Tracking Bandwidth and Security Attacks
Network administrators are forever unraveling mysteries on bandwidth hogs. Tools like the NetFlow Plug-in over OpManager and NetFlow Analyzer can help identify which user or application or protocol is occupying the bandwidth, provided your network devices support flow export.
What if your network devices do not export network flows, or what if you have an analyzer tool that does not support the available network flows? Some datacenters do not even have routers but instead have a Firewall as a gateway. Here in this post, we see how to leverage monitoring of the Firewall to give as much information on bandwidth and more.
OpManager monitors the availability, health and traffic (incoming and outgoing) of firewalls using SNMP. But this alone would not help one to solve the perennial "what-caused-the-bandwidth-spike" problem. OpManager integrates with another product - ManageEngine Firewall Analyzer to solve this. Firewall Analyzer collects, archives and analyzes firewall logs to get granular details about traffic across each firewall. With the OpManager-Firewall Analyzer integration, network administrators have over a single console details on internet traffic, intranet traffic, top hosts, security events etc. alongside firewall availability and performance stats.OpManager Firewall Report
Above: From OpManager's Firewall snapshot page, you can choose immediately access the 'Reports' section for details on Traffic, Security & even create your own custom reports.
All reports contain details on Security, Traffic, VPN, web usage etc
What if your network devices do not export network flows, or what if you have an analyzer tool that does not support the available network flows? Some datacenters do not even have routers but instead have a Firewall as a gateway. Here in this post, we see how to leverage monitoring of the Firewall to give as much information on bandwidth and more.
OpManager monitors the availability, health and traffic (incoming and outgoing) of firewalls using SNMP. But this alone would not help one to solve the perennial "what-caused-the-bandwidth-spike" problem. OpManager integrates with another product - ManageEngine Firewall Analyzer to solve this. Firewall Analyzer collects, archives and analyzes firewall logs to get granular details about traffic across each firewall. With the OpManager-Firewall Analyzer integration, network administrators have over a single console details on internet traffic, intranet traffic, top hosts, security events etc. alongside firewall availability and performance stats.
OpManager Firewall Snapshot Page
Above: OpManager monitoring firewall health e.g. Utilization of CPU & Memory, Active Connection Count, along with “Inside”(intranet) and “Outside”(internet) interface traffic.
Here is a set of sample reports
Traffic Report
Security Report
Protocols Report
Reports on Top Streaming and Chat Sites
Wasn't that easy - monitoring bandwidth usage using Firewall logs? Network Security Analysts should also give this a try with all the details provided on viruses, hosts infected, top attackers, top denied hosts etc.
Try it out: www.opmanager.com| www.fwanalyzer.com
Great article. It's good to know the what's available in terms of network management tools.