2

Hi i need to monitor ntop to monitoring networking traffic but i am concern if its going to affect somehow my server performance.... i've been also recomend to use Nagios but i am not quite sure if is possible to get a Bandwidth monitor out of it....

So should i use Ntop or Nagios for traffic monitoring? or is there is another solution...

Thanks!!

Necronet
  • 283
  • 2
  • 5
  • 17
  • Curious about the downvote: was it because the question is poorly worded? If so, why not leave a comment saying so and suggesting a fix? – Jed Daniels Mar 24 '11 at 15:14
  • probably the question syntaxis is not the best but i got the answer thanks! – Necronet Mar 25 '11 at 05:46

3 Answers3

4

Most solutions for bandwidth monitoring are going to Poll the SNMP (IF-MIB) interface counters to figure out bandwidth.

Nagios monitoring is really going to functional for bandwidth only, not analysis of the traffic, also you will need some sort of graphing plugin.

If you want actual analysis and not just bandwidth, ntop is a good choice. Best practice would be to run ntop on a machine that doesn't also run things that effect production.

If you just want bandwidth graphs you might look at Cacti.

Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
  • what do you mean by this "Best practice would be to run ntop on a machine that doesn't also run things that effect production" . I should tested locally before production? or that i should have another host dedicated to log network traffic data? – Necronet Mar 24 '11 at 15:00
  • 1
    @Necronet: I would opt for another host if possible. Might get yelled at by your boss if a box has performance issues because of monitoring stuff ;-) – Kyle Brandt Mar 24 '11 at 15:11
  • If i can't do you think a VM solution might be better....? should i install ntop this in my proxy right? – Necronet Mar 24 '11 at 17:28
  • I would look into setting up a *Mirrored port* on a managed switch if you have one. That will replay traffic from one port into another. ntop can then sniff traffic a machine connected to the extra port – Kyle Brandt Mar 24 '11 at 17:30
  • 1
    @Necronet: You should be fine, but keep an eye on the switch CPU after setting up the Mirror port just in case. – Kyle Brandt Mar 24 '11 at 17:41
1

Ntop and Nagios are for different things.

Ntop will help you analyse your network traffic in a variety of ways - e.g. what network devices are generating the most network traffic, what protocols are running across your network.

Nagios is for monitoring lots of things (almost anything you can think of) across multiple devices, and then getting alerted when what is monitored reaches a threshold you specify.

If you've read the ntop website and think this matches your needs, you don't need Nagios.

Either product should be run on a dedicated server, unless your network is very small, in which case you might run it on another server that is used for management purposes. Don't put it on a server providing services (e.g. email, database) your users access.

dunxd
  • 9,482
  • 21
  • 80
  • 117
0

If you are looking at graphing your monitoring output you may find Munin simpler to setup than Nagios. Either will only monitor total bandwidth usage on the interface. Munin's alert configuration is not as flexible as Nagios's.

I have had success using n2rrd to generate graphs from Nagios monitor output.

Ntop is an entirely different tool than Nagios and Munin. It is designed to give breakdowns on bandwidth usage. Breakdowns include interfaces, hosts, protocols, and ports.

BillThor
  • 27,354
  • 3
  • 35
  • 69