3.0 Networking Operations
3.1 Network Monitoring, Statistics, and Sensors
Performance metrics/sensors
Device/chassis
Temperature - Monitor trend vs baseline
CPU usage - Monitor performance
Memory - Monitor usage
Network metrics
Bandwidth - Monitor utilization of the network
Latency - Monitor network speed
Jitter - Monitor network consistency
SNMP - Simple Network Message Protocol, used to collect data on network changes/status. V1/2 sends data unencrypted, v3 sends data encrypted and has other security features
Traps - Sends a notification alert if a specified metric threshold is met
Object Identifiers (OIDs) - Queryable data within a MIB
Management Information Bases (MIBs) - Database that stores device network data
Network Device Logs
Log Reviews
Traffic Logs - Data traffic flows, summaries, very detailed for each device on the network
Audit Logs - Event details, what and when things happened
Syslog - Protocol to send data to a centralized, consolidated log receiver, integrates into the SIEM
Logging levels/Severity levels - Can be used for alert prioritization or as a filter for queries.
Interface statistics/status
Link State (up/down) - If an interface is active or not
Speed/Duplex - Check for speed match, errors could
Send/Receive Traffic - Errors could indicate a bandwidth issue
Cyclic Redundancy Checks (CRCs) - Error checking for unintended changes/data corruption
Protocol Packet and Byte Counts - Data/Packets sent/received
Interface Errors or Alerts
CRC Errors - Data corruption errors
Giants - Frames that are more than 1518 bytes, indicative of interface errors/collisions
Runts - Frames that are less than 64 bytes, indicative of a collision
Encapsulation Errors - Expected frame mismatch for two switches (802.1Q is standard, ISL is legacy)
Environmental Factors and Sensors
Temperature - Devices need constant cooling
Humidity - High humidity could create condensation, low humidity can create static discharges
Electrical - Circuit load, monitor electrical system, voltage, etc.
Flooding - Water/flood monitoring to alert about potential hardware damage
Baselines - Normal trends over time used to compare against live data
NetFlow Data - Collects all network traffic flows/statistics, uses probes and collectors
Uptime/Downtime - Summary of availability, check vendor/3rd party status pages