisco Router. We move on to Netmon. Navigate to the ‘Devices’ tab of Netmon and click on “New Device”

Add/remove netflow device for cisco on netmon

 

The ip address we had chosen as a source which was Vlan 1 and the Read Only SNMP community string I configured as ‘public’

 

cisco device dashboard netmon 6.0

 Click on the Network tab.

On the right side find the interface you are looking to view.

 

netflow device dashboard netmon 6.0

 

If you click on the interface here you will see a new window.

 

add-edit interface device dashboard netmon 6.0

 You can name this interface whatever you like. I select all 3 boxes.

 

netflow data graph dashboard netmon 6.0

 

You now know how to configure netflow on a Cisco device for Netmon. In a few minutes a graph on the front page will start populating. As it fills in you will see the breakdown of remote traffic summarized by NetFlow.

 

configure netflow on a cisco device data graph

 

If we take a look at the impact NetFlow on the internet connection we see that it averages around 400 kbps. A common 5mbit/1mbit DSL connection can handle this traffic. Comparing that to to the traditional method of simply mirroring traffic this would not be possible as seen in previous graph where traffic is spiking up to 60.23 Mbps.

Sonicwall Multi-Homed Servers for VPN

If you are a Managed Service Provider,you will inevitably have a customer whose IP subnet is the same as another customer. I have multiple customers on 192.168.1.0/24 network which is because Linksys defaults to this; however I just can’t change those networks subnet without hassle and downtime. For this demonstration we will be using Sonicwall.

(more…)