Log Management Best Practices And Systems

Managing logs can be a complex endeavour. Not only does a typical organization generate a ton of them, but they do come from a variety of sources, each with a potentially different format and containing different information. To put a semblance of order into something that can quickly get chaotic, log management was invented. Today, we’re having a look at the log management best practices and systems. We hope that it will help you see clearly through this.

We’ll start off by a short description of log management. Then, we will dive right into the best practices of log management. We’ll explore whether you should use a ready-made system or do it yourself. We will also have a look at what—and what not—to monitor, followed by log security and retention as well as storage considerations. And before we review some of the best log management systems, we’ll have a look at the various management tasks, the review and maintenance of logs, the correlation of data sources, and some automation considerations.

About Log Management

Simply defined, a log is the automatically-produced and time-stamped documentation of an event relevant to a particular system. When an event takes place on a system, a log—or log entry—is generated. Different systems will generate logs for different events. As for log management, it generally refers to the processes and policies used to administer and facilitate the generation, transmission, analysis, and storage of log data. Log management typically implies a centralized system where logs from multiple sources are aggregated.

Log management is not just log collection, though. As the name implies, the management part is important. Once logs are received by the log management system, they are “translated” into a common format. It is necessary as different systems format logs differently and include different data in their logs. To make searching and event correlation easier, one of the purposes of log management systems is to ensure that all collected log entries are stored in a uniform format.

Talking about searching and even correlation, this is another major feature of most log management systems. The best log management systems feature a powerful search engine. It lets administrators zero-in on exactly what’s needed. Furthermore, event correlation will automatically group related events, even if they are from different sources.

Log Management Best Practices

Log management is a complex process, there’s not much we can do about it. With this complexity comes the risk of doing it wrong. To avoid that, we’ve compiled a list of some of the best practices of log management. Our goal is to give you as much information as possible in order to choose the best log management system for your needs but, more importantly, to get the most out of it.

Log Management System Or DIY?

For some reason, some people believe that they can manually implement a “log management system”. If you’re among these people, stop kidding yourself immediately. Although it is possible to implement some form of log management manually, the required efforts far outweigh what’s required to implement a true log management system. And with several free and open-source tools available, the argument of cost is not a valid one.

It almost always makes sense to use a managed logging solution that is built, supported, and scaled by a reputable vendor rather than building out a system on your own. With them, all you typically need to do is connect your sources and destinations and you’re ready to analyze system and application logs the easy way. You’ll be free to spend more time monitoring and logging rather than building out your logging infrastructure.

Knowing What To Monitor (And What Not)

Knowing what to log is important, but it is even more important to know what not to log. Just because you can log something doesn’t necessarily mean you should. Logging too much often does nothing more than making it harder to find data that actually matters. Furthermore, the extra volume of logs adds complexity and cost to your log storage and management processes. It is important to think ahead about what will and won’t be logged before starting to implement a log management platform. It will prevent costly mistakes and will allow you to better size your tool.

Consider carefully what you actually need to log. Production environments that are critical for compliance or for auditing purposes should most likely be logged. So should data that helps you troubleshoot performance problems, solve user-experience issues or monitor security-related events.

Conversely, there is stuff that you do not need to log like, for instance, test environments that are not an essential part of your business processes. There is also data that you will choose not log for compliance or security reasons. For example, if a user has enabled a do-not-track setting, you should not log data associated with that user.

Implementing A Log Security And Retention Policy

Logs may contain sensitive data. For that reason, you need to have a log security policy. It will be invaluable in, for instance, ensuring that sensitive data gets anonymized or encrypted. Also, the secure transport of log data to log management systems mandates the use of encrypted transport using TLS or HTTPS on the client and on the server side.

As for a retention policy, logs from different sources or systems might require different retention times. For instance, logs that are primarily used for troubleshooting may work with relatively short retention times such as a few days—or even a few hours. On the other hand, security-related logs or business transaction logs require longer retention times, often for regulatory compliance. Considering this, your retention policy should be flexible and adaptable, depending on the log source or type of log.

Log Storage Considerations

Keeping log data uses up valuable storage space. When planning the storage capacity for logs, you need to consider high load peaks. In most circumstance, the amount of log of data per day is relatively constant. It mainly depends on system utilization and/or the number of transactions per day. However, when something goes wrong, you can expect accelerated growth in the log volume. If your log storage has limits that you exceed, you could lose the latest logs. To mitigate this effect, the best log management systems use a cyclic buffer. It deletes the oldest data first before any storage limit is applied.

Also, log storage should have its own security policy. Most attackers will try to avoid or delete their traces in log files. To avoid that, you should ship logs in real-time to the central log storage—preferably off-site—and secure it. Thus, if an attacker has access to your infrastructure off-site logs will keep the evidence untampered.

Reviewing And Maintaining Logs

Log maintenance is an important part of log management, if not the most important part. Unmaintained logs can lead to longer troubleshooting, data exposure risks, and higher log storage costs. Review the logs generated by your systems and adjust the logging level to your needs. You should consider usability, operational and security aspects.

Make log level configurable

Some system logs are too verbose while others don’t provide enough information. Unfortunately, there isn’t always something you can do about it. Most systems provide adjustable log levels. They are the key to configure the verbosity of logs and ensuring that what has to be logged is and what is not important isn’t.

Inspect audit logs frequently

Acting on security issues is crucial. This is why one should always have an eye on logs. If your log management system doesn’t have that feature—many of them do, use external security tools such as auditd or OSSEC. They implement real-time log analysis and generate alert logs pointing to potential security issues. And in addition to that, you should define alerts on critical events in order to be notified quickly on any suspicious activity.

Correlate Data Sources

Logging is only one element of a global monitoring strategy. For truly effective monitoring, you need to complement log management with other types of monitoring like monitoring based on events, alerts and tracing. Doing that is the best way to get the whole picture of what’s going on at any point in time. While logs are good for providing high-definition detail on issues, this is most useful when you take some distance to look at the forest before zooming into the trees.

Log management doesn’t work well in a silo. Nothing does. You should most definitely complement it with other types of monitoring such as network monitoring, infrastructure monitoring, and more. And in an ideal world, your monitoring solution should be comprehensive enough to provide all your monitoring information in one place. Alternatively, it could integrate with other tools that provide this information. The goal here is to have, as much as possible, a single-pane view of the entire environment.

Log Management And Automation

Log management can help you catch issues early on thereby saving you and your team valuable time and energy. It can also help you find opportunities for automation. Most log management tools will let you set up custom alerts that trigger when something happens. Some will even let you set up automated actions to be initiated when these alerts are triggered. You should use as much automation as your management tool will allow. Despite the time you’ll spend setting up this automation, you’ll find that it was well worth it the first time you encounter an incident.

The Top 6 Log Management Tools

We’ve scoured the market trying to find the best log management tool. We’ve tried to put together a list which includes various types of tools. After all, everyone’s needs are different and the best tool for one is not necessarily the best for someone else.

1. SolarWinds Security Event Manager (FREE TRIAL)

SolarWinds is a common name in the field of network administration tools. It’s been around for about two decades and it has brought us some of the best bandwidth monitoring tools and NetFlow analyzers and collectors. The company is also well-known for publishing several free tools that address some specific needs of network administrators such as subnet calculator or a syslog server.

When it comes to log management, The company’s offering is now called the SolarWinds Security Event Manager. It was recently renamed from Log & Event Manager, probably to better reflect the fact that this is actually much more than just a log management system. Many of its advanced features put it in the Security Information and Event Management (SIEM) range. It has, for instance, real-time event correlation and real-time remediation, two SIEM-like features.

SolarWinds Security Event Manager Screenshot

Let’s have a look at some of the SolarWinds Security Event Manager’s main features. The tool can eliminate threats quickly using instantaneous detection of suspicious activity and automated responses. It can also perform security event investigation and forensics for mitigation and compliance. And talking about compliance, the product will allow you to demonstrate it, thanks to its audit-proven reporting for HIPAA, PCI DSS, and SOX, among others. This tool also has file integrity monitoring and USB device monitoring, two features that are way above what we commonly see in log management systems.

Prices for the SolarWinds Security Event Manager start at $4,585 for up to 30 monitored nodes. Licenses for up to 2500 nodes can be purchased making the product highly scalable. And if you want to verify hands-on that the product is right for you, a free, full-featured 30-day trial is available.

2. SolarWinds Papertrail (FREE PLAN AVAILABLE)

In second place, we have another great product called Papertrail, a recent acquisition by SolarWinds. Papertrail is a popular cloud-based log management system. It aggregates log files from a wide variety of popular products like Apache or MySQL as well as Ruby on Rails apps, different cloud hosting services and other standard text log files. Papertrail users can then use the web-based search interface or the command-line tools to search through these files to help diagnose bugs and performance issues. The tool also integrates with other SolarWinds products such as Librato and Geckoboard for graphing results.

SolarWinds Papertrail Dashboard

Papertrail is a cloud-based, software as a service (SaaS) offering from SolarWinds. It is easy to implement, use, and understand. And it will give you instant visibility across all systems in minutes. The tool has a very effective search engine that can search both stored and streaming logs. And it is lightning fast.

Papertrail is available under several plans including a free plan. It is somewhat limited, though, and only allows 100 MB of logs each month. It will, however, allow 16 GB of logs in the first month which is equivalent to giving you a free 30-day trial. Paid plans start at $7/month for 1GB/month of logs, 1 year of archive and 1 week of index. Noise filtering allows the tool to preserve data by not saving useless logs.

3. ManageEngine EventLog Analyzer

ManageEngine, another common name with network administrators, makes an excellent log management system called the ManageEngine EventLog Analyzer. The product will collect, manage, analyze, correlate, and search through the log data of over 700 sources using a combination of agentless and agent-based log collection as well as log import.

ManageEngine EventLog Analyzer

Speed is one of the ManageEngine EventLog Analyzer’s strength. It can processes log data at an impressive 25,000 logs/second and detect attacks in real-time. It can also perform fast forensic analysis to reduce the impact of a breach. The system’s auditing capabilities extend to the network perimeter devices’ logs, user activities, server account changes, user accesses, and more, helping you meet security auditing needs.

The ManageEngine EventLog Analyzer is available in a feature-reduced free edition which only supports 5 log sources or in a premium edition which starts at $595 and varies according to the number of devices and applications. A free, full-featured 30-day trial version is also available.

4. Ipswitch Log Management Suite

The Log Management Suite is a product from Ipswitch, the same company that brought us WhatsUp Gold, an immensely popular network monitoring tool. This is an automated tool which collects, stores, archives and saves system logs, Windows events, and W3C/IIC logs. Furthermore, its continuous log surveillance will alert you of any suspicious activity.

Ipswitch Log Management Suite

Frequently audited events such as access rights and file, folder and object privileges can be followed, generating alerts as needed and used to build compliance reports for HIPAA, SOX, FISMA, PCI, MiFID, or Basel II compliance. The tool can also help you transform your raw log data into meaningful data for managers or IT security teams, thanks to its automated filtering, correlating, reporting, and converting features.

Pricing information for the Log Management Suite is not readily available from Ipswitch. The product can be purchased either directly from the publisher or through Ipswitch’s reseller network. A free trial version is also available.

5. Alert Logic Log Manager

Alert Logic’s primary focus is on security and compliance. And since log management is closely related to both, it’s no surprise that the company offers the Alert Logic Log Manager. This cloud-based tool offers automated and unified log management across all your environments. It will collect, aggregate, and search log data from the cloud, server, application, security, and network assets.

Alert Logic Log Manage

The Alert Logic Log Manager includes log monitoring and analysis as well as log review which is done live by human analyzers. Alert Logic’s experts will alert you of possible threat activity 365 days a year. The service will also help meet the log review requirements of SOC 2, HIPAA, and SOX and offload the burden of reviewing logs and following up on events, to comply with PCI/DSS 10.6, 10.6.1, 10.6.3

Pricing information for the Alert Logic Log Manager is not readily available from the web and you’ll need to contact Alert Logic sales to get a formal quote. A free trial is also not available but a free demo can be arranged by contacting Alert Logic.

6. Nagios Log Server

You might already know Nagios as an excellent network monitoring package. Offered it a free and open-source as well as in a commercial version, the product has a solid reputation. For log management, Nagios‘ offering is called the Nagios Log Server. It is a complete package with centralized log management, monitoring, and analysis. This tool can simplify the process of searching your log data. It also lets you set alerts to be notified of potential threats Furthermore, the software has high availability and fail-over built right into it. Its easy source setup wizards can help you with configuring your servers and other devices to send their log data to the platform, allowing you to start monitoring your logs within minutes.

Nagios Log Server Real-Time Data

The Nagios Log Server provides easy correlation of log events across all logging sources in just a few clicks. The system will let you view log data in real-time, letting analyze and solve problems in real-time, as they occur. Another strength of the product is its impressive scalability. This tool keeps meeting your needs as your organization grows. If need be, additional Nagios Log Server instances can be added to a monitoring cluster, allowing you to quickly add more power, speed, storage, and reliability.

With all these features, one would expect a hefty price tag. It is not the case and the single-instance price for the Nagios Log Server is a very reasonable $3 995. Despite not offering a free trial, a free online demo is available, should you prefer to have a first-hand look at the product before making a purchase decision.

Read Log Management Best Practices And Systems by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Network Monitoring Best Practices And Tools to Use

Network monitoring is an essential part of any respectable corporate network. It is the best way to ensure that a watchful eye is kept on every element of the network, that usage trends are followed and that prompt response can be achieved whenever something goes wrong. However, setting up and maintaining a network monitoring system can be quite a challenge. This is why we’ve put together this post in which we discuss the network monitoring best practices. Our hope is to provide some guidance in your endeavour.

Let’s begin by introducing network monitoring. We can then jump right in and start discussing the best practices. From knowing your network, what to monitor, how, and why to the reasons for monitoring the network and how to choose the best platform, I think we have it covered from most angles. And to conclude, we’ll briefly review three of the very best network monitoring tools. It will give you an idea of what’s available and how the multiple available platforms differ.

About Network Monitoring

There’s a very simple reason why anyone would want to use network monitoring tools. More than anything, it has to do with the fact that we normally can’t see what’s going on inside the network. We’ve all seen networks compared to highways and data packets compared to cars using those highways. But there’s a big difference. The traffic on a highway is visible. You just have to look and you’ll see whether or not there’s congestion.

It’s not so simple with networks. Everything happens at the molecular level inside copper wires or optical fibers. And even if we could see the traffic going by, it is so fast that we wouldn’t be able to make any sense of it. Monitoring tools allow us to visualize the traffic and load levels of wired and wireless networks. Some of them are intended as surveillance tools while others are troubleshooting tools or even forensic investigation tools.

Network Monitoring Best Practices

Implementing Network Monitoring can be a complex and overwhelming endeavour. There are so many things to consider. We’ve put together a list of best practices you may want to follow when planning and deploying a network monitoring infrastructure. It will, hopefully, help you make sure you don’t overlook anything important or waste time on not so important tasks.

Knowing Your Network

Today’s networks tend to be very complex. Routers, switches, and other components connect user workstations to critical applications on local servers and even on the Internet. In addition, security and communications systems including firewalls, virtual private networks (VPNs), and spam and virus filters complicate things.

Before you begin, it is important to understand the composition and complexity of your network. With thousands of data points to monitor on a network, being able to access meaningful, accurate, and current information at any given time is critical. You need to feel confident that you know how your network operates from end to end. It is critical to know your network at all times.

A typical network includes the Internet, local area networks (LANs), wide area networks (WANs), virtual LANs (VLANs), wireless networks, and all the devices, and systems running on them. A network has internal and external users, including employees, customers, and partners. Modern networks are so complex that something WILL eventually go wrong. And with every component representing a potential point of failure, there’s a lot to monitor.

By monitoring network performance proactively and in real-time, you can spot problems and potential issues before they become emergencies. For instance, an overloaded server can be replaced or beefed up before it crashes if you’re notified in advance that its load is rapidly increasing and that a crash is all but imminent. Network monitoring will allow you to know the status of everything on your network without having to keep an eye on everything and to be able to take corrective action to minimize and, when necessary, quickly fix issues.

What You Should Monitor, Why, and How

A network is a mission-critical system. As such, it’s important to constantly have access to timely information about its health. Most importantly, you need to capture status information about network devices (routers, switches, etc.) and critical networked servers. As a network administrator, you also need to know that essential services (email, website, file transfer services, etc.) are available.

Let’s have a look as some elements of the network that we recommend you monitor and why. First and foremost, you want to monitor the availability of network devices. The reason is simple, they constitute the “plumbing” of the network and are essential to keep it running.

The next thing you need to monitor is the availability of all critical services on your network. Even small outages can have a huge negative impact. Loss of email, web server, or FTP server for even just an hour can shut a business down.

The amount of disk space in use on your critical servers is another important metric to monitor. After all, most applications require data storage. Furthermore, any suspicious behaviour in disk capacity could be a tell-tale sign of an issue with an application or system.

Bandwidth utilization is another very important metric to monitor. Just like storage space, network utilization has a tendency to always increase. Closely monitoring it will give you time to react if it ever approaches a critical level and, just like disk space usage, an unexpected and sudden increase could be an indication of an abnormal situation.

Another important metric to monitor is the average memory and processor utilization of your key devices and servers. It is a known fact that overutilization or memory saturation can have disastrous effects on the operation of most devices. For that reason, you’d rather see it coming.

It’s one thing to monitor a ton of metrics but it won’t help much is you have to sit and stare at a screen to ensure that none exceeds normal thresholds. When there are issues, you need to be alerted immediately. It could be done through audible alerts, on-screen displays, or emails and text messages automatically generated by your network monitoring solution. Alerts should be triggered when a problem occurs (such as threshold being approached) but ideally also when a new application or piece of equipment is brought online. Alerts should include information about the device, the issue, and the event that triggered it.

It is, however, important to generate only meaningful alerts and to minimize multiple alerts originating from the same event. For instance, you want to be able to configure your monitoring platform so that it doesn’t alert when scheduled maintenance downtime is initiated. And if access to many devices is lost because of a problem with an upstream router or switch, eliminating the dependent alerts lets you more efficiently diagnose the actual problem.

The Top Nine Reasons For Network Monitoring

1. Knowing what is happening

Network monitoring solutions keep you constantly aware of the operation and connectivity of the elements of your network. Without monitoring, you have to wait until someone tells you something is down before you can fix it.

2. Planning for upgrades or changes

If a device frequently goes down or if the bandwidth utilization of a specific segment is constantly nearing its limit, it may be time to for a replacement or an upgrade. Network monitoring lets you track this type of situation and plan required changes before the impact is felt by users.

3. Diagnosing problems

Suppose one of your servers is unreachable from the intranet. Network monitoring may help you determine if the problem is the server, the switch the server is connected to, or the router. Knowing exactly where the problem is saves you time.

4. Showing others what is going on

Reports—especially graphical ones—go a long way in demonstrating the health and activity levels of your network. They are the perfect tools in proving an SLA conformance or showing that a troublesome device needs attention.

5. Making sure your security systems are operating

Organizations spend a lot of resources on security software and hardware. A network monitoring solution will let you be sure that your security devices are up and running as configured at all times.

6. Keeping track of your customer-facing resources

Many devices on your network are actually nothing more than applications running on a server (HTTP, FTP, email, etc.). Network monitoring lets you watch these applications and make sure your customers can connect to the services that they need.

7. Ensuring customer satisfaction

When customers are depending on your network services for their business, you need to ensure they’re up and running at all times. You’d most likely rather know the moment a problem occurs and fix it before a customer finds out and gives you that angry phone call we all dread.

8. Keeping informed of your network status from anywhere

The best network monitoring platforms applications provide remote viewing and management from anywhere with an Internet connection using different types of devices. That way, if you’re away from the office and a problem crops up, you can still see what’s wrong.

9. Saving money

Although we’re listing this one last, some may think it should have been first. Network monitoring helps you cut down on the total amount of downtime and time it takes to investigate problems. This translates to fewer man-hours spent fixing issues and less lost revenue from downtime.

Choosing a Network Monitoring Solution

First and foremost, a good network monitoring solution should tell you what you need to know in real-time and from anywhere, anytime. Your monitoring solution should also be easy to use, quick to deploy, and offer a low total cost of ownership while still delivering all the features you need. You need a solution with comprehensive capabilities and second to none reliability.

Using network monitoring tools implies the monitoring of tons of network components and collecting tons of information. To make all this data easier to comprehend, a good monitoring solution should display it on some form of an administrator-friendly dashboard that could include a network map, report data, alerts, historical information, problem areas, and other useful information. This will not only make troubleshooting easier, but it will help leverage historical network data to understand trends in device usage, network usage, and overall network capacity.

As discussed earlier, alerts are important. However, just as you don’t want your alarm to go off on Saturday morning, you don’t want your network monitoring tool to alert you during a planned service period. The best systems will let you program your weekly maintenance schedule into the system so it can distinguish between planned and unplanned downtime, thereby reducing the number of false alarms.

Networks need to run 24/7 no matter what hours your employees work. Furthermore, your network generally stays put but your employees sometimes travel. No matter what, you should be able to access your network monitoring solution anywhere, anytime. Also, different users will need to access the system for different reasons. Not everyone should have access to the same level of information. Your monitoring solution should feature role-based views, letting you assign levels of permissions based on each user’s function in the organization.

Finally, a good network monitoring solution should support multiple methods of monitoring devices. SNMP (Simple Network Management Protocol) is a time-proven flexible technology that lets you manage and monitor the performance and usage of devices, troubleshoot problems, and better prepare for future network growth. Most network devices support SNMP, making it easy to monitor them using a solution that supports SNMP.

In the Windows world, WMI (Windows Management Instrumentation) is the standard for retrieving information from applications. WMI comes installed by default on SQL Server, Exchange, and Windows 2000, 2003, Vista, and XP systems. It is an important tool for monitoring network environments running Windows yet only a few network monitoring solutions currently include WMI monitoring among their capabilities.

The Top Three Network Monitoring Tools

There are literally dozens of network monitoring tools available. The short list we’ve assembled here is what we consider to be the best ones. Their features will give you a pretty good idea of what is available among the various tools. Each tool has a slightly different feature set so the best one for your specific purpose is a matter of personal preference.

1. SolarWinds Network Performance Monitor (Free Trial)

Many network administrators already know SolarWinds. After all, the company has been famous for a while for its excellent network administration tools and for publishing many free tools to accomplish specific tasks. SolarWinds’ flagship product is called the Network Performance Monitor, or NPM. It is a complete network monitoring solution that comes packed with a broad array of features.

The SolarWinds Network Performance Monitor polls network devices using the SNMP protocol and reads their interfaces’ counters and other meaningful metrics. It then stores the results in an SQL database and uses the polled data to build graphs showing each interface’s usage.

SolarWinds NPM Enterprise Dashboard

The software boasts a user-friendly GUI where adding a device is as simple as specifying its IP address or hostname and SNMP connection parameters–known as community strings. Once that is done, the tool queries the device to list all the SNMP parameters that are available. It is up to you to pick those you want to include on your graphs. A typical network switch or router, for example, will have traffic and error counters for each interface as well as CPU and memory utilization counters.

The Network Performance Monitor’s scalability is one of its best features. It will adapt to any network from the smallest of them up to large networks consisting of tens of thousands of devices and spread over multiple locations. And to make it even easier, upgrading licenses is a seamless process.

Another great feature of NPM is its ability to automatically build network maps and to display a visual representation of the critical path between two devices or services. This feature is invaluable when troubleshooting application access issues.

Price-wise, the SolarWinds Network Performance Monitor starts at just under $3 000 and goes up depending on the number of devices to monitor. Ideally, you should contact the SolarWinds sales team for a detailed quote. Should you want to try the product before buying it, a free 30-day trial is available, as it is for most non-free SolarWinds products.

2. PRTG Network Monitor

PRTG or, more precisely, the PRTG Network Monitor is another excellent monitoring platform from Paessler A.G. It is an enterprise-grade product which Paessler claims to be the easiest and fastest to set up. According to the company, PRTG can be set up and you can start monitoring within a couple of minutes. Your experience may vary and we certainly spent a bit more than that but it’s still very easy and very quick to set up, thanks in part to its auto-discovery feature that will find your networking equipment and automatically add it to the system.

PRTG Screenshot

PRTG is not only easy to install. The product is also feature-rich. For instance, it comes with a few different user interfaces. You have the choice between a Windows enterprise console, an Ajax-based web interface, and mobile apps for Android and iOS. Furthermore, the mobile apps fully exploit their respective platform’s capabilities and can, for instance, scan QR codes affixed to equipment to quickly access their graphs.

The PRTG Network Monitor can be obtained directly from its website. You’ll need to choose between two download options. There’s the free version which is full-featured but will limit your monitoring ability to 100 sensors or the free 30-day trial version which is unlimited but will revert to the free version once the trial period ends. Each monitored parameter counts as one sensor. For example, monitoring bandwidth on each port of a 48-port switch uses up 48 sensors.

3. ManageEngine OpManager

OpManager from ManageEngine—yet another top-of-the-line maker of network management tools—is our next selection. The tool runs on either Windows or Linux and boasts many great features, Among them, there is an auto-discovery feature that can map your network and display it on its dashboard. The miniature, colour-coded graphs shown at the top of each page are also a great feature of the product.

ManageEngine OpManager Dashboard

Back to the ManageEngine OpManager’s dashboard, it is super easy to use and navigate and it has drill-down functionality. If you are so inclined, there are also apps for tablets and smartphones that will let you access the system from anywhere. This is an overall very polished and professional product.

A free version of the ManageEngine OpManager is available should you want to try it before purchasing. This a truly free version and not a free trial. It is, however, limited and will let you monitor no more than ten devices. If you manage a tiny network, perhaps you can get by with the free version. As for paid versions, you can choose the Essential or the Enterprise plans. The first will let you monitor up to 1,000 nodes while the other goes up to 10,000.

Read Network Monitoring Best Practices And Tools to Use by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Best SFTP Server Software For Secure File Transfers

Transferring files from one system to another is something that has to be done on a regular basis. On a local network, it is often accomplished using network shares but between networks, when the transfer is done through the Internet, we normally use some form of file transfer protocol. Many different protocols have seen the light with each successive one addressing one or many shortcomings of its ancestors.

Today, we’re having a look at SFTP server software. Why SFTP, you might ask? Well, mostly because of security concerns. SFTP encapsulates a file transfer within a secure SSH connection, making it ideal for use on public networks, such as the Internet.

Before we have a look at the actual SFTP servers themselves, we’ll start off by discussing the various file transfer protocols available today and how they differ. Next, we’ll introduce the best SFTP server software for Windows including a couple of portable options. Finally, we’ll have a look at what’s available on Linux. As you’ll see, almost every Linux system comes with an SFTP server built right into it.

About File Transfer Protocols

FTP (which stands for File Transfer Protocol—how original) is the granddaddy of all file transfer protocols. It was invented in the early 70s as one of the primary ways of transferring files between systems. It has become so commonplace that nowadays, most operating systems including Windows, Mac OS, and Linux have some form of FTP client. FTP is an unencrypted protocol, though. It didn’t originally matter much as public networks didn’t exist but it is less than ideal for use on the Internet, especially when you consider that not only the transferred files but also the login credential are sent over the network unencrypted. Anyone intercepting traffic would be able to capture usernames and password. This is why secure protocols such as SFTP and FTPS were invented.

Although, at first sight, it may look like SFTP and FTPS vary only by the placement of the “S” within the acronym, they are completely different in how they operate. They were both created to add security to FTP file transfers but the similarity ends there. Let’s see how they operate.

The FTPS–which stands for File Transfer Protocol Secure–is a secure version of the FTP protocol which adds an encryption layer using either the SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols. It’s really nothing more than the FTP protocol that’s been improved to allow data encryption negotiation and its operation is similar to that of HTTPS for web sites. The protocol was introduced in the mid-90s, shortly after Netscape released their Secure Sockets Layer extension and it is now widely used. It was later improved to allow TLS in addition to SSL encryption, providing even better security.

SFTP–which stands for Secure File Transfer Protocol (notice the subtle difference?)–is another secure way of transferring files in an encrypted fashion but it is not based on the FTP protocol. Instead, it relies on Secure SHell, or SSH. In fact, SFTP is an extension of the SSH protocol to include an FTP-like file transfer functionality and which supports FTP-like commands. As such, the level of security of an SFTP file transfer is the same as that of an SSH session.

It is important not to confuse the Secure File Transfer Protocol and the Simple File Transfer Protocol, both referred to as SFTP. The latter is a no-longer-in-use protocol that was developed to be a compromise between the elementary TFTP protocol and the full-featured FTP protocol.

Our description of SFTP might remind you of yet another similar protocol called SCP or Secure Copy. SCP is yet another file transfer protocol that operates within an SSH connection. This is where the similarity ends, though, as SCP only provides file transfer but has none of the advanced file management and browsing capabilities of the SFTP protocol.

The Top SFTP servers for Windows

As we’ve seen, SFTP is more similar to SSH that it is to FTP. For that reason, not many FTP servers include SFTP capability while many SSH servers do. We’ve rounded up some of the best SFTP servers we could find. Let’s have a look at their main features.

1. SolarWinds SFTP/SCP Server (FREE DOWNLOAD)

You might already know SolarWinds. The company makes some of the best network management and monitoring software. It is also famous for making several free software utilities. Those include our number one pick, the SolarWinds Free SFTP/SCP server.

As its name implies, the server will handle both SFTP and SCP, two SSH-based file transfer protocols. Running as a Windows service, operating the server should be an easy task for any system admin. And if you’re new to this, its easy user interface will make you feel comfortable very quickly.

SolarWinds Free SFTP-SCP server

The SolarWinds Free SFTP/SCP server does not use system accounts for user authentication. Instead, it uses virtual users that you create within the application for the purpose of transferring files. These virtual users offer heightened security. If, for instance, an account was compromised, it couldn’t be used to log into the system directly. Another feature that can improve the server’s security is that it can be configured to only allow incoming connections from specific IP addresses or ranges.

The SolarWinds Free SFTP/SCP server can be used to securely transfer files up to 4 GB in size. It can also handle concurrent transfers from multiple devices. It downloads as a zip file that extracts into a Windows MSI installer. Once installed, configuration as simple as can be. You just start its control panel application and specify a few options such as permitted protocols and transfer options.

2. FreeFTPd

A close cousin of FreeSSHd, FreeFTPd is a full-featured FTP server for Windows. It is one of the rare servers that will support FTP and also both SFTP and FTPS, thanks to its SSH ancestry. As its name implies, This is a free FTP server. It claims to run on any version of Windows from NT 4.0 and the tool supports the creation of local users–rather than using Windows domain accounts.

FreeFTPd Screenshot

FreeFTPd can be configured during installation to run as-needed as an application or to run as a system service. Running it as a service means that it will always be available to your SFTP users. Note that a vulnerability discovered in version 1.0.11 of the product. It was, however, quickly fixed in version 1.0.12. Make sure the version you install is at least 1.0.12. The latest one you can download from the developer’s website is 10.0.13.

3. Syncplify.me Server!

The Syncplify.me Server!, a full-featured SFTP and FTPS server from Syncplify.me, is really a server on steroids. It will do much more than just transfer files and it was created with security in mind. One of its main features, called Syncplify.me Protector™ uses artificial intelligence to automatically identify attacks. Even unknown ones.

Syncplify.me Server! Screenshot

The Syncplify.me Server! can be installed in a high-availability mode where two servers will act as one and provide automatic failover, eliminating downtime. It boasts several advanced configuration options and can be expanded using scripts in JavaScript, C++, Pascal or Basic (yes, Pascal or Basic, this is not a typo) to automate your document management and workflow.

This powerful file transfer server will run on Windows Server 2008 and up, in both 32- and 64-bit versions. Although this is a paid piece of software, there’s a free/evaluation edition which has all the features of the Ultimate edition. It will, however, only accept a single connection and it can’t be used in a production environment.

4. Bitvise SSH/SFTP Server

You may know Bitvise. The company specializes in secure remote access software for Windows. Some of its best-known products are the Bitvise SSH Server and SSH Client. Since SFTP is just an extension of SSH, their SSH server will also support SFTP. The Bitvise SSH Server is rumoured to be one of the fastest available. Files will transfer as quickly as the client and the network connection will allow. Furthermore, an unlimited number of simultaneous connections are supported. The only real limitation you’ll encounter when using it will be that of the hardware on which it runs.

Bitvise Server Screenshot

As for security, the Bitvise SSH Server leaves nothing to be desired as it uses Crypto++ 5.3, one of the best encryption libraries, to secure connections. The server also supports virtual accounts to ensure your system accounts are never exposed and compromised. The only drawback of this product is that it is not free. It is for personal and non-commercial use but any other use requires purchasing a license after a thirty-day evaluation period. However, at less than $100 dollars per server, the price is more than reasonable. The company also offers site licenses and worldwide limited licenses for larger organizations.

5. SYSAX Multi Server

To no surprise, the SYSAX Multi Server supports multiple protocols. It will allow connections using both SFTP and FTPS but it will also handle FTP and HTTPS-based file transfers. And to make it even better, it’s also a telnet and SSH server. The server supports the use of both Windows accounts and locally-created virtual accounts, giving you the best of both worlds. It is easy to manage and configure, thanks to its user-friendly web-based interface.

SYSAX Multi Server Screenshot

The server is available in several versions. The Personal edition is free but it is restricted to one connection at a time and it won’t do HTTPS file transfers. It is also restricted to personal and non-commercial use. There are also Standard, Professional, and Enterprise editions each supporting increasingly more features at prices ranging from $197 to $697.

6. XLight FTP server

The Xlight FTP server is a simple Windows FTP, SFTP, and FTPS server. It is a powerful software with low memory and CPU usage. Designed for high performance, it can easily handle thousands of simultaneous FTP connections. The server supports Active Directory users, LDAP users, or local users, making it a great fit in any kind of situation.

Xlight FTP Server Screenshot

The Xlight FTP Server has many useful features and including the availability of a free edition for personal use. It is limited to 5 concurrent connections whereas the Standard edition at $40 allows 50 and the Professional edition at $130 is unlimited. Note that an additional license is required for SSH and therefore SFTP. The software will run on Windows 2000, XP, Vista, 7, 10, 2003, 2008 and 2012.

Some Portable SFTP Servers

The next entries on our list are interesting mainly because they are portable solutions. That is solutions that require no installation on the computer where they run. They can come in very handy for ad-hoc situations when you quickly need am SFTP server. You can carry them with you on a USB flash drive and always have one ready to use by simply copying it to your computer.

1. Syncplify.me Micro SFTP Server

Syncplify.me, who brought us their full-featured SFTP and FTPS Server reviewed above, also offers the Micro SFTP Server for Windows. It is a self-contained and completely portable SFTP server which can be run from a USB stick without requiring any installation. And unlike its big brother, the Syncplify.me SFTP and FTPS Server, the Micro SFTP Server software is absolutely free and can be used in any situation including production or commercial uses.

Syncplify.me Micro Server Screenshot

Of course, the software has some limitations. For starters, it only supports one user profile, one root folder, and incoming connections from one client at a time. For that reason, it is more commonly used as a test platform for SFTP client software or to test in-software file transfer features than as a true SFTP server. However, despite its limitations, it might be all that you need. Another typical use of the software is as a personal secure file transfer server for a home network.

2. Core Mini SFTP Server

Like the previous selection, the Core Mini FTP Server is a free FTP and  SFTP server that doesn’t require any installation. Just go to the Core FTP Server’s web page to download it. Once you’ve downloaded the executable file which is available in 23- or 64-bit versions and is less than 2 Mb in size, you simply run it. You’ll need to specify the FTP username and password to be used as well as the port and root directory and you’re good to go. We could hardly think of a simpler tool.

Core Mini FTP Server Screenshot

It has some drawbacks, though. For instance, the server will run with your user account and will have access to all of your files. Make sure you specify a root directory where damage by users is of little or no consequence. Other than that, the Core Mini FTP Server is a great little server that’s easy to use albeit somewhat limited.

The Top SFTP servers for Linux

Linux is a popular operating system for servers so it doesn’t come as much of a surprise that users would want to run an SFTP server on that platform. Fortunately, there are plenty of options available. In fact, our third selection below is probably already present on most Linux installations.

1. ProFTPd

It is clear, when you look at its configuration file, that ProFTPd’s developers were big fans of the Apache webserver. The format of the configuration file is almost identical to Apache’s. And just like Apache, it uses modules to provide additional functionality. And there is, of course, a module that can be added to the basic FTP server to add SFTP capabilities.

proFTPd Screen Sample

To ease the pain of configuring the server, the ProFTPd website has several sample configuration files. That will help you get started quickly. In addition to a basic configuration file, there’s one for anonymous FTP, two for using virtual hosts, and one which makes use of MySQL user authentication. The software can be downloaded as a tarball from the developer’s website. Alternatively, many distributions include it as part of their optional packages. Search for it in your package manager. Chances are it is there.

2. PureFTPD

Another great open-source FTP and SFTP server, PureFTPD not only work on Linux but also on most Unix-like operating systems such as BSD or Solaris. The project’s goal is to provide a standards-compliant FTP server. All the messages have been translated into multiple languages, making this an ideal choice for multi-lingual environments.

PureFTPd User Manager Screenshot

PureFTPD is free and comes with absolutely no limitations. All of its features are available to any user. Talking about features, they include the server’s ability to limit connections bandwidth, to run sessions in a virtual file system, to set upload and or download limits, and several more great features. Pre-built packages are available for several Linux distributions including Mandriva, Debian, Ubuntu, and Slackware. It’s also available as source code that can be compiled with no modification and run on any other supported OS.

3. Another Option: OpenSSH

SFTP runs on top of SSH and since OpenSSH is built into most—if not all—Linux systems, SFTP is also there are ready to be used. On a typical Linux system, most users—as long as they have SSH access—should be able to use an SFTP client and connect to the server. That would allow them to transfer files to and from their home directory. Keep in mind that port 22—used by SFTP—could be blocked by default. You might need to dig a little to figure how to open it but, in essence, that’s all you need for a crude SFTP server. If your needs are anything more than an occasional transfer, though, we’d strongly suggest you go with a more potent SFTP server software.

In Conclusion

Although FTP is still a very popular way of transferring files, its lack of security gave birth to SFTP which addresses most security concerns. We have all reasons to think that this improved protocol will still be used for years to come. All the top software reviewed here will do an excellent job, yet we can’t help but prefer our number one pick: the SolarWinds SFTP/SCP server. Not only is it an excellent product but also comes from a company that has a solid reputation for providing some of the best network admin software including some amazing free tools.

Read Best SFTP Server Software For Secure File Transfers by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

Monitoring Bandwidth On Linux: Top 5 Tools in 2019

Don’t we all wish our networks had infinite bandwidth? The reality is, however, that it is often a severely limited resource. Add to that the fact that bandwidth over-utilization can have huge impacts on network performance and we have a recipe for disaster.

The solution: set up some bandwidth monitoring system. A lot of them are available. Most of them run on Windows, though, and if your OS of choice it Linux, your options are slightly more limited. You still have plenty of options, however, and we’re about to introduce the best tools for bandwidth monitoring on Linux.

We’ll begin by introducing bandwidth monitoring and explain what it is. Next, we’ll cover the ins and outs of the Simple Network Management Protocol, or SNMP, one of the most-used monitoring technology. Our next order of business will be to have a look a Linux as an operating system but, more specifically, as a platform for monitoring tools. And finally, we’ll briefly review some of the best tools for bandwidth monitoring on Linux and describe their best features.

About Bandwidth Monitoring

Network bandwidth monitoring is a very specific type of monitoring. What it does is measure the amount of traffic traversing one or many specific locations on a network. Typically, the measuring points are router or switch interfaces but it’s not at all uncommon to monitor bandwidth utilization of a server’s LAN interface. The important thing here is to realize that all we’re measuring is the amount of traffic. Bandwidth monitoring won’t give you any information about what that traffic is, only how much of it there is.

There are several reasons for wanting to monitor network bandwidth utilization. First and foremost, it can help you pinpoint areas of contention. As a network circuit’s utilization grows, its performance starts degrading. There’s, unfortunately, nothing we can do about that. The more you approach the maximum capacity, the more impact there is on performance. By allowing you to keep an eye on network utilization, bandwidth monitoring tools give you a chance to detect high utilization—and address it—before it becomes noticeable by users.

Capacity planning is another major benefit of network monitoring tools. Network circuits—especially long-distance WAN connections—are expensive and will often only have whatever bandwidth was originally required when they were first installed. While that amount of bandwidth might have been just right back then, it will eventually need to be increased. By monitoring the evolution of your network circuits’ bandwidth utilization, you’ll be able to see which ones need to be upgraded and when.

Bandwidth monitoring tools can also be useful for troubleshooting poor application performance. When a user complains that some remote application has slowed down, looking at the network bandwidth utilization can give you a pretty good idea whether or not the problem is caused by network congestion. If you see low network utilization, you can likely concentrate your troubleshooting efforts elsewhere.

Introducing The Simple Network Management Protocol (SNMP)

Many (if not all) network bandwidth monitoring tools rely on the Simple Network Management Protocol (SNMP) to do their magic. That’s because most networking equipment has built-in SNMP capability and can be polled by monitoring tools at regular intervals. However, despite its name which could lead you to think otherwise, SNMP is actually rather complex. But don’t worry, you don’t have to be an expert and know all about it to use it. It’s just like you don’t have to be an auto mechanic to drive a car. It is, however, preferable to have at least some idea of how it works so let’s have a look at that.

At its base, SNMP is a communication protocol that specifies how an SNMP management system can read and write operational parameters in remote devices. The parameters are referred to as Object Identifiers or OIDs. Some of the interesting OIDs, from a monitoring standpoint, are those that contain major device metrics such as CPU and memory load or disk usage, for example. But when monitoring networking bandwidth utilization, two OIDs are of particular interest. They are the bytes out and the bytes in counters associated with each interface. They are automatically incremented by the network devices as data is output or input.

Dating back to a time when IT security was not an issue, SNMP only has minimal security. An SNMP manager connecting to an SNMP-enabled device will transmit a “community string” with its request. If the string matches that configured in the equipment, the request will be carried out. Devices typically have two community strings configured, one for read-only OIDs and one for modifiable ones. The communication is not encrypted and anyone intercepting it would see the community strings in clear text. This is why SNMP is only used on private, secure networks.

How It Works In Real-Life

Here’s how most monitoring systems use SNMP to monitor bandwidth utilization. They periodically read the bytes in and out counters of a networking device’s interfaces at know intervals. Five minutes is a typical interval value but shorter times can be used for finer resolution. They then store the polled values in some sort of database or file.

The rest of the process is just mathematical calculations. The monitoring system subtracts the previous counter value from the current one to get the number of bytes transmitted or received during the polling interval. It can then multiply that number by eight to get the number of bits and divide it by the number of seconds in the interval to get the number of bits per second. This information is typically plotted on a graph showing its evolution in time and stored in a database.

It is important to note that what you get is a calculation of the average utilization over the polling interval, not the real bandwidth utilization. Let’s, for example, pretend that a circuit is used at maximum capacity during half of the polling interval and carries no traffic at all during the other half. It would show up as being used at 50% of its capacity despite being maxed out for an extended period. Shorter polling intervals will reduce this distortion but it is important to keep in mind that these systems only give you average values.

Using Linux As A Monitoring Platform

As an operating system, Linux is not, functionally speaking, any different from any others such as Windows or Mac OS. The main difference between Linux and other popular operating systems is the fact the Linux is an open-source endeavour and most distributions are available for free. Many people tend to confuse open-source and free. It is true that open source software is often free but it is not necessarily the case. For instance, the Red Hat Enterprise Linux operating system is not free. To add to the confusion, actors of the open-source movement often refer to open-source software as free software with free implying freedom rather than the absence of cost.

Over the years, Linux, which was once a marginal operating system installed by nerds and computer science students—I recall spending weeks downloading SLS Linux one diskette image at a time over a 1200 baud dialup connection; I most definitely was one of those nerds—has grown to be a popular option as a server operating system. Some recent distributions are also making much progress as a viable alternative to Windows as a personal computer operating system although this is a totally different debate.

While Linux is a popular operating system for servers of all kind, it is even more so when it comes to running specific tools. There are several free and open-source network bandwidth monitoring tool that will only run on Linux. And if your tool of choice can run on either Windows or Linux, wouldn’t it make more economic sense to run in on a free operating system rather than waste some money on a costly one?

While some people still don’t trust free and open-source operating systems and software for mission-critical applications and wouldn’t, for instance, put their precious corporate data on a MySQL server running on Linux, many of them don’t usually have as many objections to using the platform for running network administration tools. One major advantage of using Linux as the underlying platform for network monitoring tools is that it is easy to set up a Linux server with only the required packages. While this can be done with Windows, it is considerably more complicated.

The Top Tools For Monitoring Bandwidth On Linux

We’ve searched the web for some of the best bandwidth monitoring tools that can run on Linux. What we came up with are some commercial products and some free and open-source ones. Some products on our list can be installed on either Linux or Windows while some are Linux-only. They all offer SNMP bandwidth monitoring and they all have a centralized console where you can configure the tool and see the monitoring results. While there are a few command-line only tools, we’ve excluded them from our list.

1. ManageEngine OpManager

The ManageEngine OpManager is a powerful all-in-one network monitoring tool that offers comprehensive network monitoring capabilities. It can help you keep an eye on network bandwidth utilization, detect network faults in real-time, troubleshoot errors, and prevent downtime. The tool supports various environments from multiple vendors and can scale to fit your network, regardless of its size. It can run on either Linux or Windows and will let you monitor your devices and network and give you visibility over your entire network infrastructure. Installation and setup of this product are both quick and easy. You can get it running in under two minutes. It requires no complex installation procedures and comes bundled with built-in databases and web servers.

ManageEngine OpManager Dashboard

The ManageEngine OpManager constantly monitors network devices’ performance in real-time and displays it on its live dashboards and graphs. In addition to bandwidth, it examines several critical operational metrics such as packet loss, errors and discards, etc.

The tool can help you detect, identify, and troubleshoot network issues with its threshold-based alerts. You can easily set multiple thresholds for every performance metric and get notifications when they are exceeded. Reporting is another area where this tool shines. Intelligent reports will let you get detailed insights on network performance. There are more than 100 built-in reports and you can customize, schedule and export these out-of-the-box reports as needed.

2. Nagios

There are two versions of Nagios available. There’s the free and open-source Nagios Core and there’s the paid Nagios XI. Both share the same underlying core engine but the similarity stops there. Nagios Core is an open-source monitoring system that runs on Linux. The system is completely modular with the actual monitoring engine at its core, hence the name. The engine is complemented by dozens of available plugins which can be downloaded to add functionality to the system. Each plugin adds one or several features to the core.

Nagios XI Dashboard

Preserving the modular approach, the tool’s front-ends is also modular and several different community-developed options are also available for download. The Nagios Core, the plugins and the front end combine and make for a rather complete monitoring system. There is a drawback to this modularity, though, as setting up the product can turn out to be a challenging task.

Nagios XI is a commercial product based on the Nagios Core engine but it is a complete self-contained monitoring solution. The product targets a wide audience from small businesses to large corporations. It is much easier to install and configure than Nagios Core, thanks to its configuration wizard and auto-discovery engine. Of course, this ease of setup and configuration comes at a price. You can expect to pay around $2 000 for a 100-node license and about ten times as much for an unlimited one.

3. Zenoss Core

Although Zenoss Core may not be the most popular of all the monitoring tools on this list, it truly deserves to be here mainly because of its impressive feature set and very professional look. The tool can monitor many things such as bandwidth utilization and traffic flows or services like HTTP and FTP. It has a clean and simple user interface and its alerting system is excellent. One thing worth mentioning is its rather unique multiple alerting system. It allows a second person to be alerted if the first one does not respond within a predefined delay. This feature is common in standalone alerting tools but rather rare in monitoring platforms.

Zenoss Core Dashboard

On the downside, Zenoss Core is one of the most complicated monitoring systems to install and set up. Installation is entirely a command-line driven process. Considering that today’s network administrators are used to GUI installers, configuration wizards and auto-discovery engines, this could make the product’s installation seem a bit archaic. Then again, this is in line with the Linux philosophy. On the other hand, there is ample installation and configuration documentation available and the end result makes it worth your efforts.

4. Zabbix

Zabbix is another free and open-source product which can be used to monitor almost anything. The tools can run on several Linux distributions—even including Rapsbian, a Raspberry Pi specific Linux distribution—and it will monitor network bandwidth utilization, servers, applications and services, as well as cloud-based environments. It boasts a very professional look and feel. This product also has a broad feature set, unlimited scalability, distributed monitoring, strong security, and high availability. Despite being free this is a true enterprise-grade product.

Zabbix Dashboard

Zabbix uses a combination of monitoring technologies. It supports SNMP monitoring as well as the Intelligent Platform Monitoring Interface (IMPI). It can also do agent-based monitoring with agents available for most platforms. For easy setup, there’s auto-discovery as well as out-of-the-box templates for many devices. The tool’s web-based user interface has several advanced features such as widget-based dashboards, graphs, network maps, slideshows, and drill-down reports. Zabbix also features a highly customizable alerting system which will not only send out detailed notification messages but that can also be customized based on the recipient’s role. It can also escalate problems according to flexible user-defined service levels.

5. Cacti

We had to include Cacti on this list. After all, at almost 18 years of age, it is one of the oldest free and open-source monitoring platform. Furthermore, it is still quite popular to this day it is still actively developed with the latest version just released last June. Cacti might not be as feature-rich as some other products, yet it is still a very good tool. Its web-based user interface has somewhat of a retro feel but it is well laid out and easy to understand and use. Cacti consists of a fast poller, a set of advanced graphing templates, and multiple acquisition methods. Although the tool mainly uses SNMP for polling devices, custom scripts can be devised to fetch data from virtually any source.

Cacti Screenshot

This tool’s main strength is in polling devices to fetch their metrics—such as bandwidth utilization—and graphing the collected data on web pages. It does an excellent job of that but that’s pretty much all it will do. If you don’t need alerting, fancy reports or other extras, the product’s simplicity might be just what you need. And if you need more functionality, Cacti’s source code is available and it is entirely written in PHP, making it highly customizable and allowing anyone to add any missing features they need.

Cacti makes extensive use of templates which account for an easier configuration. There are device templates for many common types of devices as well as graph templates. There’s also a huge online community of users who write custom templates of all kinds and make them available to the community and many equipment manufacturers also offer downloadable Cacti templates.

Wrapping Up

Even if Linux is your platform of choice, we’ve seen how you still have plenty of choices when it comes to bandwidth monitoring tools. And given the Linux philosophy, many of them are free and open-source. In fact, using Linux could let you built a complete and very potent monitoring system with no other investment than the time you’ll spend setting it up.

Read Monitoring Bandwidth On Linux: Top 5 Tools in 2019 by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter

The 7 Best IP Address Manager Tools

IP Address management can be an overwhelming task. IP addresses are one of the primary building blocks of modern networks and, for them to operate correctly, there has to be some order to them.

Keeping IP addresses in order, ensuring there are no duplicates and that there is always a supply of IP addresses available for new devices to connect to the network is the object of IP address management. It may sound complicated—and, to a certain extent, it is—but, fortunately, some tools are available to assist. They are the subject of today’s post as we have a look at the best IP address manager tools.

Let’s start off by discussing—or rather, explaining—IP addresses. We’ll have a look at what they are and how they work. Although it can appear complicated, it’s actually not that much. Next, we’ll introduce DNS. We felt it was important as this technology makes using IP addresses much easier for us humans. Furthermore, IP addressing and DNS are so intimately related that most IP address manager tools actually handle both. Following that, we’ll review IP address management, what it is and what it entails. And since most IP address manager tools are about automating the management of IP addresses, this is what we’ll discuss next. And finally, before we review some of the best IP address manager tools, we’ll sidetrack briefly and introduce DHCP, another technology which is closely related to IP addressing and its management.

IP Addresses – The What And The How

IP addresses are used to uniquely identify each and every device connected to an IP network. This IP network could be your home WiFi network, the network at your place of work or the Internet. Although each of these may be interconnected, they are individual networks. An IP address is, in many ways, similar to a street address. Its primary purpose is to help in transporting data from an origin to a destination.

IP addresses are huge 32-bit long binary numbers. Obviously, it could be impractical and error-prone to write them in binary or even using their decimal equivalent. They are, therefore, split into four chunks of 8 bits each which we usually represent as a suite of 4 decimal numbers between 0 and 255 separated by dots. For instance, the IP address 11000000101010000000000000000001 becomes 192.168.0.1, a much easier to read format.

An IP address consists of two parts, the host and the network or, more precisely, the sub-network. This has to do with IP routing which is used when sending data to an IP address on a different network—typically in a different location. Which part of an IP address represents the host and which part represents the network is the most complicated aspect of IP addressing. It is complicated because it left to network designers and administrators to determine it. The boundary between the subnet, as it is often called, and the host can be at any bit within the address’ thirty-two.

Communicating what part is subnet and what part is host is another complicated matter. In the beginning of IP networking, we used what was called classful addressing where certain predefined address ranges had predefined boundaries. For instance, any address starting with 192.168 had 24 bits for the subnet and 8 bits for the host. That worked well but it was not flexible enough so classless addressing started to be used where the boundary can be anywhere.

In order to indicate what part of an IP address is the subnet and what part is the host, two different notation schemes have emerged. The first way is to specify a subnet mask along with the IP address. This is another dotted-decimal number in which each 1 indicates a subnet position and each zero indicate a host position. For example, the 255.255.255.0 subnet mask indicates 24 bits for the network and 8 for the host. Another notation which is often referred to as classless addressing requires adding a forward slash followed by the number of subnet bits to an IP address. For example, one would write 192.168.0.2 /24.

DNS To The Rescue

IP addresses are great for computers to use to locate each other and exchange data but they are not really user-friendly and they tend to be hard to remember. At the beginning of IP networking, each computer had a “hosts” file where the correspondence between IP addresses and hostnames were listed. That enabled a user who wanted to connect to a remote computer to use its hostname rather than its IP address, provided that there was a corresponding entry in his computer’s hosts file.

The Domain Name Service was later created to enable a distributed database of hostname to IP address correspondences. Instead of looking up an address in its local “hosts” file, a computer would query a DNS server which, through a rather simple yet elaborate process, would eventually—within a matter of a few tenths of a second—return the corresponding IP address. IP addresses and DNS work together at enabling computers and their users to easily locate remote systems.

About Managing IP Addresses

Managing IP addresses is among the most important tasks of network administrators. It mainly serves two purposes: making sure each device is assigned an IP address and making sure no IP addresses are duplicated within a network. Back when networks used to be small(er), manually managing IP addresses was the way to go. Administrators typically kept a text file or Excel spreadsheet where each assigned IP address was documented. As networks grew bigger, this method started to exhibit serious shortcomings. For starters, how can you assure that each and every change to the network will be reflected in the documentation? Also, how do you assure or verify that the IP addresses that are configured on devices are those that were assigned? And how do you make sure that any change in IP address assignment is reflected it the local DNS server?

Automating The Process

Automation is the key to avoid many of the issues we just mentioned. This is also why IP Address Management, or IPAM, tools were first created. These tools vary greatly in their functionality with the most basic simply being glorified versions of the text files or spreadsheets of the past while others are complete automated systems with active connections to other related systems—such as DNS and DHCP—to offer the most robust of solutions.

A Word About DHCP

The Dynamic Host Configuration Protocol, or DHCP, is also closely related to IP address management. As its name suggests, it is used to automatically configure hosts with the proper IP address and other network interface settings. Computers using the protocol will contact a DHCP server upon startup to get their IP address, subnet mask, default gateway, DNS server(s), and several more configuration parameters in a dynamic fashion. Many IP address management tools either include a DHCP server or can communicate with an existing DHCP server, ensuring that the information they contain is what is actually configured on the networked computers.

The Best IP Address Manager Tools

We’ve searched the Internet for the best IP address manager tools we could find. Some of the products we found include built-in DNS and DHCP functionality. And although others might not include DNS or DHCP functionalities, they will often integrate with many popular DNS and DCHP server such as those we typically find on Windows and Linux.

1. SolarWinds IP Address Manager (FREE TRIAL)

SolarWinds is one of the best-known names in network management. The company makes some of the best tools to assist administrators. Its flagship product, the Network Performance Monitor consistently scores among the top network monitoring tools. SolarWinds is also known for its free tools. The Kiwi Syslog server and the Advanced Subnet Calculator are two examples of these free tools.

To manage IP addresses, SolarWinds offers the IP Address Manager. This tool features built-in DHCP and DNS servers but it can also interact with DHCP and DNS server from Microsoft and Cisco so you won’t have to replace your existing infrastructure.

The SolarWinds IP Address Manager lets you allocate IP addresses in different ways. You can, for instance, use reservations for servers and other equipment and use dynamically allocated addresses for workstations. Everything gets seamlessly integrated into the DNS. Furthermore, a setup wizard is included to assist in configuring DHCP scopes.

SolarWinds IP Address Manager Screenshot

The SolarWinds IP Address Manager lets you set up user accounts with different access levels. You could, for instance, give only partial access to some junior admins or let managers view the reports but not change anything. The tool’s logging system which records every change with a timestamp and the username of the operator making the change is more than just a nice-to-have, it can help with compliance issues.

Unsurprisingly, prices for the SolarWinds IP Address Manager are based on the number of managed IP addresses and start at $1 995 for up to 1024 addresses. If you’d rather try the software before purchasing it, a free fully functional 30-day trial version is available.

2. ManageEngine OpUtils IP Address Manager

Next, we have a tool from ManageEngine, another company that is famous for its network management tools. The OpUtils IP Address Manager provides centralized management of the IP address space and it can handle both IPv4 and IPv6 addresses. Its built-in IP manager software assists network administrators in identifying whether an IP address is available or not. The tool performs periodical scans of subnets and keeps the availability status of IP addresses in each subnet up to date.

ManageEngine IP Address Manager

The IP Address Manager’s tool can be used to quickly and easily verify whether a particular IP is reserved or available. The tool accepts multiple subnet inputs, which helps in scanning the entire network to get the status of all IP addresses.

Although a free version of the ManageEngine OpManager IP Address Manager is available, it is limited to managing a single subnet. While this is enough to give the product a test run, you’ll want to acquire a license to use it. Pricing can be obtained by contacting ManageEngine.

3. Infoblox IPAM & DHCP

The Infoblox IPAM & DHCP system is probably better suited for larger networks. Like other similar-sized systems, it has templates to automate routine tasks. It also comes with some excellent standard reports. And if the existing templates or reports don’t seem to offer what you’re looking for, you are free to customize them at will.

IPAM Screenshot

The Infoblox IPAM & DHCP lets managers track the usage of key resources. It also features tracking functions which can help manage DHCP usage more effectively. From a security standpoint, this is a great feature as it also includes the ability to identify out-of-scope addresses and isolate rogue devices. You won’t find that on other systems. It goes to show how Infoblox is as concerned with security as it is with IPAM and has built major safeguards right into its system.

Pricing information for the Infoblox IPAM & DHCP software can be obtained by contacting Infoblox. And if you want to try the product and see all it an do, a free evaluation version of the product is available from Infoblox.

4. Blue Cat Address Manager

Although BlueCat might not be as famous as SolarWinds, it is still one of the industry leaders in its field. The Blue Cat Address Manager is another software that’s better suited for larger organizations with a network management team. The company’s IPAM system also includes DHCP and DNS functionality but it can also interoperate with DHCP and DNS servers from Microsoft.

The BlueCat Address Manager can work with both IPv4 and IPv6 addresses at the same time. It’s a great tool to use when migrating from one version to the other. The system has workflows and approval chains as well as user accounts with hierarchical rights for the best possible security.

Blue Cat Address Manager Screenshot

This tool uses a concept called network templates. They enable the administrator to use information layouts that ensure essential tasks cannot be overlooked and that every important data is present. In summary, the BlueCat address manager automates as many network administration tasks as possible. As a result, the risk of a problem caused by human error is reduced.

The BlueCat Address Manager is a premium package so you can expect to pay premium prices but if you’re managing a large network, it is well worth the investment. Detailed pricing information can be obtained by contacting BlueCat.

5. GestióIP

Our next tool might be from a company that is not as famous as some other on our list but don’t let that fool you. GestióIP is an excellent piece of software. And it is free and open-source. The website states that “GestióIP is an automated, web-based IPv4/IPv6 address management (IPAM) software. It features powerful network discovery functions and offers search and filter functions for both networks and host, permitting Internet Search Engine equivalent expressions. This lets you find the information that administrators frequently need easily and quickly.”

GestioIP Address Management Screenshot

What can be added to such an eloquent description? Concretely, this is an excellent system, especially for smaller businesses that might not be able to afford the larger systems such as those from Infoblox or BlueCat. Despite being free, this is a feature-rich tool which has all the functionalities a network administrator might need without the high price tag. And it does come with a few unique features such as a built-in IP subnet calculator and an IP address plan builder. This is certainly a package worth looking into.

6. Diamond IP

BT (AKA British Telecom) probably needs no introduction. But what not everyone knows is that the company makes network administration tools. One of them is the Diamond IP, an IP address management tool. It can facilitate multi-cloud IPAM with virtual appliances for AWS, Azure, Oracle VM, VMware, Hyper-V and others. The tool’s cloud automation feature dynamically automates the assignment and tracking of private and public cloud instance IP addresses and DNS names.

This is a unique tool in that it is available as an appliance, as a software to install on your own hardware or as a cloud-based, fully-staffed managed solution making it ideal for companies with a small IT department or those who don’t have a centralized IT staff. Whichever version you choose, the tool integrates with existing DNS and DHCP services on your network. Pricing for the BT Diamond IP software can be obtained by contacting the vendor.

7. LightMesh IPAM

Last on our list is this lesser-known product called LightMesh IPAM. This product offers the same basic functionality as many other IP address management tools. However, its user-friendly and sophisticated GUI makes the tool stand out among the crowd. This tool not only does a very good job at presenting the data and information in a way that is intuitive and efficient but its functionality is also excellent.

Lightmesh IPAM - Screenshot

The tool includes IP planning and visualization features, Network discovery, audit history, permissions management with multi-group security permissions. LightMesh IPAM can easily integrate with your existing DNS and DHCP servers to provide you with an integrated IP address management solution with a view of all your IP, DNS, and DHCP information, no matter where it resides.

LightMesh IPAM is subscription-based and prices start at just $200 per month for up to fifty subnets and ten thousand IP addresses and $500 per month for five hundred subnets and a million IP addresses. Furthermore, a free 30-day trial version is available.

In Conclusion

With the help of any of the tools we just reviewed, managing IP addresses suddenly becomes a much easier task. But not only that, using an automated IP address manager tool can also reduce the risk of human errors. The only challenge you face is picking the right tool for your needs. We strongly suggest you look at the detailed specifications of a few of the packages and, once you’ve identified those that seem to fit your need, perhaps you could try one or two. Most vendors offer a free trial.

Read The 7 Best IP Address Manager Tools by Renaud Larue-Langlois on AddictiveTips – Tech tips to make you smarter