Slashdot Mirror

← Back to Stories (view on slashdot.org)

Network Monitoring Options?

Posted by Cliff on from the tracking-down-network-hiccups dept.

Nom du Keyboard asks: "We have a LAN network of 7 servers and about 400 PCs. Every so often I'll notice immense slowdowns, from minutes to occasional delays of a couple hours, while getting data from various servers, and it happens from more than just my PC. So far we haven't had any way of determining if a server has suddenly gotten tied up, or if there is some failure in the communications backbone. Without a lot of money to spend on this (I think it's more important than others right now), what cheap or free monitoring options are there available that can map and isolate problems in a network of this size?"

42 comments

  1. some options by Yonder+Way · · Score: 3, Informative

    Some of the ones I have more recent experience with. All of these require some reading and planning before you set them up.

    OpenNMS - Probably the most trouble-free NMS I've found so far. No, not "trouble-free". But the closest to it.

    Nagios - The most flexible, but also the biggest royal pain in the ass to set up & maintain. Almost infinitely scalable, though, if you are willing to take the time to write some perl scripts to automate most administrative tasks and divide the monitoring work up (several "slave" hosts can harvest monitoring data for a subset of your network and push it to your central Nagios server which greatly lessens the load on your main monitoring server). Some really great monitoring possibilities are out there if you look into NRPE with Nagios.

    OpManager - We bought this commercial solution at my last job. Great for monitoring Windows servers. A real pain in the ass to monitor anything else with any level of sophistication. It also has some fatal bugs that cause it to quietly orphan nodes if it misses a scheduled poll!

    1. Re:some options by Blkdeath · · Score: 2, Informative
      Some of the ones I have more recent experience with. All of these require some reading and planning before you set them up.

      Before you get into network monitoring software, start at layer 1. Look at the physical topology of the network. Do you have network/switch maps? If not, get some. If there are none, make some. How is your network configured? Is it a high speed backbone (1G? 10G?) with low or high speed desktop connections (10Mbit? 100Mbit?) Is WIFI in play? Are you using VLANs? Are you connected to a WAN? Is spanning-tree involved, or is it a flat heirarchal topology? Could you have a redundant path between switches setup somewhere? Are your switches managed? For that matter, are you using hubs? Is there a wiring fault/short somewhere? When this slowdown occurs, do any ports show unusually high activity, or is it simply a server overload situation? You have 7 servers; could you balance the load between them? Where are the servers located within your topology? Are they connected to the backbone, are they dispersed locally (eg. close to a select group of users)? What protocols are in use? Could you pare them down (eg. do you run IPX? Do you need it? What about NETBEUI/NETBIOS?) Do you have any viral/trojan activity? Is your Internet link saturated, or only your internal connections?

      On a network that size (relatively small) I'd presume you're running a flat topology. If this is the case, try to balance your high(er) traffic computers on the switches. For example; if you have 24 port, 100BaseTX switches fed by a 1000Mbit backbone connection, try to ensure that you don't have an entire high-demand section of the building connected exclusively to this switch. Divide out the wiring so that half the switch is high while the other half is low traffic (or, add a second uplink).

      If your servers serve particular segments of the network, connect them to a high(er) speed port on a switch close to the main traffic source to prevent excess traffic needlessly traversing your backbone. If your servers serve the entire network equally, consider localizing the services else connect them with either a high speed or dual NICs to your backbone.

      If it's a server-load problem, divide off one/some of the services to some of the servers with a lighter load, else upgrade the hardware accordingly. (Low on RAM? Borrow a stick from a lower demand server)

      If you're using spanning-tree, or even if you're not, check the configuration. IBM switches are famous for delaying transactions on their fibre switches if ST is enabled but not utilized. If there are no situations where more than one switch-path exists, disable ST on all switches.

      To check your network activity and isolate protocol chatter, I could suggest any number of traffic sniffers. It may be something as simple as your DHCP leases are too short and your 400 machines are looking for the server(s) and requesting new addresses on a regular basis. Lengthen the leases to a week, or if your network is fairly static make it 2. Are you running a mix of Win'98/ME and 2k/XP machines? If you're running a hybrid NETBEUI / NetBIOS over TCP/IP you may have a lot of broadcast traffic looking for daddy. Look to reconfigure your client/server and peer relationships. On machines that don't require file and/or print sharing, disable the protocols entirely (else they'll broadcast constantly looking for everybody else).

      You're really going to have to isolate where exactly the problem is occurring before a solid reccomendation can be made - even to the monitoring aspect of things. Remember that most network admin work is done by good old fashioned legwork. Solving computer/network problems is all about the process of elimination. If your network structure is solid it'll make your job a helluva lot easier. Meanwhile you need to isolate if it's hardware, software, malicious, or network before we can begin to solve your problem for you.

      --
      BD Phone Home!

      Shameless plug. Like you weren't expecting it.

    2. Re:some options by mjhuot · · Score: 2, Informative

      Let me start by saying I work on the OpenNMS project. You could use OpenNMS very easily to accomplish your goals. OpenNMS does many things, the features that would be most useful to you for this problem would be service polling, service reponse time graphs, snmp performance graphs, and thresholding. Here is a quick run down on each of these -

      Service Polling
      OpenNMS can be configured to poll services on your servers. It will do checks for many protocols such as HTTP, SMTP, FTP, HTTPS, DNS. NTP, RADIUS, and others. Some of the pollers are more advanced than others, but they all at the very least do a TCP SYN, SYN ACK, ACK type thing.

      Service Response Time Graphs -
      OpenNMS will collect the response times from the polls it completes. The data is stored so that it can be displayed from the web interface for any device/service/date selection. OpenNMS uses RRDTool or jRobin to store the data. RRDTool is MRTG's big brother, and jRobin is their cousin written in java. These are the basis for most of the statistical data storage in OpenNMS.

      SNMP Performance Graphs -
      SNMP is a wonderful system for presenting performance data about network attached devices. Unfortunatly it has gotten a bad reputation over the years. SNMP can seem to be overly complex but, OpenNMS makes it easier. If devices have SNMP turned on and are configured with default values(not recommended from a security perspective), OpenNMS will be able to discover the SNMP data and will begin collecting it. OpenNMS will store the data it collects in RRDTool/jRobin format for display in the web interface. What can I get from SNMP, you migh ask. It all depends on the device being monitored. Devices had SNMP MIBs that contain information on what data they will provide via SNMP. OpenNMS has many of the most common MIBs all ready setup. The basic things you should be able to see for the server side will be network utilization, load, CPU, memory and some disk information. Being a network geek, I would also make sure your network infrastructure is also setup to be collected from. In many cases you can watch how the traffic is flowing through the network to determine the source of the problem.

      Thresholding -
      OpenNMS thresholding could be used to look at the data collected and send you an alert when a threshold is crossed.

      In addition, OpenNMS now supports NRPE, to be honest I am not sure to what extent, but if that type of functionality is needed it is there. If there is something needed for NRPE it can always be added.
      There are many more features to OpenNMS check out the web site for mote information. For me the big things are performance, stability and scalability. Given enough hardware I don't think there are too many networks that OpenNMS could not handle. Once you understand it you will see how endless the possibilities are.

    3. Re:some options by aquatazman · · Score: 1

      Anyone new to monitoring a network is going to be up against a learning curve somehwere. Start with something you are comfortable with until you start to understand really what is at hand. I have driven many of them and they all have plusses and minuses. If you want something that can monitor most services, collect snmp data, process snmp traps, send thresold alarms, and send out alerts with minimal fuss OpenNMS is the way to go IMHO. I like another poster got involved with the project after understanding its capabilties and potential. Before using Open Source NMS tools I used the gammot of enterprise tools outside of smarts and spectrum, plus their is a lot of interest from the carrier side as well in the project, that always make one warm and fuzzy as the carriers typically drive the technologies that enterprises will end up using.

    4. Re:some options by fsterman · · Score: 1

      This guy knows what he is talking about. Print services can be a bitch. MS, gah, chose a messy protocol and hasn't improved it much. I am assuming you have a small IT staff? Ad-hoc printing set-up? You could have extreme amounts of print server traffic. You should also try VLANing different departements out. It helps keeps problems isolated, increases security, and lowers the broadcast traffic across the entire domain so it can increase spead.

      --
      Is there anything better than clicking through Microsoft ads on Slashdot?
  2. Pinging by Life700MB · · Score: 0


    Isn't this precisely the job for ping? Just write an script to warn you when the ping to some server is greater than it should be.


    --
    Superb hosting 4800MB Storage, 120GB bandwidth, ssh, $7.95

    1. Re:Pinging by HavokDevNull · · Score: 2, Informative

      There is more traffic on a network that could cause problems other than icmp. If something is taking all bandwidth on a LAN then ping would be useless because everything you try to ping would be slow.

      Also using ping to check servers if they are up and down is a bad idea as well, a mission critical service could go down, but the server would still return a ping, and you would be the first one to know via one of your users, for instance. Using a tool such as nagios to check all services on a server including icmp requests would be the way to go. And to get a general view of all traffic on the network NTOP, then to look at one item on your network I would use tcpdump.

      --
      Sig
  3. tried by nocomment · · Score: 2, Insightful

    Cacti? ettercap/ethereal/whatever? Ran snort to see what kind of traffic is on your network? You left out an awful lot of information. I'm assuming you are running switches, but who knows? You never said the speed of your network either. Whether this is all in one building or spread across many, with routers in the middle etc... Without knowing any details I will suggest Cacti, and leave it at that.

    --
    /* oops I accidentally made a comment, sorry */
    /* http://allyourbasearebelongto.us */
  4. etherape by Yonder+Way · · Score: 2, Interesting

    Also, set up a mirror port on your switch and run "etherape" on a machine connected to that port. You'll get a real-time graphical representation of where the traffic is going on your network, and some indications of what kind of traffic you're looking at.

    1. Re:etherape by Anonymous Coward · · Score: 0

      Etherape - "It'll probe your ports without your consent."

  5. Just network? by HavokDevNull · · Score: 4, Informative

    Then NTOP http://www.ntop.org/ is your best bet, this breaks down all traffic on your network and should allow you to see who's being naughty and who's being nice.

    --
    Sig
  6. Cheap = ethereal and a hub by jgaynor · · Score: 4, Informative

    what cheap or free monitoring options are there available . . .

    If the network is the issue, the cheapest and simplest is a good laptop running Ethereal or Snort. Also pick up (or scrounge up) a dumb hub and if possible a fiber tap, since you're probably running in a mixed-media switched infrastructure (or maybe you're not - hence the problems :) ). If you want to get fancy you can buy span or rspan capable switches which will let you mirror traffic from individual ports or Vlans to a single management station port (in which case you can just use a desktop).

    This should go withot saying, but those packet captures will be useless unless you know WHERE each mac address is on the network. That said:

    1) maintain reliable L1/L2/L3 mappings
    2) Tag both ends of long cables and make sure all wallports are numbered, and
    3) beat the shit out of anyone who brings personal equipment in and plugs it in. It screws up your records and is probably less secure.

  7. Giveaway by Anonymous Coward · · Score: 0, Troll

    "Tied up"? "Failure in the communications backbone"?

    My suggestion is to hire somebody who knows things about computers. Your language suggests you are a layperson. Not being a computer expert isn't bad, but not being a computer expert and trying to do the job of a computer expert is.

    1. Re:Giveaway by undef24 · · Score: 0, Offtopic

      why is this a troll? "communications backbone"? give me a break.

    2. Re:Giveaway by Anonymous Coward · · Score: 0

      and, don't end a sentence with a preposition, fucker.

      Up the fuck I think you should shut.

  8. Snort it. by packetknife · · Score: 1

    Besides the regular ethereal suggestions if you're trying to do something on the cheap consider installing a lightweight Snort on each of the clients. If something is up it's bound to at least trigger some sort of Snort log. And it'll cluster around your incidents. Although, hands down, Ethereal on a span port or network tap is a better option. -Pk

  9. Try these tools by Matt+Perry · · Score: 2, Informative

    ntop
    Nagios
    MRTG
    Cacti

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  10. chatty windows machines by macshit · · Score: 1, Interesting

    A bit off-topic, but I'm curious if anyone can answer this for me:

    At work our network setup recently changed from static-IP based to DHCP based. I run a debian machine, and not all that much seems different for me, just that the machine gets its info from a server at bootup.

    However, running various network sniffing tools shows that all the windows machines on the network have become insanely chatty -- every windows machine seems to be constantly sending out packets, regardless of whether they're actually doing anything or not. Given that there are hundreds of windows machines on the (ethernet) network, this means A Lot of Packets.

    I find this quite annoying because it horribly clogs up the results if I run some tool to look at network activity (usually to see if something's wrong with one of my machines). I don't know if it actually degrades the network performance appreciably (the packet size seems to be fairly small), but I assume that having zillions of pointless packets getting sent can't be a good thing for performance on an ethernet...

    Anyone know WTF those machines are doing? Is this some "feature" gone berzerk?

    [I don't recall windows machines doing this in the past; although the change seems to co-incide with our move to DHCP, I suppose maybe it could also be due to people upgrading to newer versions of windows.]

    --
    We live, as we dream -- alone....
    1. Re:chatty windows machines by BrokenHalo · · Score: 1
      Anyone know WTF those machines are doing? Is this some "feature" gone berzerk?

      My immediate suspicion would be a virus/worm/spywarebot calling home.

      For all its many other faults, Windows usually seems to handle DHCP reasonably well.

    2. Re:chatty windows machines by perlchild · · Score: 1

      You should check if the windows machines try(and most likely fail) to update dns info regarding themselves. It's the default setting as far as I can determine, and it's a royal pain in the ass for anyone not running a to-spec, windows-from-dns-up microsoft-stamped shop.

    3. Re:chatty windows machines by WoTG · · Score: 1

      I wouldn't be surprised if it was directly related to newer versions of Windows. I get the impression from your post that your company uses some sort of semi-standard image. There are a lot more network aware/active bits of software nowadays. Multiple programs checking updates online. Windows probing for new printers and neighbours. Antivirus chatter. Etc.

      Or it could be a misconfigured DHCP setup that doesn't provide the correct or enough information causing the machines to send broadcasts. Looking at the specific traffic with a sniffer would probably point out the source quickly.

    4. Re:chatty windows machines by macshit · · Score: 1

      My immediate suspicion would be a virus/worm/spywarebot calling home.

      I really don't think it's that. Despite their use of windows, most of the users are quite technically savvy (most are doing software development and/or chip design), and they seem to be quite good about doing what's necessary to avoid nastiness. There's also an organized structure for making sure people keep their machines up to date, and the admins actually follow through to make sure people do it. When there's a virus outbreak in the news, they go into overdrive to make sure people are ready.

      As this network noise has been constant for quite a while (at least 6 months), it does seem to be something "real". Maybe it's some kind of badly designed service-discovery protocol?

      --
      We live, as we dream -- alone....
    5. Re:chatty windows machines by Anonymous Coward · · Score: 1

      Anyone know WTF those machines are doing? Is this some "feature" gone berzerk?

      Jesus Fucking Christ. How about you look at the traffic? You appear to know about sniffing tools. LOOK AT THE RESULTS. What kind of traffic are they sending? Souce? Destination? Port? Protocol?

      So why can't I get a job when numbnuts like you have one?

      Probably because I'm bitter.

    6. Re:chatty windows machines by convolvatron · · Score: 1

      Surely with such a high volume of traffic you can use a sniffer and
      get port numbers and packet bodies. its amazing what you can paste in
      to google and get an immediate answer.

    7. Re:chatty windows machines by Blkdeath · · Score: 1
      However, running various network sniffing tools shows that all the windows machines on the network have become insanely chatty -- every windows machine seems to be constantly sending out packets, regardless of whether they're actually doing anything or not. Given that there are hundreds of windows machines on the (ethernet) network, this means A Lot of Packets.

      Your steps should be something as follows;

      • Check the source/port/type/content of the packets to isolate what protocol is causing them.
      • Check your DHCP configuration. Is the server providing enough information?
      • Check the available address space. Do you have enough slack space in your address pool or are you running low on addresses causing the machines to 'fight' over them?
      • Check the lease time. Are they expring too soon causing frequent requests? Remember that if your lease time is 24 hours, your machines will 'phone home' every 12 hours to ensure it's still kosher. (It's not a dial-up ISP; with a large enough address pool to handle your machines, a 7-14 day lease time is just fine)
      • Check your DNS setup. Are you using an internal DNS server? (With that many machines you really should be). If so, is it talking to your DHCP server to properly setup reverse-mappings? Win2k likes to update its DNS servers vis its reverse map regardless of the owner of said DNS server.

      Remember that the switchover to DHCP may be merely causality and may not even be the source of your problem. Isolate and examine some of the packets to be sure..

      --
      BD Phone Home!

      Shameless plug. Like you weren't expecting it.

    8. Re:chatty windows machines by andylievertz · · Score: 1
      Can you identify which protocols/ports the "chatter" is using? TCP 139,445? UDP 137,138,139?

      I suspect your workstations are running Windows XP, which creates quite a bit more traffic than its predecessors as it attempts to discover network resources such as file shares and printers.

      On your workstations, from Windows Explorer:

      1. Click Tools->Folder Options
      2. Select the "View" tab
      3. Uncheck the "Automatically search for network folders and printers" option.
      4. Profit!

      Whiz-bang-boom! Instantly quieter XP :o)

      --
      In Soviet Russia, the signature reads YOU!
    9. Re:chatty windows machines by woolio · · Score: 1
      Anyone know WTF those machines are doing?

      Yes, they are planning world domination for Microsoft! Oh wait....
  11. Tell Us More.... by Anonymous Coward · · Score: 0

    What does your network look like? What type of gear is in the backbone? Are the switches managed? Is the network flat or is it segmented into VLANs?

  12. Status lights or management console by Anonymous Coward · · Score: 0

    It would seem like one of the first thing to do is to look at the status lights or the management console to see what ports are loaded down with network activity during slow-downs...

    Perhaps it's bad network equipment? Are the switches maintaining uptime?

    Of course, all the network monitoring software already mentioned here would help diagnose the details of the network traffic.

  13. network or hosts? by jaredmauch · · Score: 2, Informative
    You didn't make it perfectly clear which you were attempting to isolate, the host related issues or the network related ones. There are a lot of monitoring systems out there from NAGIOS to Sysmon (author disclosure) as well as the previously mentioned OpenNMS.

    If your intent is to detect network troubles, I recommend using some system like Cricket or MRTG to graph the interfaces as well as the Errors on the interfaces within the network. This may require some finesse in setting up for the first time.

    Aside from that, Sysmon was written primarily to monitor hosts and the host based services, but was morphed also to monitoring networks. It may fit your needs as you can set up SNMP thresholds of network errors and other things.

    If you want to be super-lazy, I would download the trial of Intermapper it may be able to find these troubles for you if you can SNMP poll the devices and has auto-discovery. I've not used it in awhile, so hopefully it has support for the platforms that you are using.

  14. Many tools, many types of monitoring by vitroth · · Score: 2, Informative

    Thats a pretty vague question, and you didn't provide enough information to really answer it right, but here's some recommendations.

    Assuming you have managed switches, collecting per-port data with SNMP is a great first start. I think Cricket (http://cricket.sourceforge.net/ is a great system for collecting this data, but I prefer Drraw (http://web.taranis.org/drraw) for graphing the data. For an example of the power available by combining these two tools, see http://stats.net.cmu.edu/

    Once you've got that, install Net-SNMP's snmpd on your host and collect & graph interface stats for your unix servers as well. If you don't have managed switches this may be good enough on its own. You can also graph load average, memory usage, etc.

    For actually analyzing your network traffic I suggest Argus, http://www.qosient.com/argus. It's a network traffic auditing tool, think of it as tcpdump for flows instead of packets, or as netflow on crack. You can easily record complete flow statistics for your entire network for later perusal. All you need is a network topology that allows you to sniff most/all of the traffic. A span port on a switch is usually sufficient. If you've already got a snort server and it has enough processing capacity you can just run argus on the same host.

    Speaking of which, if you don't have a snort server you probably want one. Nessus as well.

    For monitoring/alerting I recommend Mon (http://www.kernel.org/software/mon), but then I'm biased.

    And once you've tracked down what machine(s) are causing the problem, do you have records of which machines belong to which users? (Insert plug here for CMU's NetReg system for management of DNS and DHCP, which provides that. (http://www.net.cmu.edu/netreg) I'm biased on this one as well...)

    Oh, and my money would be on poorly timed overlapping network backups, saturating a switch uplink. Just a guess...

  15. More important than others? by aminorex · · Score: 1

    I take it you don't play well with others, but you play well with money.

    --
    -I like my women like I like my tea: green-
  16. the simple answer by NateTech · · Score: 0

    ssh and top.

    --
    +++OK ATH
  17. Pretty easy by macdaddy · · Score: 1
    You haven't described your network topology much. 400 PCs and 7 servers. I can make a lot of assumptions here such as you're on an entirely flat network. You're network is composed of a variety of equipment from multiple vendors and most of it is not manageable. Would either or both of these statements be correct?


    In the short-term you need to break out a sniffer. A few people suggested this. What most of the people are suggesting are service/service monitor tools. These really won't help your problem. I use many of these myself including Nagios. In fact I'm getting another page from Nagios right now. I use it heavily at multiple customers' sites. These types of tools will help you find out when a particular service on a given server goes down but they're not going to help much in troubleshooting this problem.


    What does your network troubleshooting skillset look like? Are you familiar with sniffers (network protocol analyzers)? Can you handle Linux? 95% of the free tools that you'll get recommendations on are going to need a Linux, Solaris, AIX, etc install to run on. Some of these tools have Windows ports; some can run in Cygwin. The most basic tool I'm going to recommend is tcpdump. Ince you've mastered tcpdump then you can make the switch to CLI snort. Ntop is also a very handy utility in that it gives you more historical data than most other tools. You need to position your sniffer in a place on the network where it can see the most traffic. If you're switches aren't management then you can't doing any port mirroring (spanning, monitoring, etc. whatever terminology your vendor uses). Placing a hub at a critical point will severely hurt your network throughput and may mask the problem. Network taps aren't too expensive. This would likely be your best bet.


    Really you haven't given enough information for us to give you a solid recommendation. What does your physical network topology look like? What does you IP network topology look like? What brand(s) and model(s) of switches (or hubs) do you have? Are you currently graphing network I/O on your critical network or server links? Give us some more information and we can give you better suggestions. I'm really reserving any suggestions until I know more about your network. Chime in and I'll try to help.

  18. Simple, powerful and scalable by pjf(at)gna.org · · Score: 1

    Try NetMRG (http://www.netmrg.net/).

    --
    echo "getuid(){return 0;}" > e.c; gcc -shared -o e.so e.c; LD_PRELOAD=./e.so sh
  19. holy vague questions, batman! by Clover_Kicker · · Score: 2, Informative

    Are all servers affected? Have you bothered measuring the load on your servers? The problem might not have anything to do with the network.

  20. Netbios by jobugeek · · Score: 1

    My first guess would be that all machines are set to take their Netbios setting from the DHCP server, which by default is on. Netbios is very chatty and useless, unless you have some 16bit network apps that need it. I would look there first.

    --
    I'm not drunk, I just have a speech impediment. And a stomach virus. And an inner ear infection.
  21. !!!!!!!!!!MOD PARENT UP!!!!!!!!!! by AntiGenX · · Score: 1

    thank you

  22. 5-4-3 rule? by Gothmolly · · Score: 1

    7 servers and 400 PCs sounds like a small shop, one prone to growth-by-accretion. Are you daisychaining hubs? Breaking the 5-4-3 rule anywhere? Using crappy cabling, thats at (or over) the distance limit? Are you all on a switch or switches? Do they suck? Try some network partitioning, if you can swing it, drop a PC-based router in (Linux, Win2K, whatever) and DHCP all the PCs off onto a separate subnet.
    Are all the servers Windows-based? Set up 1 master Perfmon screen with NIC and CPU usage stats for each server - manually correlate the slowdowns with what you see on Perfmon.
    Just some ideas.

    --
    I want to delete my account but Slashdot doesn't allow it.
  23. My $0.02 by Limburgher · · Score: 1
    If you're looking for quick and dirty up/down host/service monitoring, check out Limph. Disclaimer: I am the main dev on this project.

    If you need more complex system/router data, Cacti is a really good way to centralize the collection of SNMP data.

    --

    You are not the customer.

  24. Free option by obeythefist · · Score: 2, Insightful

    Start -> Programs -> Administrative Tools -> Performance

    If you don't know how this tool works, please resign and hire a high school MCSE who does. But just in case you do want to use /. as a means to make yourself appear more competent at support than you actually are, here's what you do with it. Place counter logs on servers experiencing poor performance. Observe any thresholds that are exceeded that shouldn't (poor disk, cpu, memory, network performance). Upgrade/fix deficient performers. If you don't see any problems, it is likely an issue with network infrastructure (But don't run straight to blaming the network if you haven't fully investigated server performance).

    I don't mean to flame but monitoring performance is not complicated and certainly not something that should qualify for an Ask Slashdot.

    What will we see next on Ask Slashdot?

    "I am an Administrator for a medium sized busines with 100 workstations and 8 servers. We have a new employee starting next week, and I have been told this employee does not wish to use an existing user account, instead management wants the new starter to have an account with her own name on it. I have read through all the manuals but I want to know, is it possible to have a new user account on the network? Management don't want to spend any more money on licenses so this should be a cheap solution."

    "I am running a local area network with about 10 desktops and 2 servers. Suddenly last week all the computers stopped communicating. I looked at the core network switch but it appears normal, although all the lights have turned off. Management would like this fixed as soon as possible but they are on a tight budget. Are there any open source solutions, or any readers who have seen similar problems?"

    --
    I am government man, come from the government. The government has sent me. -- G.I.R.