Give your network a sixth sense

Once you get past the glamour of being a network administrator, you're left with the task of fixing problems that arise from user error or acts of God. Unfortunately, few administrators are omniscient enough to prevent most system failures. With Ripple Technologies' LogCaster 2.51, you don't need a sixth sense to keep your network in line.

LogCaster monitors your Windows 2000- or Windows NT-based network to ensure that crucial applications, services, and devices run smoothly. The product ships on one CD-ROM with a well-written 200-page manual that includes a comprehensive tutorial.

As most network-monitoring utilities do, LogCaster uses a client/server-based architecture. Client systems run the LogCaster Agent service, and servers rely on the Event Dispatcher Server (EDS) to coordinate the information that the agents collect. You install the LogCaster Service Watcher on the systems you want the software to monitor.

After you install LogCaster, you begin monitoring your network in the LogCaster Management Console, which Figure 1 shows. Fortunately, LogCaster's intuitive tab-based user interface (UI) masks the program's complexity: You can accomplish any task in LogCaster with a minimum of fuss. After you add the names of the machines you want to monitor to the LogCaster Setup utility (by selecting computers and sorting them into groups), you can select specific services, devices, and applications to monitor. As Figure 2, page 120, shows, you can set filters for the events you want to monitor. For example, you can monitor how much CPU time certain users utilize on the server. After you define the filters, LogCaster starts consolidating the event logs from each machine and stores the consolidated log on the computer that you've designated as the EDS.

To test the software's monitoring abilities, I installed LogCaster on a six-system test network comprising two NT 4.0 servers, a Win2K Server machine, one Win2K Professional-based client, and two Windows 98 clients. I set LogCaster to monitor IP services (i.e., a busy Web server and a frequently accessed FTP server) on one of the NT 4.0 machines, as well as keep track of the client systems' services. The Win2K server was an application and file server, so I instructed LogCaster to monitor the amount of disk space, free RAM, and CPU time the server used. I set everything up in less than 10 minutes.

LogCaster, which is an early-detection tool, let me fix problems before they became dangerous. The program even detected minor glitches such as someone overloading my Web server with an automated downloading utility and my Microsoft SQL Server machine running out of temporary storage space.

LogCaster offers several notification options for when a monitored service, device, or application crashes. In addition to the standard email and SNMP trap alerts, LogCaster includes paging support and can log the failure to a standard ODBC database. The program also takes corrective measures to restart the failed service or application. To help ensure that no further conflicts occur, you can set LogCaster to delay the restart of a service by as much as 10 minutes. For more drastic failures (e.g., if a critical service fails), LogCaster automatically shuts down and restarts the affected computer.

LogCaster takes up very little bandwidth. The client agents use a scant 8MB of disk space and consume less than 2MB of memory, and network traffic stays light. In fact, you can run LogCaster efficiently on a 10Base-T network without experiencing bottlenecks.

For remote usage, LogCaster includes a Telnet daemon that enables remote access to NT's command line. For security purposes, you can disable this feature during the setup process. However, the handy UNIX-like daemon lets you remotely shut down a process that is causing OS problems. Unfortunately, LogCaster doesn't support the Secure Shell (SSH) protocol, which is prevalent in the Linux community. A company representative told me that RippleTech will add SSH support, given sufficient demand.

Administrators who use NT systems to drive their Internet servers will find LogCaster useful. Because LogCaster can scan any TCP/IP-based services, you can set the program to monitor HTTP servers, Telnet servers, email servers, and FTP servers. Of course, this monitoring feature works best if you're using Microsoft IIS, but you can also shoehorn support for other Internet servers.

LogCaster is elegant in its flexibility. Because the program ships with predefined templates, you can set LogCaster to monitor your crucial third-party applications. These templates effectively add customized support for popular and essential tools such as SQL Server, Citrix MetaFrame and WinFrame, and IIS. You can modify these templates so that LogCaster monitors certain aspects of each application. For example, you can customize the IIS template to monitor such items as Active Server Pages (ASP) hits and amount of processor time used.

You can also use LogCaster to monitor any application or service that creates an event log in ASCII format. By defining the parameters for LogCaster to monitor, you can set the program to grab specific data from the log and forward it to the EDS. RippleTech offers a C++-based software development kit (SDK) that lets administrators who double as programmers create plugins for custom applications.

RippleTech developed LogCaster on Win2K, so version 2.51 supports Microsoft's latest OS right out of the box. You can set LogCaster to monitor your Active Directory (AD) replication logs without waiting for an upgrade from RippleTech.

LogCaster's only downside is that it doesn't include an HTML-based interface for remote configuration and control. LogCaster runs only on NT boxes (i.e., no Novell NetWare support), so to control the program remotely, you'll need to use the LogCaster Management Console on an NT machine. However, RippleTech is developing an HTML interface, which is one step closer to crossplatform support.

Even if you have a network-monitoring solution in place, LogCaster warrants your close evaluation. Its customizability places it in a league of its own, and its ease of use ensures low maintenance. LogCaster is simply the most impressive and complete network-monitoring utility I've seen in recent years.

LogCaster 2.51
Contact: Ripple Technologies * 215-321-9600
Web: http://www.rippletech.com
Price: $795 per server, $95 per client, volume licensing available
Decision Summary:
Pros: Remote-installation support; thorough monitoring engine; high level of customizability
Cons: No HTML-based interface