|Executive Summary: As network-monitoring tools go, Link Analyst from Network Instruments is a toolset you might want to investigate. It’s designed to help you monitor your Windows-based network. It uses a combination of SNMP and Windows Management Instrumentation (WMI) to find and monitor Windows Servers and network hardware. Link Analyst has a really simple interface that’s easy to navigate. After a few minutes poking around in the program, I felt right at home. The menus are laid out in a logical manner, and the tabs on the Program Options page (the main configuration page) let you quickly set up new monitors, notifications, and other settings.The product does have some shortcomings that blemish an otherwise outstanding tool: Link Analyst doesn’t run as an NT Service, and it’s limited to WMI and SNMP–type monitoring.|
Link Analyst from Network Instruments is a toolset designed to help you monitor your Windows-based network. It uses a combination of SNMP and Windows Management Instrumentation (WMI) to find and monitor Windows Servers and network hardware. After it discovers all of the network devices, you can display them in a business group or as a route map. A route map looks similar to most point-to-point network-monitoring displays and can be helpful when monitoring data connections between cities or other complex network configurations. The business group display is used to group servers or other network devices together that work together to provide a function or service. For example, if your company sold parts on the Internet, you might have a grouping of your web servers, network load-balancing devices, and the back-end SQL Server databases. Should one of these services fail, the "Parts-Internet" group would immediately indicate that it was at risk.
Link Analyst requires a 1GHz Pentium processor with 1GB of RAM. I had no problems with the setup, and it went off without a hitch. It installs the Microsoft Visual C++ 2005 Redistributable Package and requires Sun Microsystems Java Virtual Machine (JVM). The installation goes very quickly but does require a system restart.
Link Analyst guides you through the process of discovering your network. It gave me three choices for Discovery Mode: Discover network devices and network topology (the default), Discover network devices only, or Simply create an empty Business Group. I will add devices manually. I chose the default so that the application would try to find everything on my network. After I chose the IP range, the services to scan for, and set some WMI credentials (such as user account with permissions to read WMI information), I was ready to scan my network. (You do need to have the correct SNMP and WMI credentials or the discovery tool might not find all of your devices.) The scan of my 10 devices went relatively quickly and I was soon presented with an accurate map of my network.
Link Analyst did a fairly good job of identifying the different pieces and parts of my network. It picked up the Microsoft Exchange server, the domain controller (DC), Microsoft SQL Server, and even my Linksys Home Office wireless access point. I was disappointed that it didn’t automatically find and identify the Cisco PIX 515E (arguably one of the most popular firewalls found in networks today). This could be because the firewall doesn’t want to be found, which isn’t the fault of Link Analyst. By using the custom monitors that I describe later in this article, you can manually configure Link Analyst to monitor the firewall via SNMP.
The map can also be viewed remotely from a web page, and limited by user/group. I would have liked to see a link to Active Directory (AD) that uses groups instead of a separate user database. If the Link Analyst application isn't running, you can enable the Network Instruments Web Server as an NT Service. While this is a nice touch, I was extremely disappointed to discover that the Link Analyst application has to be running for it to gather information. There isn’t an option to run Link Analyst as an NT Service the way the Web Server can. Why is this important? If the Link Analyst Server is rebooted (or crashes and reboots), your network won't have any monitoring until someone logs onto the server and starts the application manually. I verified this fact with tech support. This limitation knocked the product down by .5 stars.
Right out of the box, Link Analyst is set up to monitor AD, Exchange, Microsoft IIS, Microsoft Virtual Server 2005, printer and router utilization, SQL Server, switch utilization, and various brands of wireless access points. The GUI also indicates monitor options for “Windows Workstation” and “VMware Virtual Server.” Link Analyst can also monitor anything that has WMI or SNMP support and can monitor syslogs and Windows event logs.
Unfortunately, I found myself frustrated with the Windows event log monitoring. The application has a very nice interface to add events that you want to monitor. But the problem is, I don’t know what events I want to monitor; I want to monitor everything at first, then add events to ignore as I sort through the chatter that all Microsoft servers have. I called tech support and found a very helpful technician who walked me through setting up a monitor to catch all events, and then was as troubled as I was to find that the “ignore list” (called Negate text match result when you edit a monitor) was grayed out. He wondered out loud if this was a bug and promised to get to the bottom of the problem. As of press time, I hadn’t heard back from tech support.
If the built-in monitors don't have what you need, you can create your own. Link Analyst offers nine different processes you can use to build your own custom monitor, including WMI object property and SNMP trap. The product comes pre-loaded with many of the most popular MIBs and an easy mechanism to add your own for a specific device. A wizard steps you through the process of selecting the device, the specific counter to monitor, and the notification (aka Alarm Response).
Keep in mind though, that you're limited to using WMI and SNMP for monitoring. I know of a few companies that have created monitoring scripts that return a 0 or a 1 (0 for OK, 1 for fail) for a custom business process. Unfortunately—and I verified this with tech support—there's no way for Link Analyst to trigger on this information. If you fall into this category, make sure you're able to convert your custom monitoring to WMI or SNMP.
As expected, Link Analyst offers the usual types of notifications: Email, pager, execute a program, play a sound, start Link Analyst and "focus on the Alarm Log," or even print to the default printer. The pager setup on the Notifications TAB has 60 pre-defined pager services from all over the world (16 for the US, and 14 for the UK).
The Link Analyst console, which Figure 1 shows, is also helpful in notifying you of problems on your network. Instead of requiring you to search out a specific problem in a large list, a bright Alarmed Devices icon takes you directly to the problem. Link Analyst also offers some built-in reports that show you statistics such as the top router port utilization, how much free space is left on a disk, and more.
Some Limitations, But Rock-Solid Overall
Link Analyst has a really simple interface that’s easy to navigate. After a few minutes poking around in the program, I felt right at home. The menus are laid out in a logical manner, and the tabs on the Program Options page (the main configuration page) let you quickly set up new monitors, notifications, and other settings.
The product does have some shortcomings that blemish an otherwise outstanding tool: Link Analyst doesn’t run as an NT Service, and it’s limited to WMI and SNMP–type monitoring. Other than these two facts, I found the product to be rock solid and easy to use. If you like the idea of agent-less monitoring and are comfortable with just using SNMP and WMI, then Link Analyst might be for you.