Nagios Network Analyzer: Pro with the Flow

Picture of Shamas Demoret
Shamas Demoret
Technical Content Manager
Network Traffic Analysis section of a Host Detail section in Nagios XI.

Nagios XI provides excellent options for meeting common requirements like port status and interface bandwidth monitoring on your network devices and servers. For metrics like bandwidth usage though, sometimes you want to go beyond traffic volume alone and investigate the cause. That’s where Nagios Network Analyzer shines. By collecting and analyzing flow data, you’ll gain deeper insight into the traffic on your network.

Getting to the Source

Setting up your network devices and Linux systems to send their flow data upstream to Network Analyzer tends to be quick and easy. It may also be possible to integrate Windows systems, but this requires loading a commercial application on them. You can find the setup guides for the above link in the Admin Guide.

What’s in a Flow?

Flow data provides you with insight into where traffic came from and where it went, based on hostnames/IP addresses and ports, combined with volume. This enables you to quickly access details like Top Talkers by Source and Destination IP and Port, as seen here in the Source overview of a CentOS 9 server running fprobe:

Nagios Network Analyzer source overview showing bandwidth and top talkers on an fprobe source.
Network Analyzer makes it easy to go straight to the Source.

If you’d like to resolve hostnames and display those instead of IP addresses in Reports, Queries, and Graphs, simply navigate to the Administration > Global Settings menu and use the checkboxes in the Resolve Hostnames in: section.

Queries and Reports

Queries enable you to pare down the results in Source overviews and alerts to focus only on the types of traffic that are most important to you. You’ll notice two queries are built-in to get you started in the Queries menu: Common Botnets and P2P Traffic.

Common Botnets query parameters in the Nagios Network Analyzer interface.
The pre-loaded Common Botnets query.

Reports provide a way to view the top results based on custom criteria, to be viewed in the web interface or exported as a PDF.

Nagios Network Analyzer report showing top 5 talkers by Source IP.
A Top Talkers By Source IP report

Abnormal Behavior

Network Analyzer also automatically compares current Source behavior with past data and indicates major deviations via the Abnormal Behavior function. Not only will these results be clearly indicated in red on the home Dashboard, but you can also set up alerts to be automatically notified when it is discovered.

The Dashboard menu in Nagios Network Analyzer, showing Abnormal Behavior on two Sources.
Abnormal Behavior detection is easy with Network Analyzer.

The Best Route

The Route feature is another great tool, enabling you to view all of the hops between nodes. In this example we’re viewing the hops between a local server and a third-party vendor site:

The Route menu in Nagios Network Analyzer, showing the hops between a local server and a third-party vendor site.
View hops easily with the Route tool in Network Analyzer.

The function uses the check_traceroute plugin, executed by the NCPA agent, and is simple to set up. Here’s a link to the guide: Route Monitoring Guide.

Easy Integration with Nagios XI and Nagios Fusion

Network Analyzer is also easy to integrate with Nagios XI for centralized visibility, reporting, and alerting on the data it collects. Nagios XI includes a Network Report that you can use to report on Top Talkers, a Network Query report that provides access to your queries, and a wizard you can use to roll alerts based on flow data into XI. After you link the two using the Nagios Network Analyzer Integration component found in the Admin > System Extensions > Manage Components menu of XI, you’ll also notice a new Network Traffic Analysis tab in your Host Detail pages.

Network Traffic Analysis section of a Host Detail section in Nagios XI.
Integrating Network Analyzer with Nagios XI is a breeze.

You’ll also be able to integrate Network Analyzer alerts and bandwidth graphs with Nagios Fusion quickly and easily.

As you can see, Network Analyzer adds valuable depth to your network monitoring by shedding light on flow data. It’s a powerful standalone tool, and even stronger when combined with Nagios XI. If you’d like to take Network Analyzer for a spin, the free 30-day trial is a great way to get started.

Share:
On this page
    Tags
    Related Articles
    Share:

    Products

    Nagios XI

    Nagios CSP

    Nagios Log Server

    Nagios Network Analyzer

    Nagios Fusion

    Projects

    Nagios Core

    Nagios Plugins

    NSClient++

    NDOUTILS

    NCPA

    NRPE

    NRDP

    Resources

    Documentation

    Developer Corner

    Video Tutorials

    Changelog

    Solutions

    Tech Tips

    Training

    Support

    Knowledgebase

    Nagios Forum

    Support Home

    Support Tips

    Get Support

    Customer Portal

    Community

    World Conference

    Bounty Program

    MVP Awards

    Nagios Exchange

    Articles

    Get Involved

    Company

    Story of Nagios

    Nagios Alternatives

    Why Nagios?

    The Nagios Team

    Careers

    Contact Us

    Contact Sales

    Downloads

    Nagios Enterprises, LLC | Website Copyright © 2009 - . All rights reserved.

    Github Facebook-f Youtube Linkedin-in X-twitter