SImple network monitoring software

[jasonstonier]

Hi all, I am running a small non-profit college in Zambia, and we've just managed to get an internet connection to the site (£200 per month for a 2Mbit 10:1 contested line. It's enough to make you weep). I've done bits and pieces of networking in the past so I'm not a complete newbie, but I am nowhere near an expert. My question is probably simple, but I will start with the context...

The incoming modem (WiMAX) can serve 10 IP addresses. I have the college (30 IPs), then two residential properties (12 IPs), with runs of 110 metres between each (220 metres from the modem to the final point. We get a lot of heavy rain and lightning storms here, so I decided against wireless bridging, and went for Cat5 buried in ducting (plus it's cheaper, and we're a charity) - because of the length of each individual run, I put hubs at the mid point as a cheap booster, and have daisy-chained two routers.

The network looks like this:

0) ISP WiMAX broadcast
1) Modem (10.1.1.254) ->
1a) Wifi Access Point [TP-Link router in AP mode]->
1b) Hub ->
2) Router Using 10.1.1.X as WAN port [TP-Link] (192.168.0.1) ->
3) Router Using 192.168.0.X as WAN port [TP-Link] (192.168.1.1) ->
3b) Hub ->
3c) Wifi Access Point [D-Link]

This is working well and is nice and simple.

First question - I need a simple and low-resource tool to run on a machine on the final network (192.168.1.1) to give me logs and an alarm if (3), (2), (1) or (www.google.com) don't respond to a ping. At the moment I am using freeping by Tools4Ever but this doesn't produce logs. The main purpose is so that I have evidence on which to base an internet availability calculation (the ISP claims 99%, but it is nowhere near this). The purpose of pinging my own routers and google.com is so I can see at a glance that if my routers and modem are ok, but google.com is not, then it is the ISP that is down. I have checked out a lot of tools but nothing does exactly what I want, and my network connection is so slow I can't just download hundreds to try them. I just need a list of devices, whether they are responding to pings, and also the results logging to a file so I can see which part of the network went down and at what time.

Next question - I have file servers on the end network (192.168.1.1) and I would like to give computers on the (10.1.1.254) and (192.168.0.1) networks access to them. From 192.168.1.X I can see 'down' the network, but 10.1.1.X can't see 'up'. Can anyone give me advice on the routing to achieve this?

Thanks,

 

[bill001g]

There are a bunch of monitoring tools you can get for free. Things like cacti and nagios are likely overkill but they are free and will do everything you want and more.

Your problem is the NAT and it is the same solution as the internet...port mapping. Tends to be a pain when you have multiple servers using the same port.

If at all possible you want to not run nat between devices in your internal network. It is unclear why you have the routers in the first place but if you need different subnets you are best off getting a actual "router". A true router will allow traffic to pass between various subnets without manipulating the ip addresses with nat. This is not a common feature in the devices you see in the consumer/small business market since most people use them to access the internet. The cheapest way is to load third party firmware like dd-wrt onto them so you can use the routing function without NAT.

It also will benefit you to load third party firmware even on your AP devices if you are going to use monitoring tools since the third party software supports SNMP queries. This will allow you to produce graphs of say utilization of ports, number of users connected etc etc.

 

[jasonstonier]

Regarding monitoring tools, I am now using NanoWatcher, which on paper does what I want but seems to be really inconsistent in writing its logs. If anyone knows of anything like that, but that works, I would love the recommendation. Maybe I just need to dust of my VB and write something...

As for the routers, the reason they are there is because of the length of cable run I need - it's 220 metres from the Modem to the final machine. I tried using hubs as repeaters, and although I could ping end to end, the furthest machines wouldn't pick up their IP address from the modem's DHCP. PoE repeaters are just too expensive for us, and not easily available in Zambia.

Having routers also lets me have subnets in my two residential properties, so for example if the modem goes down I still have an internal network to access my media server.

It may not be elegant, but it's cheap (a key requirement as we are a charity).

I will look into the possibility of running the custom firmware, thanks for the tip.

 

[PacketChaser]

You'll be an expert if you get that working and all clients happy

I'd go with Nagios on Linux. You are in total control of how often and how it checks what. You can check services rather than just ICMP pings. I get e-mail if anything important goes down. I can look at my phone at the Nagios server and see at a glance everything is up, and I can run a phone app to it sounds an alarm if there is trouble. You can do reports with charts and graphs for those who are impressed with charts and graphs. Everything is logged. When things get bigger and better, and they will, you'll be glad you have a good network monitor setup and understood by you. Once you figure out a few config files, it's pretty easy to setup. If you're not Linuxy and already hooked on a particular distribution, I'd go with Fedora or CentOS. Skip the popular, easy windowsy type distributions.

Spiceworks on Windows is very good, easy, but also pretty chatty if you don't configure it.

With your slow connection shared with many, you might want to look into making a firewall and being pretty choosey about what the users can connect to. Linux firewall with two NICs is probably the only good, cheap solution. I could be wrong. Good Idea to run the Cat5's. You want the least wireless possible, preferably just to clients.

I wish I had a wormhole I could toss some stuff in and get it to you. I have a huge pile of stuff I need to get sent to salvage.

 

[jasonstonier]

You'll be an expert if you get that working and all clients happy
I wish I had a wormhole I could toss some stuff in and get it to you. I have a huge pile of stuff I need to get sent to salvage.

I will be back in the UK over December for a month, so if you want to donate stuff to an excellent Zambian college teaching underprivileged youths motor vehicle mechanics, it could easily happen.

 

[jasonstonier]

Regarding monitoring of up-time for IP addresses, I wrote a simple batch file to do what I want. Might be useful to someone.

echo off

:start

set DATESTAMP=%DATE:~10,4%_%DATE:~4,2%_%DATE:~7,2%
set TIMESTAMP=%TIME:~0,2%_%TIME:~3,2%_%TIME:~6,2%
set DATEANDTIME=%DATESTAMP%__%TIMESTAMP%

echo --------------------------------------------------------- >> c:\pinger\pinger_log.txt
echo Current Time - %DATEANDTIME% >> c:\pinger\pinger_log.txt

echo First Router
ping 192.168.1.1 -n 2 -l 8  >> c:\pinger\pinger_log.txt

echo Second Router
ping 192.168.1.1 -n 2 -l 8  >> c:\pinger\pinger_log.txt

echo Modem
ping 10.1.1.254 -n 2 -l 8  >> c:\pinger\pinger_log.txt

echo Google
ping www.google.com -n 10 -l 8 >> c:\pinger\pinger_log.txt


echo Waiting 60 seconds
waiter 60

goto start

I then have some VBA in excel which pulls the log apart and graphs the various parts I am interested in. Nice and simple.

"waiter" is a program a friend of mine wrote years ago which just pauses a batch file for the specified time, but takes up almost no CPU time doing it.

 

[nthiede]

a monitoring tool obviously designed around making monitoring simple is CloudRadar (https://www.cloudradar.io) - which monitors servers, network devices and websites - so basically all you describe above. SaaS setup and lots of configuration guidance helps to get a monitoring up and running in minutes.

 

[gengw2000]

wfilter internet content filter is what you want. A simple tools to monitor and filter internet activities.