NEPM is a very general, highly configurable, two part software system that monitors
any type of logged data from IP networked equipment and reports it via e-mail and web pages.
Current conditions and history from systems based on Windows NT/200n/XP, UNIX/Linux/BSD,
and related operating systems can be tracked and reported. Most major server, switch
and router systems can be monitored, without running agents on the target systems.
NEPM itself is system independent and can be hosted on either a Unix or WinNT
system or a combination of these with equal ease.
Detailed Description of NEPM
The Courier program of NEPM polls a list of network nodes periodically by telnet and copies the required logs. It then compresses these files and mails them to NEPM's Builder program for archiving and analysis.
The Builder program periodically reads and analyzes all the logs mailed to it. Each log is identified with a network and node element and archived. Reports are built and updated that track downtime, critical events, and performance within each of these network and elements. Summary reports for each monitored domain present its overall status and summaries by element, both graphically and numerically. These summary reports link directly to detail pages for each element containing the full report for that element. These detail pages in turn link into log extracts showing the events leading to the trigger event. Thus a direct path is provided from a network domain-level summary showing a problem down to its detailed cause.
Events and performance that cross thresholds generate alert emails. Reports can be automatically posted to a web server directory that is mapped or mounted on Builder's host machine to make them available on the local network. See examples here.Management Consoles
Web-browser-based management consoles operate Builder and Courier and make possible full local or remote control of all their functions. The Builder Management Console runs on the same system as does Builder, and similarly for Courier. Configuration, run control, and polling scheduling are handled thru the Management Consoles, with defaults and informative linked help provided at every step. Management and control of either NEPM element is quick and simple from any point on the network. See an example here.
Builder and Courier can also be configured manually with a text editor and run from the command line without conflicting with operation via the Management Consoles.
Hosts, Multiple Networks, and Isolated Networks
The Courier and Builder programs themselves can execute on the same or separate host systems. Locating Couriers separately behind the firewalls of remote networks makes it possible to capture data from each network while building a single archive and reporting system at a central site. When this feature is not required the two parts can be run on the same host system. In this case files can be couriered between them via the file system rather than by e-mail. The Courier includes the ability to specify a cascaded or chained telnet session the relays data capture thru one or more intermediate hosts. This feature makes it possible to monitor equipment on isolated networks such as test and development thru a gateway system on the net with one externally accessible port.
The Courier and Builder programs are each configured with one text control file. This file is normally created and maintained with the Management Console, but may also be edited directly in a text editor. Each file contains general entries such as mail server and account information, etc. that its corresponding program needs. In addition, the Courier control file contains a network specific section listing details of the systems, elements, and files to be polled, and the Builder control file contains an event message text section used to extract the events of interest from the logs captured by Courier. Default values for most parameters speed and simplify configuration of NEPM.
These control files create a high degree of flexibility and generality for NEPM. Any log containing date-time tokens can be used to trap events of interest by entering the system and log name in the Courier control file and the event text in the Builder control file. One licensed copy of each program can run any number of configurations. Each configuration is scheduled independently with its own control file. This feature makes it possible to monitor some network elements at one time, and others at another time, or to have to some monitoring, such as Windows systems, under control of one person, and other monitoring, such as UNIX's and Linux's, under control of a second person.Polling Rate
The Builder and Courier are run as often as required. On small-to-medium sized networks the Courier would typically be run once daily during the night to capture and mail all the data, and the Builder be run daily, slightly later, to generate daily reports. On a larger network, or if there is a need for results closer to real time, capture and report runs can be scheduled at eight or four hour intervals, hourly or even more often. Capture, courier, and analysis of the data on one system takes on the order of minutes for typical log sizes and high speed networks. A quasi-real-time update cycle can be easily configured for selected systems when needed, allowing you to monitor their states continuously via the web reports. This polling runs under control of the cron utility on UNIX/Linux systems or the 'at' task scheduler on WinNT/2000/XP and is automatically set up and managed for you in the management consoles.
The reports are generated from html templates, making it possible for licensed users to easily customize their appearance with an organizational logo or other special formatting for presenting to users. View a sample set of reports here .
Go here for the system requirements.
For general technical background on Network Monitoring Go here.