1. Home
  2. Network Admin

6 Best Linux Network Monitoring Tools

Knowing what is happening on the network they manage is essential to most network administrators. This is why network monitoring tools were created. They let managers keep a watchful eye on the network while also providing much-needed assistance when troubleshooting issues. And with the ever-growing popularity of Linux in the data center, we thought we’d have a look a some of the very best Linux network monitoring tools.

As we often do, we’ll begin by defining network monitoring. We’ll explain what it is and what benefits it can bring. We’ll follow-up by introducing the Simple Network Management Protocol. After all, it is the underlying technology used by most network monitoring tools. We’ll also explain in some detail how SNMP is used to calculate network bandwidth usage while keeping our explanation as non-technical as possible. Next, we’ll briefly talk about Linux and talk about the advantages of using it as a network monitoring platform. This will bring us to the core of our discussion the actual Linux network monitoring tools. We’ll review a handful of the best tools we could find that will run on Linux.

About Network Monitoring

Network monitoring or, as it is often called bandwidth monitoring measures the amount of traffic passing a given point on a network. The measuring point is often a router or switch interface but it’s not uncommon to monitor network bandwidth utilization of a server’s LAN interface. The important thing here is to realize that all we’re measuring is the amount of traffic. Standard, basic network monitoring won’t give you any information about what that traffic is, only how much of it there is.

There are several reasons for wanting to monitor network bandwidth utilization. First and foremost, it can help you pinpoint any area of contention. As a network circuit’s utilization grows, its performance starts degrading. And the more you approach the network’s maximum capacity, the more impact there is on performance. By letting you keep an eye on network utilization, monitoring tools give you a chance to detect high utilization—and address it—before it becomes noticeable by users.

Capacity planning is another major benefit of network monitoring tools. Network circuits—especially long-distance WAN connections—are expensive and will often have only the bandwidth that was required when they were initially installed. While that amount of bandwidth might have been OK back then, it will eventually need to be increased. By monitoring the evolution of your network circuits’ bandwidth utilization, you’ll be able to see which ones need to be upgraded and when.

Network monitoring tools can also be useful for troubleshooting poor application performance. When a user complains that some remote application has slowed down, looking at the network’s bandwidth utilization can quickly help you determine whether or not the problem is caused by network congestion. If you see low network utilization, you can safely concentrate your troubleshooting efforts elsewhere.

INTERESTING: Best IP Scanners for Linux

SNMP In A Nutshell

Most network monitoring tools rely on the Simple Network Management Protocol (SNMP) to do their magic. But despite a rather misleading name, SNMP is actually somewhat complex. However, you don’t have to be an expert and know all about it to use it. It’s just like you don’t have to be an auto mechanic to drive a car. It is, however, preferable to have at least some idea of how it works so let’s have a look at it.

At its base, SNMP is a communication protocol that specifies how an SNMP management system can read and write operational parameters in remote devices. The parameters are referred to as Object Identifiers or OIDs. Some interesting OIDs, from a network monitoring standpoint, are those that correspond to important device metrics such as CPU and memory load or disk usage, for example.

When monitoring networking bandwidth utilization, two OIDs are of particular interest. They are the bytes out and the bytes in counters associated with each interface. They are automatically incremented by the network devices as data is output or input. More about those in a moment.

Dating back to a time when IT security was not much of an issue, SNMP only has minimal security. An SNMP manager connecting to an SNMP-enabled device will transmit a “community string” with its request. If the string matches that configured in the equipment, the request will be carried out. Devices typically have two community strings configured, one for read-only OIDs and one for modifiable ones. The communication is not encrypted and anyone intercepting it would see the community strings in clear text. This is why SNMP is typically only used on private, secure networks.

How SNMP Is Used To Monitor Networks

To monitor bandwidth utilization, SNMP-based tools periodically read the bytes in and out counters of a networking device’s interfaces at know intervals. Five minutes is a typical interval value but shorter times can be used for finer resolution. They then store the polled values in some sort of database or file.

The rest of the process is simple maths. The monitoring system subtracts the previous counter value from the current one to get the number of bytes transmitted or received during the polling interval. It can then multiply that number by eight to get the number of bits and divide it by the number of seconds in the polling interval to get the number of bits per second. This information is typically plotted on a graph showing its evolution in time and/or stored in a database.

It is important to note that what you get is an evaluation of the average utilization over the polling interval, not the real bandwidth utilization. For instance, if a circuit is used at maximum capacity during half of the polling interval and carries no traffic during the other half. It would show up as being used at 50% of its capacity despite being maxed out for an extended period. Shorter polling intervals will reduce this distortion but it is important to keep in mind that these systems only give you average values.

ALSO READ: Best Linux Log Management Tools

A Word About Linux

As an operating system, Linux is not, functionally speaking, very different from any others such as Windows or OS X. The main difference between Linux and other popular operating systems is the fact the Linux is a free and open-source product and most distributions are available free of charges. It is important here to distinguish free in “free and open-source” from free in “free of charges”. The first one refers to freedom rather than price.

Over the years, Linux, which was once a marginal operating system installed by nerds and computer science students—I recall spending weeks downloading SLS Linux one diskette image at a time over a 1200 baud connection; I guess I was one of those nerds—has grown to be a popular option as a server operating system. Some recent distributions are also making much progress as a viable alternative to Windows as a personal computer operating system.

Linux As A Network Monitoring Platform

While Linux is a popular operating system for servers of all kinds, it is even more so when it comes to running specific tools. There are several free and open-source network monitoring tools that will only run on Linux. And if your tool of choice can run on either Windows or Linux, wouldn’t it make more economic sense to run in on a free OS rather than waste some money on a costly operating system such as Windows?

While some people still don’t trust free and open-source operating systems and software for mission-critical applications and wouldn’t, for instance, put their precious corporate data on a MySQL server running on Linux, many of them don’t usually have as many objections to using the platform for running network administration tools.

MUST READ: Best NetFlow Collectors for Linux

The Best Linux Network Monitoring Tools

1. ManageEngine OpManager

The ManageEngine OpManager is a powerful all-in-one network monitoring tool that offers comprehensive network monitoring capabilities. It can help you keep an eye on network bandwidth utilization, detect network faults in real-time, troubleshoot errors, and prevent downtime. The tool supports various environments from multiple vendors and can scale to fit your network, regardless of its size. It can run on either Linux or Windows and will let you monitor your devices and network and give you visibility over your entire network infrastructure. Installation and setup of this product are both quick and easy. You can get it running in under two minutes. It requires no complex installation procedures and comes bundled with built-in databases and web servers.

ManageEngine OpManager Dashboard

The ManageEngine OpManager constantly monitors network devices’ performance in real-time and displays it on its live dashboards and graphs. In addition to bandwidth, it examines several critical operational metrics such as packet loss, errors and discards, etc.

The tool can help you detect, identify, and troubleshoot network issues with its threshold-based alerts. You can easily set multiple thresholds for every performance metric and get notifications when they are exceeded. Reporting is another area where this tool shines. Intelligent reports will let you get detailed insights on network performance. There are more than 100 built-in reports and you can customize, schedule and export these out-of-the-box reports as needed.

2. Zabbix

Zabbix is a free and open-source product that can be used to monitor anything. The tools can run on a handful of Linux distributions—including Rapsbian, the Raspberry Pi version on Linux—and it will monitor network bandwidth, servers, applications and services, as well as cloud-based environments. It features a highly professional look and feel. This product also boasts a broad feature set, unlimited scalability, distributed monitoring, strong security, and high availability. Despite being free this is a true enterprise-grade product.

Zabbix Dashboard

Zabbix uses a combination of monitoring technologies. It supports SNMP monitoring as well as the Intelligent Platform Monitoring Interface (IMPI). It can also do agent-based monitoring with agents available for most platforms. For easy setup, there’s auto-discovery as well as out-of-the-box templates for many devices. The tool’s web-based user interface has several advanced features such as widget-based dashboards, graphs, network maps, slideshows, and drill-down reports.

Zabbix also features a highly customizable alerting system that will not only send out detailed notification messages but that can also be customized based on the recipient’s role. It can also escalate problems according to flexible user-defined service levels.

3. Zenoss Core

Zenoss Core may not be as popular as some of the other monitoring tools on this list but it truly deserves its spot because of its feature set and professional look and feel. The tool can monitor many things such as bandwidth utilization, traffic flows, or services like HTTP and FTP. It has a clean and simple user interface and its alerting system is excellent. One thing worth mentioning is its rather unique multiple alerting system. It allows a second person to be alerted if the first one does not respond within a predefined delay.

Zenoss Core Dashboard

On the downside, Zenoss Core is one of the most complicated monitoring systems to install and set up. Installation is an entirely command-line driven process. Today’s network administrators are used to GUI installers, configuration wizards and auto-discovery engines. This could make the product’s installation seem a bit archaic. Then again, this is in line with the Linux world. There are ample installation and configuration documentation available and the end result makes it worth the efforts.

4. Nagios

There are two versions of Nagios available. There’s the free and open-source Nagios Core and there’s the paid Nagios XI. Both share the same underlying engine but the similarity stops there. Nagios Core is an open-source monitoring system that runs on Linux. The system is completely modular with the actual monitoring engine at its core. The engine is complemented by dozens of available plugins that can be downloaded to add functionality to the system. Each plugin adds some features to the core.

Nagios XI Dashboard

Preserving the modular approach, the tool’s front-ends is also modular and several different community-developed options are also available for download. The Nagios core, the plugins and the front end combine and make for a rather complete monitoring system. There is a drawback to this modularity, though. Setting up Nagios Core can turn out to be a challenging task.

As for Nagios XI, it is a commercial product based on the Nagios Core engine but it is a complete self-contained monitoring solution. The product targets a wide audience from small businesses to large corporations. It is much easier to install and configure than Nagios Core, thanks to its configuration wizard and auto-discovery engine. Of course, this ease of setup and configuration comes at a price. You can expect to pay around $2 000 for a 100-node license and about ten times as much for an unlimited one.

5. Cacti

We had to include Cacti on this list. After all, at 17 years of age, it is one of the oldest free and open-source monitoring platform. And it is still quite popular to this day it is still actively developed. The latest version was just recently released. While Cacti might not be as feature-rich as some other products, it is still an excellent tool. Its web-based user interface has somewhat of a vintage feel but it is well laid out and easy to understand and use. The tool’s primary components are a fast poller, advanced graphing templates, and multiple acquisition methods. While the tool primarily relies on SNMP polling, custom scripts can be devised to get data from virtually any source.

Cacti Screenshot

This tool’s main strength is in polling devices to fetch their metrics—such as bandwidth utilization—and graphing the collected data on web pages. It does an excellent job of that but that’s all it will do. If you don’t need alerting, fancy reports or other extras, the product’s simplicity might be just what you need. And if you need more functionality, Cacti is open-source and entirely written in PHP, making it highly customizable and you can add any missing features you need.

Cacti makes extensive use of templates which account for an easier configuration. There are device templates for many common types of devices as well as graph templates. There’s also a huge online community of users who write custom templates of all kinds and make them available to the community and many equipment manufacturers also offer downloadable Cacti templates.

6. MRTG

The Multi Router Traffic Grapher, or MRTG, is the granddaddy of all network bandwidth monitoring systems. While the open-source project has been around since 1995, it is still in widespread usage, despite the fact that the latest version is already a few years old. It is available for Linux and Windows. Initial setup and configuration are somewhat more complicated than what you’d experience with other monitoring systems but excellent documentation is readily available.

MRTG Screenshot

Installing MRTG is a multi-step process and you need to carefully follow the setup instructions. Once installed, you configure the software by editing its configuration file. What MRTG lacks in user-friendliness, it gains in flexibility. Mostly written in Perl it can easily be modified and adapted to one’s exact needs. And the fact that it’s the first monitoring system and that it is still around is a testament to its value.

Leave a comment