Download Expanded Notes: Analyzing Monitoring Reports

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
Document related concepts

Network science wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Analyzing Monitoring Reports
Lesson overview.
●
●
Baselines.
Reports.
Baselines.
How do you know what constitutes good network performance and what indicates an issue?
This is where baseline documentation comes into play. Baseline documentation provides a
snapshot of the network when it is running efficiently and it can also help in identifying when a
security breach has occurred. Baselines are usually kept as log files, although they may also be
graphical in nature.
Baselines should be established on CPU utilization and network utilization (and any other
function you deem relevant). In order for network administrators to know what constitutes good
performance on their networks, their baselines need to be current. Periodic tests should be
conducted to determine if the baseline has changed. Windows Performance Monitor statistics
can be used in establishing the baselines.
Highlights:
●
●
●
●
Baseline documentation provides a snapshot of the network when it is running efficiently
and can help in identifying when a security breach has occurred.
At the minimum, baselines should be established on CPU utilization and network
bandwidth utilization.
Periodic tests against baselines should be performed to see if they have changed.
Statistics taken from Windows Performance Monitor can be used to help establish the
baselines.
Items to consider for baselines.
There are a number of items that should be considered for baseline reports. The first is network
device CPU utilization. Knowing the CPU utilization on a piece of equipment can help to
determine when a network device is going to fail. If the CPU utilization is constantly at 100
percent, it indicates that there is a problem. That problem may be that it's going to fail, or it may
be that you need to install more network devices to take care of a growing network. An
administrator won't know that if baselining the CPU utilization is not occurring.
Network device memory utilization should also be baselined. It can help to determine when it is
time to expand the memory of a network device. Another important item for baselining is
bandwidth utilization. This can help to determine the overall health of a network. It can help to
determine when network segmentation should occur. It can also help to determine if a network
device is about to fail, particularly if it is creating a storm of data.
Baselining storage device utilization is also worth consideration. This can help to determine
when storage utilization has become a bottleneck on a network—where the storage device is
actually causing the network to slow down because there's too much data being pushed into it.
In this case, baselining storage device utilization can help determine when the storage capacity
of a network needs to increase.
Wireless channel utilization is another item that may deserve baselining. This can help to
determine how saturated the wireless channels have become. Once it has been determined that
the wireless channels are saturated, a new wireless access point can be installed to alleviate
the pressure. Keep in mind that, if a new access point is added, it will be necessary to create a
new baseline for wireless channel utilization. This baseline can also help to determine if there is
unauthorized wireless access occurring on a wireless network, especially if there is utilization on
a channel that is not supposed to have any utilization.
Network device CPU utilization:
●
●
Can help to determine when a network device is going to fail.
Can help to determine when more network devices should be installed in a growing
network.
Network device memory utilization:
●
Can help to determine when it is time to expand the memory of network devices.
Bandwidth utilization:
●
●
●
Can help to determine the overall health of a network.
Can help to determine when network segmentation should occur.
Can help to determine if a network device is failing (creating a storm of data).
Storage device utilization:
●
●
Can help to determine when storage utilization has become a bottleneck on the network.
Can help determine when to increase the storage capacity of the network.
Wireless channel utilization:
●
●
Can help to determine how saturated the wireless channels have become; if saturated, a
WAP can be installed to alleviate the pressure.
Can help to determine if unauthorized wireless access is occurring.
Reports.
There are several different types of reports that, when combined with baseline documentation,
can provide a wealth of information to network administrators. This technique can be used to
determine when there are problems present and can provide clues as to what might be causing
the issue. The information can also be used to fine tune the operation of the network. Many of
the important types of reports are outlined below.
Log files.
Log files can accumulate data quickly and, unfortunately, some administrators only review log
files after a major problem has occurred. In most situations, this is a case of too much
information at the wrong time. Most logging applications allow administrators to establish what
types of events will be logged and reported on. The events are usually categorized based on
their perceived severity (e.g., critical security event or application debugging event). Efficient
administrators will set the proper reporting levels in the logging software to eliminate logging all
that debug information (unless, of course, a system or application is actively being debugged).
Good administrators will review log files and compare them against their baseline
documentation. They do this to find issues while those issues are still minor and before they
become major. Log files should also be kept and archived in case there is a need for historical
data. When archiving log files, the organization's data storage policy should be followed.
Creating running graphs of important metrics that are captured by log files is a good idea.
Graphing the data provides a quick visual reference, making it easier to spot issues and trends.
Many logging applications give administrators the option of creating these graphs easily and
quickly. However, these graphs will be of much use if they are not reviewed on a regular basis.
Highlights:
●
●
●
Efficient administrators review logs and compare them against baseline documentation
to find issues while they are still minor.
Logs should be kept and archived in case there is a need for historical data.
Graphing log data provides a quick visual reference, making it easier to spot issues.
Interface link status.
If there are issues with a router or link, running an interface report may prove useful. When
reviewing the output from an interface report, the first line is usually a report on the status of the
link for that interface. If it says something like, “fast Ethernet is up, line protocol is up,” that's all
good. That means that interface is up and active, and a link has been established.
If the status line says, “fast Ethernet 0/0 is up, line protocol is down,” all is not good. This means
that the interface is administratively set up, but it is not able to communicate with the other end
of the link. There are several different issues that cause this.
If the status line says, “fast Ethernet 0/0 is down, line protocol is up,” all is not good. This down,
up status indicates that there is an issue on that end of the connection. In most cases, this is a
cable issue or an issue with the physical port itself.
The final status option is, “fast Ethernet is down, line protocol is down.” If this appears, all is not
good but all is not bad—at least, not yet. The issue indicates that the interface has been
administratively shut down. If the interface should be up, the command to bring that interface up
should be issued, and then the status report should be checked again.
Highlights:
●
●
When reviewing the output from an interface report, the first line is usually a report on
the status of the link.
A status of fastethernet0/0 is up, line protocol is up indicates that all is good. Any other
status indicates an issue and requires investigation.
Problems on an interface.
If the link status of the interface indicates that there are no problems (the up and up state), but
something is not operating correctly, then it is time to dig a little deeper into the interface
monitoring reports.
There are a lot of things that can happen on a network device's interface to cause issues. In
most cases, you will be required to log into the device and run the device's report to determine
the cause of any problems on that interface. Two of the main culprits for issues on an interface
are speed and duplex settings. If there is a speed mismatch, the devices will not connect. It's
highly likely that the status will be in an up line protocol, down state. If a duplex mismatch has
occurred, this will cause intermittent issues. Looking at the errors counter in the output or input
reports will be helpful, as will looking at the counter for dropped packets.
If the device is discarding incoming packets, then—more than likely—the device's CPU is being
overutilized. In this case, adding another device may be required or that device is about to fail. If
the device is dropping outgoing packets, then there is a bandwidth congestion issue on that
interface. If the interface resets counter keeps going up, that indicates that the interface keeps
resetting itself. The most likely cause is that a communications issue between the two endpoints
is forcing the interface to reset.
Speed and duplex settings (the most common problem):
●
●
If there is a speed mismatch, the devices will not connect.
A duplex mismatch will cause intermittent issues (e.g., errors in output or input reports or
dropped packets).
Discards and packet drops:
●
●
If the device is discarding incoming packets, then, more than likely, the device’s CPU is
being overutilized.
If the device is dropping outgoing packets, there is a bandwidth congestion issue.
Interface resets:
●
If the interface keeps resetting, the most likely cause is a communications issue between
the two endpoints.
What was covered.
Baselines.
Baselines are used to establish what network performance should be. Periodic tests should be
conducted against the baselines to determine if they have changed. Functions that might benefit
from having a baseline include: network device CPU utilization, network device memory
utilization, bandwidth utilization, storage utilization, and wireless channel utilization.
Reports.
Log files can accumulate data rather quickly. Administrators can help manage the growth
through setting the proper reporting levels. Log reports do need to be reviewed and should be
archived. Graphing log data can give a visual reference that makes it easier to spot problems.
Any interface link status other than up and up indicates that there may be an issue. Problems
can still occur on a network interface, even when link status is up and up. Issues that can occur
include: speed and duplex mismatch, discarded and dropped packets, and interface resets.
Related documents
User view
User view
Industrial Production
Industrial Production
Analysis of Costs for a Chronic Disease with Acute High Cost
Analysis of Costs for a Chronic Disease with Acute High Cost
Energy Utilisation and Management in Transportation
Energy Utilisation and Management in Transportation
Unix Systems Performance Tuning
Unix Systems Performance Tuning
1.operating systems overview
1.operating systems overview
Building an eGovernment Knowledge Platform
Building an eGovernment Knowledge Platform
Chapter 1: Operating System Concepts
Chapter 1: Operating System Concepts
Analyzing Technical Goals and Constraints
Analyzing Technical Goals and Constraints
Formulation and Design of a CO
Formulation and Design of a CO
SPRA972 - Texas Instruments
SPRA972 - Texas Instruments
Determining Resource and Storage Utilization in a
Determining Resource and Storage Utilization in a