This free, open-source software turns a Windows system into a master system-monitoring console
Every administrator I've worked with dreams of a master console that can dutifully watch over his or her environment—performing helpful tasks such as checking for unusual events, logging performance and response time, and providing metrics for availability and resource utilization. Although Windows contains basic tools that perform some monitoring functions, many sites turn to comprehensive application suites that provide extensive monitoring capabilities, such as HP OpenView, Micromuse's Netcool, and NetIQ's AppManager. Unfortunately, such packages often have a hefty price tag, leaving many administrators to make do with whatever tools they can find.
What if I told you there's an open-source solution that does many of these things, and more? What if I told you that in addition to letting you monitor resource utilization and service availability, emailing alarms, and generating reports, the tool doesn't require a third-party agent to be installed on the devices you want to monitor, nor does it require a network logon? Such a product exists, and you can have it—for free—today.
Meet JFFNMS, the Just For Fun Network Monitoring System, an open-source network-monitoring project developed by Javier Szyszlican and Craig Small. You can download JFFNMS at SourceForge.net (http://sourceforge.net) or at the application's homepage at http://www.jffnms.org. Don't let the whimsical title fool you; this open-source software offers enterprise-class capabilities. Many thanks to Javier and Craig for providing this wonderful tool.
How can JFFNMS perform its magic without requiring a third-party agent on the target device or without logging on to the device itself to check the status of resources and services? It does all this through SNMP, which is included in Windows NT and later. You must install SNMP on the system you'll use for monitoring before you install JFFNMS. I provide background information about SNMP and the steps for configuring it on your system in the Web-exclusive sidebars "SNMP: The Foundation for JFFNMS," http://www.windowsitpro.com, InstantDoc ID 44988, and "Setting Up SNMP," http://www.windowsitpro.com, InstantDoc ID 44989. Now let's walk through setting up JFFNMS on your system.
Unlike the Windows versions of some open-source packages, JFFNMS doesn't use the familiar wizard-style installation. By completing the JFFNMS installation, you'll graduate to "Open Source 201"—but have no fear: The instructions that Javier and Craig provide for installing JFFNMS on Windows are generally right on target. Along with JFFNMS, you'll be installing Apache HTTP Server (so remove Microsoft IIS if you've already installed it), the PHP scripting language, MySQL, Round Robin Database Tool (RRDtool), and NMapWin, all of which are required to support JFFNMS. A complete walkthrough for each of these protocols and services is provided in the JFFNMS installation package and also at http://www.jffnms.org/jffnms/INSTALL.win32.txt (this URL is case-sensitive).
Go to the JFFNMS Web site and download the most recent stable package for installation—at publication time, the most recent stable package was 0.7.9. Set aside some time to install JFFNMS without distractions. Follow the installation instructions to the letter, and you should get JFFNMS up and running on the first try. I completed my first installation in less than 30 minutes. The only real glitch I encountered (a minor one) was when I discovered that I had to assign local Administrator privileges to the JFFNMS account I'd created on my monitoring system. Until I did so, the implementation didn't work quite right.
After JFFNMS is installed, you should be able to browse to your local server at the console itself by using the URL http://yourserver/admin/setup.php, where yourserver is either localhost (if you're accessing JFFNMS from the machine it's installed on) or the name or IP address of the system on which you installed it. The default username and password are both admin. As outlined in the installation instructions, you'll need to provide a few configuration details, and you should ignore the red warnings for the diff, neato, smsclient, PgSQL, and SOAP components. Save the configuration after you've made the required changes. Now you're ready to start using JFFNMS.
Setting Up Monitoring
Before we set up monitoring, you should understand how JFFNMS uses the term "interface." For most people, an interface might be a NIC or perhaps a device's IP address. In JFFNMS, an interface is any parameter that the software should monitor, such as hard-disk utilization, whether an application is running, or whether a particular port is available on a host. Essentially, an interface is how JFFNMS sees the world.
Log on to JFFNMS by browsing to the main page for the system at http://yourserver and entering the default username and password. You should see the JFFNMS Start Page, a high-level count of various metrics within JFFNMS. Because JFFNMS doesn't know about any devices on your network yet, the first thing you'll want to do is define a host for JFFNMS to start looking at. Click the Administration link at top right of the Web page. An additional line should appear below the link, which displays several items that you can administer. Click the Users and Customers link, and another line appears below it. Click the Customers link, which displays the main Customer configuration screen.
Here, you define a customer by clicking the Add link. The primary reason for performing this step is that every host and interface should be assigned to a customer—otherwise JFFNMS will create alerts for that host or interface to tell you that it isn't properly assigned. These alerts cause a bit of noise in the event views for JFFNMS, so make sure you've got at least one customer name here to use.
After you've defined a customer, you should also define some zones for JFFNMS before you define hosts to be monitored. Zones are simply a means for logically grouping devices—perhaps by floors in your building if your devices are all at one location or by offices if your devices are spread across multiple locations. Select the Hosts and Interface link in the second line of the Administration menu, which should still be in your browser window, then select Zones. Define new zones by clicking the Add link and entering the appropriate zone names.
Now you can start adding hosts to your system. Click the Hosts and Interfaces link in the first line of the Administration menu, and another line appears below that. Select Hosts, which displays the main Hosts Administration page that Figure 1 shows.
Click the Add link, which displays a blank table line where you can start entering details about the host you want to monitor. First, you define the host's name—how you want the device represented within JFFNMS. The next two fields in the host definition are Zone and IP. From the drop-down menu, select the appropriate zone for the first field and enter the device's IP address in the second. Ignore the Tacacs Source IP field (TACACS—Terminal Access Controller Access Control System—is a Cisco Systems authentication mechanism); you don't need it for your Windows servers. Make sure that the Polling check box is selected; this option indicates whether this device should be actively polled by JFFNMS. Leave the Satellite field set at the default option of Local for now.
The next two host-configuration fields are for your ReadOnly SNMP Community and ReadWrite SNMP Community strings; here, enter the community string(s) that you configured for your Windows server, as I explain in the Web-exclusive sidebar "Setting up SNMP." The last two relevant fields are AutoDiscovery and AD Default Customer. AutoDiscovery is extremely helpful because it lets JFFNMS automatically determine many details about your hosts for you. Select the Automagic configuration option for AutoDiscovery. For AD Default Customer, select the customer name that should be applied for new objects that JFFNMS discovers on your target server. Click Submit, and JFFNMS writes your host to its database and returns you to the Hosts Administration page. You can add more hosts one at a time.
After you've added all the hosts you want to monitor, select Hosts from the Views drop-down list at the top of the Hosts Administration page, and you should see an icon-based view of the system(s) you added. That icon might be green, blue, or purple, depending on where JFFNMS is in its autodiscovery process, or red or yellow if JFFNMS has found a warning condition. The autodiscovery process can take more than 30 minutes, depending on schedules assigned to the background tasks that support JFFNMS and because of the amount of processing that autodiscovery requires. Give JFFNMS the time it needs to do its work, and you'll be pleasantly surprised when you check back to see what it's learned.
When JFFNMS has finished autodiscovery, click a device's icon to drill down into the individual interfaces that JFFNMS has found. As Figure 2 shows, JFFNMS has detected useful information about my test server, including the open TCP ports on the system that NmapWin discovered (great for a quick security check), the NIC in my system, the storage subsystems on the server (drive letters and virtual memory), and that it has one CPU. All these items have automatically been made into interfaces, which JFFNMS automatically starts monitoring by using default parameters.
To display more detail about what JFFNMS has discovered about a device, select Hosts & Events from the Views drop-down list. Doing so displays the hosts in your configuration or the interfaces for a specific host with relevant events listed. Each event is timestamped and has an alarm icon next to it when it first appears. When you need to resolve the situation that caused the alarm, you can manually acknowledge events by using the fields at the bottom of the event list. When a situation has caused an alarm, which is subsequently cleared (e.g., a device goes offline for a minute, then returns online), JFFNMS automatically correlates the events and clears them for you. Host icons in this view are blue, purple, green, yellow, or red according to their current status within the system. When I added my test server to my JFFNMS configuration, JFFNMS immediately detected that I was using more than 80 percent of my virtual memory and displayed a yellow warning event, which Figure 3 shows.
I've found that after JFFNMS has fully autodiscovered a device, it's helpful to set the device from "automagic" discovery to "no discovery" because routine networking causes ports on systems to open temporarily, then close. JFFNMS discovers these temporary ports if they're open when it tries to rescan the system and will add them continuously to your host. Eventually, your host might have hundreds of those interfaces, which clutters the system and slows JFFNMS's monitoring. If you add new services to a host, you can always initiate a manual discovery at any time, which I'll explain later in the article.
After JFFNMS has discovered everything it can about your hosts, you can start looking at the hosts in detail and customizing the interfaces (i.e., items to monitor) on each device. In the next sections, I'll discuss sample monitoring situations you might want to set up for your target systems.
If you have Internet services on your device, you might want to perform a content check to ensure that not only the TCP port is available, but that the service (e.g., mail server, FTP server, Web server) on that port responds properly to connection requests. For instance, I want to make sure I always see the string "ESMTP MailEnable Service" in the banner that my mail server returns for an incoming connection. To do this, I define a content check for that specific interface: TCP port 25, the default SMTP port.
To set up the content check, select Administration, Hosts & Interfaces, Hosts, then select the View Interfaces option next to the server for which you want to add a content check. Doing so displays a list of the interfaces defined for your host, which Figure 4 shows. You can customize the properties for any of the specific interfaces shown in the list or delete those that you don't want tested (this is where you'd clean up autodiscovered data that you don't want monitored). If many interfaces are assigned to your host, some of them might be on additional screens; click >>Next (at the bottom of the scrolled page) to move to the next page.
For our specific task—checking the SMTP banner—I'll edit the properties for the interface that's assigned to port 25 by selecting the Edit link to the left of the line item. Doing so displays an editable view of that specific interface. I add "ESMTP MailEnable Service" to the Check Content RegExp object to tell JFFNMS that it not only should check to make sure this port is available but that it receives an appropriate response when it connects to the port. If these conditions aren't met, JFFNMS generates an alert for the interface.
Graphs and Stats
After JFFNMS detects the available drives on your system, it automatically starts collecting and graphing metrics that administrators typically want to view over time—for example, CPU utilization, network utilization, number of processes in memory, and TCP connections. To view graphs for a particular interface, go to the graphical view of the interfaces for a host by selecting Administration, Hosts & Interfaces, Hosts, then click an interface icon such as a disk drive, CPU, or network interface. Doing so displays the JFFNMS graphing engine that lets you view historical utilization data, as Web Figure 1 at http://www.windowsitpro.com, InstantDoc ID 44985, shows. Here, I'm viewing CPU utilization for another test system on my network. You can change the chart to plot different types of data that are logged for this interface by selecting different options in the Graph Type list at the upper left of the graph or change the time value that's displayed by selecting a Time Preset value in the drop-down list at the upper right.
If you want to view several charts on one page, click Administration, Reports, Performance Graphs. Here, you can display multiple charts for all your monitored devices, which provides a great at-a-glance view of your environment. I've found that using this charting over a long period of time for all my monitored devices can be extremely helpful in diagnosing problems. The charts are also useful for real-time troubleshooting and monitoring, when you narrow the Time Preset value down to the last hour or so. Because the charts are updated continuously (approximately every 2 minutes), they're also valuable for remotely checking utilization on a remote host.
JFFNMS tracks successful and failed port connections and can generate availability reports from these statistics. Were your systems up 100 percent of the time or only 80 percent? You can quickly produce a State & Availability report that provides the answer. To access availability statistics, on the Hosts Administration page select Administration, Reports, State & Availability. Select a host, a customer, or another item for which you want availability statistics. You'll see a report similar to that in Web Figure 2. As you can see, the HTTP service for one of my servers was offline for 3 minutes and 57 seconds, thus dropping that service's availability to 99.863 percent.
Monitoring Service and Process Status
Another useful thing you can do with JFFNMS is to configure it to query a target system and make sure that a process is always found in memory. If you must keep a close eye on critical services within your network, you'll love this feature of JFFNMS.
The SNMP data that's available on any Windows server includes a listing of the current processes residing in memory at the time of the query. The processes are typically referred to by their executable names or their short service names. For example, you'd expect to find inetinfo.exe as one of the processes on a server running IIS or store.exe on a server running Exchange Server. By default, JFFNMS doesn't monitor these processes for you as a part of the "automagic" autodiscovery, so you'll need to define them individually.
You can do so by performing a manual discovery on the host whose processes you want to monitor, then selecting the appropriate processes from the list that's displayed. Select Administration, Hosts and Interfaces, Hosts. Next to the device you want to start working with, click the Manual Discovery link to start the enumeration process, which takes several minutes.
When JFFNMS returns the discovery results, scroll to the bottom of the manual discovery details and you should see a list of processes that are running on your system. Processes here can be system services, or desktop and system tray applications that are currently executing in memory (yes, you can have JFFNMS monitor notepad.exe to make sure it's always running). Find the process(es) you want to monitor and select the Action check box next to the process name, which causes JFFNMS to look for this process on your system whenever it polls the device. If JFFNMS doesn't find the process, it generates a red alert for that device until it finds the process again.
When you're comfortable with JFFNMS and understand how to tune the monitors to minimize noise (alerts that aren't really relevant or important), you'll probably want to have JFFNMS notify you only when something important occurs on your network. JFFNMS users can set up their own email notification addresses by modifying their profile details (select Profile, Profile Values). Edit the eMail value to include the email address to which you want notifications delivered. Keep in mind that email messages will be sent through PHP. Therefore, to use JFFNMS's email notification, you must have correctly defined the mail server to use in the php.ini file when you installed JFFNMS.
Great Monitoring, Great Price
As you've seen, JFFNMS can be quite useful for monitoring an enterprise network of Windows hosts, switches, routers, firewalls, and other devices. Not only does JFFNMS provide many sophisticated monitoring features, it's completely agentless and is easy to implement. I use JFFNMS all the time now to monitor my own systems and those of my clients and look forward to more improvements in this open-source package as it continues to mature.
|Project Snapshot: How to|
| PROBLEM: You need more extensive system-monitoring capabilities than the built-in Windows tools provide, but can't afford the hefty price tag of high-end monitoring products. The open-source JFFNMS offers a viable alternative—at no cost.|
WHAT YOU NEED: JFFNMS, Windows NT Server 4.0 or later and SNMP on the monitoring system; network devices (e.g., hosts, routers, firewalls) that you want to monitor
DIFFICULTY: 2.5 out of 5