Network Monitoring (IPFix, Uptime, etc) Recommendations

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
E

Eric Faden

Member
Dec 5, 2016
98
6
8
41
Hey All,

So I'm looking for some recommendations on a Monitoring Setup. My network is made up of a bunch of MikroTik hardware (switches, routers, access points), 2x Proxmox Servers, a few HikVision Cameras, and a few QNAP Raid Arrays. I'm trying to setup a good way to monitor a bunch of different things and could use a little guidance. I'd like to monitor...

1) IPFix/Netflow from MikroTik Routers
2) Uptime/CPU/Memory/Etc from Proxmox Servers/QNAP
3) SNMP Data from ProxMox/QNAP/MikroTik Devices
4) Central Log Storage
5) Dashboard Tying All of The Above Together

For the first problem I was thinking of using an ELK Stack (+/- Grafana +/- FluentD). For the second I was thinking of using Nagios, Observium, Check_MK, Zabbix, or OpenNMS. I thought about PRTG but the 100 sensor limit for the free version is too limited. For SNMP data I was thinking Cacti... or ??? .... for the Log Storage I was thinking Syslog-NG fed into the Elastic via LogStash or FluentD....

And I have no idea for a dashboard...

I thought about also putting NetData on the Proxmox Servers for real time data.

Anyone have a good setup with this stuff that works?

My goal is to really have a handle on what is using what resources, and making sure everything works like I think it is just at a glance.

-Eric

Also... I'm planning on implementing all of this stuff either in a VM, LXC, or container running on one of the Proxmox servers.
 
P

PigLover

Moderator
Jan 26, 2011
3,186
1,545
113
ELK for 1 & 4. Zabbix for 2/3/5. Single pane of glass is tricker - I don't know that you'll find one solution. To the 95% of useful Zabbix will do, but it fails for "pretty" and "modern" (if you care about that).

This is pretty much my setup. One server running both ELK and Zabbix (actually, one VM - I know, you should isolate monitoring from the systems being monitored - but hey, its a lab). Only difference is that I don't bother with the IPfix/Netflow part at home - not much value in a small network.
 
E

Eric Faden

Member
Dec 5, 2016
98
6
8
41
PigLover said:
ELK for 1 & 4. Zabbix for 2/3/5. Single pane of glass is tricker - I don't know that you'll find one solution. To the 95% of useful Zabbix will do, but it fails for "pretty" and "modern" (if you care about that).

This is pretty much my setup. One server running both ELK and Zabbix (actually, one VM - I know, you should isolate monitoring from the systems being monitored - but hey, its a lab). Only difference is that I don't bother with the IPfix/Netflow part at home - not much value in a small network.
Click to expand...
You use pure ELK? What type of VM did you set it up in? Right now Ubuntu looks pretty good... seems like ELK has a full Repo.
 
P

PigLover

Moderator
Jan 26, 2011
3,186
1,545
113
Ubuntu 16.04 right now. Both Zabbix and ELK are well supported there. ELK is a PITA for simple things, glorious in handling the complex. Mostly I just use "L" (logstash) as centralized syslog target and some really simple searches that run periodically and feed back into Zabbix "items" for certain hosts.

Frankly, as Zabbix has improved even this is rarely necessary. The current agents for Linux and Windows are pretty comprehensive.

If I was starting from scratch today I'd probably try to figure out how to run both as Docker images.
 
  • Like
Reactions: T_Minus
E

Eric Faden

Member
Dec 5, 2016
98
6
8
41
You do much with Kibana? I'm really just trying to find a good way to take a IPFix flow and then graph out usage by Mac address. This is for a project, but I'm testing it out at my homelab. I have a venue I help manage (for free, non-profit) which has an open WIFI network. Since the computers change DHCP leases I can't monitor by IP. I'm trying to monitor traffic, etc by computer (which means MAC in this case).

Any other networking tools you can think of I should play around with? I'm just delving into this a fun lab project.
 
P

PigLover

Moderator
Jan 26, 2011
3,186
1,545
113
Replace your APs with Ubiquiti (which already does this for you). Kidding - of course. Couldn't resist.

Unfortunately, no. I've not done much visualization work with Kibana. In theory its easy - but this theory is always wrong. I think the biggest hurdle you'll have doing this with IPfix/Netflow data is the storm of records you have to collect/store/analyze.
 
E

Eric Faden

Member
Dec 5, 2016
98
6
8
41
PigLover said:
Replace your APs with Ubiquiti (which already does this for you). Kidding - of course. Couldn't resist.

Unfortunately, no. I've not done much visualization work with Kibana. In theory its easy - but this theory is always wrong. I think the biggest hurdle you'll have doing this with IPfix/Netflow data is the storm of records you have to collect/store/analyze.
Click to expand...
Any other suggestions for this type of data?.... really I just need a way to figure out what the bandwidth is being used for and by whom (by MAC).... not tied to IPFix/Netflow with ELK... but it seems like the only way I could figure out so far to do it. Open to anything else....
 
You must log in or register to reply here.
Top Bottom