Monitoring

Hello,

Has anyone ever had a network monitoring job, where you are responsible for capturing & monitoring server & network alerts?

The job wouldn't involve actually fixing the problems initially, but just using the tools to keep track of everything.

I've never used any of these tools extensively. My background is in Desktop support/network admin and i'm considering this sort of position to maybe prepare me for a network engineer job.

Any thoughts?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

sprkymrk

That's one small part of my job. I use different tools to monitor different devices and machines. For instance, I use GFI's Security Event Log Monitor (SELM) to keep track of important events on my servers - depending on the severity of the event I get an email alert or it just logs the event in own database (for archival purposes in case someone tries to cover something up by clearing the logs on the server). I also use IP Sentry to monitor the status of services running and making sure the servers and other network devices are online. Again, I get an email notification for important events. I have configured my firewall to send an email on critical events and errors. I have set up our AntiVirus programs to alert me via email as well. Finally, I have a script that runs from an off-site location that sends me an email once every hour at the top of the hour so I know we have outside email connectivity. If I don't get the test email at the top of the hour I know to check into things to see if something is up.

I also make it a part of my daily routine to spot check all these devices manually to make sure the automated methods are accurate, working, and not missing anything. If I had the time I would also set up an OOB (Out of Band) method to be notified, such as setting up a modem on the SELM server, IP Sentry server and firewall in order to notify me of problems in case the email service or network is down such that a normal alert won't make it to me. However, if email goes down, I normally know about it pretty quick - you know how users are about their email.

BeaverC32

I use Mercury SiteScope to monitor a wide-range of activity: LDAP authentication, SNMP traps, network bandwidth, middleware such as Tuxedo, citrix servers, DNS, F5 Big-IP, proxy servers, app servers, database servers, web servers, etc. It can also remotely monitor system resources from a Windows/UNIX machine.

It is a very powerful tool, and is very helpful if used and implemented properly.

sprkymrk

I have some peers that work in other companies that like to use Nagios. I would like to set up a Nagios server some time, it looks powerful and versatile and runs on linux.

jlhct

Thanks everybody for the replies. So it sounds like this could be a good stepping stone to getting more involved in the communication side of things. I love this kinda stuff, I guess I just want to make sure that it won't be a dead end, that I'll be gaining some good & valuable knowledge.

sprkymrk

Yes, especially if you like scripting. Using the cmd shell, vbscript, python, perl, and now power shell all provide great ways to create custom monitoring solutions if you don't want to limit yourself to what a commercial program provides.

sharptech

sprkymrk wrote:

I have some peers that work in other companies that like to use Nagios. I would like to set up a Nagios server some time, it looks powerful and versatile and runs on linux.

I created our monitoring server and have Nagios running on it and I love it! It is powerful and it works really well.

Give it a try if you have some time to do the install and do the configuration - it is worth it.

royal

Hey Mark, quick question regarding GFI's Security Event Log Monitor. About 6 months or so ago, I created a thread that asked about software that will specify events more in detail in the event viewer. It will say who modified an ACL and what specifically they modified, etc.. Do you remember the name of the utility? I tried searching for that post, but couldn't find it. Also, why did you necessarily choose GFI's Security Event Log Monitor over the one you mentioned in that other thread? What do you like or dislike between the two? Thanks!

sprkymrk

royal wrote:

Hey Mark, quick question regarding GFI's Security Event Log Monitor. About 6 months or so ago, I created a thread that asked about software that will specify events more in detail in the event viewer. It will say who modified an ACL and what specifically they modified, etc.. Do you remember the name of the utility? I tried searching for that post, but couldn't find it. Also, why did you necessarily choose GFI's Security Event Log Monitor over the one you mentioned in that other thread? What do you like or dislike between the two? Thanks!

I'm trying to remember....

Was it Change Auditor?

royal

Just found the older thread, and yes, it appears to be Change Auditor.
http://www.techexams.net/forums/viewtopic.php?t=17519

From looking at the 2 products, it looks like GFI's Security Event Log Monitor is more for centralized event viewer management and notification while Change Auditor is more for nitty gritty auditing information.

sprkymrk

royal wrote:

Just found the older thread, and yes, it appears to be Change Auditor.
http://www.techexams.net/forums/viewtopic.php?t=17519

From looking at the 2 products, it looks like GFI's Security Event Log Monitor is more for centralized event viewer management and notification while Change Auditor is more for nitty gritty auditing information.

Yes, you are correct. Change Auditor is also more expensive.

SELM can alert you to certain events, it can monitor the Application and System logs as well as the Security logs. It has some limited reporting capability too. In all it's pretty nice for the price.