Net monitoring tools stand watch
As varied as job descriptions may be, network professionals share a common goal: To discover and fix any problem before users catch wind of it.We reviewed six products designed to monitor the health and availability of network devices and, in some cases, resolve a problem automatically. The products send alerts by pager, e-mail and pop-up dialog boxes to notify you of any network outage and produce reports to help you establish baselines, identify trends and spot future problems.
Watch and warnMonitoring features vary from product to product. At the very least, products simply check for device availability on TCP/IP ports, including Simple Mail Transfer Protocol (SMTP), HTTP and telnet. Some products use SNMP to retrieve details about a machine, such as uptime or network load. Some products make better use of the auditing information built into NT than others. MediaHouse Software's Enterprise Monitor set the bar for monitoring. It's capable of monitoring generic TCP/IP services and ASCII logs generated by applications, and can tie into NT auditing for services and events. Like Ipswitch's What'sUp Gold, it lets you create specific test conditions you create specific test conditions for TCP/IP services. For example, you can instruct Enterprise Monitor to let you know not only that your Web server is responding, but also that it's responding with the right Web page. For inventory purposes, Enterprise Monitor makes it easy to scan your network and review the results. You can select a subnet or have Enterprise Monitor browse and present visible Windows domains, and then select the entries you'd like to monitor by simply clicking a checkbox.Ripple Technologies' LogCaster can monitor NT services and events as well as Enterprise Monitor, but lacks some of its advanced TCP/IP monitoring features. In addition to basic TCP/IP monitoring, LogCaster uses agents to tap into NT services, installing them automatically once you identify which machines in the domain to monitor. Unlike the other packages we tested, Heroix's RoboMon monitors only systems that have one of its own agents installed. Like LogCaster, RoboMon has agents available for NT on Intel and Alpha platforms. In addition, RoboMon has agents for Unix platforms from Digital (now Compaq), Hewlett-Packard, IBM and Sun. These agents provide much of the same information you get from NT auditing systems, including CPU usage, disk availability and memory usage. Though LogCaster can monitor more types of systems because it's not limited to using agents, RoboMon collects more information about the systems it watches. The last three products we tested primarily monitor more generic TCP/IP services and don't worry about the underlying operating system. Dartmouth College's InterMapper also monitors AppleTalk subnets, which lets you keep tabs on AppleTalk routers. In addition, InterMapper automatically connects any devices you specify and configure in an organizational chart approximating your subnet, though the product cannot discover these devices. InterMapper is the only product we tested that uses SNMP to watch how well each system's network interface is performing. Ipswitch's WhatsUp Gold, another TCP-watcher, offers some support for IPX in addition to standard TCP/IP monitoring services. While this sounds appealing, the only function it supports over IPX is a simple ping, and nothing as sophisticated as an SNMP query. On the other hand, if you give it a subnet to look at, WhatsUp Gold can discover TCP/IP devices and present the objects in a window for you to organize. You can add lines and symbols to create a likeness of your network. When one or more service on a device fails, WhatsUp Gold will highlight the device and show which portion has failed, launching any notification measures you have set. In Version 3.6, released in early August, Tessler's Nifty Tools added monitoring of NT services to WatchDog's TCP/IP monitoring base, but the program still doesn't monitor NT events. Nor does WatchDog include any mapping capabilities. In Version 3.8, which was released just before we went to press but not in time to test, the vendor has added support for SNMP traps and get requests. Because the product is divided into four modules - WatchDog-IP, WatchDog-Mail, WatchDog-Server and WatchDog-Modem - you can buy only the features you need. However, the downside is that the components don't share information. If a device has multiple services on it, you must monitor each individually. It's confusing at first, but not too tough to implement. In the future, Tessler's Nifty Tools will bundle the foursome's features in a single product.
On the alertJust as important as finding a problem is letting someone know about it. We found these products' notification features are more alike than their monitoring features. All can send e-mail notification via SMTP and can use most standard pager systems. We began to see some differentiation when we looked at alternate means of notification, such as pop-up windows, alert sounds and launching a program on a desktop or console. As they did for monitoring, Enterprise Monitor and LogCaster emerged as the strongest in this category. Each goes above and beyond the standard feature set. LogCaster can set SNMP traps for any SNMP manager. Enterprise Monitor can send e-mail to SMTP and MAPI-compliant mailers on its console, while LogCaster can send either by SMTP or Exchange. Both can send alerts by Windows pop-ups to machines across the network. Enterprise Monitor also lets you modify the content of e-mail notifications. WatchDog and RoboMon offer standard mail, beeper and pager features with similar restrictions: If you're running WatchDog, pop-up and sound alerts are limited to the WatchDog console; if you're running RoboMon, pop-up and sound alerts are limited to the RoboMon consoles you have installed. In addition, WatchDog offers the unique ability to post alert status notifications on a statically named Web page. InterMapper offers only basic e-mail, pager, beeper and console notification; WhatsUp Gold offers these, along with pre-recorded messages via telephone, program notifications, and group notifications for response teams.
Corrective action and reportingEven better than a message telling you there's a problem is a message that says the problem has been identified and corrected without user intervention. We found the products that did this best are those that depend on agents to gather data and maintain system health - in particular, RoboMon and LogCaster. If a service or application becomes unavailable, RoboMon and LogCaster can instruct the agent to try to restart the downed service. If this fails, the agent can tell the entire machine to reboot itself. RoboMon's multiplatform agents are a definite advantage when it comes to solving network problems. Enterprise Monitor also has decent corrective features. Because it can tap into the power of NT service and event management, Enterprise Monitor can attempt to reboot a machine running NT.WhatsUp Gold, WatchDog and InterMapper all have roughly equivalent corrective features, which don't amount to much. They operate mainly as stand-alone systems, so they really don't have the ability to take over another machine or system. They do have the ability to launch a program on the console. InterMapper can launch AppleScript commands, which are analogous to sophisticated DOS batch files. Even when things appear to be running smoothly, it's nice to see those thoughts confirmed. That's where reporting comes into play. In our tests, we found that reporting features varied widely from product to product. Reports ranged from simple lists of available and unavailable devices to graphics that include individual device data. The undisputed reporting champ is RoboMon. By default, RoboMon logs each system's activities in a local Access database. Alternatively, you can redirect them to a central repository via Open Database Connectivity (ODBC) or Microsoft's SQL Server. RoboMon splits its reporting tools into two types: customizable text reports and graphical reports. RoboMon gives you free rein over how the data is presented, including 2-D and 3-D graphs, and line and bar charts. LogCaster's reporting features are not quite as strong as RoboMon's. You can obtain most of the same information and create similar charts and reports with LogCaster, but it's missing the flexibility of RoboMon. As with RoboMon, LogCaster lets you share data among agents using ODBC, which lets you run reports from alternate consoles. Unlike RoboMon, you must first configure LogCaster to collect desired performance characteristics before you can create any graphs and reports. While not particularly difficult, the interface was not very intuitive.Enterprise Monitor and RoboMon let you customize text reports by tapping into the full complement of NT event and service data. While Enterprise Monitor allows much greater flexibility than LogCaster in creating text reports, we'd like to see Enterprise Monitor improve its graphic reports. InterMapper's reports aren't nearly as configurable as those of the top three products. However, InterMapper nicely displays the load on the network interface, which it obtains via SNMP calls, and reports on system uptime. Similarly, WhatsUp Gold reports systems that are up and down, and not much else. While the program includes an SNMP graphing utility, it's a little rough to use and you can't even print the resulting graph. WatchDog's reporting features are the least developed. In Version 3.6, WatchDog shows statistics on successive polls, the number of failures and the network's current state, but that's it. Consoles and the WebThe use of multiple consoles and the inclusion of Web interfaces make it much easier for users to gain access to the information collected by these programs. Enterprise Monitor is extremely easy to propagate across your network. All you need to set up additional management consoles is a frames-compatible Web browser. During setup, you can make system availability open to public view, if you wish. Configuration, reporting and other privileged functions require a user name and password. You can, of course, set up any number of users, each with varying permissions. But the real beauty of this interface is that there's virtually no workstation dependence; you can get to a management console from anywhere.Enterprise Monitor installs itself as an NT service and is ready for use as soon as installation is complete, as long as the Web server is up and running. InterMapper and WhatsUp Gold provide their own Web servers. In both cases we found the Web interface easier to use than the console for many basic functions. InterMapper does a particularly good job of displaying the subnet maps that it creates on the console. Likewise, with WhatsUp Gold you can create new maps from the Web interface and activate them on the main console. Again, this puts virtually no restrictions on the workstation. Security, however, is a bit more lax for InterMapper, which restricts access based on IP address. You either have access or you don't; there is no granularity. RoboMon has a Web interface, but it's much more limiting than the console. You can see most of the NT event logs and other statistics collected by the systems, and you can install multiple consoles on different machines throughout your network. But even though the agents run on other platforms, RoboMon requires you to put the console on a Windows NT system on an Intel platform. LogCaster doesn't have a Web interface but allows you to install multiple consoles throughout your NT network. WatchDog doesn't have a Web interface either, nor can it support another console. Instead, if you want to use WatchDog in another place, you have to install and configure it there.
Getting startedMediaHouse Software provided us with a printed copy of Enterprise Monitor's documentation, but admitted that it normally does not supply this to customers. After we installed the program we realized why: Documentation is well integrated into the program's virtual console, including a unique checklist posted at the top of the interface. The checklist consists of six items that make using the program much more efficient, but are not mandatory. Each item remained in view as a reminder until we completed it. RoboMon was a bit more difficult to install than the other programs, mainly due to its capabilities. As the only product that relied on its agents, it needed to know what each agent was keeping statistics for before the program could be used. The documentation that accompanied RoboMon was by far the most exhaustive. But to really take advantage of the program, you need it. LogCaster took the most time to install but was still pretty quick; within 15 minutes the management console was available for use. LogCaster ties deeply into NT and required some additional configuration before it was ready for use. It is the only product that doesn't allow you to perform any management functions until you log on as a valid user. The documentation was adequate, but not as detailed as we would have liked. Hands down, InterMapper was the easiest program to install. The only contender that ran on the Macintosh platform, it was also the only product that we installed simply by launching the program. The printed documentation was a little thin, however. You can access additional documentation over the Web, but InterMapper's online documentation isn't as tightly integrated as that of Enterprise Monitor.Installing WhatsUp Gold was a brief, straightforward procedure. We simply told the program where to install. While there wasn't a setup procedure, adding systems to be monitored was an intuitive process. If you do have questions, the concise manual is easy to follow. Installing WatchDog was a simple, quick process. Even though its interface is intuitive, WatchDog's printed documentation is very thin. Help files fill in the blanks.All things considered, each product has its place. If you have Macintoshes in your shop, you should take a look at InterMapper. For smaller shops or the budget-constrained, WhatsUp Gold and WatchDog are excellent at keeping tabs on the basics. But midsize to large shops will want to tap into the power that RoboMon, LogCaster and Enterprise Monitor have to offer. Enterprise Monitor's monitoring features are the strongest of the lot - you can get to them from almost anywhere, and your notification options are plentiful.
prise Monitor 5.2
|Ripple LogCaster 2.1||8||7||6||8||8||6||7||7.25|
|Ipswitch WhatsUp Gold 4.0||6||3||8||6||4||7||7||5.6|
|Tessler's WatchDog 3.6||7||3||5||7||4||7||6||5.3|
Note: Products are ranked on a 1-10 scale in each category, then multiplied by the weight in each category. These are added to give a total score.
Enterprise Monitor 5.2
Pros: Comprehensive monitoring features; Console can be deployed anywhere; NT information pulled without an agent
Cons: Reporting needs polish
$695 per server license
Pros: Excellent reporting; Powerful rules engine
Cons: Only monitors what it has an agent for
$795 per NT server license and $95 per NT workstation license
Pros: Monitors TCP/IP and NT services and events
Cons: Initial setup is cumbersome;Console is restricted to NT
$795 for 100 nodes ($395 for educational institutions)
Pros: AppleTalk monitoring; Good automatic mapping
Good NIC summary
Cons: Weak reporting; Corrective actions lacking
WhatsUp Gold 4.0
$695 for 100 nodes
Pros: Network discovery features included; Full function Web interface
Cons: Weak reporting; Corrective actions lacking
Tessler's Nifty Tools
Pricing starts at $695 for WatchDog-IP; $1,895 for WatchDog-Mail; $695 for WatchDog-Modem; and $1,895 for WatchDog-Server.
Pros: Clean interface
Cons: Modules don't interact; Limited features
Berkley is the LAN Support Supervisor with Computing Services at the University of Kansas. His department provides contract support campuswide on a variety of platforms. He can be reached at berkley@ ukans.edu.
Key findings, pricing, vendor contact info.
Forum: Network monitoring and alerting
Discuss the topic with Travis Berkley, in this online discussion.
Database of detailed specs on 42 apps. Use the search form to find the ones that best meet your criteria or compare two or more in a variety of categories.
Response to RFP
With the Tolly Group, we sent out an RFP to network monitoring vendors. Read our RFP and their responses.
User study: Raising the red flag
We interview users of these tools. See what how they put them to work.