Best practices for monitoring networks
7 monitoring best practices for beginners
providers on the subject
Monitoring the network and the connected devices is essential for every company. It must always be ensured that the users can carry out their activities without restrictions so that the company can continue to operate without any problems. We show what admins and those responsible should pay attention to.
By monitoring the network and the connected devices, you can quickly determine when individual components are no longer working or are showing errors. Malware attacks, ransomware infestations or hacker attacks can also be detected with network monitoring. However, small companies in particular often neglect monitoring, although IT operation usually plays an important role here as well. Even in small networks, there may be some devices in use that should be monitored regularly. It is often only about one or two servers, a few workstations, switches, a router and a firewall as well as the components of the data backup and possibly a lot more. Regardless of the size of the network, the components mentioned should be monitored more closely. We’ll go into more detail about this in the next few sections.
1. Monitor network components
First of all, the general availability of the network components that establish the connections between the devices should be monitored. These are, for example, switches, routers, servers and other components that run in the background. Data throughput and stability also play a role here. If the connection to the Internet plays a role, the throughput and bandwidth should also be kept in mind here. But the availability of printers can also be relevant if the printing of documents is important for the company.
2. Keep an eye on network services
If the general availability of these components is given, the critical services should be monitored. This can be the Internet connection, the DHCP service, the releases for data, special applications, HTTP servers and all components in the network whose failure is unacceptable to the company.
3. Provide enough storage space
Applications require storage space. This also applies to the operating systems, releases and all types of software. If the storage space on the servers runs out, good advice quickly becomes expensive. Because in this case, various services stop working and freeing up storage space is not always done quickly. Therefore, the free disk space should be constantly monitored.
4. Keep an eye on server utilization
For various reasons, it can quickly happen that servers or their CPU, memory or network components are overloaded. Such an overload has the same effect as an outage: users can no longer work. Therefore, the utilization of the most important components should always be kept in mind to ensure that countermeasures can be taken at an early stage.
Above all, the average utilization plays an important role. There can always be performance peaks, but if the average load on a server is too high, complete failures can quickly occur. You should react in good time here, for example by upgrading or replacing the hardware. That takes some time. Therefore, it should be ensured in good time that the hardware and software components are always able to provide the necessary server services.
5. Keep security components up to date
In times of constantly increasing malware attacks, especially by ransomware, those responsible in the company should ensure that the security components in the network are working properly. This includes, first of all, the function of the firewall and a functioning malware protection.
It is also important to know that all servers and workstations have up-to-date antivirus protection. Updates on all servers and workstations are also important. Microsoft closes security gaps monthly. It should be ensured at all times in the network that the latest updates are installed on the servers and workstations. This also applies to other software and, for example, to the firmware of firewalls and routers.
6. Check logs and event viewers
In addition to the general availability and monitoring of the services and components, internal logs and event displays also play an important role. Almost every server application and operating system keeps a log, which often gives early warning of errors that can even lead to outages.
These logs should be monitored – but in such a way that no internal “spam” arises from useless messages. Important events and logs from Windows, Linux, macOS, but also for server applications should be included in the monitoring in order to identify problems quickly.
Most operating systems and network components allow monitoring using SNMP. To do this, the respective function only has to be activated and integrated into a monitoring program. The information thus obtained, along with logs and event viewers, can provide an important knowledge base that is also available entirely free of charge. When using Windows servers, it is even possible to work in parallel with WMI. Monitoring software for small and medium-sized networks is usually able to read out this information as well.
7. Use extended information
Parallel to the data mentioned, it can be useful to monitor optional areas in the network. This can be the temperature of the server room, for example. In this way, problems can also be identified and rectified at an early stage.
Notifications also play an important role in network monitoring. If an error or unusual data is detected in one of the monitored components, those responsible should be informed as quickly as possible by email, SMS or other means so that they can react quickly. Here, however, it is important to ensure that not too much information is sent, otherwise important reports will be lost in the flood of rather unimportant information.
Solutions for monitoring small networks
In larger and medium-sized networks, comprehensive monitoring solutions from different manufacturers or open source tools that enable extensive configurations are often used, for example Cacti, Observium, Icinga and Nagios. But tools like Checkmk can also help with monitoring. How to use Checkmk is shown in the article “How to monitor Linux and Windows servers in the network”.
In small networks, such tools are usually not necessary, mainly because they have to be set up first and managed later. However, there are various other tools and solutions that can be used to set up monitoring quite quickly. The best-known examples in this area are:
At the same time, in the article “43 free tools for network monitoring” we presented numerous tools that even small companies can use to monitor important areas in the network and on the servers free of charge.