pace-it: analyzing monitoring reports

Analyzing monitoring reports.

Instructor, PACE-IT Program – Edmonds Community College

Areas of Expertise Industry Certifications PC Hardware Network

Administration IT Project

Management

Network Design User Training IT Troubleshooting

Qualifications Summary

Education M.B.A., IT Management, Western Governor’s University B.S., IT Security, Western Governor’s University

Entrepreneur, executive leader, and proven manger with 10+ years of experience turning complex issues into efficient and effective solutions. Strengths include developing and mentoring diverse workforces, improving processes, analyzing business needs and creating the solutions required— with a focus on technology.

Brian K. Ferrill, M.B.A.


– Baselines.

– Reports.

PACE-IT.

Baselines.Analyzing monitoring reports.

Baselines.

How do you know what constitutes good network performance and what indicates an issue?

This is where baseline documentation comes into play. Baseline documentation provides a snapshot of the network when it is running efficiently. Baselines are usually kept as a log file, although they may also be graphical in nature. Baselines should be established on CPU utilization and network utilization (and any other function you deem relevant). Periodic tests should be conducted to determine if the baseline has changed. You can use Windows Performance Monitor to help establish the baseline.


Baselines.

– Items to consider for baselines.» Network device CPU utilization.

• Can help to determine when a network device is going to fail.

• Can help to determine when more network devices should be installed in a growing network.

» Network device memory utilization.• Can help to determine when it is time to expand the

memory of network devices.» Bandwidth utilization.

• Can help to determine the overall health of a network.• Can help to determine when network segmentation

should occur.• Can help to determine if a network device is failing

(creating a storm of data).• Can help in identifying when a security breech has

occurred.


Baselines.

– Items to consider for baselines continued.

» Storage device utilization.• Can help to determine when storage utilization has

become a bottleneck on the network.• Can help determine when to increase the storage

capacity of the network.» Wireless channel utilization.

• Can help to determine how saturated the wireless channels have become; once it is determined that they are saturated, a new wireless access point (WAP) can be installed to alleviate the pressure.

• Can help to determine if there is unauthorized wireless access occurring (especially if there is utilization on a channel that is supposed to have none).


ReportsAnalyzing monitoring reports.

Reports.

– Log management.» Log files can accumulate data quickly and some

administrators only review them after a major problem has occurred. In most situations, this is a case of too much information.

• Good administrators will set proper reporting levels with their logging software.

• Good administrators will review logs and compare them against their baseline documentation to find issues while they are still minor.

» Logs should be kept and archived in case there is a need for historical data; follow the organization’s data storage policy.

» One consideration is to create a running graph of important metrics that are captured by logs.

• Graphing the data gives a quick visual reference, making it easier to spot issues.

• Many logging applications give the administrator the option of creating graphs.


Reports.

– Interface link status.» When reviewing the output from an interface report,

the first line is usually a report on the status of the link.• Fastethernet0/0 is up, line protocol is up (all is good).• Fastethernet0/0 is up, line protocol is down (all is not

good); the interface is administratively up, but is not able to communicate with the other end.

• Fastethernet0/0 is down, line protocol is up (all is not good); there may be an issue with the cable or the physical port itself.

• Fastethernet0/0 is down, line protocol is down (all is not good, but all is not bad); the interface has been administratively shut down.

– Problems on an interface.» If the link status of the interface indicates that there

are no problems (the up and up state), but something is not operating correctly, then it is time to dig a little deeper into the interface monitoring reports.


Reports.

– Interface monitoring reports.» There are many things that can happen on a network

device’s interface to cause issues. • In most cases, it will be required to log into the device

and run the device’s report to determine the cause of any problems.

» Speed and duplex settings (the most common problem):

• If there is a speed mismatch, the devices will not connect.

• A duplex mismatch will cause intermittent issues (e.g., errors in output or input reports or dropped packets).

» Discards and packet drops:• If the device is discarding incoming packets, then,

more than likely, the device’s CPU is being overutilized.

• If the device is dropping outgoing packets, then there is a bandwidth congestion issue.

» Interface resets:• If the interface keeps resetting, the most likely cause

is a communications issue between the two end points.


What was covered.Analyzing monitoring reports.

Baselines are used to establish what network performance should be. Periodic tests should be conducted against the baselines to determine if they have changed. Functions that might benefit from having a baseline include: network device CPU utilization, network device memory utilization, bandwidth utilization, storage utilization, and wireless channel utilization.

Topic

Baselines.

Summary

Log files can accumulate data rather quickly. Administrators can help manage the growth through setting the proper reporting levels. Log reports do need to be reviewed and should be archived. Graphing log data can give a visual reference that makes it easier to spot problems. Any interface link status other than up and up indicates that there may be an issue. Problems can still occur on a network interface, even when link status is up and up. Issues that can occur include: speed and duplex mismatch, discarded and dropped packets, and interface resets.

Reports.

THANK YOU!

This workforce solution was 100 percent funded by a $3 million grant awarded by the U.S. Department of Labor's Employment and Training Administration. The solution was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites and including, but not limited to, accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53.PACE-IT is an equal opportunity employer/program and auxiliary aids and services are available upon request to individuals with disabilities. For those that are hearing impaired, a video phone is available at the Services for Students with Disabilities (SSD) office in Mountlake Terrace Hall 159. Check www.edcc.edu/ssd for office hours. Call 425.354.3113 on a video phone for more information about the PACE-IT program. For any additional special accommodations needed, call the SSD office at 425.640.1814. Edmonds Community College does not discriminate on the basis of race; color; religion; national origin; sex; disability; sexual orientation; age; citizenship, marital, or veteran status; or genetic information in its programs and activities.