Indipendentemente dalle dimensioni e dal grado di complessità, le reti oggi devono produrre risultati e prestazioni ottimali. Crash delle applicazioni ed errori di sistema possono comprometterne la produttività ed avere gravi ripercussioni sull'utile d'impresa. Le aziende di medie dimensioni che, al pari delle grandi imprese, si avvalgono di reti sempre più complesse, necessitano di soluzioni practices to manage their network in an optimal manner.
In a saturated market of enterprise management solutions, complex and expensive, there is urgent need for network management systems that offer scalability, usability and expandability of any minimum initial investment.
But before your wallet and go to applications that allow central monitoring of our network, you had better take a look at a small utility that our Windows operating system makes available to us.
This article will offer an overview of a useful tool for monitoring and control of activity and incoming network traffic in and out of our car. We will assume that the network architecture has a low to medium complexity and Montino machines running Microsoft Windows Server2003 / XP Professional / 2000 / NT. Performance
Did you know that Microsoft makes us courtesy of Performance: an interesting tool to measure real-time system performance, processor, memory, accesses to disk drives, database tasks, threads, processes and active of course, the network traffic. What, among other things, this makes it very attractive monitoring tool is the ability to log everything that its meters are programmed to detect. Logs can be loaded su file di diverso formato, quali Txt e Cvs o strutture Sql. Sarà dunque possibile eseguire statistiche e query aggiornate sul sistema sotto monitoraggio.
Non di meno Performance permette di impostare allarmi nel caso del verificarsi di eventi critici, prevedendo l'invio di messaggi di notifica e/o l'esecuzione di programmi o comandi ad hoc posti alla risoluzione dell'evento scatenante.
Per trovarlo non dovrete andare lontano. È sufficiente essere amministratori della macchina su cui si lavora ed accedere alle Administrative Tools sotto Pannello di Controllo.
In alternativa eseguire il comando
perfmon.msc /s
dal modulo di eseguzione raggiungibile dal percorso Start / Run.
Figure 1: Performance
Performance shows three sensors already set the default indicated in the list below:
* * Memory * Processor Physical Disk
and graph of current activity in real time.
The three sensors monitor from default RAM memory access, access to physical disks and the workload of the processor. If you are not considered necessary to keep under control these three objects can be easily removed.
without losing too much chatter on the flexibility of this small and useful tool, che permettere di modificare a piacimento istogramma, colori e scala di misurazione, procediamo con l'inserimento degli oggetti che ci interessa porre in monitoraggio.
Monitoring in tempo Reale
Dopo aver cancellato tutti gli oggetti in lista, procediamo con il mettere sotto controllo i protocolli TCP, UDP, IP e ICMP cliccando sul tasto '+'. Da Performance object selezioniamo i protocolli da monitorare uno per volta: ICMP, TCP, UDP e IP come indicato in figura.
Figura 2: selezione dei protocolli
Passiamo adesso a descrivere in che modo è possibile effettuare log e programmare alert che ci permettano di mantenere il monitor everything that passes for our car.
Logging data traffic
In the left column select Counter Logs. From the Action menu and then select New Log Settings. We give a name to the process of log we want to implement, for example: TCP_LOG. In the window that appears, in the General tab as follows: *
Counter select the Add button and select the object TCP Performance object.
* From here, pressing the Add button, you can choose from a list of counters, or select them all. The Explain button provides details about the counters available for the TCP object.
* Finally, press the Close button, get a list of counters for our object of type TCP: \\ \\
In Performance tab LogFiles to denote the location, name of the file format and save the LOG. The Schedule tab allows a process of planning our LOG indicating the date and time of the START and STOP the service.
Now apply and save your changes. We repeat the same procedure for the other items we are interested in monitoring, for example: IP, UDP and ICMP.
TCP_LOG Our list is now in the Counter Logs. The red icon beside the log indicates that the process is stopped. To activate it you can press the Play button in the top bar and select Start from Action menu. We shall soon see how you can program an Alert that triggers the process log. If you choose to save log data to CSV file with tabs "comma" '(semicolon'), we will file type < Data ora, Identificativo contatore, valore >.
Alarms and actions
As anticipated, performance allows us to set alarms ready to shoot when one of our sensors detect data values \u200b\u200boutside of our control parameters.
select the item in the left column Alerts. From the Action menu and then select New Alert Settings. We give a name to the process of log we want to implement, for example: TCP_ALERT.
In the resulting window, proceed in the General tab come segue:
* Selezioniamo il tasto Add e da Performance object selezioniamo l'oggetto TCP.
* Da qui, premendo il tasto Add, è possibile scegliere su una lista di contatori, oppure selezionarli tutti. Anche qui, il tasto Explain fornisce informazioni dettagliate sui contatori disponibili per l'oggetto TCP.
* Alla fine, premuto il tasto Close, otterremo una lista di contatori relativi all'oggetto TCP del tipo: \\
* Nel campo indicato come Alert when the value is indicare il valore oltre (Over) o sotto (Under) il quale il contatore deve attivare le azioni di Alert.
Nel tab Action indicheremo a Performance l'azione da intraprendere in caso Activation of Alert:
* Sending a message.
* Setting up a log service, for example TCP_LOG created in the previous section.
* Run a command with specific parameters.
Again, the Schedule tab allows programming of the process of Alert indicating the date and time of the START and STOP the service.
Schedule Alert
The problem at this point is to understand what is abnormal and what not, so you can set the alert in the best way. Certainly, the definition of alarm thresholds of the counters, will be programmed according to the nature of the machine under monitoring. A server machine running ICMP traffic, for example, is considered at least suspicious. A workstation client from the office at night traffic is running TCP / UDP may be affected by worm or Trojan Horse. And again, a stain that acts as a Web server, on which there was an excessive use of CPU time and memory, or a large number of tread, affects performance and response time, lowering the quality of service provided and can even cause cessation.
In general, a proper tuning of monitoring systems, is at the discretion and prerogative of the system or machine on the network under observation. Read
LOG
Developed sensors and alarm systems, Performance proceed with the acquisition all data reporting everything that is believed to be an anomaly. Reading this information will be useful to improve the performance and quality of services provided by the machine under monitoring. As mentioned, the data collected from exports, it is not difficult to extrapolate statistics, for example, access to the machine and the quality of services rendered during his activities.
Conclusion
best to use this tool allows you to monitor the performance of our systems in a LAN or directly connected to the Internet. The alarm and logging services help to identify abnormal traffic or network activity is not required. This article is intended to highlight as, the small application of Performance Management, is able to meet the needs of traffic monitoring data, and not only at the cost to zero.
0 comments:
Post a Comment