SNMP Monitoring: an Essential tool in Network Monitoring

Network and systems administrators need to be able to identify suspicious activity or problems with servers, workstations or devices on the network before something goes wrong.

Event logs, thousands of which are generated on a daily basis and come in different formats, are a great source of information but for effective network monitoring to occur the administrator must be able to collect, analyze and parse the data and be alerted when something happens. It is physically impossible to collect event logs manually but it becomes a simpler task when an event log monitoring solution is used.

A solid event log monitoring solution monitors the network while presenting administrators with a proactive account when or before an error occurs. It generally provides network-wide control and management of events generated by the network sources such as Windows event logs, W3C logs, Syslogs, SQL server audits as well as SNMP Traps.

Although often given less importance than windows event logs, for example, the use of the Simple Network Management Protocol (SNMP) tool for monitoring purposes can be a great help for administrators.

SNMP monitoring is an indispensable simple method of interacting with networked devices, through which administrators can monitor a whole range of hardware devices on their infrastructure and gain the ability to report on the health and operational status of each device.

What does SNMP Monitoring involve?

The primary use of SNMP monitoring is to exchange management information between network devices. A variety of SNMP commands can be used by an administrator to monitor devices, configure devices and change settings, create ‘trap’ events from the device and report back to the monitoring systems and also to determine what variables a certain device supports.

In terms of benefits, SNMP messages can be used, for example, by a router to send a message if one of its redundant power supplies fails or a printer could send an SNMP alert when it is out of paper.

SNMP monitoring also helps administrators identify those agents which could cause potential hardware failure; for example, error events which are generated when hard-drives which are close to failing experience I/O features. Additionally, administrators can follow the event patterns monitored in the SNMP’s database of management information (MIB) so as to spot future system or utilization risks, allowing them to implement preventive maintenance.

Simple though it may be, it is an indispensible tool for administrators to keep tabs on the health of systems and devices. Prior warning and indications that a device is failing makes a huge difference if downtime is cut considerably because the administrator was aware of a problem. Without that information, the administrator is at the mercy of the device.

SNMP and Network security

SNMP monitoring is but one element of many that an administrator can use to monitoring the network. SNMP, as a protocol, is not very secure and therefore it is open to a variety of attacks; however that should not detract from its use as part of a comprehensive event logging solution.

What makes a solid event logging solution?

Support for SNMP traps, obviously, but also the ability to collect and store centrally other types of event logs – Windows events logs, W3C and Syslogs. Collecting events is not enough if you are unable to parse and select those events that are important to the administrators.

A solid event log monitoring device should provide comprehensive analysis and reporting features; this allows regular auditing and reporting to senior management of, for example, changes to individuals’ privilege levels. It should also offer network administrators with 24/7 real-time intrusion detection and alerting, as well as an early warning system that allows them to take intrusion countermeasures.

Only a comprehensive event log monitoring solution like GFI EventsManager can provide in-depth analyses together with the ability to manage and report on data from both SNMP devices, as well as event logs from various systems and workstations. GFI EventsManager is widely used by organizations as a comprehensive event log and SNMP monitoring tool, to provide network-wide management and analysis of Windows event logs, W3C logs, SQL Server audit logs, Syslog events and SNMP traps generated by the administrator’s network sources. Rather than being a burden on the administrator, GFI EventsManager automatically monitors and issues alerts on activities that deserve the administrator’s attention.

            

Last updated: 2010/06/18
Source: GFI