Local network control program. How to monitor network activity with Windows Firewall logs

We've compiled another list of great free server and network monitoring tools. They are very important for any business running through a website or network. Server and network monitoring allows you to keep abreast of all issues as they arise; and this, in turn, allows you to do the right thing.

Ganglia is a flexible monitoring system for high performance computing systems such as clusters and cells. It is structured hierarchically, and is aimed at uniting clusters.

Monit is an affordable utility for managing and monitoring processes, programs, files, directories, and file systems on a UNIX system. Monit carries out automatic maintenance and repairs, and when errors occur, it can take actions appropriate to each specific case.

Nagios offers complete control and alerting for servers, applications and services.

Collectd is a daemon that periodically collects system performance statistics and provides mechanisms for storing values \u200b\u200bin various forms, such as RRD files.

Cacti is a comprehensive network graphics solution designed to take advantage of RRD tools storage capabilities and graphics functionality. Cacti provides the ability to create advanced graph templates, multiple data collection methods, and a new look at custom control functions. All this is wrapped in an intuitive and simple interface that makes sense for both LANs and complex networks with hundreds of devices.

IT organizations use Zenoss server, network and cloud monitoring to manage dynamic data centers.

Argus is a system and network monitoring application.

Observium is an auto-discovery SNMP-based network monitoring platform written in PHP that includes support for a wide range of network hardware and operating systems, including Cisco, Windows, Linux, HP, Dell, FreeBSD, Juniper, Brocade, NetScaler, NetApp, and more. ...

The smallest free tool to monitor computers on a local network and any internet hosts. You just need to launch EasyNetMonitor, open the pop-up menu in the tray and get information about the status of computers on the network.

Network analyzer (packet sniffer) Capsa Free is software for Windows platform, service packets and analysis protocols, the best free analytics tool for network monitoring and troubleshooting.

Free internet proxy for fixing bugs, suitable for any browser, system and platform.

Zenoss Core is a corporate network and systems management application written in Python. Zenoss provides an integrated product for monitoring availability, performance, events, and configuration across all layers and platforms.

You probably know about the presence of a built-in firewall in it. Perhaps you also know how to allow and block access of certain programs to the network in order to control incoming and outgoing traffic. But did you know that the Windows firewall can be used to log all connections that go through it?

The Windows Firewall logs can be helpful in solving specific problems:

• The program you are using cannot connect to the Internet, although this problem is not observed with other applications. In this case, to fix the problem, you should check if the system firewall is blocking the connection requests of this program.
• You suspect that your computer is being used for data transfer by malware and you want to monitor outbound traffic for suspicious connection requests.
• You have created new rules for allowing and blocking access and want to make sure that the firewall correctly processes the given instructions.

Regardless of the reason for use, enabling event logging can be challenging as it requires a lot of configuration manipulation. Let's give a clear algorithm of actions how to activate registration of network activity in the Windows firewall.

Access to firewall settings

First, you need to go to the advanced settings of Windows Firewall. Open the Control Panel (right-click on the Start menu, the “Control Panel” option), then click the “Windows Firewall” link if the view mode is small / large icons, or select the “System and Security” section, and then “Windows Firewall” ”, If the view mode is category.

In the firewall window, select the option in the left navigation menu “Advanced Options”.

You will see the following settings screen:

This is the internal technical side of Windows Firewall. This interface allows you to allow or block program access to the Internet, configure incoming and outgoing traffic. In addition, this is where the event registration function can be activated - although it is not immediately clear where this can be done.

Access to log settings

First, select the “Windows Firewall with Advanced Security (Local Computer)” option.

Right click on it and select the "Properties" option.

This will open a window that can confuse the user. When you select the three tabs (Domain Profile, Private Profile, Public Profile), you will notice that their contents are identical, but refer to three different profiles, the name of which is indicated in the title of the tab. Each profile tab contains a button to configure logging. Each magazine will correspond to a different profile, but which profile are you using?

Let's take a look at what each profile means:

• A domain profile is used to connect to a wireless Wi-Fi network when a domain is specified by a domain controller. If you are not sure what this means, it is best not to use this profile.
• The private profile is used to connect to private networks, including home or personal networks, which is the profile you are most likely to use.
• The public profile is used to connect to public networks, including restaurants, airports, libraries, and other institutions.

If you are using a computer in home network, go to the "Private Profile" tab. If you are using a public network, go to the Shared Profile tab. Click the "Configure" button in the "Logging" section on the correct tab.

Activating the event log

In the window that opens, you can configure the location and maximum size of the log. You can set an easy-to-remember location for the log, but really the location of the log file doesn't really matter. If you want to start event logging, in both the “Record missed packets” and “Record successful connections” drop-down menus, set the value to “Yes” and click the “OK” button. Continuous operation of the function can lead to performance problems, so activate it only when you really need to monitor connections. To disable the logging function, set the value “No (default)” in both drop-down menus.

Exploring magazines

Now the computer will record the network activity controlled by the firewall. In order to view the logs, go to the “Additional parameters” window, select the “Monitoring” option in the left list, and then in the “Logging parameters” section, click the “File name” link.

Then the network activity log will open. The contents of the log can be confusing for an inexperienced user. Consider the main content of the log entries:

1. Date and time of connection.
2. What happened to the connection. The “ALLOW” status means that the firewall has allowed the connection, and the “DROP” status means that the connection was blocked by the firewall. If you are experiencing network connectivity issues for an individual program, you can pinpoint the exact cause of the problem with a firewall policy.
3. Connection type - TCP or UDP.
4. In order: the IP address of the source of the connection (computer), the IP address of the destination (for example, a web page) and the network port used on the computer. This entry allows you to identify ports that require opening for software to work. Also watch out for suspicious connections - they can be made by malware.
5. Whether the data packet was successfully sent or received.

The information in the log will help you figure out the cause of the connection problems. The logs can also log other activity such as target port or TCP acknowledgment number. If you need more details, see the “#Fields” line at the top of the log to identify the value of each metric.

Remember to turn off the logging feature after shutdown.

Advanced network diagnostics

By using the Windows Firewall log, you can analyze the types of data being processed on your computer. In addition, you can determine the causes of network problems related to the operation of the firewall or other objects that disrupt the connection. The activity log allows you to get acquainted with the work of the firewall and get a clear picture of what is happening on the network.

The built-in OS administration tools are not always convenient or often do not have sufficient functionality, therefore, the system administrator's arsenal is eventually replenished with useful utilities, add-ons and scripts that greatly simplify everyday tasks. It is doubly gratifying when the found solution not only helps to cope with a specific problem, but is also distributed free of charge.

Advanced IP Scanner

The sysadmin needs to know everything about the systems running on the network and quickly access them. Advanced IP Scanner, designed for fast multithreaded scanning of a local network, helps to cope with this task. AIPS is provided completely free of charge, without any reservations. The program is very simple and straightforward to use. After launching AIPS, it checks the IP addresses of the network interfaces of the host on which it is installed, and automatically assigns the IP range to the scan parameters; if the IP does not need to be changed, then it remains to start the scan operation. As a result, we get a list of all active network devices. For each, all possible information will be collected: MAC address, network card manufacturer, network name, user registered in the system, available shared resources and services (shared folders, HTTP, HTTPS and FTP). Almost all scanning options can be configured, for example, change the speed or exclude scanning of a certain type of network resources (shared folders, HTTP, HTTPS and FTP). You can connect to any resource with one click, you just need to mark it in the list. AIPS is integrated with Radmin software and during scanning finds all machines running Radmin Server. The scan result can be exported to a file (XML, HTML or CSV) or saved in the "Favorites" (drag-and-drop supported). In the future, if you need to access the desired client computer, you do not need to scan the network again. If the remote device supports the Wake-on-LAN function, it can be turned on and off by selecting the appropriate menu item.

NetWrix, a company specializing in developing solutions for auditing changes in IT infrastructure, offers ten free and very useful utilities designed to significantly simplify administration of Windows. For example, NetWrix Inactive Users Tracker allows you to solve one of the pressing security problems - the presence of inactive accounts that no one uses for some time (dismissed employees, business trips, moving around the job, temporary registration, etc.). HR managers rarely warn the IT department about changes, and such an account can easily be exploited by an attacker. The utility periodically checks all accounts in the domains and reports on those that have not been accessed for a certain time. In the Free version, as actions, it is possible to specify only a warning by e-mail (it is enough to set the SMTP parameters), all other operations are performed manually by the administrator, although a warning in our case is sufficient. In the paid version, the following are available: automatic setting of a random password, deactivating an account and moving to another OU, an OU filter to search for accounts. The get-NCInactiveUsers PowerShell cmdlet is offered separately, which allows you to get a list of inactive users (the "lastLogon" attribute is checked) and to simplify the writing of the corresponding scripts.

WinAudit Freeware

WinAudit is a free utility from Parmavex Services that allows you to perform a complete system audit. Does not require installation, can be run in command line mode. The program has a simple and localized interface, it can run on all versions of Windows, including 64-bit. Collecting data takes about a minute (the duration of the process may vary depending on the operating system and computer configuration), the resulting report consists of 30 categories (configurable). As a result, the administrator can receive data about the system, installed software and updates, indicating the version and vendor, connected devices; list of open network ports (number, service, program, etc.) and open folders; active sessions; security installations; access rights to the periphery; information about accounts and groups; list of tasks / services; startup programs; log records and system statistics (uptime, memory usage, disk usage). You can also search for specific files by name. For example, to find music and video on a user's hard drives, just set the appropriate extensions (avi, mp3, etc.). The result can be opened as a web page, exported to a file of many popular formats (txt, XML, CSV, PDF) or to a database (using the wizard, all popular are supported: MS SQL, MS Access, MySQL, Oracle and others), send by e-mail and print.

Computer accounting with CheckCfg

The problem of accounting for office equipment and used software is acute in any organization. You can solve it different ways, one of the options is offered by the developer Andrey TatukovCheckCfg. This solution periodically collects data about hardware, OS and programs, including CPU type, RAM size, disk space, S.M.A.R.T. And so on. At the same time, CheckCfg easily copes with several hundred computers. The result is displayed in a convenient tree-like form, it is easy to access local directories. Each PC can be assigned an inventory number, if necessary, it is easy to generate a report in RTF format.

CheckCfg is a complex of programs. CheckCfg is responsible for the direct collection of data about the computer, which is launched when the OS starts and writes the result to a file. Information management and archiving is performed using the Sklad accounting program, which processes the files created by CheckCfg and saves them to its database, after which you can generate reports. With the help of the Sklad_w program, you can conveniently view the current configurations of computers and basic data on office equipment (by IP-addresses, CPU, Memory, software). To analyze changes in the PC configuration and notify the administrator about it, another utility is used - Doberman. Perhaps the setting will not seem entirely trivial, since you have to manually create the necessary configuration files, but the detailed description on the site and the available templates allow you to figure everything out without problems.

MailArchiva Open Source Edition

Some mail servers, such as MS Exchange, have mail archiving functions that allow you to find old messages if necessary, including to reveal leakage of confidential information when investigating incidents. In other cases, you have to provide these functions yourself. A variant of the solution is the development of the MailArchiva company, compatible with most modern mail servers (Lotus Domino, MS Exchange, MDaemon, Postfix, Zimbra, Sendmail, Scalix, Google Apps). It supports archiving via SMTP, IMAP / POP3, WebDAV and Milter (the program has a built-in SMTP and Milter server, IMAP / POP client). To avoid collecting all mail, you can create any archiving rules. Three levels of access to saved data are implemented - user (only own mail), administrator (settings and own mail) and auditor (all mail, can be limited by rules). The Open Source version of MailArchiva also offers intuitive search functions, including attachments (Word, PowerPoint, Excel, OpenOffice, PDF, RTF, ZIP, tar, gz). MailArchiva works on Windows, Linux, FreeBSD and Mac OS X.

Performance Analysis of Logs

In case of problems with system performance, it is rather difficult to detect a bottleneck using the standard Windows Performance Monitor without experience. In order to figure out which metrics need to be taken and how to correctly interpret the result, you will need to thoroughly go through the documentation. The PAL utility (Performance Analysis of Logs, pal.codeplex.com) greatly simplifies the bottleneck search. Once launched, it scans the logs and analyzes them using built-in templates. Currently, there are settings for most of the popular MS products - IIS, MOSS, SQL Server, BizTalk, Exchange, Active Directory and others. After starting, the administrator activates the necessary counters in the PAL Wizard by simply selecting a template from the list of suggested ones, specifies the current server settings (number of CPUs and others), the analysis interval and the directory for saving the result. After a while, a detailed HTML and XML report will be issued containing the description, counter name and metrics (Min, Avg, Max and Hourly Trend). The report can then be easily copied to any document. But you will still have to understand the collected parameters on your own. Although if PAL shows that the characteristic is in the green sector, you should not worry. The request itself is saved in the PAL.ps1 PowerShell script, which can be saved for later use. Templates are XML files; taking any of them as an example, you can create your own version. The built-in PAL Editor is available for editing parameters in the template.

Win7 is officially supported, but works on all MS OSs, starting with WinXP (32/64). To install, you need PowerShell v2.0 +, MS. NET Framework 3.5SP1 and MS Chart Controls for Microsoft .NET Framework 3.5.

Create an Access Point with Virtual Router

The situation when a computer with a Wi-Fi card needs to be turned into an access point is by no means rare today. For example, you need to quickly deploy a WLAN or expand your Wi-Fi coverage. Initially, the operation of a wireless card was provided only in one of two modes: point-to-point, when clients connect to each other, or as an access point. In Win7 / 2k8 (except for Win7 Starter Edition), it became possible to virtualize network connections (Virtual Wi-Fi technology), which allows you to create several Wi-Fi modules with their own settings using one physical Wi-Fi adapter. Thus, the computer can be connected to Wi-Fi and at the same time act as an access point (SAPoint, Software Access Point). The connection to this virtual hotspot is secured using WPA2. You can turn a PC running Win7 / 2k8R2 into an access point using the Netsh console utility, through the Network and Sharing Center, or using the Virtual Router application, which has an intuitive GUI and very simple settings. After starting Virtual Router, you just need to specify the SSD and the password to connect, and then activate the access point. If necessary, you can also stop the hot spot by pressing one button. Additionally, the window displays the current connections to the point, for each you can set its own icon and change some parameters.

RDC connection management - RDCMan

For remote control of servers and PCs running Windows, the Remote Desktop Connection snap-in is designed. If you need to establish many RDP connections with different settings, then it becomes inconvenient to work with it. Instead of methodically saving individual settings for each remote computer, you can use the free Remote Desktop Connection Manager RDCMan to automate this process. After starting, specify the RDP connection settings that will be used by default and inherited by all connections. Here we set general credentials, gateway, screen settings, security parameters and much more. Next, we create the required number of system groups (for example, by purpose, location, OS version), for each of them you can specify specific connection settings. And the last step is filling the groups with systems. To add a server, you only need to enter the domain name; if any parameter differs from the group settings, you can immediately redefine it. If necessary, systems can be easily moved between groups with a simple drag and drop. If there are many systems, it is easier to create text file, specifying one name per line, and then feed the blank to the utility. Now, to connect, just select the required server and click on the "Connect" item in the context menu. You can simultaneously activate multiple connections and switch between them.

Free Active Directory Tools

Managing Active Directory parameters using standard tools is not always easy and convenient. In some situations, the Free Active Directory Tools from ManageEngine will help. The kit consists of fourteen utilities, run from one shell. For convenience, they are divided into six groups: AD USer Report, SharePoint Report, User Management, Domain and DC Info, Diagnostic Tools, and Session Management. For example, launching Empty Password User Report will allow you to get a list of accounts with empty passwords, GetDuplicates - to get accounts with the same attributes, CSVGenerator - to save Active Directory account data to a CSV file. Other features: report last logon time, retrieve data from AD based on query, report on SharePoint installations, manage local accounts, view and edit domain password policies, get a list of domain controllers and their roles, manage their replication, monitor them work (CPU load, RAM, hard drives, performance, etc.), terminal session management and much more.

Comodo Time Machine

The ability to restore the system using the System Restore component is incorporated in Windows, starting with XP, but its functionality, to put it mildly, is limited, so third-party applications are often used for backup. Free utility Comodo Time Machine (comodo.com) allows you to roll back the OS to any previous state. Moreover, it will work even if the OS has completely stopped loading. During the process, CTM creates restore points (manually or on a schedule), all modified system files, registry, and user files are recorded in them. This is a big advantage over System Restore, which only saves and restores system files and the registry. The first copy has the maximum size, the rest of the copies store only modified files. In order to save free disk space, you should periodically create a new checkpoint, deleting old archives. To be able to restore the OS, information about CTM is written into the boot sector; to call up the corresponding menu, just press the "Home" key. You can also restore the OS state according to a schedule, for example, configure the utility's behavior so that each reboot automatically rolls back to a "clean" version of the system. This will be useful, for example, in Internet cafes, where users leave behind a lot of garbage in the system. In addition to full OS recovery, the utility provides an opportunity to get an earlier version of any file from the archive. Search has been implemented, so you can find the data you need without problems.

Amanda

The task of centralized data backup from workstations and servers running Windows and * nix can be solved with the help of AMANDA Advanced Maryland Automatic Network Disk Archiver). Initially, the program was created to work with tape drives, but over time, developers have proposed a mechanism called "virtual tapes" (vtapes), which allows you to save the collected data to hard drives and CD / DVD. AMANDA is a convenient add-on to the standard Unix programs dump / restore, GNU tar and some others, so its main characteristics should be considered precisely in terms of the capabilities of these basic utilities. Works on a client-server basis. All available authentication methods are used to access computers: Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp or Samba password. To collect data from Windows systems, a special agent or, alternatively, Samba is used. Compression and encryption (GPG or amcrypt) of information can be performed both directly on the client and on the server. All settings of the backup parameters are made exclusively on the server, there are ready-made templates in the delivery, so it's quite easy to figure it out.

Core Configurator 2.0 for Server Core

The initial configuration of a server running Win2k8 / R2 in Server Core mode is performed in the console using commands. To simplify the task, the OS developers added an interactive script SCONFIG.cmd to R2, which allows you to configure the basic system parameters. An alternative is available on Codeplex - the wonderful Core Configurator. For its operation, you will need the components NetFx2-ServerCore, NetFx2-ServerCore and PowerShell. After starting Start_CoreConfig.wsf, we get a menu, in it we find several items that provide access to basic settings that would have to be managed from the command line: product activation, setting screen resolution, clock and time zone, network interface, setting permissions for remote RDP connections . local account management, windows settings Firewall, enable / disable WinRM, change computer name, workgroup or domain, configure role, features, Hyper-V and launch DCPROMO. If you select the "Load at Windows startup" checkbox, the program will be loaded along with the system.

Exchange 2010 RBAC Manager

Exchange 2010 introduces a new role-based access model that allows you to fine-tune the privilege level for users and administrators based on the tasks they perform. The only drawback is that the built-in management tools using PowerShell cmdlets may not seem convenient and understandable to everyone. More advanced is the free Exchange 2010 RBAC Manager (RBAC Editor GUI, rbac.codeplex.com), which offers a clean graphical interface for configuring properties for all roles. Dealing with its features will not be difficult even for a beginner. The program is written in C # and uses PowerShell. To work, you need installed Exchange 2010 Management Tools.

PowerGUI

As soon as it appeared, the PowerShell command shell won the sympathy of Windows admins, who have long needed a tool to automate many tasks. With the first versions of PowerShell, Microsoft developers were unable to offer a more or less functional editor, so several third-party projects filled the niche. The best of them today is PowerGUI, which provides a user-friendly graphical interface for efficiently creating and debugging PowerShell scripts. At the same time, the authors offer ready-made sets of scripts for solving many problems - they can be used in their developments.

Multi-Tabbed PuTTY

The free PuTTY client is well known to admins who need to connect to remote hosts using SSH, Telnet, or rlogin. This is a very handy program that allows you to save session settings for quick connection to the selected system. The only inconvenience is that with a large number of connections, the desktop is loaded with many open windows. This problem is solved by the Multi-Tabbed PuTTY add-on, which implements the tab system.

INFO

PuTTY was originally developed for Windows, but was later ported to Unix.

Conclusion

Often there is no need to puzzle over a solution to a specific problem: most likely, other administrators have already encountered it and offered their own version - a specific utility or script that you don't even need to pay for.

LAN monitoring is an ongoing process that involves monitoring the production network. The process performs the following functions:

1. Timely detection of errors and malfunctions.
2. Adequate and quick response to errors and malfunctions.

The system administrator monitors the network status.

For the convenience of work, various notification software is used. One such application is the following development — Total Network Monitor from Softinventive Lab.

Monitoring systems

The main requirements that must be in the network monitoring software are highlighted:

1. Supports all kinds of network connections, including wifi networks.
2. Tracking network activity.
3. Determining the verbosity of system and network services.
4. Analysis of remote computers and web servers.

Monitoring systems should provide reports on events for specific time periods. It is important to save the entire listing of the activity and archive it in an appropriate log.

It is required to distinguish between tools that provide control of external network access and software, which is important for monitoring internal network processes.

Network activity monitoring is defined as follows:

1. The application with a certain period sends requests for the necessary ip network addresses.
2. If the result of such a request is incorrect or unsuccessful, a signal is sent to the sysadmin.
3. Automatic detection of actions that are regulated by the network protocol.

Monitoring methods

There are many methods and tools for monitoring network connections. The specifics of their use depend on the goals of the process, network configuration, file system, etc.

Basic methods:

1. Protocol analyzers. These systems are needed exclusively for monitoring network traffic.
2. Integrated control and analysis systems. Used for software and hardware environments. Provide control of certain programs, segments of communications and individual devices in the network.
3. Network management. This includes software that collects data about network processes and about the state of the hardware unit. All network traffic is monitored.
4. Cable equipment. Produces certification and testing of cable networks.

The Total Network Monitor program is now one of the most relevant applications for monitoring a working network. The software provides timely troubleshooting, checks the software for relevance and works with anti-virus databases.

Today, the success of many enterprises and organizations depends to a large extent on the reliability and quality of the networks and network applications used. Network monitoring, which is understood as the systematic monitoring of key performance indicators of the network and network applications, helps to detect and eliminate emerging and emerging problems in their work to maintain the quality of user experience at the proper level. In addition, network monitoring is essential to ensure information securitybecause it allows you to identify dangerous actions of users and malware.

Types of network monitoring

Distinguish between passive and active network monitoring. In passive monitoring, key performance indicators of the network and network applications are monitored by analyzing the real traffic of the existing network, "observed" at its various points, and in active monitoring, specially generated test traffic is used to determine these indicators.

In turn, there are three main types of passive monitoring: packet-based monitoring (capturing and analyzing network packets using monitoring tools), SNMP monitoring (polling SNMP devices to obtain information about their status and traffic), and stream-based monitoring (collecting information about traffic flows via xFlow protocols, etc.).

A form of passive monitoring, packet-based network monitoring is performed by passive (not sending test traffic) monitoring devices that analyze captured packets.

Optimal connection of passive monitoring devices

IT professionals use a variety of passive monitoring devices (including protocol analyzers, RMON probes, NetFlow collectors, IDS / IPS systems, and probes capable of capturing high volumes of network traffic) designed for inline or out-of-band connections to the network lines.

Kaspersky Internet Security

It is best to use special network taps for out-of-band connection of monitoring devices.

The network tap is included in the break in the network line. Passing through itself the duplex traffic transmitted along the line, the network tap copies its halves (opposite packet flows) to its monitoring ports intended for connecting monitoring devices (see the figure). Unlike an Ethernet switch with SPAN ports, a network tap never drops any packets, including defective ones, and thus provides 100% (!) Control of traffic on the line.

Network taps do not interfere with network performance or compromise network reliability, because in the event of a power failure, the copper line taps remain transparent to monitored traffic, and the fiber optic coupler is a passive device that does not require power at all. In addition, since the tap-connected monitoring device does not need an IP address, it is isolated from the network, greatly reducing its susceptibility to hacker attacks.

The widest range of network taps for copper or fiber optic lines are available, supporting various maximum data rates, from 10 Mbps to 100 Gbps. In addition to conventional taps, regenerative taps are produced, which are used when the same traffic needs to be monitored by several different monitoring devices at the same time. The regenerative coupler differs from a conventional tap by the increased number of monitoring ports. If the number of network links that need to be monitored exceeds the number of available monitoring devices, an aggregation coupler can be used, which combines traffic from several monitored links and outputs the total flow through several of its monitoring ports (see figure). However, the rate of this stream can exceed the bandwidth of the monitor port, resulting in unacceptable packet loss. To reduce the likelihood of packet loss, choose an aggregation coupler model with a sufficiently large buffer memory.

Aggregate and Network Taps Functioning

An overload of a monitoring device can also occur when it is connected to a faster network channel (for example, if you connect an analyzer with a 1GE port to a 10GE channel using a 10-Gigabit coupler). To reduce the load on monitoring devices, pre-filtering of branched traffic is widely used so that the device receives only the data it needs to perform its basic functions (for example, related to network intrusion detection). Also, with a device with load balancing, high-speed traffic can be roughly divided equally among multiple monitoring devices. In doing so, it is often important that the integrity of the transmitted packet streams is maintained, that is, all packets belonging to the same stream must arrive at the same monitoring device in a load-balanced device group.

Traffic filtering and load balancing help protect your investment in existing monitoring devices while deploying ever faster network technologies. Aggregation, regeneration, traffic filtering and load balancing functions are available in network packet brokers. Therefore, if monitoring devices have to frequently switch from one monitored channel to another and / or need traffic filtering and load balancing functions, you should connect these devices to network taps or SPAN ports through network packet brokers, and not directly.

Use a bypass switch if you need to implement a trouble-free inline connection of a monitoring or information security device (e.g. IPS). If this device stops functioning for any reason, the bypass switch will route traffic bypassing it and thereby preserve (for users) the availability of critical services and applications (for more details, see "Solutions for inline connection of monitoring devices").

Ixia, a Keysight Business, has a wide range of taps, bypass switches, and network packet brokers in the Vision family. Vision devices switch, aggregate, regenerate, filter and evenly distribute the traffic to be monitored among the monitoring devices connected to them. The most intelligent broker models in this family - Vision ONE and Vision 7300 - perform a wider range of functions, including deduplication and truncation of packets, providing them with high-precision time stamps, identification and monitoring of application traffic (for more details, see Ixia Monitoring Solutions Functionality). For centralized management of Vision network packet brokers installed on a monitored network, Ixia is releasing the Ixia Fabric Controller (IFC) solution.

On the market of network monitoring systems, a comprehensive solution of the next generation Intelligent Monitoring Fabric (IMF) from cPacket Networks is presented. Compared to traditional network monitoring systems, the IMF solution offers improved scalability, increased performance, deeper insight into network performance, and lower operating and capital costs. The IMF includes monitoring nodes that have the functions of a network packet broker and a network analyzer.

Cloud control

With the explosive growth of cloud computing, IT professionals must ensure that data and applications are secure, optimize the performance of cloud solutions, and resolve issues as quickly as possible. To accomplish these tasks, you need to control cloud traffic. This control is provided by the Ixia CloudLens platform, designed to monitor the performance of private, public and hybrid clouds. In the process of monitoring the operation of a public cloud, the CloudLens platform operates in this cloud and provides a monitoring service with traffic filtering capabilities. CloudLens has a unique peer-to-peer architecture that retains all the benefits of cloud computing, including flexibility and scalability on demand. The peer-to-peer architecture provides direct connections between cloud instances generating monitored traffic and virtual monitoring devices. Competing solutions use a central hub that aggregates and filters traffic. Such a monitoring system is less scalable, more expensive, and less flexible.

CloudLens peer-to-peer architecture

Part of the CloudLens platform is the CloudLens Private solution for monitoring private clouds. This solution forks traffic from virtualized networks, processes that traffic, and delivers monitored packets to virtual or physical monitoring devices.

Take care of monitoring in advance

It is recommended to initially plan the implementation of the monitoring infrastructure as an integral part of the future network and, when constructing it, to install equipment for connecting monitoring devices together with other network equipment.

When organizing a network monitoring system, it is necessary to provide for the ability to control traffic of critical network channels at the access, distribution and core levels of the network, as well as in the data center where the company's servers are located.

Since there are many high-speed lines in the data center and in the core of the network, it is recommended to install multiport aggregation taps and network packet brokers there. The use of this equipment will reduce the number of network monitoring devices, since if it is possible to aggregate and switch traffic from key points of the network, there is no need to install a monitoring device in each of them.

At present, high-speed network technologies are becoming more and more widespread in the backbones of data centers and corporate networks, providing data transfer rates up to 100 Gbps. The use of these technologies can significantly reduce the number of lines in the network core and reduce the cost of its maintenance, but at the same time, the requirements for the reliability of each high-speed line increase, since its failure will affect the work of more users and applications. Obviously, during the operation of a data center or corporate network, the trunk line cannot be disconnected even for a few seconds in order to insert a fiber-optic coupler into it to feed the traffic of this line to the monitoring device. Therefore, it is better to install taps on trunk lines initially (even at the stage of deploying the cable system). This will allow in the future, if any problems arise, to quickly connect the necessary monitoring or diagnostic devices to the lines of interest without disconnecting them.

Our programs for system administrators will help to keep abreast of everything that happens in the computer park and enterprise network, to respond in time to hardware failures and software problems, to minimize costs and downtime. This page contains programs for monitoring the network, servers and hosts, for inventorying PCs, keeping track of installed programs and licenses, creating reports on the hardware of computers, for accounting for network traffic, for studying network topology and creating graphical diagrams of local networks.

The network administrator may also find useful programs for searching files in local networks and auditing user access to file resources of servers over the network. All these programs will help the sysadmin improve the performance of network devices and servers and ensure the proper level of security in the enterprise network.

10-Strike programs are included in the unified register of Russian computer programs of the Ministry of Communications and can participate in public procurement.

Network administrator software, network utilities

Computer Inventory (Pro) 8.5

- a program for inventory and accounting of installed software and hardware on computers in local networks. "Inventory of Computers" allows system administrators to keep track of computers in the enterprise network, view configurations of remote computers and lists of installed programs over the network, track configuration and software changes. The program contains a powerful report generator. For example, you can create. When planning upgrades can create a report containing computers with insufficient disk or RAM... Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016 are supported.

10-Strike LANState (Pro) 8.8r

— a program for monitoring servers and computers on the networkthat allows you to visually observe the current state of your network at any time. LANState monitors hosts on the network, monitors connections to network resources, monitors traffic, and signals various events. LANState contains many functions useful for network administrators: sending messages, shutting down remote computers, scanning hosts and ports, receiving various information from remote computers (access to the registry, event log, etc.). Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016 are supported.

Network Monitor (Pro) 5.5

— software for monitoring servers and other network devices, monitors the health of the network and notifies the administrator about problems. Find out in time about the failure (disconnection, running out of server disk space, service stoppage, etc.) and fix the problem with minimal loss of time. The program signals problems with sound, screen messages, e-mail, can launch external programs and services, and also restart computers and services. Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016 are supported.

"Software Accounting" 8.5

- a program for inventory and accounting of installed software on computers in local networks. Software Accounting allows network administrators to maintain a database of installed programs on network computers and track changes. The program contains a report generator. For example, you can create reports on the presence of certain programs on computers and their number.

Local network monitoring: systems and methods of operation

Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016 are supported.

Network Diagram 3.33

— program for building a local network diagramthat allows you to discover network devices and place them on a schematic map. If your switches support SNMP, the program will draw connections between devices automatically. It remains only to move the device icons with the mouse and your network diagram is ready. You can modify the diagram using the powerful built-in editing tools, add connections, label, draw areas, fill them with different colors. Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016 are supported.

Traffic Accounting 3.7

— program for traffic accounting on the network, monitors the amount of downloaded data and the speed of information transfer on the network. You can monitor traffic both on user computers and on switch ports. Alerts let you know in time about traffic overruns on any port. You can monitor the distribution of channel loads in real time, build graphs, diagrams and reports. All collected data on traffic consumption is stored in a database for statistical analysis and reporting. Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016 are supported.

Remote Access 5.0

— program for managing remote computersover the network. You can configure access to computers of network users and administer their PCs remotely. The program provides a Helpdesk mode for providing those. support for remote clients via the Internet. You can connect to PCs and servers on the network, or access computers on the Internet using accounts or hardware IDs. In this case, you do not need to forward ports through the router / router. Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016 are supported.

10-Strike Network File Search (Pro) 2.3r

— program for searching files on computers on a local network (via NetBios and FTP protocols). Enter the phrase or file masks and find the information you want. When viewing the search results, the files found can be immediately opened, saved to disk, or generated a report. The search uses multi-threaded technology, which significantly speeds up the work. Filters can be set by file size and modification date. Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016 are supported.

10-Strike Connection Monitor (Pro) 4.8r

— program for monitoring user network connections to a shared folderand files, allows you to know in time about the connections to the computer of network users. The program beeps, displays notifications on the screen, and keeps a detailed log of connections, which records information about who and when connected to the computer's network folders, which files were opened, etc. Supports Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016.

10-Strike: Web Scan 3.0 FREE!

- scanner of local networks, IP addresses and hosts... This free program allows you to scan the local network and detect active hosts, computers and servers. It supports scanning of ranges of IP addresses and many protocols for discovering network devices (ICMP ping, search for open TCP ports, NetBios, SNMP, UPnP, ...). If you have administrator rights from Windows computers, you can find a lot of useful information. Supports Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016.

Sets of network programs for sysadmins

Kits for system administrators allow you to save money when purchasing several of our online programs or all at once. Get three programs for the price of two and so on. For example, when buying Full set of administrator programs in the option " to organize"(without restrictions on the number of jobs), consisting of all our programs for network administrators, you can save up to 100,000 rubles or 45%!

Other utilities

10-Strike SearchMyDiscs 4.43r

— cD cataloger (CD, DVD).

With it you will quickly find required files on CDs and DVDs of your collection. SearchMyDiscs helps you organize your CD and DVD collections, allowing you to find the disc you are looking for in seconds. If you are tired of looking for the right disk every time, this program is for you! Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016 are supported.

10-Strike Log-Analyzer 1.5

— apache web server raw log file analyzer... Creates various reports and bar charts. The program has many settings and filters that will allow you to get accurate information about your site, downloaded files, and who and where comes to you. Windows XP / 2003 / Vista / 2008/7 / 8.1 / 2012/10/2016 are supported.

Payment and delivery

When ordering programs, legal entities accept payment by bank transfer. Invoices are issued electronically, an agreement is concluded. Electronic delivery: the distribution kit is downloaded from our website, registration keys are sent after payment by e-mail. After payment, the original contract and documents for accounting are sent to the buyer by mail.

Issue an invoice (indicate the required programs and types of licenses, your details and the name of the director for the contract)

All our programs are also presented in the Softkey and AllSoft online stores (follow the "buy" links from our website).

Network monitoring

Introducing ZABBIX - a program for monitoring and analyzing all the main parameters of a local network.

What is a local network monitoring system for?

Local network monitoring

The ZABBIX solution allows you to quickly assess and diagnose the state of the local network as a whole, to carry out express monitoring of the main parameters of the local network servers, to monitor network equipment and workstations.

Server monitoring

The system administrator will always know how much free space is left on hard drives, how much processors and RAM are loaded. Thus, based on objective data, you can make decisions about redistributing the load between servers, upgrading existing servers, or the need to purchase additional ones.

Prompt notification of emergency situations

The most important function of ZABBIX is to alert staff about any impending or emerging problems. The prompt notification mechanism includes services for sending electronic mail messages (e-mail) and SMS via mobile channels. Using remote monitoring of the local and computer network of your company, the system administrator, even when he is out of the office, will be able to prevent possible failures and eliminate the problems that arise.

Prevention of accidents

Zabbix can warn the system administrator, for example, that the server's hard disk space will soon run out, about the increased load on the processor, or about the load of RAM. Thus, the system administrator can take measures to prevent it even before an emergency occurs.

What interface does the local network monitoring system have?

For online monitoring of the network status, diagnostics and analysis of the load parameters of server equipment, ZABBIX provides a convenient WEB interface. Thus, thanks to the advanced monitoring and analysis of the basic parameters of the local network, network and server equipment, the system administrator from anywhere will have access to such critical parameters as a decreasing disk space, increased load on the processors of the local network server, overloading of RAM and much more.

What is network monitoring and what is it for?

How much does the ZABBIX local network remote monitoring system cost?

Why is it profitable for you to order the implementation of a local network monitoring system from us?

Setting up ZABBIX, like any complex software product, requires high qualifications and experience, the work on setting up ZABBIX is very responsible and painstaking. Our system administrators have extensive experience in configuring and supporting a remote monitoring system, are well versed in the technology of its installation and configuration.

Implementation of the ZABBIX network monitoring system includes:

How much does it cost to install and configure a local network monitoring system

* For a large number of nodes of the same type, a discount is provided

You can also contact us by phone. Call us!

7 (495) 665-2090

ZABBIX is completely free application

Zabbix is \u200b\u200bwritten and distributed under the GPL General Public License version 2. This means that its source freely distributed and available to an unlimited number of people.

Express audit of the local network and preparation of technical specifications

Installation of ZABBIX system on your equipment

Configuring ZABBIX to monitor key nodes of the local network

Installation of ZABBIX clients on the main nodes of the local network

Setting up notifications on email system administrator

Your internet connection can be the result of several different factors. This includes factors such as malfunctions on the side of the Internet provider, improper operation of the modem, router and other network equipment, as well as increased network activity of programs.

Therefore, if you are sure that problems with the provider and equipment are excluded, then it is worth looking at the computer itself.

And the first thing to start with is to check the Internet activity of programs, that is, to see which applications are connecting to the Internet at the moment. Luckily for us, the Windows operating system has a free built-in tool that can help the user track increased network activity of applications.

To make sure that no applications are in background do not use your internet connection, you just need to use the built-in operating system "Resource Monitor" ("Windows Resource Manager"). Let's get started!

STARTING THE RESOURCE MONITOR... The fastest way is to press the Win + R key combination on your keyboard. Then go to "Start" - "All Programs" - "Accessories" - "Run", where in the "Open" field enter "RESMON" and click "OK".

NETWORK ACTIVITY

In the Resource Monitor, open the "Network" tab, where you will see all processes with Internet activity, namely:

• process name (its executable file);
• ID (its identification number);
• the average number of bytes per second received / sent since the start of the program.

You can control the process (pause / terminate) by right-clicking the context menu on the executable file of the required process.

If the process (executable file) is unfamiliar to you, you can read information about it using the same context menu and the "Search on the Internet" item.

In order to find out in detail what applications are using the "svhost.exe" process, I recommend using the "Process Explorer" utility, which you can easily download from the Internet. That's all!