Unit One: Implementing Network Monitoring

This learning guide is developed to provide you the necessary

information regarding the following content coverage and topics:

❖ Setting up log for Network Activities

❖ Using network tools

❖ Reviewing documents and logs

❖ Making recommendations for improving network performance

Compiled by: Girma.N (MSc in CSE)

1
 1.1. Setting up log to monitor network activity

➢ Network monitoring refers to the practice of overseeing the

operation of a computer network using specialized management
software tools.

➢ Network monitoring systems are used to ensure availability and

overall performance of computers (hosts) and network services.

➢ A network monitoring system is capable of detecting and reporting

failures of devices or connections.

➢ It normally measures the processor (CPU) utilization of hosts.

2
 cont..
✓ "Setting up log to monitor network activity" refers to the
process of configuring systems and network devices to collect,
store, and analyze log data related to the behavior and
performance of a network.

✓ This allows network administrators to observe, troubleshoot, and

secure the network by understanding what is happening at any
given time.

3
 Cont…
Key Concepts Involved
A log is a time-stamped record of events or messages generated by network
devices (e.g., routers, switches, firewalls) or systems (e.g., servers,
applications). Logs can include:
✓ User activity
✓ Traffic flow
✓ Security alerts
✓ Device configuration changes
✓ Errors and warnings
Network Activity
This includes any action that takes place across the network, such as:
✓ Data transmissions
✓ User logins
✓ Unauthorized access attempts
✓ Bandwidth usage
✓ Device communication 4
 Cont..

Monitoring
Monitoring means continuously observing logs for patterns, anomalies,
and events that may indicate:
✓ Security threats (e.g., brute-force attacks, malware)
✓ Performance issues (e.g., bandwidth spikes)
✓ Device failures or misconfigurations
Why It’s Important?
✓ Security: Detect unauthorized access or suspicious behavior.
✓ Troubleshooting: Find the cause of network issues quickly.
✓ Compliance: Meet requirements for audits or data protection laws.
✓ Performance: Understand traffic loads and device health.

5
 1.1.1. Monitoring network activities
• Monitoring network activity is a vital task for any IT professional who
wants to ensure the performance, security, and reliability of their
network.

• Network activity refers to the traffic, events, and status of the devices
and connections that make up a network.

• By monitoring network activity, you can identify and troubleshoot

issues, optimize resources, detect anomalies, and prevent threats.

6
1.1.2 Producing a management information base (MIB)
➢ Is a structured collection of information that describes the properties
of a managed network device (like routers, switches, firewalls) for
use with SNMP (Simple Network Management Protocol).
➢ Producing a MIB means creating a custom file—>written in a
specific format—>that defines the data objects (OIDs) used to
monitor or manage a device or system.
Key Concepts
1.1.3 MIB (Management Information Base)
➢ It's like a dictionary or schema of all the manageable features on a
device.
➢ Each object in a MIB has:
✓ A unique Object Identifier (OID)
✓ A name
✓ A data type
✓ A description
7
 1.2. Using network tools
1.2.1 Network Monitoring Tools
What Are Network Monitoring Tools?
➢ Network Monitoring Tools are software or hardware solutions used to
track, analyze, and manage the performance, availability, and
security of a computer network.
➢ They help network administrators detect problems, optimize
performance, and ensure everything is working as expected.
What Do They Monitor?
Network monitoring tools collect data about:
• Bandwidth usage
• Device availability (up/down status)
• Latency and packet loss
• CPU and memory usage on devices
• Security events and anomalies
• SNMP data and logs
8
 Cont…

Feature Purpose

Real-time monitoring Live view of network health and activity

Sends warnings via email, SMS, or dashboard
Alerts & Notifications
when issues arise
Visualizes bandwidth and identifies top
Traffic analysis
talkers/usage

Communicates with devices using Management

SNMP support
Information Bases (MIBs)

Log management Collects and analyzes logs from devices

Historical trends, uptime reports, and
Reporting & graphs
performance graph
9
 Cont…
Network Monitoring Tools

➢ The first step to monitor network activity is to select the right tools for your needs
and goals.

➢ Some network monitors tools are including:

• Network analyzers or sniffers allow you to capture and decode packets that
travel across the network. This enables you to inspect data and protocols in
detail, diagnose problems, analyze performance, and audit security.

• Network mappers or scanners can be used to create a visual representation

of your network topology, inventory your assets, and detect unauthorized or
vulnerable devices.

• Network performance monitors or testers measure and report speed,

latency, bandwidth, and availability of the network and its components.
10
 cont..
Why Are They Important?
Prevent downtime by detecting issues early
Improve performance by identifying bottlenecks
Enhance security by spotting unusual behavior
Ensure compliance with uptime and audit requirement
1.2.2. Benchmarking and Establishing reference point for network
performance
▪ Benchmarking network performance means measuring and
documenting the current performance metrics of a network
under normal conditions.
▪ This serves as a baseline or reference point, helping you detect
future issues, compare improvements, or verify service levels.

11
 how do you find your benchmark?
➢ A benchmark should indicate the norm, so benchmark testing should be
done under normal conditions.

➢ This is most likely when employees are working and using the network
as part of their day-to-day activities.

➢ You may also want to consider running benchmark testing during peak
hours and during off-peak hours to see the impact of high usage on the
network. or, do the testing at the same time throughout the week to get a
true average.

12
 Notice:-
➢ Once you’ve completed your network testing and have identified
your network benchmark, make sure it’s documented and easy to
find.

➢ Your network benchmark should be used as a guide to help identify

network slowdowns or troubleshoot network issues, but if it’s not
documented somewhere, it won’t be beneficial.

There are several ways to measure network performance; they include:

• Network Availability Testing

• Network Speed Testing

• Bandwidth Usage Testing

13
 Popular Network Monitoring Tools
Tool Description

Open-source tool for monitoring systems,

Nagios
networks, and infrastructure

Enterprise-grade, open-source tool with

Zabbix
graphing and alerting
Commercial tool with advanced analytics
SolarWinds NPM
and visualization
All-in-one monitoring tool with
PRTG
customizable sensors
Packet analyzer used for detailed network
Wireshark
traffic inspection
Network and server monitoring with
ManageEngine OpManager
automation features
Real-time network traffic monitoring and
ntopng
analysis 14
 1.3. Reviewing documents and logs
➢ refers to the process of examining written records and system-

generated files to verify accuracy, ensure compliance, detect issues,

and analyze activity within an organization or network.

Documents
These are manually created or structured records that include:
✓ Network diagrams
✓ Configuration files
✓ Security policies
✓ Change logs
✓ Standard Operating Procedures (SOPs)

15
 System Requirements for Software Installation
Purpose of reviewing documents:
• Ensure configurations and policies are followed
• Detect unauthorized changes
• Verify proper documentation of procedures
Logs
These are automated, time-stamped records generated by systems,
applications, or devices. Examples:
• System logs (syslog)
• Access logs
• Event logs
• Firewall logs
• Server and application logs

16
 Cont…
Purpose of reviewing logs:
• Detect suspicious activity or intrusions
• Troubleshoot network and system issues
• Monitor system performance and uptime
• Track user activity and errors
When to Review
• After network changes or incidents
• During scheduled audits
• When troubleshooting issues
• Regularly (daily/weekly/monthly, depending on criticality)

17
1.4. Making recommendations for improving network performance

➢ Involves analyzing current network conditions, identifying

bottlenecks or inefficiencies, and proposing actionable solutions
that enhance speed, reliability, scalability, and security.
Common Recommendations to Improve Network Performance
✓ Making recommendations for improving network performance
✓ Eliminate performance bottlenecks
✓ Reconfigure your network hardware
✓ Communicate with your users on proper network usage
✓ Focus on problematic metrics
✓ Provide a separate guest network
✓ Compress data and network traffic
✓ Ensure quality of service (QoS) is working
18
 Summary
➢ Network Monitoring: Involves overseeing network operations using
specialized tools to ensure availability, performance, and security.
➢ Logs: Time-stamped records of events (e.g., user activity, traffic flow,
security alerts) generated by devices or systems.
➢ Purpose: Detect security threats, troubleshoot issues, ensure
compliance, and optimize performance.
➢ Tracks traffic, device status, and events to identify anomalies,
troubleshoot issues, and prevent threats.
➢ MIB is a structured collection of data defining manageable features of
network devices (e.g., routers, switches) for use with SNMP.
➢ Includes unique Object Identifiers (OIDs), names, data types, and
descriptions.

19
 Cont…
➢ Network Monitoring Tools: Software/hardware solutions to track
performance, availability, and security.
Types:
• Analyzers/Sniffers: Capture and decode packets for detailed
inspection.
• Mappers/Scanners: Visualize network topology and detect
unauthorized devices.
• Performance Monitors: Measure speed, latency, bandwidth,
and availability.
➢ Importance: Prevent downtime, improve performance, enhance
security, and ensure compliance.

20
 Cont..
Benchmarking Network Performance
✓ Establish a baseline under normal conditions to detect future issues.
✓ Metrics: Network availability, speed, and bandwidth usage.
✓ Documentation: Critical for troubleshooting and comparisons.
Reviewing Documents and Logs
✓ Documents: Manually created records (e.g., network diagrams,
policies, SOPs).
✓ Logs: Automated records (e.g., system logs, firewall logs).
✓ Purpose: Verify compliance, detect unauthorized changes,
troubleshoot issues, and monitor performance.
Improving Network Performance
• Recommendations:
• Eliminate bottlenecks.
• Reconfigure hardware.
• Educate users on proper usage.
• Implement QoS, data compression, and guest networks.
21
In generally,
➢ Network monitoring ensures security, performance, and compliance.
➢ Tools like analyzers, mappers, and performance monitors are
essential.
➢ Benchmarking and regular log/document reviews are critical for
maintenance.
➢ Recommendations focus on optimizing hardware, traffic, and user
practices.

22
 Comprehensive Questions on LO1: Implementing Network Monitoring
1. What is network monitoring, and why is it important for IT professionals?
2. Define a log in the context of network monitoring. What types of data can logs
include?
3. What is the purpose of monitoring network activity? List three benefits.
4. Define MIB (Management Information Base) and explain its role in SNMP.
5. What are Object Identifiers (OIDs), and how are they used in MIBs?
9. Name three types of network monitoring tools and describe what each one
does.
10.What is benchmarking in network performance, and why is it necessary?
11.When is the best time to conduct benchmark testing, and why?
12.List three methods for measuring network performance during benchmarking.
13.Why is documenting network benchmarks crucial for troubleshooting?
14.What are some common network bottlenecks, and how can they be eliminated?
15.How does Quality of Service (QoS) improve network performance?
16. Why is user education important for optimizing network usage?
17. What steps would you take if a security breach is detected through log analysis?
18. Compare SNMP-based monitoring vs. packet-sniffing tool when would each
be more useful?
19. How can a company ensure compliance with data protection laws using network
monitoring?
23
 Thank you, If
End
End

there is any
doughty
welcome!!!!
24