Below is a list of my top 5 network monitoring tools for Linux, in no particular order.
Nagios
Nagios is a network monitoring application that is capable of alerting a system administrator in the event that something goes wrong on a network, and even when it comes good again. Nagios lets you monitor network services (such as FTP, HTTP, SMTP, POP3, etc), host availability, host resources (CPU load, memory usage, etc), bandwidth utilization, and via the customizable nature of Nagios, it can potentially monitor anything (within reason). Some of the possibilities include monitoring for when SSL certificates are going to expire for a website, or when a domain name is going to expire, or even when a UPS drops below a set input voltage.
http://www.nagios.org/
Cacti
Cacti is a web based graphing tool, which stores its statistics in the RRDTool backend. It allows you create graphs of network traffic utilization, via the SNMP protocol. This allows you to create a central location of graphs, for all SNMP enabled network devices you have access to. Shell scripts can be written to allow graphing of other devices that may not be SNMP enabled.
http://www.cacti.net/
Tcpdump
Tcpdump is a network packet analyzer (or otherwise known as a packet sniffer). It allows you to intercept and display any network traffic that your network interface card can see. While a network that runs in a switched environment will prevent Tcpdump from viewing all data, it is still handy for viewing data that does go through the PC you are running it on, especially if the machine is a firewall/router. Great tool for diagnosing network related issues. You can create pcap compatible capture files, and open them at a later time in Wireshark/Ethereal for easy analyzing.
http://www.tcpdump.org/
Nmap
Nmap stands for “Network Mapper”, and is tool for network scanning and security auditing. It is probably the best known port scanner around. It is a great tool for checking to see what services are running, what ports are open, etc. It has the ability to perform host discovery, port scanning, version detection, operating system detection, and also has its own scripting engine (NSE).
http://nmap.org/
Ntop
NTop is similar to the standard unix/linux “top” program, but displays network traffic information instead of process information. It runs in a console, however there is a web interface avaliable as well. When used on a firewall/gateway it allows you to monitor the Internet usage of your entire network.
http://www.ntop.org/
The “ApacheTop” package has been written to allow users to monitor real time statistics based on the Apache log files. ApacheTop is a great way to keep an eye on your Apache web server statistics. It allows you to monitor how many requests you get (total and per second), bandwidth usage (total and per second), the number of 2xx, 3xx, 4xx, and 5xx HTTP return code responses, individual page/url requests, and more.
ApacheTop is similar in style to the ‘top’ program for monitoring running processes, and also the ‘ntop’ program for monitoring network traffic. The application loads, and sits there constantly updating, and waiting for commands from the user.
Installing ApacheTop:
For Ubuntu or Debian:
$ sudo apt-get -y install apachetop
For CentOS or RedHat Enterprise Linux:
# yum install gcc gcc-c++ ncurses-devel readline-devel make wget # wget "http://www.webta.org/apachetop/apachetop-0.12.6.tar.gz" # tar xzvf apachetop-0.12.6.tar.gz # cd apachetop-0.12.6 # ./configure # make # make install
For other distributions, you can download the source files from http://www.webta.org/projects/apachetop/.
Running ApacheTop:
apachetop -f /path/to/apache/access.log
(Note: if you dont have read access to the log file, you may need to run apachetop as root, by prefixing the ‘apachetop’ command with the ‘sudo’ command)
Eg:
sudo apachetop -f /path/to/apache/access.log
Example output:
last hit: 15:06:23 atop runtime: 0 days, 00:05:35 15:06:33
All: 26 reqs ( 0.1/sec) 206.9K ( 685.6B/sec) 8148.6B/req
2xx: 25 (96.2%) 3xx: 0 ( 0.0%) 4xx: 1 ( 3.8%) 5xx: 0 ( 0.0%)
R (335s): 26 reqs ( 0.1/sec) 206.9K ( 632.4B/sec) 8148.6B/req
2xx: 25 (96.2%) 3xx: 0 ( 0.0%) 4xx: 1 ( 3.8%) 5xx: 0 ( 0.0%)
REQS REQ/S KB KB/S URL
1 0.03 16.5 0.6 /
1 0.07 8.2 0.6 /images/021.png
1 0.07 1.3 0.1 /images/011.png
1 0.07 4.8 0.3 /images/06.png
1 0.07 4.0 0.3 /images/031.png
1 0.07 5.0 0.4 /images/07.png
1 0.07 4.3 0.3 /images/08.png
1 0.07 4.4 0.3 /images/09.png
1 0.07 3.9 0.3 /images/10.png
1 0.07 3.6 0.3 /images/11.png
1 0.07 3.4 0.2 /images/12.png
1 0.07 3.5 0.2 /images/13.png
1 0.08 4.6 0.4 /images/14.png
1 0.08 2.7 0.2 /images/15.png
1 0.08 24.3 1.9 /images/041.png
1 0.08 6.0 0.5 /images/051.png
You can specify a number of options when running apachetop, and these can be see by reading the man page, or by running apachetop with the –help parameter:
Eg:
apachetop --help
The two options that I find the most useful are the -H and the -T options:
-H hits remember stats for this many hits -T secs remember stats for this many seconds
By default ApacheTop remembers stats for 30 seconds. 600 is a good figure to use (10 minutes) for the -T option.
Note: I had issues with apachetop running on Ubuntu where the hot keys wouldn’t get picked up, and to exit I had to press ctrl-c. If you know why this occurs, or know how to fix it, please add a comment below.