Deepak Chahal, Latika Kharb, Deepanshu Choudhary

Transcription

International Journal of Innovative Technology and Exploring Engineering (IJITEE)ISSN: 2278-3075, Volume-8 Issue-8, June, 2019Performance Analytics of Network MonitoringToolsDeepak Chahal, Latika Kharb, Deepanshu Choudhary Abstract: Network is considered to be one of the most criticalresources in an organization, and managing the networks forhigh performance and reliability is a great challenge. Thereforea fast and smart network monitoring system is always requiredin different organizations, and for the purpose of monitoring andtroubleshooting related issues, Network monitoring tools areoften used. In this paper, we discuss some popular networkmonitoring tools such as Nagios, Zabbix, Hyperic, Capsa free,ganglia etc. We then present a comparison among all theconsidered monitoring tools based on the different parameterslike license, data storage method, access control, platform,logical grouping and distributed monitoring.Index Terms: Network monitoring, Nagios, Zabbix, KiwiMonitor, Ganglia, Wireshark.I. INTRODUCTIONNetwork monitoring is considered to be an important partof network resource management, which is responsible forconstantly monitoring computer network [1]. It can beachieved by monitoring the network problems that are causeddue to over loaded and/or crashed servers, networkconnections or other devices. For monitoring the network, aping is use to sent the system, and if there is any delay inresponding back or it does not responds then networkmonitoring system takes the responsibility [2]. Themonitoring depends upon three common parameters such asdelay, jitter that is failure of synchronization, and bandwidth.If any of these problems get configured, the alerts go to theadministrator via email, SMS, pager alerts, or by otheralarming technique. Therefore using the concept of networkmonitoring, the network becomes efficient in use and alsoincreases the performance and improves the reliability of thenetwork. Network monitoring tools are necessary for theimplementation of the concept of network monitoring. Thesemonitoring tools are typically set up by the SystemAdministrators, and helps in achieving a reliable and quickstart in monitoring the network [3]. So it is necessary for amonitoring tool to run all the time. There are several networkmonitoring tools, and selection of a right monitoring toolcan be based upon the alerting and integration with theRevised Manuscript Received on June 14, 2019Deepak Chahal, Professor, Jagan Institute of Management Studies,Sector-5, Rohini, Delhi, India.Latika Kharb, Professor, Jagan Institute of Management Studies, Sector-5,Rohini, Delhi, India.Deepanshu Choudhary, Student Scholar (MCA), Jagan Institute ofManagement Studies, Sector-5, Rohini, Delhi, India.Retrieval Number: H7081068819/19 BEIESPexisting system, functionality, scalability, deployment,maintenance and also the price which not only includes thesoftware license cost but also includes the cost involved instaff training [4]. The objective of this paper is to present anoverview of some commonly used networking monitoringtools. We also present a comparison based on the severalparameters.II. MONITORING TOOLSThis section deals with the discussion of variousmonitoring tools, their features, advantages anddisadvantages.A. NagiosNagios is a real time network monitoring tool created byEthan Galstad, and was launched in 1999. It is licensedunder GPL v2, and is an open source monitoring tool [5].One of the best feature of Nagios is the great scalability of itsconfiguration. One can configure the hosts, services, contactto groups, and alert escalation plan because of its feature ofconfiguring with the text files. However this tool requirestrained IT-staffs, and allows user for the customizations ofthe hosts and services checks. The tool not only monitors theservices like SMTP, PING, HTTP but also the hardwareresources like usage of memory or disk [6]. Nagios consists ofNagios library which makes a larger number of plug-insavailable for the users expanding its monitoring capabilities,and also helps in adapting the updated technologies,applications and systems with no updates in it. Nagiossupports the escalation, so that if the problem is notacknowledged by the administrator within a predefinedframe then alerts are immediately sent to the secondauthorized person based on the priority for resolving theproblem [7]. When Nagios is combined with Request Tracker(RT) it gives an efficient and automatic network monitoringwhich is intelligent enough to identify the problem location,and its effects on rest of the network. In fact the notificationssent by the Nagios generate ticket in RT, sent to theadministrator via email. For resolving the network problemconfigured, the administrator can access the RT serverremotely and just changes the ticket status to ‘resolve’ [1]. Ina wireless environment, Nagios can also identify the size andthe nodes located in the network [2]. It can monitor the harddrive, space, uptime and down time of each node present.2572Published By:Blue Eyes Intelligence Engineering& Sciences Publication

Performance Analytics of Network Monitoring ToolsThe threshold can be set up by the network administrator.If the usage of bandwidth constantly arises and hits thethreshold set by the administrator then an alert is sent by theNagios. Nagios notification is based upon the internetconnection, so if the internet goes down then emails to theadministrator cannot be sent and log files gets generatedwhich informs email cannot be send [2].B. ZabbixZabbix is an open source network monitoring toolcreated by Alexie Valdishev, and was released in 2005 [8].The installation of Zabbix is easy but difficult to configureand maintain [5]. For storing the data Zabbix packages usesMySQL, SQLite or Oracle. This tool not only monitors thenetwork services, servers and network hardware but alsodatabases, applications and VMware by using agent-basedand agentless approaches. It uses Intelligent PlatformManagement Interface (IPMI) for hardware monitoring andcollects information about temperature, fan speed, chipvoltage and disk state [4]. For host monitoring, agents can beused which can be installed on UNIX and Windows, and runsas native system process which does not require any specificenvironment unlike java or .NET [9]. For agentlessmonitoring of host simple checks are done which includesSNMP, TCP, ICMP, HTTP. Zabbix uses trigger and actionevents for monitoring. In trigger, a key is evaluated, iftrigger’s state changes on the key changes, the system isresponsible to send an email to the administrator which isdone by adding an action event. Zabbix consists of templatesmade up of several items and triggers but does not containany action so any host is linked with these templates has todefine their own actions [7]. Zabbix sends alert to the adminvia email, jabber messages or text messages to the mobilephone.C. HypericHyperic is a monitoring and management softwarelicensed under GPL which is optimized for physicalenvironment as well as for virtual environment [5]. Theinstallation and configuration of Hyperic monitoring tool iseasy and takes very less time. Hyperic consist maincomponents such as Hyperic agent which is lightweightjava-based client and is responsible for discovering systemmetrics, Hyperic Use Interface where discovered resourcesare presented, Hyperic server and Hyperic database [10]. Itcan monitor applications on almost every operating systemincluding Linux, Unix, Windows, Solaris, AIX, HPUX,VMware and also on Amazon Web Services. It has the abilityfor auto-discovering components required by virtualapplications and the resources [11]. Hyperic monitoring toolreduces the operation workload and increases the ITmanagement maturity level. It can also monitor the logs,configuration files and can remotely control the softwareresources. Hyperic is available in two version, Hyperic HQand vFabric Hyperic. Hyperic HQ is an open source versionand takes the responsibility of monitoring systemcomponents such as CPU [7], network interfaces and the filesystems, whereas vFabric Hyperic is a paid version and hasRetrieval Number: H7081068819/19 BEIESPmore features than Hyperic HQ such as automated correctiveactions. Hyperic can send alerts to the networkadministrators via email, SMS and SNMP trap [4]. HoweverHyperic has disadvantage of the cost of resources by JavaVirtual Machines (JVM).D. IBM TivoliIBM Tivoli monitoring tool supports many operatingsystems such as Windows, Linux and Unix. It is easy toinstall but need an IT expert for configuring, updating andrefining the analytical and response features. It has a goodand intuitive web interface. IBM Tivoli provides manysoftware services which makes possible sharing informationand collaboration which are required for achieving commonbusiness goals [12]. It is capable of utilizing the sensorspresent in the data centers for determining temperature, airflow, humidity, power, water leak, and security relatedproblems easily and efficiently [13]. IBM Tivoli containsthree major components, monitoring agent responsible forcollecting the information which gets deployed in VMs, datacollection server and ware house responsible forconsolidating and managing the collected information andthe portable presentation component which is responsible forpresenting monitoring status and analyzing the collectedinformation [14]. If any issue is configured, it isautomatically gets repaired. It also helps the user inmonitoring the hypervisor and the workload on it [13]. Thenetwork admins can be alerted by email and SMS using thistool.E. SolarWindsSolarWinds monitoring tool has an excellent GUI andsupports operating systems such as Windows, Mac, Linuxand Unix. The installation time of SolarWinds depends uponthe complexity of the configured data such as locations ortickets [5]. It can be customized by the user which helps toease the monitoring, can be accessed by mobiles, andsupports VMware. It can monitor wireless access points, theprivate, public as well as the hybrid clouds environment, andcan identify the occurrence of the problems. It canautomatically plan the storage capacity for best utilization.The file integrated as well as USB device monitoring can alsobe done using this tool [15]. SolarWinds presents themonitoring status such failures, performance and availabilityof the network in the form of detailed graphs. It providesSolarWinds Orion which is scalable, cost-effective and isbuilt upon Simple Network Management Protocol (SNMP)[16]. It is designed for real-time monitoring of many networkperformance metrics such as availability and bandwidthutilization and can automatically discovers and configuresthe devices to be monitored [17]. In SolarWinds, alerts arebased on simple and complex nested trigger conditions, andit notifies the network administrators via emails.2573Published By:Blue Eyes Intelligence Engineering& Sciences Publication

International Journal of Innovative Technology and Exploring Engineering (IJITEE)ISSN: 2278-3075, Volume-8 Issue-8, June, 2019F. Kiwi MonitorKiwi Monitor software allows the user to monitor theirprocesses or applications, and records the data and creates analert in accordance triggers which are pre-defined by themonitoring tool [18]. It is capable of showing the runtime ofthe window and activities of the users. It doesn’t have anySpyware or Adware and it is a Freeware. It also allows theusers for selection of applications from the build-in processviewer or enters an application’s name. In kiwi monitor,small programs are used for starting with windows usingsmall system resources in the background [19]. KiwiApplication Monitoring informs the user about many eventsso that the users can automate almost everything imaginableon their computer. It sends the user an alert at the start andclose of the program. Kiwi Application Monitors can alsotell the user a great deal of information at a glance likememory size of paged and non-paged systems, page able,private and virtual memory size, total processor time usedetc.G. GangliaGanglia monitoring software is considered to be aDistributed Monitoring System for high performancecomputing system such as Clusters and Grid. The design ofthis tool is based on hierarchy form targeted at the federationof clusters [20]. Ganglia depend upon multicast protocol formonitoring the state present in the clusters, and usesconnection which is point to point. It consumes theinformation for data representation and for compact fromtechnologies like XML, RRD tool, XDR, portable Datatransport [21] and is implemented through Robust. Itsupports many operating systems like Windows, Mac, Linux,Unix and processors architecture. It is used for linkingClusters. Ganglia is BSD licensed open source project. Thesoftware is used to view live or recorded statistics coveringmetrics. Gmond is a part of Ganglia Monitoring tool which isa small service that needs to be installed and monitored ineach server, also this is multithreaded. The other part isGmetad which collects the data from other Gmetad Daemonsin the form of Round Robin Database. Next is Round RobinData tool (RRD) which is used to store its data andvisualization. RRD is considered to be the heart of ganglia ingraphing [22].H. DAMSDAMS (Distributed Application Monitoring System)is for monitoring the networks communications anddistributed applications. It is capable of enhancing thedistributed Java applications byte codes using ASMmanipulation framework, and monitors the Applicationmodule and class methods at run time [23]. For monitoring,protocol adapter and connector are required so that the clientcan get connected to the application or server. The DAMS’sarchitecture consists of three main layers; the System AgentLayer which is responsible for managing system resources,modifying the byte code of class and for generating newclass files , the Monitoring Management Layer where thedata gets classified and stored and gets the remote objects andRetrieval Number: H7081068819/19 BEIESPthe View Layer which displays the data and sets the layout[23]. In DAMS, Java Management Extensions (JMX)provides the architecture and the postulates for DistributedMonitoring System. By this solution, the DAMS becomecapble of monitoring the complexities of the business presentin a large Distributed Systems. It also has good performanceand scalability.I. RDTR-OSGi Deployment Tool (RDT) is used to analyzeOSGi applications and represents it in a graphical form tousers. RDT is helpful in easy deploying and monitoring thedistributed application on Eclipse. It analyses all the bundlespresent in the application. RDT has a customizable reportingwhich helps the user to understand the software easily. Thereal-time status and structure of an application which helpsin identification of any network issue. It is also cable offinding the impacts of the network issues occurred across thenetwork and troubleshoots them by finding the best solution.When RDT is used on an Eclipse platform then it is cable ofcapturing all the messages present across the network. Thesecaptured messages can be helpful in debugging and testingthe distributed applications [24, 25]. When services getscombined with R-OSGi using R-Binders, the management ofservices present in the local or in distributed environmentgets some good ways of solution on the occurrence of networkproblems. For the development of the distributedapplications, RDT is responsible for collecting the credibledependencies information.J. OpenNMSOpenNMS is a free and Java -based open sourcenetwork management application platform. The main focusof OpenNMS is to be truly distributed. It is also a scalablesoftware providing platform for all FCAPS network [26]. Itcan easily replace the large enterprise monitoring tool likeHP OpenView and IBM Tivoli. It can easily detect outage ofservices and thresholds and is cable of monitoringapplications remotely. It uses many services for collect ofperformance metrics and has an easy to integrate architecture.This software is portable to any platform supporting JavaSDK as it is written in Java. This software is capable ofmanaging large number of devices by using one server orclusters of servers. Main functional areas of OpenNMS aremonitoring the services, collecting data using SNMP andJMX, and the other is Event management [27]. It providesMeridian and Enterprises which require stability usesMeridian and Horizon is used by those who are lookingfor such monitoring tools which can easily monitor newtechnologies. It can be accessed a web-based user interfacebuilt on jetty.2574Published By:Blue Eyes Intelligence Engineering& Sciences Publication

Performance Analytics of Network Monitoring ToolsK. CollectdCollectd is a Unix daemon which collects, transfersand stores performance data of computers and networkequipments and makes it available for the network. Theavailable resources are then overviewed and maintained bythe system administrator which then helps to detect existingor looming bottlenecks. This software execute on the systemswithout even the help of scripting language, such asembedded systems as it is written in C for high performance.Everything in collectd comes in plug ins and so the daemoncomes with over 100 plug ins. Daemon has been reported asworking on Linux, Solaris, Mac OS X,AIX , FreeBSD ,NetBSD, and OpenBSD. Collectd is actively developed andsupported and well documented. Some limitations forcollectd can be that it can write to RRD files but doesn’tgenerate graphs [28]. It supports Microsoft Windowsprovided by SSC Serv which is a native Windows service andimplements collectd’s network protocol. There are manyways for increasing the collectd functionalities for the needssuch as C-Plugins , Perl-plugins , Java-Plugins ,Python-Plugins , UNIX domain socket and Execute binariesor scripts.L. WiresharkWireshark is one the finest open source packetanalyser and allows users to capture traffic from both wiredand wireless data network at wire speed. It analyses VoIPcalls, plot IO graphs for all traffic from an interface, decryptmany protocols, exports the output. It is portable in operatingsystems such as UNIX and windows. It import packets fromtext files, save, search packets on many criteria and createvarious statics. In wireshark packets which are in thegrouped data form are sent through the network to certaindesignated system. In this way wireshark perform processeselimination which occurs because of improper managementand bandwidth control for enhancing the Internet users. Inwireshark, color-coding is used for identifying a particulartype of packet. It is capable of processing thousands of IPsand tracks each IP individually as it provides database modethat supports sensors, customized intervals and reports. Thedata which is captured is in binary form, it convert that datain user readable form. It also has some disadvantages like itisn’t an intrusion detection system because of which thingson the network cannot get manipulated and can only measurethem. It doesn’t send packets on the network or do otheractive things [29].M. CapsafreeCapsa provided by colasoft is a good solution to manynetwork problems like low efficiency, trouble and evenbreakdown in networks. It captures packet in real-time,decodes them and diagnose them and display the result inviews, visualized charts and reports. In a networkcommunications when network adapter receives the traffic, itfirst matches it with the MAC address and then broadcasts it.For the detection and capturing the data core module are usedwhich is present at the bottom-level of the Capsa and then itgets forwarded for summarization to the high-level modulesRetrieval Number: H7081068819/19 BEIESPfor summarization. Some important features of Capsa: It canturn single-thread analysis to multi-thread analysistechnology, which take advantage of using the computerresources like multi-core CPU to the full ability. It alsorecycles multiple cache buffers and decr

D. IBM Tivoli IBM Tivoli monitoring tool supports many operating systems such as Windows, Linux and Unix. It is easy to install but need an