IBM WebSphere Application Server: Best Monitoring Tools in 2020

Data is at the core of most organizations nowadays. This means that they need to be able to pull data from every available source and extract useful information from it. But this data can be from various sources and its format is not necessarily uniform. This is where you need a system such as the WebSphere Application Server from IBM.

IBM WebSphere Application Server Guide and Best Monitoring Tools

This platform will coordinate all the data accesses and provide users with whatever application they need to process the raw data into meaningful information. Today, we’re having a look at this powerful product from IBM and we’ll review some tools you can use to monitor and manage the product.

As we often do, we’ll first have a high-altitude look at the WebSphere Application Server. Our goal is to give you enough background information to better understand what the product is and how it can provide value to your business. This will lead us to our next topic, the typical uses for the product. Next, we’ll discuss the advantages of using a web application server in general before we review the pros and cons if the WebSphere Application Server. And last but not least, we’ll review five of the best tools you can use to manage and monitor your WebSphere installation.

The WebSphere Application Server In A Nutshell

The Application Server from IBM is both complex and simple. At its base—and you’ll probably have guessed that from the name—it is an application server. As such, its primary purpose is to serve applications. No real surprise here. The server sits between data sources and the users, allowing for easy and controlled access to corporate data.

That’s the simple way to put it. To be more precise, the WebSphere Application Server is a runtime environment whose primary purpose is to run and deploy Java EE (Enterprise Edition) applications. But even that description is somewhat minimalist as the server is more than that. Although it can act as a conduit between back end services such as databases and front end systems such as user applications, making it a typical middleware component, it also runs a Java Virtual Machine (JVM) as well as containers for Java-based web applications.

The consequence of the platform’s close ties to the Java ecosystem is that any application running on the platform or served by it needs to be Java-based. Some will see that as a major constraint but Java advocates will love it. And in fact, it really is not that much of a constraint anyways. The WebSphere Application Server can integrate applications with almost any other system or endpoint, not only those from IBM, making it a versatile product.

RELATED READING: Best Server Monitoring Software (Review)

Typical Uses For The WebSphere Application Server

While there are many reasons for using the WebSphere Application Server, some are more obvious than others. For instance, the platform would likely be an ideal choice for organizations with a number of Java-based applications that need to be able to interact with other apps running on otherwise incompatible platforms. The presence of the server’s Java Virtual Machine sitting in the middle and running Java-based applications could greatly facilitate the communication between systems as any data coming in and going out would be transformed on the fly into whatever format is required before being passed on.

You can install the WebSphere Application Server on several operating systems. Coming from IBM, you can expect it to run on Linux and IBM’s own i/OS and z/OS but it will also run on Solaris and Windows, making it a very versatile option.

Users of this powerful middleware system can use it to have their inputs processed and moved on to storage devices that are also connected to it. They can also extract data from the back end servers and applications lying beyond the WebSphere Application Server, import it to the middleware, have it processed, and then allow end-users to use it from their browsers. And though the process can seem to be a relatively complex, multi-stage end to end operation, the whole purpose of the server is to make it appear seamless to the end-user, providing an experience that is similar to what they’d get by directly accessing the back end. After all, the whole idea of middleware is to provide a transparent interface between the front and back ends.

RELATED READING: Best Windows Server Monitoring Tools (Review)

Why Use A Web Application Server?

A web application server, being from IBM or any other vendor, can provide several advantages to an organization. Here’s an overview of what you can expect.

  • The platform typically provides a seamless user experience that facilitates access to data regardless of its format.
  • It also allows for the integration of data from multiple, otherwise incompatible data sources and platforms.
  • It can also help compile information from various sources and then use the results to draw accurate conclusions on the current status of an organization’s affairs.
  • A web application server offers the ability to collaborate with external business partners without having to worry about the compatibility of their data formats. The middleware will provide the required format conversions as needed.

RELATED READING: Best Web Application Firewalls (WAF Vendors) Reviewed

Pros And Cons

In a perfect world, everything would be perfect. But we’re not in a perfect world and the WebSphere Application Server, just like any other platform, comes with its share of good and bad sides. Here’s an overview of the main pros and cons of the system.

Pros

  • First and foremost, the WebSphere Application Server is easy to use. Even some of its most complex configurations are relatively easy to accomplish, thanks in part to the product’s powerful administrative console.
  • The platform is also compatible with several versions of Java. This means that you won’t be forced to choose one over the others or that you won’t have to worry that the middleware might fail with some of your applications.
  • The platform allows for the easy addition and removal of resources. Even better, most of the actual work is done during the initial setup phase. Once installed and configured, the discovery of new nodes, servers, and applications requires little or even no effort at all.
  • Some of the platform’s features—actually, most of them—let an administrator become proactive in keeping applications and their servers running smoothly. Furthermore, plans and configuration let administrators forecast growth in hardware resources needs and software requirements by collecting and correlating trends over time.
  • Using a product such as the WebSphere Application Server means the end of fighting fires. It makes system administrators more proactive in keeping the servers they manage in their optimal state.

Cons

  • As much as we don’t like to evaluate products solely on price, we have to admit that like most offerings from IBM, the WebSphere Application Server is on the pricey side. In fact, it is so expensive that it could turn out to be a hard expense to justify, especially when trying to demonstrate the potential return on investment, no matter how good it is. Add to that the fact that IBM—being its usual self—doesn’t even offer a free trial version.
  • The financial costs are not the only costs associated with this product. It also comes with a significant overhead when compared with competing solutions. This takes the form of considerable requirements in CPU as well as memory usage. You will typically need a beefier machine to run the WebSphere Application Server.
  • Configuration is another area of the platform that leaves somewhat to be desired. Although the installation is relatively straightforward, most of the configuration is done through the command line or by editing arcane XML files. The consequence is that you’ll almost always need to have an expert on hand for the initial configuration.
  • Again, compared to other products in this category, we observed that the level of community support or even the online footprint of the product is rather low. It gives the impression that it is a relatively unknown product outside the big business world. Given its price, this is understandable yet IBM might be better off pushing its product to the “regular” users.

Best Monitoring Tools For WebSphere Applications Server

Now that we’ve covered a lot of what you need to know about the WebSphere Application Server and how it can help you and your organization, let’s have a look at what third party products are available to help in monitoring and managing the platform. While there are no products solely dedicated to that specific purpose, there are a great many tools that can help. We’ve scoured the market and came up with this list of the very best tools.

1. SolarWinds Server & Application Monitor (FREE TRIAL)

First on our list is a great tool from SolarWinds. The twenty-something old company is famous for making some of the very best network and system administration tools. For instance, its flagship product, the SolarWinds Network Performance Monitor, is considered by many to be the best network monitoring tool available. And to top it off, the company also makes a bunch of free tools, each addressing a specific need of network administrators. The Advanced Subnet Calculator and the Kiwi Free Syslog Server and two great examples of these free tools.

When it comes to monitoring the WebSphere Application Server, SolarWinds proposes its Server & Application Monitor. The tool is designed to help administrators monitor servers, their operational parameters, their processes, and the applications which are running on them. Any application, not just the WebSphere Application Server. It can easily scale from very small networks to large ones with hundreds of servers—both physical and virtual—spread over multiple sites. The tool can also monitor cloud-hosted services like those from Amazon Web Services and Microsoft Azure.

SolarWinds Server & Application Monitor - Dashboard

The SolarWinds Server & Application Monitor is very easy to set up and its initial configuration is just as easily done, thanks to its auto-discovery process which is a two-pass process. The first pass will discover servers, and the second one will find the applications running on them. While this can take time, it can be sped up by supplying the tool with a list of specific applications to look for. Once the tool is up and running, the user-friendly GUI makes using it a breeze. You can choose to display information in either a table or a graphic format.

The SolarWinds Server & Application Monitor provides out-of-the-box templates for WebSphere performance monitoring to track the key performance metrics of your application server. Using the JMX protocol, the tool will let you monitor JVM statistics such as classes loaded count/total loaded count/unloaded count, letting you track the health and availability of the application server. It will also monitor memory statistics such as memory heap used or garbage collections count to detect memory leaks and exceptions, as well as thread pool statistics such as total started count to prevent thread deadlocks and pool exhaustion.

Read our in-depth review of the SolarWinds Server and Application Monitor.

In summary, the SolarWinds Server & Application Monitor will provide a definite added value when dealing with a WebSphere installation of any complexity including:

  • Identifying and troubleshooting issues related to memory leaks and memory exceptions in your WebSphere servers.
  • Monitoring the overall health and performance of WebSphere servers and supporting hardware in a single console.
  • Receiving alerts about slow server response times and increases in database connection pools for faster troubleshooting.

The SolarWinds Server & Application Monitor is available in six capacity tiers of increasing cost. Functionality-wise, all tiers offer the exact same features. The main accounting unit of the tool is the “monitor”. A monitor can be one of several things.

First, there are Component Monitors. Any monitored server parameter counts as one monitor. For instance, a performance counter, a process, a URL, a service, or a script are all monitors. Next are nodes which are any device connected to the network. Nodes can include such things as a server, a power supply, a virtual machine, an ESX host, or a printer. The last type of monitor is the volume. This one corresponds to a logical disk on a monitored server.

The six available pricing tiers are suitable for 150, 300, 700, 1 100, 1 500, and unlimited monitors. Their prices, including the first year of support and maintenance, vary from $2 955 to $38 620. Should you want to try the product, a free 30-day trial is also available.

Official Download Link: https://www.solarwinds.com/server-application-monitor/

2. AppDynamics APM

AppDynamics, which is now a part of Cisco, has a great Application Performance Management tool available which is simply called AppDynamics APM. This excellent tool will automatically discover, map, and allow you to visualize your critical customer journeys through each application service and infrastructure component, including the WebSphere Application Server. It provides management teams with a single source of information to focus on end-to-end performance in the context of the customer experience, instead of monitoring individual services.

AppDynamics APM Screenshot

This tool uses machine learning to learn what normal performance is, automatically building its own baseline of application performance. It allows the tool to alert you whenever performance is not normal. There is direct integration with ServiceNow, PagerDuty, and Jira so that you can be immediately alerted and fix problems before users notice them. Another great feature is the tool’s immediate, automated, code-level diagnostics. Its deep diagnostic capabilities enable you to identify root-cause down to the individual line of code. Your team won’t have to go sifting through log files, saving valuable developer time.

When dealing with the WebSphere Application server, AppDynamics APM can be used to map your applications to key performance indicators and use the data to tweak your software and hardware in order to vastly improve their overall performance. Here’s an overview of the key WebSphere server metrics that the tool will monitor:

  • JVM Memory and Heap Usage
  • Average Response Time
  • EJB (Enterprise Java Bean)Pool Statistics
  • Disk I/O
  • Servlet Session Counts
  • Java Database Connectivity (JDBC) Connection Pool Statistics
  • Thread Pools
  • CPU Utilization
  • Session Statistics
  • Custom MBeans attributes via JMX

Another advantage of this powerful tool is how it can significantly reduce the time you’ll spend troubleshooting, isolating, and resolving issues in your WebShepere-based applications. This is, in part, due to its map feature that shows all the resources where you’ll quickly be able to pinpoint the location of an issue and perhaps even identify its probable cause. But that’s not all, the tool also has automatic remedial actions that you can use—such as stopping and starting servers—to resolve many of the most common issues with no human intervention.

If you ever get to a point where you realize that the time has come—for whatever reason—to move your WebSphere environment to the cloud, AppDynamics APM can help you make that a smooth process. It can be used to identify the apps that are ready to be moved to the cloud and those that do need a few optimization tweaks before they are ready to be moved. And once the applications have been moved, the tool will still be there to monitor your environment. In fact, it will even track applications that are located in multiple, separate clouds. This tool allows an organization to take complete control of all its WebSphere applications, and use them to potentially improve its overall competitiveness.

AppDynamics APM is available in several versions. The most basic is called APM Pro. APM Advanced adds server visibility and network visibility features. The top-level is called APM Peak and it includes all the features from APM Advanced plus business performance monitoring, transaction analytics, and business journeys. Pricing can be obtained by contacting AppDynamics and a 30-day trial version is available.

3. ManageEngine Applications Manager

ManageEngine is another name that enjoys an excellent reputation among network administrators. The company makes a handful of high-quality network and system administration tools such as the ManageEngine Application Manager. But don’t let the product’s name mislead you as it is as much a monitoring platform as it is a management tool.

This tool offers integrated application performance monitoring for all your server and application monitoring needs. It can also do that for the underlying infrastructure components such as application servers, databases, middleware and messaging components, web servers, web services, ERP packages, virtual systems and cloud resources. In a few words, this is an all-encompassing platform.

ManageEngine Applications Manager Screenshot

The ManageEngine Application Manager will give you in-depth visibility into the performance of your WebSphere Application Server as well as the applications deployed on it. It will detect performance issues quickly and reduce the time taken to troubleshoot problems. The tool monitors the overall availability, health and performance of the WebSphere Application Server. It ensures optimal resource allocation by measuring CPU/memory usage, JVM usage and response time. And it tracks the performance of applications using critical metrics such as Live Sessions, Enterprise Java Beans (EJBs), JDBC connection pools, JMS queues.

The platform will allow you to proactively detect WebSphere issues as they arise. It will also take action before the end-users are affected. Furthermore, it can automate corrective actions—such as increasing database connection pool size or restarting the WebSphere server when the memory usage increases—with the help of custom scripts.

There’s a lot more that can be done with this tool. For instance, you can track application response times with code-level information about your application performance monitoring environment. Its transaction tracing feature will let you detect slow transactions. It will monitor database query executions and track background transactions.

The ManageEngine Application Manager is available in several editions. There’s a feature-limited Free edition as well as a Professional and an Enterprise paid versions. Pricing starts at $945 and details can be obtained by contacting ManageEngine. A free 30-day trial version is also available.

4. Dynatrace

Dynatrace is a cloud-based Software as a Service (SaaS) that can detect, solve and optimize applications automatically. Discovering and mapping a complex application ecosystem is simply a matter of installing the Dynatrace OneAgent on the target servers. The tool can give you a high-fidelity view of your entire application stack, from the performance of applications, cloud infrastructure, and user experience. It will help you effortlessly detect problems along with their business impacts and root cause.

Dynatrace Screenshot

Dynatrace claims to have the broadest coverage of any monitoring solution in terms of languages supported, application architectures, cloud, on-premise or hybrid, enterprise apps, SaaS monitoring, and more. The tool automatically discovers and monitors dynamic microservices running inside containers. It shows you how they’re performing, how they communicate with each other and it helps you quickly detect poorly performing microservices.

When it comes to monitoring your WebSphere infrastructure, Dynatrace monitors and analyzes the database activities of your Java applications running on WebSphere and provides you with visibility all the way down to individual SQL and NoSQL statements. Here are just a few of the performance metrics you will see on your Dynatrace dashboard when monitoring WebSphere:

  • JVM metrics
  • Custom JMX metrics
  • Garbage collection metrics
  • All database statements
  • All requests
  • Suspension rate
  • All dependencies

Like it is often the case with products of this type, pricing for Dynatrace is not readily available and can only be obtained by first signing up for the free 15-day trial. Then, its only a matter of installing the agent on your servers and you could be monitoring within 5 minutes.

5. eG Enterprise

eG Innovations, the maker of EG Enterprise might not be the best-known company but the product still offers network administrators a complete monitoring solution. This is a full-stack application performance monitoring (APM) solution that provides in-depth performance visibility into the WebSphere Application Server as well as the Java applications running on it. It will provide WebSphere performance monitoring from a single pane of glass, and let you be the first to know when there are slow application transactions, high web service response time, problems in EJB invocation, hung threads, faults in JCA Connection Pools, JVM memory leaks, and more.

eG Enterprise can help administrators monitor WebSphere performance and understand and provide insights to troubleshoot problems before application users are affected. Developers can also benefit from the tool as they can get immediate access to problematic Java code or SQL queries that impact application performance.

eG Enterprise Screenshot

The eG Enterprise WebSphere monitoring tool will automatically correlate WebSphere performance with server-side issues, resource deficiency (CPU, memory, disk, etc.), hardware faults, network latency, etc. It can trace business transactions across distributed application architecture and multi-tiered JVMs. It will also identify which component of the server-side infrastructure is taking more processing time and slowing down transactions. Furthermore, it will track down the exact line of Java code or SQL query that is causing a performance problem and isolate high-CPU threads, waiting threads and root blocker threads in the JVM for code optimization.

eG Innovations offers both a free trial and a live demo of its eG Enterprise tool. There is, however, no pricing information on the company’s website so you’ll have to contact them to get a customized quote.

In Conclusion

The main question many people will be asking themselves after reading this post is “Should I get a WebSphere Application Server?”

Let’s try to answer this burning question. If your organization is one of those with numerous, independent Java-based applications and they need to talk to other external systems then the answer is a resounding yes.

Even more so if this is critical to your business process. That is, of course, if you can afford it. As we mentioned, these systems don’t come cheap.

And once you take the plunge, any of the tools we’ve just reviewed will provide much-appreciated assistance in ensuring that this complex environment is always kept in its utmost order and that all is running smoothly at all times.

The post IBM WebSphere Application Server: Best Monitoring Tools in 2020 appeared first on AddictiveTips.

The 8 Best IP Scanners for Mac in 2020

We briefly review some of the best tools to scan IP addresses from Mac computers. We’ll explore the major feature of each tool, insisting on what makes each one unique.

There’s only one way one can know for sure what IP addresses are actually in use on a network. You need to try to connect to each one and see if it responds. It is a long, boring, and tedious task that is often done using the ping command. Ping has been around for ages and it is one of the best ways to test for connectivity to a given IP address. But if you have to scan an entire network with potentially hundreds of IP addresses, you’ll quickly realize that you’d be better off using a tool that does it for you. If you’re a Mac user who’s looking for a tool which automates the scanning of IP addresses, you’re at the right place. We’ve done much of the searching for you and we’re about to review some of the best IP scanners for the Mac OS X operating system.

We’ll begin by discussing IP address scanning in general. In particular, we’ll describe the different reasons for scanning IP addresses because, as much as it’s nice to know which IP addresses are in use, there has to be a point to doing it, an underlying reason. We will then have a deeper look at the ping utility. Although ping is not a scanning tool, it is at the base of many IP address scanning tools. Knowing what it can do and how it works could then prove to be valuable as we start reviewing the different tools.

The Need For IP Address Scanners

Apart from the pure fun of knowing what IP addresses are in use—in as much as there can be fun to it, there are several reasons one might want to scan IP addresses. The first one is security. Scanning IP addresses on a network will quickly discover unauthorized or rogue devices. They could be devices connected by malicious users to spy on your organization.

But even well-intentioned users can sometimes wreak havoc by connecting their personal devices. I vividly recall this user who prevented many of his colleagues from accessing the corporate network when he connected his home Internet router to it. He just needed a couple of extra ports to connect an additional test computer and thought he could use the switch built into his router. The problem is that the router started issuing IP addresses on its home subnet from its built-in DHCP server.

Other than security reasons, scanning IP addresses is also the first step of many IP address management processes. Although most IP address management (IPAM) tools will include some form of IP address scanning, several people do their IP address management manually. This is where IP address scanning tools can come in handy. And for those who don’t have an IP address management process in place, scanning IP addresses is even more important. It will often be the only way to ensure that there are no IP address conflicts and it can be seen as a rather crude way of pseudo-managing IP addresses.

Ping Explained

No matter why you want to scan IP addresses, most tools are based on ping so let’s have a look at this antique utility. Ping was created out of necessity back in 1983. Its developer needed a tool to help in debugging an abnormal network behaviour he was observing. The origin of the name is simple, it refers to the sound of sonar echoes as heard in submarines. Although it is present on almost every operating system, its implementation varies somewhat between platforms. Some versions are offering multiple command-line options which can include parameters such as the size of each request’s payload, the total test count, the network hops limit, or the interval between requests. Some systems have a companion Ping6 utility that serves the exact same purpose for IPv6 addresses.

Here’s a typical use of the ping command (the -c 5 option tells the command to run five times and then report on the results):

$ ping -c 5 www.example.com

PING www.example.com (93.184.216.34): 56 data bytes

64 bytes from 93.184.216.34: icmp_seq=0 ttl=56 time=11.632 ms

64 bytes from 93.184.216.34: icmp_seq=1 ttl=56 time=11.726 ms

64 bytes from 93.184.216.34: icmp_seq=2 ttl=56 time=10.683 ms

64 bytes from 93.184.216.34: icmp_seq=3 ttl=56 time=9.674 ms

64 bytes from 93.184.216.34: icmp_seq=4 ttl=56 time=11.127 ms

--- www.example.com ping statistics ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 9.674/10.968/11.726/0.748 ms

How Ping Works

Ping is a pretty simple utility. It simply sends ICMP echo request packets to the target and waits for it to send back an ICMP echo reply packet for each received packet. This is repeated a certain number of times—five by default under windows and until it is manually stopped by default under most other implementations—and it then compiles response statistics. It calculates the average delay between the requests and their respective replies and displays it in its results. On most *nix variants as well as on the Mac, it will also display the value of the replies’ TTL field, giving an indication of the number of hops between source and destination.

For ping to work, the pinged host must abide by RFC 1122 which specifies that any host must process ICMP echo requests and issue echo replies in return. Most hosts do reply but some disable that functionality for security reasons. Firewalls often block ICMP traffic too. Pinging a host which does not respond to ICMP echo requests will provide no feedback, exactly like pinging a non-existent IP address. To circumvent this, many IP address scanning tools use a different type of packet to check if an IP address is responding.

The Best IP Scanners For the Mac

Our selection of IP address scanning tools for the Mac includes both commercial software and free and open-source tools. Most of the tools are GUI-based although some are command-line utilities. Some are rather complex and complete tools while others are just simple extensions of the ping command to include some way of scanning a range of IP addresses without having to issue multiple commands or to write a scanning script. All these tools have one thing in common: they can all return a list of all the IP addresses that are responding within the scanned range.

1. Angry IP Scanner

Despite being deceptively simple Angry IP Scanner does exactly what one would expect and it makes extensive use of multithreading. This makes it one of the fastest tools of its kind. It is a free multi-platform tool which is not only available for Mac OS X but also for Windows or Linux. The tool is written in Java so you’ll need to have the Java runtime module installed to use it but this is pretty much its only drawback. This tool will not only ping IP addresses, but it will also optionally run a port scan on discovered hosts. It can also resolve IP addresses to hostnames and MAC addresses to vendor names. Furthermore, this tool can provide NetBIOS information about each responding host that supports it.

Angry IP Scanner Mac Screenshot

 

The Angry IP Scanner can not only scan complete networks and subnets but also an IP addresses range or a list of IP addresses from a text file. Although this is a GUI-based tool, it also comes with a command-line version that you can use if, for instance, you want to include the tool’s functionality in your own scripts. As for the scan results, they are by default displayed on the screen in table format but they can easily be exported to several file formats such as CSV or XML.

2. LanScan

LanScan from Iwaxx is available from the Apple app store. It’s a simple application that does just what its name implies: scan a LAN. It is a free, simple and efficient IPv4-only network scanner. It can discover all active devices on any subnet. It could be the local one or any other subnet that you specify. In fact, it is quite flexible when it comes to specifying what to scan and it can be as small as a single IP address and as large as a whole network.

LacScan Mac Screenshot

One unique characteristic of this product is how it will use ARP to scan a local subnet and use ping, SMB, and mDNS packets to scan external and public networks.

This product has several advanced features. It will, for instance, auto detect configured interfaces. It will also display the IP address, MAC address, hostname and interface card vendor associated with each discovered IP address. It will also discover SMB domains if they are in use and will do hostname resolution using either DNS, mDNS for Apple devices or SMB for Windows devices.

In-app purchase will let you upgrade the app to the pro version which has only one extra feature: it will display the full hostname of each discovered host. The free version will only display four full hostnames and the first 3 characters of the remaining ones.

3. IP Scanner For Macintosh

IP Scanner for Macintosh will scan your LAN to identify what IP addresses are in use and identify all computer and other devices on the network. The product is free for use on small home networks of up to six devices and paid Home and Pro versions are available for larger networks. The tool yields powerful results yet it is easy and intuitive to use. Local networks are scanned automatically and custom IP address ranges can be added and scanned manually

IP Scanner for Macintosh Screenshot

IP Scanner for Macintosh is designed to allow you to customize your scan results. Once a device has been identified, you may assign it a custom icon and name to more easily recognize it at a glance. The tool will let you sort the results list by device name, IP address, MAC address or Last Seen time stamp. It can also give you an overview of the current network or show you changes over time.

The results display is highly customizable and you can adjust columns, text size, bezel transparency, and more. Double-clicking a device gives you more information and allows you to customize its appearance. Right-clicking a device will let you initiate a ping sequence or run a port scan of it.

4. Nmap/Zenmap

Almost as old as ping, Nmap has been around for ages and it’s commonly used for mapping network–hence the name–and accomplish several other tasks. For instance, Nmap can be used to scan a range of IP addresses for responding hosts and open IP ports. This is a command-line utility but, for those who prefer graphical user interfaces, its developers have published Zenmap, a GUI front-end to this powerful software. Both packages can be installed on Mac OS X, Windows, Linux, and Unix.

Zenmap Screenshot

Using Zenmap, all the detailed search parameters can be saved in a profile that you can recall at will. The tool also comes with several built-in profiles that you can use as a starting point and modify to suit your exact needs. This can be less intimidating than creating new profiles from scratch. Profiles also control how the results of the scan are displayed. The interface’s first tab shows the raw output from the underlying nmap command while other tabs show an easier to understand interpretation of the raw data.

5. Masscan

Masscan claims to be the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second. Although we haven’t validated that this is true, it is clear that this is a fast tool, albeit a text-based one.

The results that are produced by Masscan are somewhat similar to those of nmap that we’ve just reviewed. However, it operates internally more like scanrand, unicornscan, and ZMap, and it uses asynchronous transmission. The major difference between this tool and the others is that it is simply faster than most other scanners. But it’s not only fast, it’s also more flexible, allowing arbitrary address ranges and port ranges.

Masscan is so fast in part because it uses a custom TCP/IP stack. This can create some issues, though. For instance, anything other than a simple port scan will cause a conflict with the local TCP/IP stack. You can circumvent this by either using the -S option to use a separate IP address or by configuring your operating system to firewall the ports that the tool uses. Although this is primarily a Linux tool, it is also available for Mac OS X. Its main drawback is the lack of a graphical user interface but this is largely compensated by the tool’s blazing speed.

6. ZMap

ZMap is a fast single packet network scanner developed at the University of Michigan and designed for Internet-wide network surveys. Perhaps not as much as the previous selection, this is also a fast tool. On a typical desktop computer with a gigabit ethernet connection, it is capable of scanning the entire public IPv4 address space in under 45 minutes. With a 10 gigabit connection and PF_RING, it can scan the IPv4 address space in under 5 minutes. Zmap is available for Mac OS X but also for Linux and for BSD. On a Mac, installation is simple through Homebrew.

The tool does not solely rely on ping to scan networks. It currently has fully implemented probe modules for TCP SYN scans, ICMP, DNS queries, UPnP, and BACNET. It can also send a large number of UDP probes. If you are looking to do more involved scans such as banner grab or TLS handshake, you might want to have a look at ZGrab, another project from the University of Michigan. This Zmap sibling can perform stateful application-layer handshakes. Like the previous entry, ZMap is essentially a text-based tool.

7. Fping

Fping was created as an improvement over ping, then one of the only network troubleshooting tool. It is a similar command-line tool yet it is quite different. Like ping, Fping uses ICMP echo requests to determine if the target hosts are responding but this is pretty much where the similarity ends. Unlike ping, Fping can be called with many target IP addresses. The targets can be specified as a space-delimited list of IP addresses. The utility can also be provided with the name of a text file containing a list of addresses. Finally, an IP address range can be specified or a subnet can be entered in CIDR notation such as 192.168.0.0/24.

Fping is relatively fast as it does not wait for a response before sending the next echo request, that way, it doesn’t lose time waiting for unresponsive IP addresses. Fping also has lots of command-line options that you can use. Since this is a command-line tool, you can pipe its output to another command for further processing. This tool can easily be installed on Mac OS X using Homebrew.

8. Hping

Hping is another free command-line tool derived from ping. It is available on Mac OS X as well as most Unix-like operating systems and Windows. Although it is no longer in active development, it is still in widespread use, a testament to how good a tool it is. The tool closely resembles ping but with several differences. For starters, Hping won’t only send ICMP echo requests. It can also send TCP, UDP or RAW-IP packets. It also features a traceroute mode and it has the ability to send files.

Although Hping can be used as an IP address scanning tool, it can do quite a bit more than that. The tool has some advanced ports scanning features. Thanks to its use of multiple protocols, it can also be used to perform basic network testing. This tool also has some advanced traceroute capabilities using any of the available protocols. This can be useful as some devices treat ICMP traffic differently from other traffic. By mimicking other protocols, this tool can give you a better evaluation of your network’s true, real-time performance.

The post The 8 Best IP Scanners for Mac in 2020 appeared first on AddictiveTips.

How to Install a VPN on LibreELEC (and Configure It)

At first glance, it doesn’t seem easy to install a VPN on LibreELEC, especially if you’re not already an expert on the platform. Today’s plain-language guide will walk you through the process of installing a VPN via Kodi’s VPN manager add-on, then configuring it for the fastest, most secure streams in mere minutes.

LibreELEC Logo

Using a VPN on LibreELEC is as necessary as it is on any other platform. Unfortunately, the operating system has very limited capabilities in terms of running external software, making this a complicated task. Thanks to a great little Kodi add-on, you can setup a VPN connection right from within Kodi, eliminating the need for external VPN client software. And with all good VPN suppliers using a standard protocol, this method works with all of them.

We’ll present the VPN Manager add-on and show you how to install it. And after installation, we’ll also show you how to configure it and, even more importantly, how to use it. We won’t assume you’re an expert, so we’ll round out our discussion by explaining what a VPN is, how it works and what it protects. And since you may not be familiar with LibreELEC, we’ll also take a brief overview of the service before we look at our VPN installation instructions.

A VPN Is Your Best Protection While Using Kodi

If your Internet Service provider suspects you might be violating their terms and condition, they can react by sending you copyright infringement notices, throttling down your speed, or worse, interrupting your service. To avoid such annoyances, we strongly suggest you use a VPN whenever you’re using Kodi.

Considering the number of VPN providers available, selecting one can be a challenge. There are several important factors to consider. Among them, a fast connection speed will prevent buffering, a no-logging policy will further protect your privacy, no usage restrictions will let you access any content at full speed and software that is available for multiple platforms will let you use the VPN from any device you may own.

The Best VPN for Kodi Is IPVanish

We’ve tested all the top VPNs and the one we recommend for Kodi users is IPVanish. With 1,300+ servers in over 60 countries throughout the world, zero speed caps or throttling, unlimited bandwidth, unrestricted traffic, a strict no-logging policy and client software available for most platforms, IPVanish has all you need. And the pièce de résistance? Unbreakable 256-bit AES encryption utterly obscures your data stream, preventing any and all third parties from ever brute forcing their way into your activity and history online.

Read our full IPVanish review.

EXCLUSIVE DEAL: AddictiveTips readers can save a massive 60% here on the IPVanish annual plan, taking the monthly price down to only $4.87/mo.

LibreELEC Quick Overview

LibreELEC is a fully-functional but minimalistic operating system created for one purpose only: Running Kodi on “limited” hardware. Based on Linux and originally intended specifically for the Raspberry Pi, it has since been ported to other single-board computers. Its name is short for “Libre Embedded Linux Entertainment Center“. Libre is French for free. Not free as in “no charge” but free as in “freedom”. LibreELEC is based on Linux although it is stripped of anything that is not necessary to run Kodi. The Operating system includes Kodi and it will boot right into it.

LibreELEC started in 2016 as a fork of OpenELEC, a similar operating system, when “creative differences” among the developers caused some of them to quit the project and start their own. Compared to its predecessor, LibreELEC is super easy it is to install on your device. Great care was taken in developing a software installer that hides most of the complexity of the process. Using the LibreELEC USB-SD creator software will allow you to be up and running without any issue in no time.

Advantages of LibreELEC

The main advantage of LibreELEC is that it doesn’t bloat the system on which it runs with all sorts of unnecessary modules and software. It has everything needed for Kodi–including Kodi itself–and nothing more. When you boot a device running LibreELEC, Linux starts automatically and, in fact, you can’t event exit Kodi and go back to the operating system.

The Problem with Installing a VPN on LibreELEC

So, how does one go about installing a VPN client on LibreELEC? As we saw, the minimalist OS can do nothing but run Kodi. There is no package installer under LibreELEC. There’s not even a way one could use a command prompt to enter commands to get and install an external package. And LibreELEC has no user interface anyways besides Kodi’s user interface. How then would we be able to configure a VPN and interact with the VPN client? An ideal solution, therefore, would have a VPN client running directly within Kodi.

The Solution – Installing the Zomboided VPN Manager Add-on

The great news is that such a solution exists. And it takes the form of–you might have guessed it–a Kodi add-on. It is called the Zomboided VPN Manager add-on. This add-on is compatible with most VPN suppliers as they pretty much all use standard protocols. From within the add-on, you’ll be able to select your VPN server, establish the VPN connection and disconnect it when you’re done.

Like many add-ons, installing the VPN Manager add-on is a multi-step process. You first need to install the appropriate repository. Then, from that repository, you can install the actual add-on. And to make things a bit more challenging, The repository must first be manually downloaded as it’s not available via a Kodi media source path like most others. But don’t worry, our detailed instructions should make this an easy process, albeit perhaps a bit more complicated.

Downloading the Repository and Transferring it to Your Media Player

The first step is to download the Zomboided repository installation file to your media player. For the sake of simplicity, let’s assume it is a Raspberry Pi. The process would be the same with any other device running LibreELEC.

But with LibreELEC having no user interface and even less a browser, how can this be done? This is why this is a tad more complex than usual. And you’ll need a USB Flash drive to do it.

First, insert the USB Flash Drive into your computer. Then, download the Zomboided Repository installation file from GitHub at by clicking this link.

When you click the link above, you’ll be asked to choose a download location. Our advice is to save it directly to the USB Flash drive. That will save you the trouble of copying it afterward.

The rest of the setup will be done from the LibreELEC media player device.

Installing the Zomboided Repository on LibreELEC

The first thing you need to do is to insert the USB Flash drive with the Zomboided Repo installation file into one of the Raspberry Pi’s USB port.

Then, from the Kodi home page, you need to go click Add-ons on the left pane and then click the Add-on Browser icon at the top left fo the screen. It is the one that looks like an open box.

Add-on Browser Icon

Then, from the Add-on browser screen, click Install from zip file.

Install from zip file

Navigate to the USB Flash drive and click repository.zomboided.plugins-1.0.0.zip to launch the installation of the repository.

Select Zip File

After a few seconds, a message at the top right of the screen confirms the repository installation.

Zomboided Repo Confirmation

Installing the VPN Manager from its Repository

From this step on, the rest of the installation process is fairly standard. You should still be on the add-on browser page. If you’re not, go back to it.

Now click Install from Repository.

Install from Repo

Click on Zomboided Add-on repository. They’re in alphabetical order so it should be one of the last on the list.

Zomboided Repo

Click Services and then click VPN Manager for OpenVPN.

Click VPN Manager

Click Install at the bottom right of the next window.

VPN Manager add-on screen

After a very short while, another message at the top right of the screen will confirm the successful installation of the add-on.

VPN Manager Install complete

Configuring and Using the Zomboided VPN Manager Add-on

You start the VPN Manager add-on by clicking its icon. You’ll find it by first clicking Add-ons on the left pane of the Kodi home screen, then Program adds-on. Upon startup, you’ll be greeted by the add-on’s main menu.

VPN Manager Home Screen

Before you can use the add-on, you must configure it with the proper parameters for your specific VPN provider. Let’s see how that is done.

From the main menu, click Add-on Settings.

VPN Manager Configuration

First, you need to configure your VPN Parameters. After making sure VPN Configuration is selected on the left pane, next to VPN Provider, click the arrows to cycle through the available VPN suppliers until your supplier is displayed.

Next, enter your username and password. You can leave the rest of the parameters set to their default value.

Then, you should click VPN Connections on the left pane

VPN Manager Connections

Click First VPN connection and you shall see the add-on start connecting to the VPN. Once the add-on connects, you will see a list of servers to connect to. Select your desired server. You’re now connected to the VPN.

If you want you can add connections to other servers. For instance, you could have one to a server in the US, one to a server in the UK, one to a server in Canada and switch from one connection to the other depending on where in the world you want to appear to be located.

And There’s Even More…

Another very interesting feature of the VPN Manager add-on is the Add-on filter.

VPN Manager Add-on Filter

From that screen, you can specify add-ons that don’t use a VPN so that the VPN connection automatically drops when you start them. You can also associate specific add-ons with specific VPN connections. That way, if you have one particular add-on that requires a VPN to a particular location, you can automate the connection.

Back to the add-on’s main menu, Let’s see what other options are available. They won’t need much explanation as they’re all pretty obvious. Display VPN Status is self-explanatory. So is Change or disconnect VPN connections. Cycle through primary VPN Connections will do just that and Pause add-on filtering is used to temporarily stop the add-on filter we just described.

What Is a VPN?

A VPN, or Virtual Private Network, is a mechanism used to increase the security and privacy of a network connection. It works by encrypting network traffic using advanced methods that preserve security and anonymity. They are used extensively in the corporate world where they secure connections between different locations. They’re also used to secure remote access to a compony’s network by remote employees. For generic, everyday use, several VPN suppliers have appeared in recent years offering a subscription-based VPN service.

How Do VPNs Work?

A VPN does its magic by building a virtual tunnel between the VPN client (usually running on your computer or device) and the VPN server running somewhere on your VPN provider’s network. Any network traffic going through the tunnel is encrypted in a complex manner. We’ll spare you all the technical details but, in a nutshell, traffic originating from your computer can only be decrypted by the VPN server and vice-versa.

If someone had the possibility to examine your traffic, (be it your ISP, your government, or local hackers) all they’d see is unknown data going between your computer and the VPN server. They wouldn’t be able to tell what that data is or where it’s going, beyond the VPN server.

Why Does One Need a VPN?

You know that someone with the possibility to examine your traffic we just mentioned? Well, that someone exists. In fact, several of them exist. Your Internet Service Provider could be one of them, looking at your traffic to ensure you don’t violate their terms and conditions. It could also be an ill-intentioned person sitting next to you at the coffee shop while you use your computer to do your online banking. Security and privacy are the main reasons why anyone would want to use a VPN. Don’t we all prefer to keep our things to ourselves?

RELATED READING: What to do if you’re a victim of identity theft

The other big advantage of a VPN is a side effect of the way they work. Whenever your network traffic goes through a VPN, the website or Internet resource you’re connecting to sees the traffic as coming from the VPN server you’re using and not from your computer. With many VPN suppliers offering multiple servers in different locations, this could be put to one’s advantage to bypass geographical restrictions. Say you’re in Spain and want to access a website that only allows access from within the USA. All you have to do is connect to a web server located in the USA and the websites you’re trying to access will “think” this is where you are.

Conclusion

If you’re a LibreELEC user and you want to use a VPN, there is a solution for you. The Zomboided VPN Manager add-on will work with most VPN suppliers and it works very well. Its installation and configuration might require a couple of extra steps, compared to most other add-ons, but it’s a small effort that brings great rewards.

Are you a LibreELEC user? Have you tried installing the Zomboided VPN Manager add-on? Did you encounter any issue? How would you describe your experience? We love to hear from our readers. Please, share your comments below.

Read How to Install a VPN on LibreELEC (and Configure It) by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Log Management Best Practices And Systems

Managing logs can be a complex endeavour. Not only does a typical organization generate a ton of them, but they do come from a variety of sources, each with a potentially different format and containing different information. To put a semblance of order into something that can quickly get chaotic, log management was invented. Today, we’re having a look at the log management best practices and systems. We hope that it will help you see clearly through this.

We’ll start off by a short description of log management. Then, we will dive right into the best practices of log management. We’ll explore whether you should use a ready-made system or do it yourself. We will also have a look at what—and what not—to monitor, followed by log security and retention as well as storage considerations. And before we review some of the best log management systems, we’ll have a look at the various management tasks, the review and maintenance of logs, the correlation of data sources, and some automation considerations.

About Log Management

Simply defined, a log is the automatically-produced and time-stamped documentation of an event relevant to a particular system. When an event takes place on a system, a log—or log entry—is generated. Different systems will generate logs for different events. As for log management, it generally refers to the processes and policies used to administer and facilitate the generation, transmission, analysis, and storage of log data. Log management typically implies a centralized system where logs from multiple sources are aggregated.

Log management is not just log collection, though. As the name implies, the management part is important. Once logs are received by the log management system, they are “translated” into a common format. It is necessary as different systems format logs differently and include different data in their logs. To make searching and event correlation easier, one of the purposes of log management systems is to ensure that all collected log entries are stored in a uniform format.

Talking about searching and even correlation, this is another major feature of most log management systems. The best log management systems feature a powerful search engine. It lets administrators zero-in on exactly what’s needed. Furthermore, event correlation will automatically group related events, even if they are from different sources.

Log Management Best Practices

Log management is a complex process, there’s not much we can do about it. With this complexity comes the risk of doing it wrong. To avoid that, we’ve compiled a list of some of the best practices of log management. Our goal is to give you as much information as possible in order to choose the best log management system for your needs but, more importantly, to get the most out of it.

Log Management System Or DIY?

For some reason, some people believe that they can manually implement a “log management system”. If you’re among these people, stop kidding yourself immediately. Although it is possible to implement some form of log management manually, the required efforts far outweigh what’s required to implement a true log management system. And with several free and open-source tools available, the argument of cost is not a valid one.

It almost always makes sense to use a managed logging solution that is built, supported, and scaled by a reputable vendor rather than building out a system on your own. With them, all you typically need to do is connect your sources and destinations and you’re ready to analyze system and application logs the easy way. You’ll be free to spend more time monitoring and logging rather than building out your logging infrastructure.

Knowing What To Monitor (And What Not)

Knowing what to log is important, but it is even more important to know what not to log. Just because you can log something doesn’t necessarily mean you should. Logging too much often does nothing more than making it harder to find data that actually matters. Furthermore, the extra volume of logs adds complexity and cost to your log storage and management processes. It is important to think ahead about what will and won’t be logged before starting to implement a log management platform. It will prevent costly mistakes and will allow you to better size your tool.

Consider carefully what you actually need to log. Production environments that are critical for compliance or for auditing purposes should most likely be logged. So should data that helps you troubleshoot performance problems, solve user-experience issues or monitor security-related events.

Conversely, there is stuff that you do not need to log like, for instance, test environments that are not an essential part of your business processes. There is also data that you will choose not log for compliance or security reasons. For example, if a user has enabled a do-not-track setting, you should not log data associated with that user.

Implementing A Log Security And Retention Policy

Logs may contain sensitive data. For that reason, you need to have a log security policy. It will be invaluable in, for instance, ensuring that sensitive data gets anonymized or encrypted. Also, the secure transport of log data to log management systems mandates the use of encrypted transport using TLS or HTTPS on the client and on the server side.

As for a retention policy, logs from different sources or systems might require different retention times. For instance, logs that are primarily used for troubleshooting may work with relatively short retention times such as a few days—or even a few hours. On the other hand, security-related logs or business transaction logs require longer retention times, often for regulatory compliance. Considering this, your retention policy should be flexible and adaptable, depending on the log source or type of log.

Log Storage Considerations

Keeping log data uses up valuable storage space. When planning the storage capacity for logs, you need to consider high load peaks. In most circumstance, the amount of log of data per day is relatively constant. It mainly depends on system utilization and/or the number of transactions per day. However, when something goes wrong, you can expect accelerated growth in the log volume. If your log storage has limits that you exceed, you could lose the latest logs. To mitigate this effect, the best log management systems use a cyclic buffer. It deletes the oldest data first before any storage limit is applied.

Also, log storage should have its own security policy. Most attackers will try to avoid or delete their traces in log files. To avoid that, you should ship logs in real-time to the central log storage—preferably off-site—and secure it. Thus, if an attacker has access to your infrastructure off-site logs will keep the evidence untampered.

Reviewing And Maintaining Logs

Log maintenance is an important part of log management, if not the most important part. Unmaintained logs can lead to longer troubleshooting, data exposure risks, and higher log storage costs. Review the logs generated by your systems and adjust the logging level to your needs. You should consider usability, operational and security aspects.

Make log level configurable

Some system logs are too verbose while others don’t provide enough information. Unfortunately, there isn’t always something you can do about it. Most systems provide adjustable log levels. They are the key to configure the verbosity of logs and ensuring that what has to be logged is and what is not important isn’t.

Inspect audit logs frequently

Acting on security issues is crucial. This is why one should always have an eye on logs. If your log management system doesn’t have that feature—many of them do, use external security tools such as auditd or OSSEC. They implement real-time log analysis and generate alert logs pointing to potential security issues. And in addition to that, you should define alerts on critical events in order to be notified quickly on any suspicious activity.

Correlate Data Sources

Logging is only one element of a global monitoring strategy. For truly effective monitoring, you need to complement log management with other types of monitoring like monitoring based on events, alerts and tracing. Doing that is the best way to get the whole picture of what’s going on at any point in time. While logs are good for providing high-definition detail on issues, this is most useful when you take some distance to look at the forest before zooming into the trees.

Log management doesn’t work well in a silo. Nothing does. You should most definitely complement it with other types of monitoring such as network monitoring, infrastructure monitoring, and more. And in an ideal world, your monitoring solution should be comprehensive enough to provide all your monitoring information in one place. Alternatively, it could integrate with other tools that provide this information. The goal here is to have, as much as possible, a single-pane view of the entire environment.

Log Management And Automation

Log management can help you catch issues early on thereby saving you and your team valuable time and energy. It can also help you find opportunities for automation. Most log management tools will let you set up custom alerts that trigger when something happens. Some will even let you set up automated actions to be initiated when these alerts are triggered. You should use as much automation as your management tool will allow. Despite the time you’ll spend setting up this automation, you’ll find that it was well worth it the first time you encounter an incident.

The Top 6 Log Management Tools

We’ve scoured the market trying to find the best log management tool. We’ve tried to put together a list which includes various types of tools. After all, everyone’s needs are different and the best tool for one is not necessarily the best for someone else.

1. SolarWinds Security Event Manager (FREE TRIAL)

SolarWinds is a common name in the field of network administration tools. It’s been around for about two decades and it has brought us some of the best bandwidth monitoring tools and NetFlow analyzers and collectors. The company is also well-known for publishing several free tools that address some specific needs of network administrators such as subnet calculator or a syslog server.

When it comes to log management, The company’s offering is now called the SolarWinds Security Event Manager. It was recently renamed from Log & Event Manager, probably to better reflect the fact that this is actually much more than just a log management system. Many of its advanced features put it in the Security Information and Event Management (SIEM) range. It has, for instance, real-time event correlation and real-time remediation, two SIEM-like features.

SolarWinds Security Event Manager Screenshot

Let’s have a look at some of the SolarWinds Security Event Manager’s main features. The tool can eliminate threats quickly using instantaneous detection of suspicious activity and automated responses. It can also perform security event investigation and forensics for mitigation and compliance. And talking about compliance, the product will allow you to demonstrate it, thanks to its audit-proven reporting for HIPAA, PCI DSS, and SOX, among others. This tool also has file integrity monitoring and USB device monitoring, two features that are way above what we commonly see in log management systems.

Prices for the SolarWinds Security Event Manager start at $4,585 for up to 30 monitored nodes. Licenses for up to 2500 nodes can be purchased making the product highly scalable. And if you want to verify hands-on that the product is right for you, a free, full-featured 30-day trial is available.

2. SolarWinds Papertrail (FREE PLAN AVAILABLE)

In second place, we have another great product called Papertrail, a recent acquisition by SolarWinds. Papertrail is a popular cloud-based log management system. It aggregates log files from a wide variety of popular products like Apache or MySQL as well as Ruby on Rails apps, different cloud hosting services and other standard text log files. Papertrail users can then use the web-based search interface or the command-line tools to search through these files to help diagnose bugs and performance issues. The tool also integrates with other SolarWinds products such as Librato and Geckoboard for graphing results.

SolarWinds Papertrail Dashboard

Papertrail is a cloud-based, software as a service (SaaS) offering from SolarWinds. It is easy to implement, use, and understand. And it will give you instant visibility across all systems in minutes. The tool has a very effective search engine that can search both stored and streaming logs. And it is lightning fast.

Papertrail is available under several plans including a free plan. It is somewhat limited, though, and only allows 100 MB of logs each month. It will, however, allow 16 GB of logs in the first month which is equivalent to giving you a free 30-day trial. Paid plans start at $7/month for 1GB/month of logs, 1 year of archive and 1 week of index. Noise filtering allows the tool to preserve data by not saving useless logs.

3. ManageEngine EventLog Analyzer

ManageEngine, another common name with network administrators, makes an excellent log management system called the ManageEngine EventLog Analyzer. The product will collect, manage, analyze, correlate, and search through the log data of over 700 sources using a combination of agentless and agent-based log collection as well as log import.

ManageEngine EventLog Analyzer

Speed is one of the ManageEngine EventLog Analyzer’s strength. It can processes log data at an impressive 25,000 logs/second and detect attacks in real-time. It can also perform fast forensic analysis to reduce the impact of a breach. The system’s auditing capabilities extend to the network perimeter devices’ logs, user activities, server account changes, user accesses, and more, helping you meet security auditing needs.

The ManageEngine EventLog Analyzer is available in a feature-reduced free edition which only supports 5 log sources or in a premium edition which starts at $595 and varies according to the number of devices and applications. A free, full-featured 30-day trial version is also available.

4. Ipswitch Log Management Suite

The Log Management Suite is a product from Ipswitch, the same company that brought us WhatsUp Gold, an immensely popular network monitoring tool. This is an automated tool which collects, stores, archives and saves system logs, Windows events, and W3C/IIC logs. Furthermore, its continuous log surveillance will alert you of any suspicious activity.

Ipswitch Log Management Suite

Frequently audited events such as access rights and file, folder and object privileges can be followed, generating alerts as needed and used to build compliance reports for HIPAA, SOX, FISMA, PCI, MiFID, or Basel II compliance. The tool can also help you transform your raw log data into meaningful data for managers or IT security teams, thanks to its automated filtering, correlating, reporting, and converting features.

Pricing information for the Log Management Suite is not readily available from Ipswitch. The product can be purchased either directly from the publisher or through Ipswitch’s reseller network. A free trial version is also available.

5. Alert Logic Log Manager

Alert Logic’s primary focus is on security and compliance. And since log management is closely related to both, it’s no surprise that the company offers the Alert Logic Log Manager. This cloud-based tool offers automated and unified log management across all your environments. It will collect, aggregate, and search log data from the cloud, server, application, security, and network assets.

Alert Logic Log Manage

The Alert Logic Log Manager includes log monitoring and analysis as well as log review which is done live by human analyzers. Alert Logic’s experts will alert you of possible threat activity 365 days a year. The service will also help meet the log review requirements of SOC 2, HIPAA, and SOX and offload the burden of reviewing logs and following up on events, to comply with PCI/DSS 10.6, 10.6.1, 10.6.3

Pricing information for the Alert Logic Log Manager is not readily available from the web and you’ll need to contact Alert Logic sales to get a formal quote. A free trial is also not available but a free demo can be arranged by contacting Alert Logic.

6. Nagios Log Server

You might already know Nagios as an excellent network monitoring package. Offered it a free and open-source as well as in a commercial version, the product has a solid reputation. For log management, Nagios‘ offering is called the Nagios Log Server. It is a complete package with centralized log management, monitoring, and analysis. This tool can simplify the process of searching your log data. It also lets you set alerts to be notified of potential threats Furthermore, the software has high availability and fail-over built right into it. Its easy source setup wizards can help you with configuring your servers and other devices to send their log data to the platform, allowing you to start monitoring your logs within minutes.

Nagios Log Server Real-Time Data

The Nagios Log Server provides easy correlation of log events across all logging sources in just a few clicks. The system will let you view log data in real-time, letting analyze and solve problems in real-time, as they occur. Another strength of the product is its impressive scalability. This tool keeps meeting your needs as your organization grows. If need be, additional Nagios Log Server instances can be added to a monitoring cluster, allowing you to quickly add more power, speed, storage, and reliability.

With all these features, one would expect a hefty price tag. It is not the case and the single-instance price for the Nagios Log Server is a very reasonable $3 995. Despite not offering a free trial, a free online demo is available, should you prefer to have a first-hand look at the product before making a purchase decision.

Read Log Management Best Practices And Systems by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Network Monitoring Best Practices And Tools to Use

Network monitoring is an essential part of any respectable corporate network. It is the best way to ensure that a watchful eye is kept on every element of the network, that usage trends are followed and that prompt response can be achieved whenever something goes wrong. However, setting up and maintaining a network monitoring system can be quite a challenge. This is why we’ve put together this post in which we discuss the network monitoring best practices. Our hope is to provide some guidance in your endeavour.

Let’s begin by introducing network monitoring. We can then jump right in and start discussing the best practices. From knowing your network, what to monitor, how, and why to the reasons for monitoring the network and how to choose the best platform, I think we have it covered from most angles. And to conclude, we’ll briefly review three of the very best network monitoring tools. It will give you an idea of what’s available and how the multiple available platforms differ.

About Network Monitoring

There’s a very simple reason why anyone would want to use network monitoring tools. More than anything, it has to do with the fact that we normally can’t see what’s going on inside the network. We’ve all seen networks compared to highways and data packets compared to cars using those highways. But there’s a big difference. The traffic on a highway is visible. You just have to look and you’ll see whether or not there’s congestion.

It’s not so simple with networks. Everything happens at the molecular level inside copper wires or optical fibers. And even if we could see the traffic going by, it is so fast that we wouldn’t be able to make any sense of it. Monitoring tools allow us to visualize the traffic and load levels of wired and wireless networks. Some of them are intended as surveillance tools while others are troubleshooting tools or even forensic investigation tools.

Network Monitoring Best Practices

Implementing Network Monitoring can be a complex and overwhelming endeavour. There are so many things to consider. We’ve put together a list of best practices you may want to follow when planning and deploying a network monitoring infrastructure. It will, hopefully, help you make sure you don’t overlook anything important or waste time on not so important tasks.

Knowing Your Network

Today’s networks tend to be very complex. Routers, switches, and other components connect user workstations to critical applications on local servers and even on the Internet. In addition, security and communications systems including firewalls, virtual private networks (VPNs), and spam and virus filters complicate things.

Before you begin, it is important to understand the composition and complexity of your network. With thousands of data points to monitor on a network, being able to access meaningful, accurate, and current information at any given time is critical. You need to feel confident that you know how your network operates from end to end. It is critical to know your network at all times.

A typical network includes the Internet, local area networks (LANs), wide area networks (WANs), virtual LANs (VLANs), wireless networks, and all the devices, and systems running on them. A network has internal and external users, including employees, customers, and partners. Modern networks are so complex that something WILL eventually go wrong. And with every component representing a potential point of failure, there’s a lot to monitor.

By monitoring network performance proactively and in real-time, you can spot problems and potential issues before they become emergencies. For instance, an overloaded server can be replaced or beefed up before it crashes if you’re notified in advance that its load is rapidly increasing and that a crash is all but imminent. Network monitoring will allow you to know the status of everything on your network without having to keep an eye on everything and to be able to take corrective action to minimize and, when necessary, quickly fix issues.

What You Should Monitor, Why, and How

A network is a mission-critical system. As such, it’s important to constantly have access to timely information about its health. Most importantly, you need to capture status information about network devices (routers, switches, etc.) and critical networked servers. As a network administrator, you also need to know that essential services (email, website, file transfer services, etc.) are available.

Let’s have a look as some elements of the network that we recommend you monitor and why. First and foremost, you want to monitor the availability of network devices. The reason is simple, they constitute the “plumbing” of the network and are essential to keep it running.

The next thing you need to monitor is the availability of all critical services on your network. Even small outages can have a huge negative impact. Loss of email, web server, or FTP server for even just an hour can shut a business down.

The amount of disk space in use on your critical servers is another important metric to monitor. After all, most applications require data storage. Furthermore, any suspicious behaviour in disk capacity could be a tell-tale sign of an issue with an application or system.

Bandwidth utilization is another very important metric to monitor. Just like storage space, network utilization has a tendency to always increase. Closely monitoring it will give you time to react if it ever approaches a critical level and, just like disk space usage, an unexpected and sudden increase could be an indication of an abnormal situation.

Another important metric to monitor is the average memory and processor utilization of your key devices and servers. It is a known fact that overutilization or memory saturation can have disastrous effects on the operation of most devices. For that reason, you’d rather see it coming.

It’s one thing to monitor a ton of metrics but it won’t help much is you have to sit and stare at a screen to ensure that none exceeds normal thresholds. When there are issues, you need to be alerted immediately. It could be done through audible alerts, on-screen displays, or emails and text messages automatically generated by your network monitoring solution. Alerts should be triggered when a problem occurs (such as threshold being approached) but ideally also when a new application or piece of equipment is brought online. Alerts should include information about the device, the issue, and the event that triggered it.

It is, however, important to generate only meaningful alerts and to minimize multiple alerts originating from the same event. For instance, you want to be able to configure your monitoring platform so that it doesn’t alert when scheduled maintenance downtime is initiated. And if access to many devices is lost because of a problem with an upstream router or switch, eliminating the dependent alerts lets you more efficiently diagnose the actual problem.

The Top Nine Reasons For Network Monitoring

1. Knowing what is happening

Network monitoring solutions keep you constantly aware of the operation and connectivity of the elements of your network. Without monitoring, you have to wait until someone tells you something is down before you can fix it.

2. Planning for upgrades or changes

If a device frequently goes down or if the bandwidth utilization of a specific segment is constantly nearing its limit, it may be time to for a replacement or an upgrade. Network monitoring lets you track this type of situation and plan required changes before the impact is felt by users.

3. Diagnosing problems

Suppose one of your servers is unreachable from the intranet. Network monitoring may help you determine if the problem is the server, the switch the server is connected to, or the router. Knowing exactly where the problem is saves you time.

4. Showing others what is going on

Reports—especially graphical ones—go a long way in demonstrating the health and activity levels of your network. They are the perfect tools in proving an SLA conformance or showing that a troublesome device needs attention.

5. Making sure your security systems are operating

Organizations spend a lot of resources on security software and hardware. A network monitoring solution will let you be sure that your security devices are up and running as configured at all times.

6. Keeping track of your customer-facing resources

Many devices on your network are actually nothing more than applications running on a server (HTTP, FTP, email, etc.). Network monitoring lets you watch these applications and make sure your customers can connect to the services that they need.

7. Ensuring customer satisfaction

When customers are depending on your network services for their business, you need to ensure they’re up and running at all times. You’d most likely rather know the moment a problem occurs and fix it before a customer finds out and gives you that angry phone call we all dread.

8. Keeping informed of your network status from anywhere

The best network monitoring platforms applications provide remote viewing and management from anywhere with an Internet connection using different types of devices. That way, if you’re away from the office and a problem crops up, you can still see what’s wrong.

9. Saving money

Although we’re listing this one last, some may think it should have been first. Network monitoring helps you cut down on the total amount of downtime and time it takes to investigate problems. This translates to fewer man-hours spent fixing issues and less lost revenue from downtime.

Choosing a Network Monitoring Solution

First and foremost, a good network monitoring solution should tell you what you need to know in real-time and from anywhere, anytime. Your monitoring solution should also be easy to use, quick to deploy, and offer a low total cost of ownership while still delivering all the features you need. You need a solution with comprehensive capabilities and second to none reliability.

Using network monitoring tools implies the monitoring of tons of network components and collecting tons of information. To make all this data easier to comprehend, a good monitoring solution should display it on some form of an administrator-friendly dashboard that could include a network map, report data, alerts, historical information, problem areas, and other useful information. This will not only make troubleshooting easier, but it will help leverage historical network data to understand trends in device usage, network usage, and overall network capacity.

As discussed earlier, alerts are important. However, just as you don’t want your alarm to go off on Saturday morning, you don’t want your network monitoring tool to alert you during a planned service period. The best systems will let you program your weekly maintenance schedule into the system so it can distinguish between planned and unplanned downtime, thereby reducing the number of false alarms.

Networks need to run 24/7 no matter what hours your employees work. Furthermore, your network generally stays put but your employees sometimes travel. No matter what, you should be able to access your network monitoring solution anywhere, anytime. Also, different users will need to access the system for different reasons. Not everyone should have access to the same level of information. Your monitoring solution should feature role-based views, letting you assign levels of permissions based on each user’s function in the organization.

Finally, a good network monitoring solution should support multiple methods of monitoring devices. SNMP (Simple Network Management Protocol) is a time-proven flexible technology that lets you manage and monitor the performance and usage of devices, troubleshoot problems, and better prepare for future network growth. Most network devices support SNMP, making it easy to monitor them using a solution that supports SNMP.

In the Windows world, WMI (Windows Management Instrumentation) is the standard for retrieving information from applications. WMI comes installed by default on SQL Server, Exchange, and Windows 2000, 2003, Vista, and XP systems. It is an important tool for monitoring network environments running Windows yet only a few network monitoring solutions currently include WMI monitoring among their capabilities.

The Top Three Network Monitoring Tools

There are literally dozens of network monitoring tools available. The short list we’ve assembled here is what we consider to be the best ones. Their features will give you a pretty good idea of what is available among the various tools. Each tool has a slightly different feature set so the best one for your specific purpose is a matter of personal preference.

1. SolarWinds Network Performance Monitor (Free Trial)

Many network administrators already know SolarWinds. After all, the company has been famous for a while for its excellent network administration tools and for publishing many free tools to accomplish specific tasks. SolarWinds’ flagship product is called the Network Performance Monitor, or NPM. It is a complete network monitoring solution that comes packed with a broad array of features.

The SolarWinds Network Performance Monitor polls network devices using the SNMP protocol and reads their interfaces’ counters and other meaningful metrics. It then stores the results in an SQL database and uses the polled data to build graphs showing each interface’s usage.

SolarWinds NPM Enterprise Dashboard

The software boasts a user-friendly GUI where adding a device is as simple as specifying its IP address or hostname and SNMP connection parameters–known as community strings. Once that is done, the tool queries the device to list all the SNMP parameters that are available. It is up to you to pick those you want to include on your graphs. A typical network switch or router, for example, will have traffic and error counters for each interface as well as CPU and memory utilization counters.

The Network Performance Monitor’s scalability is one of its best features. It will adapt to any network from the smallest of them up to large networks consisting of tens of thousands of devices and spread over multiple locations. And to make it even easier, upgrading licenses is a seamless process.

Another great feature of NPM is its ability to automatically build network maps and to display a visual representation of the critical path between two devices or services. This feature is invaluable when troubleshooting application access issues.

Price-wise, the SolarWinds Network Performance Monitor starts at just under $3 000 and goes up depending on the number of devices to monitor. Ideally, you should contact the SolarWinds sales team for a detailed quote. Should you want to try the product before buying it, a free 30-day trial is available, as it is for most non-free SolarWinds products.

2. PRTG Network Monitor

PRTG or, more precisely, the PRTG Network Monitor is another excellent monitoring platform from Paessler A.G. It is an enterprise-grade product which Paessler claims to be the easiest and fastest to set up. According to the company, PRTG can be set up and you can start monitoring within a couple of minutes. Your experience may vary and we certainly spent a bit more than that but it’s still very easy and very quick to set up, thanks in part to its auto-discovery feature that will find your networking equipment and automatically add it to the system.

PRTG Screenshot

PRTG is not only easy to install. The product is also feature-rich. For instance, it comes with a few different user interfaces. You have the choice between a Windows enterprise console, an Ajax-based web interface, and mobile apps for Android and iOS. Furthermore, the mobile apps fully exploit their respective platform’s capabilities and can, for instance, scan QR codes affixed to equipment to quickly access their graphs.

The PRTG Network Monitor can be obtained directly from its website. You’ll need to choose between two download options. There’s the free version which is full-featured but will limit your monitoring ability to 100 sensors or the free 30-day trial version which is unlimited but will revert to the free version once the trial period ends. Each monitored parameter counts as one sensor. For example, monitoring bandwidth on each port of a 48-port switch uses up 48 sensors.

3. ManageEngine OpManager

OpManager from ManageEngine—yet another top-of-the-line maker of network management tools—is our next selection. The tool runs on either Windows or Linux and boasts many great features, Among them, there is an auto-discovery feature that can map your network and display it on its dashboard. The miniature, colour-coded graphs shown at the top of each page are also a great feature of the product.

ManageEngine OpManager Dashboard

Back to the ManageEngine OpManager’s dashboard, it is super easy to use and navigate and it has drill-down functionality. If you are so inclined, there are also apps for tablets and smartphones that will let you access the system from anywhere. This is an overall very polished and professional product.

A free version of the ManageEngine OpManager is available should you want to try it before purchasing. This a truly free version and not a free trial. It is, however, limited and will let you monitor no more than ten devices. If you manage a tiny network, perhaps you can get by with the free version. As for paid versions, you can choose the Essential or the Enterprise plans. The first will let you monitor up to 1,000 nodes while the other goes up to 10,000.

Read Network Monitoring Best Practices And Tools to Use by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter