SysAdminMAGAZINE

Top Tools for

Top SysAdmins
 Contents SysAdmin Magazine July 2021

SysAdmin Contents
Magazine

03 Best Active Directory management tools

№ 67 July ‘21
10 Top best network monitoring tools of 2021

31 Best server monitoring software tools

SysAdmin Magazine is a free

47 Active Directory auditing guidelines
source of knowledge for IT Pros
who are eager to keep a tight
grip on network security and do 51 Webinar: [AD & Azure AD: Better together] Getting maximum value from
the job faster.
infrastructure security services

52 How to: Using PowerShell to list scheduled tasks on Windows machines

53 Free tool of the month: Netwrix Auditor for Windows Server

The Sysadmin Magazine team

[email protected]

2
 Contents SysAdmin Magazine July 2021

Best Active Active Directory Reporting, Monitoring and Auditing Tools

Directory Microsoft Active Directory Explorer

Management Tools Microsoft Active Directory Explorer is an advanced administration tool that makes it easy to search for, view and edit extended
information about AD objects. It is similar to AD Users and Computers but has at least one key additional benefit — it allows you
to view object properties and attributes without opening additional dialog boxes.

Jeff Melnick AD Explorer also enables you to save snapshots of an AD database for offline viewing and database version comparisons. When
IT Security Expert, Blogger
you load a saved snapshot, you can work with it as you would use a live database.

Other features include:

IT teams rely on Active Directory (AD) to keep networks se-
cure and maintain user accounts — but they often need to
▪ Defining favorite locations
adhere to strict budget limitations when it comes to select-
▪ Editing permissions
ing software to help. That’s why we’ve put together this list
▪ Viewing an object’s scheme
of the top free Active Directory management tools.
▪ Executing sophisticated searches that you can save and re-execute

Our picks focus on AD tools that will help you complete rou-
tine AD management tasks much faster so your team has Netwrix Auditor for Active Directory
time to focus on other priorities. We’ve grouped these free
Active Directory tools into three categories: Netwrix Auditor for Active Directory (free community edition) gives you visibility into what’s happening inside domains while elim-
inating the time-consuming tasks of analyzing endless native logs. Netwrix Auditor tracks logons and all changes to Active Direc-
▪ Active Directory reporting, monitoring and auditing tory users, groups, organizational units and Group Policy. It generates a daily activity summary that details all changes and logon
tools activity that occurred during the previous 24 hours, including the before and after values for each modification.
▪ Active Directory management tools
▪ Active Directory utility tools

3
 Contents SysAdmin Magazine July 2021

Netwrix Account Lockout Examiner Netwrix Password Expiration Notifier

Netwrix Account Lockout Examiner is well known as one of the best Active Directory tools for Netwrix Password Expiration Notifier automatically sends notifications about upcoming AD
quickly resolving one of the most pressing issues with AD: account lockouts. It enables you to password expiration to users and their managers. This proactive approach enables you to re-
identify the root cause of lockouts in a single keystroke, slashing troubleshooting time by up to main in compliance with password security best practices without sacrificing user productivity
90 percent. This lightweight and intuitive tool empowers you to investigate issues like why the or increasing helpdesk workload.
same account repeatedly locks out without having to slog through a mountain of cryptic event
logs — just enter the username and click a button.
Cjwdev Active Directory Info

Netwrix Effective Permissions Reporting Tool Cjwdev Active Directory Info is a free Active Directory reporting and analysis tool that enables
you to review the configuration settings of AD objects. You can quickly generate CSV, HTML or
Netwrix Effective Permissions Reporting Tool simplifies auditing of access permissions in Active TXT reports to gain insight into things like:
Directory. You can view a user’s account group membership, the permissions the account has
to every AD object and how those permissions are granted. It also shows file and folder effec- ▪ Locked accounts
tive permissions, so you can determine who has access to your data and how their access was ▪ Users who have never logged on
gained. You can export this information to an HTML file. ▪ Users with the “password never expires” flag
▪ Enabled and disabled users
Netwrix Bulk Password Reset ▪ Deleted groups
▪ Computers deleted in the last 30 days
Netwrix Bulk Password Reset enables you to reset local admin and user passwords across multi- ▪ Group Policy objects modified in the last 30 days
ple workstations at once, remotely, without actually logging into them. This functionality enhanc-
es Windows Server security.
Cjwdev Active Directory Permissions Reporter
Netwrix Inactive User Tracker
Cjwdev Active Directory Permissions Reporter extracts all permissions for every object in your
domain. Note that the free edition of Cjwdev AD Permissions Reporter does not support the
Netwrix Inactive User Tracker provides insight into stale Active Directory user accounts so you
command line and you cannot filter or export results.
can disable or delete unneeded accounts before malicious actors can exploit them to gain ac-
cess to resources and services on your network.

4
 Contents SysAdmin Magazine July 2021

ENow Compass Softerra Browser for LDAP

ENow Compass provides real-time network monitoring to help you identify issues that could Softerra Browser for LDAP is a lightweight tool that allows you to view, browse, search and ex-
evolve into bigger problems. ENow Compass is a powerful toolset, but the company does not port information from LDAP. It is free to use for 30 days — you’ll need to register a paid account
offer a free version. Users can start with a 14-day free trial with registration. to use it past this point.

MaxPowerSoft Active Directory Reports Lite

WiseSoft Password Control
MaxPowerSoft Active Directory Reports Lite allows you to load up to 200 objects from Active
WiseSoft Password Control can reset user passwords in bulk, which saves time and effort when
Directory and generate auditing reports on users, groups, organizational units, computers and
managing service account passwords. It also includes the ability to make other bulk changes,
GPOs. The paid version of grants access to more reports and many more features.
such as enabling and disabling user accounts, group membership functions, descriptions and
departments.
Active Directory FastReporter

Active Directory FastReporter generates a variety of predefined reports on your AD infrastruc-

ture. The free version doesn’t allow you to create custom reports, export reports or use auto-
Active Directory Management Tools
mation features.
Albus Bit Active Directory Administrator
LDAPSoft Active Directory Browser
Albus Bit Active Directory Administrator enables you to manage user and computer accounts
across your Active Directory domain from a single interface. You can use the built-in search
LDAPSoft Active Directory Browser simplifies SSL communication and streamlines the process
templates or create your own, and use the results to disable inactive accounts, move accounts
of browsing your AD hierarchy. You can search for entries, view all available attributes and run
to different organizational units or remove users from groups.
SQL-LDAP statements.

5
 Contents SysAdmin Magazine July 2021

CjWdev Active Directory Tidy Windows PowerShell

Windows PowerShell is undoubtedly the most powerful Active Directory tool. However, it can be
CjWdev Active Directory Tidy allows you to easily manage your AD accounts in bulk. For example,
challenging to use because it lacks a graphical interface. To accomplish your tasks, you’ll need to
you can add multiple accounts to a specific security group, or set random passwords or a partic-
use cmdlets and scripts like the following:
ular expiry date for a set of accounts.

▪ Disable a user account: Disable-ADAccount username

The tool’s filtering functionality makes it easy to clean up your AD. For example, you can filter by
▪ Enable a user account: Enable-ADAccount username
last login date to find all inactive user and computer accounts to determine whether you should
▪ Unlock a user account: Unlock-ADAccount username
remove them from your domain. The paid version of this tool also enables you to export AD
▪ Delete a user account: Remove-ADUser username
settings to XML.
▪ Find all empty groups: Get-adgroup -filter * | where {-Not ($_ | get-adgroupmember)} |
Select Name
Spiceworks People View ▪ Add a member to a group: Add-adgroupmember “groupname” –username
▪ Enumerate the members of a group: Get-ADGroupMember “groupname”
Spiceworks People View allows you to view and update AD user account properties, such as ▪ See what groups a user account is a member of: Get-aduser username -property Member-
email, phone number, title and department. You can also add devices to user profiles to mon- of | Select -ExpandProperty memberOf
itor installed software programs and update it when needed. You can also reset passwords ▪ Disable a computer account: Disable-ADAccount -Identity “computername”
and enable or disable user accounts. The tool also offers self-administered password and user ▪ Find computers by type: Get-ADComputer -Filter * -Properties OperatingSystem | Select
profile management on a self-service web portal, and real-time status monitoring of all your OperatingSystem -unique | Sort OperatingSystem
devices. ▪ Create an organizational unit: New-ADOrganizationalUnit -Name OUname -Path “dc=do-
mainname,dc=com”
Spiceworks offers other useful tools. For example, Network Monitor performs real-time status ▪ Create a computer account: New-ADComputer -Name username -Path “ou=OUname,d-
monitoring of all your devices. c=DCname,dc=com”
▪ Create a user account: New-ADUser -Name username -Path “ou=OUname,dc=DCname,d-
c=com”
Microsoft AdRestore

Microsoft AdRestore is a single-task tool that enumerates all tombstoned objects in your AD
domain and enables you to restore them individually as needed.

6
 Contents SysAdmin Magazine July 2021

Adaxes
Active Directory Utility Tools
Adaxes streamlines routine management functions in Active Directory, Microsoft Exchange and
Microsoft 365 environments. You can use it to delegate privileges, control authorizations and Microsoft Active Directory Replication Status (ADREPLSTATUS) Tool
stay in compliance with data mandates. Softerra offers a 30-day free trial.
Microsoft ADREPLSTATUS Tool is a single-purpose tool that helps you analyze the replication of
domain controllers in your network.
CENTREL Solutions XIA Automation

CENTREL Solutions XIA Automation helps you automate IT management tasks, such as account Cjwdev Group Manager
provisioning, user management and password changes. It includes time-saving features like
bulk provisioning of accounts from CSV to AD, Exchange, Google or Office 365. Cjwdev Group Manager allows the manager of a group to manage roles and settings for the
group, including adding and removing other users and exporting group members to a CSV file.
The free edition enables you to manage only a single group, and you cannot or add new mem-
Dameware Remote Everywhere
bers from other domains.

Dameware Remote Everywhere is a pricey commercial-grade tool at $540 (and up), but it is no-
table for its powerful functionality — especially for enterprise-level network needs. Cjwdev Active Directory Photo Edit
Cjwdev Active Directory Photo Edit enables you to import and upload images to an AD attribute
“Remote Everywhere” refers to the tool’s cloud-based solutions. Users enjoy safe, remote sup-
that can be displayed in Outlook 2010, Lync and SharePoint. The free edition can’t process pic-
port with advanced encryption and multifactor authentication, essential endpoint support for
tures for users and contacts in bulk, but the paid version offers this feature.
any computer or device, and a reporting engine that can handle virtually any reporting task.
New users can get a fully functional version of Dameware Remote Everywhere for 14 days.
Cjwdev Managed Service Accounts GUI
Cjwdev Managed Service Accounts GUI helps you configure managed service accounts using an
intuitive GUI that eliminates the need for PowerShell commands.

7
 Contents SysAdmin Magazine July 2021

Specops Password Auditor RIA-Media SysAdmin and SysAdmin Anywhere

Specops Password Auditor scans your Active Directory and identifies password-related vulnera- RIA-Media SysAdmin and RIA-Media SysAdmin Anywhere are helpful for facilitating a long list of
bilities so you can reduce your attack surface and maintain compliance. activities:

▪ Resetting user passwords

Specops Software Gpupdate
▪ Adding, editing and deleting AD objects
▪ Adding photos
Specops Software Gpupdate enables remote administration of computers and organizational
▪ Shutting down and restarting computers remotely
units. For example, you can refresh Group Policy or wake up, shut down or restart a PC remotely.
▪ Checking for updates
▪ Monitoring hardware and computers
Specops Command
SysAdmin and SysAdmin Anywhere both offer a free trial.
Specops Command is a PowerShell and VBScript interface that helps you automate many Active
Directory administrative tasks.
Codeplex ADModify.NET
Zohno Z-Hire and Z-Term Codeplex ADModify.NET is a single-use tool that allows you to modify multiple user attributes
at once.
Zohno Z-Hire and Z-Term are single-task tools. Z-Hire speeds the user account creation process
for new hires, while Z-Term helps with account removal when an employee leaves the organi-
zation.
WiseSoft Bulk Password Control
WiseSoft Bulk Password Control enables you to change passwords on multiple accounts at the
SysOpsTools Active Directory Query
same time using the tool’s password generator feature. You can also enable, disable and unlock
SysOpsTools Active Directory Query is a free executable tool — no installation required — that AD accounts in bulk.
can be used to quickly search AD for information about a specific user or computer, including
schema attributes that are normally not readable.

8
 Contents SysAdmin Magazine July 2021

Conclusion
With so many options to choose from, it can be challeng-
ing to find the right mix of AD management tools for your
needs. The most effective way to make that choice is to in-
stall different tools and try them out in your AD environ-
FREE GUIDE
ment. This will give you insight into how well they will work
for your specific needs and preferences.

Active Directory
Group Management
Best Practices
Free Download

9
 Contents SysAdmin Magazine July 2021

Paid Network Monitoring Solutions

Top Best Network PRTG
configuration processes and speed the installation process.

Monitoring Tools of
Other key features include flexible alerting methods,
The Paessler PRTG network monitoring tool is an integrated multiple user interfaces to choose from, failover-tolerant

2021
solution suitable for both small and enterprise environments. monitoring, and distributed monitoring.
The setup is dynamic, so its monitoring capabilities can grow
or shrink with business size or other requirements of your With PRTG, there is no need to install agents on each device;
organization. It is a Windows program that can be installed monitoring can be performed only using the program
on a server with shared access. kernel. Using remote probes allows monitoring of various
Jeff Melnick
networks, either in the same place or in remote locations.
IT Security Expert, Blogger
PRTG is more than just a server monitoring solution; it The remote computer collects location information and
can monitor any IT-related resources that connect to your combines it on the PRTG central server, providing access to

If you don’t know the state of your network, you’re like a network, including firewalls, servers, printers, switches, all local and remote devices, sensors, alerts and warnings

blind pilot, inevitably headed for disaster. Fortunately, the routers, databases, websites and even UPS’s. PRTG can via the internet, and uses a protocol with strong SSL

market now offers many good software solutions, both send email and SMS alerts based on your custom threshold encryption. The product is free for 100 sensors, so it’s great

commercial and open source, for network monitoring. levels, so you can get more frequent warnings from critical if you have a small network or looking for a paid solution.
servers and almost no noise from the others.

With functionality such as discovering devices, monitoring

network equipment, servers and applications, identifying The application can monitor everything that you need

network trends, graphically presenting monitoring results, to know about your server, such as CPU load, hard disk

and even backing up switch configurations and routers, capacity and performance, RAM utilization, and bandwidth

these network monitoring software tools will surely sur- monitoring. The user interface is simple and clear, with

prise you. Here’s a list of the best network monitoring soft- functional elements conveniently located in intuitive places.

ware solutions of 2021, both paid and free: Administrators can view the entire server environment at
a glance through customizable dashboards and reports,
generating useful graphs and analytics for specific
needs. There are predefined templates to help with the

10
 Contents SysAdmin Magazine July 2021

WhatsUp Gold

WhatsUp Gold is a powerful, easy-to-use software tool for comprehensive monitoring of appli- and immediately writes a log entry or starts an action script to reboot the system several min-
cations, networks and systems. It allows you to troubleshoot problems before they affect the utes later and then sends an email notification after completion.
user experience. You can also get an accurate idea of the performance of your IT environment.
WhatsUp Gold has no free version but it has a free trial.
WhatsUp Gold has a unique interactive map that helps you quickly assess the performance of
the entire network, infrastructure and virtual environment. It provides information about the
connection status of network devices and dynamic response to interactions, which ensures min-
imum response time. The interactive maps can be dynamically filtered to get an instant overview
of the physical, virtual and wireless networks. You can zoom in to view detailed information on
individual sites or devices, or zoom out to see the subject of study in the overall picture. A map
can be configured to display the environment by geography (on a map or on a building map), by
category (by connection, application or traffic) or by any other layout.

Use of the tool starts with an advanced discovery process that identifies all devices connected
to your network and automatically applies standard or custom device roles; this significantly
speeds up the monitoring setup. WhatsUp Gold has active monitors that show device status in
real time and passive monitors for SNMP traps, Syslog and Windows event logs. Performance
monitors use SNMP, SSH or WMI to track CPU, disk, memory and network usage. WhatsUp Gold
has an option to receive early warning when users are experiencing poor response times, so you
can fix them before users experience full downtime. These warnings can be sent via email, SMS
and web.

It also has a network traffic analysis module that collects network traffic and bandwidth usage
data from any flow-enabled device on the network. One of the greatest performance manage-
ment features is an action policy that detects a state change, such as when a router goes down,

11
 Contents SysAdmin Magazine July 2021

Nagios XI

Nagios XI is a powerful network monitoring tool that has been in active development for many some of them may not always be worth it. Nevertheless, the advantages of the early warning
years. The Nagios Core software is open source and free, and Nagios XI is a proprietary interface system metrics provided by this tool for so many aspects of the network are hard to overstate.
that uses Nagios Core as the back end. Nagios XI does almost anything that system and network
administrators might need from a network monitoring utility. The web interface is fast and intui- Nagios XI is available free of charge for monitoring small environments.
tive, and the server part is extremely reliable. Its rather complex configuration can be a problem
for beginners to learn, but it is also an advantage, since the tool can be adapted to almost any
monitoring task. A very active community supports Nagios Core, so various plug-ins exist for a
huge variety of hardware and software. You can continuously monitor the status of servers, ser-
vices, network channels and anything else that has an IP address. For example, you can monitor
the use of disk space on the server, RAM and CPU usage, FLEXlm license usage (software license
manager tool), server air temperature, WAN and internet connection latencies, netflow traffic,
and much more.

No monitoring system for servers and networks would be complete without notifications. The
Nagios software platform offers a customizable mechanism for notifications via e-mail, SMS and
instant messaging via the most popular internet messengers, as well as an escalation scheme
that can be used to make reasonable decisions about who should be notified when and in what
circumstances. In addition, the display function shows all monitored devices in the logical repre-
sentation of their placement on the network, with color coding that highlights problems as they
arise.

The main disadvantage of Nagios XI is its configuration process — it is mostly done through the
command line, which greatly complicates installation if you’ve never worked with it before. Peo-
ple familiar with standard Linux and Unix configuration files, however, should not experience
any particular problems. The possibilities of Nagios XI are huge, but the effort required to use

12
 Contents SysAdmin Magazine July 2021

LogicMonitor

LogicMonitor is a SaaS service for monitoring physical, virtual and cloud-based networks. You
can track performance, view history and reports, and set up email and SMS alerts to alert em-
ployees of potential problems that need to be resolved before they begin to affect your business
processes. Users need to install a lightweight program on a Linux or Windows OS. LogicMonitor
provides a single web console that is ready to automatically discover most switches, routers,
firewalls, load balancers, servers, applications, databases, VoIP systems and storages. The dash-
board allows users to monitor live performance indicators along with a list of system errors and
statuses because it automatically collects performance data from connected servers, networks
and workstations via over 20 standard protocols such as JMX, Perfmon, SNMP, WMI and vari-
ous APIs. Network administrators can prioritize issues, configure escalation rules for alerts and
schedule downtime according to their service standards.

LogicMonitor has reporting capabilities as well; you can build reports on any time period for any
device, group, service or data source. Reports can be in HTML, PDF or CSV, and can be executed
on demand or scheduled to be delivered by email at regular intervals. You have to know what
you’re looking for before you configure a report. All in all, LogicMonitor is a powerful infrastruc-
ture monitoring and alerting service with a nicely customizable web portal that displays in-depth
metrics and system information.

Unlike many other vendors, LogicMonitor doesn’t charge you per monitor; they charge based
on the number of devices.

13
 Contents SysAdmin Magazine July 2021

Netwrix Auditor for Network Devices

It’s not enough to detect network device performance issues — system administrators need to
quickly determine the cause of the issue and fix it. To do that, they need to be able to inspect
configuration changes and other activity. Netwrix Auditor for Network Devices delivers reports
and alerts detailing what was changed on each network device, who made each change and
when it happened, with the before and after values. The reports also reveal both successful and
failed attempts to log on to network devices, directly or over VPN connections. In addition, they
provide port scanning information and details about hardware issues such as a power supply
failure or critical CPU temperature. Netwrix Auditor supports Fortinet FortiGate, Cisco ASA, Cisco
IOS, Palo Alto, SonicWall and Juniper network devices.

Netwrix Auditor has a powerful built-in search of audit data, alerts on threat patterns, and be-
havior anomaly discovery functionality. It also has a RESTFul API engine that enables you to con-
nect the Netwrix Auditor platform with other software solutions, such as Nutanix, Amazon Web
Services, ServiceNow, ArchSight, IBM Qradar, Splunk, Alien Vault and LogRythm; you can receive
data from or send data to these solutions. Product installation is straightforward, and the UI is
user friendly and fast.

In short, Netwrix Auditor for Network Devices is not just a really valuable monitoring tool; it’s an
enterprise-level software platform that gives you complete visibility into changes, configurations
and access across your network infrastructure. Netwrix Auditor has free 20-day trial; during that
period, you can not only evaluate Netwrix Auditor for Network Devices but also all the other
Netwrix Auditor applications, which cover systems such as Active Directory, Group Policy, Azure
AD, Exchange, Office 365, file servers, SharePoint, Microsoft SQL Server and VMware.

14
 Contents SysAdmin Magazine July 2021

ntopng

ntopng is a network monitoring tool with a fast and easy web interface. This network probe
shows network usage in a way similar to what the top command does for processes in Unix-like
operation systems. In interactive mode, it displays the network status on the user’s terminal. In
web mode, it acts as a web server, creating a HTML dump of the network status.

This packet analysis tool displays real-time data about network traffic, showing information
about host data flows and host connections in real time. It provides legible graphs and tables
showing current and past network traffic, including the protocol, source, purpose and history of
specific transactions. In addition, you will find an impressive set of graphs, charts and maps of
real-time network usage.

A modular architecture allows you to wire up a huge number of add-ons. The tool includes an
API for the Lua scripting language, which can be used to support extensions. It can also store
host data in files for permanent data collection. One of the most useful applications of ntopng
is traffic control in a specific location. For example, when some of your network channels on
your network map are highlighted in red and you don’t know why, you can use ntopng to get
a per-minute report about the problematic network segment and quickly see which hosts are
responsible for the issue. The advantage of such visibility of the network is difficult to overstate,
and it is very easy to get.

There is a free, open-source Community edition of ntopng that is suitable for small businesses.

15
 Contents SysAdmin Magazine July 2021

Datadog

Datadog is a platform that provides monitoring and analytics for software developers, operations
teams and business leaders in the cloud era. The SaaS platform integrates and automates
infrastructure monitoring, application performance monitoring and event log management to
provide unified real-time visibility into the entire technology stack of a company’s customers.
With over 120 integrations and a robust API, Datadog ties together metrics and events from every
component in the environment to provide teams with graphing, correlation and data analysis.
The product provides a single view for on-premises and cloud deployments. This holistic view
of an enterprise’s IT infrastructure is becoming increasingly important with the ever-growing
volume of data and devices within organizations. Businesses of all sizes and across a wide
range of industries are using Datadog to digitally and migrate to the cloud, foster collaboration
between teams, accelerate time to market for applications, reduce time spent solving problems,
better understand user behavior and track key business metrics.

Datadog can monitor Linux and Windows virtual machines (VMs), standalone Linux and Windows
servers, and Windows 7 and Windows 10 workstations. It provides access to configuration files
for various monitored objects, including Apache, Microsoft IIS and SQL Server, VMware vSphere,
Windows Services, and a variety of network devices. However, cloud services are the primary
monitoring framework for Datadog, and the product supports common services including
Amazon Web Services (AWS), Microsoft Azure and Google Cloud. The level of effort required to
configure each of these services obviously depends on the service, but in many cases, it simply
involves setting up connection information and credentials.

Datadog is subscription-based service with annual, monthly and hourly plans available. Depending
on your plan, you can monitor 10 or 20 containers free for each host license. Additional containers
will be billed at $0.002 per container per hour. In addition, you can purchase prepaid containers.
The free version allows you to monitor up to 5 hosts and provides 1-day data retention.

16
 Contents SysAdmin Magazine July 2021

Lansweeper

Lansweeper gathers hardware and software information of computers and other devices on
a network for management, compliance and audit purposes. The application also includes a
ticket-based helpdesk system and capabilities for software updates on target devices.

Lansweeper’s core capacity stems from the discovery of the hardware and software in a local area
network (LAN). Lansweeper can collect information on all Windows, Linux and Mac devices, as
well as network IP addressable devices. The inventory reports can be used to identify problems.

The central Lansweeper inventory database must be located on a Microsoft Windows machine in
a SQL Compact or SQL Server database. The application can scale up to hundreds of thousands
of units, while a minimum standard configuration can be supported by placing all its components
on a single server. While Lansweeper can be set up as agentless, agents may be recommended
for complex environments.

The integrated helpdesk ticketing module that can be used to capture and track issues, and the
software module can help you manage updates and patches.

Lansweeper has a freeware product version, but the number of devices and the functionality
provided are both limited. The full, licensed version offers a 20-day free trial.

17
 Contents SysAdmin Magazine July 2021

SolarWinds Network Performance Monitor

SolarWinds Network Performance Monitor quickly detects, diagnoses and assists in resolving
network performance problems before they result in downtime. In addition, with dynamic
network topology maps and automatic detection of components, administrators can easily
scale the network and align important processes as it grows. SolarWinds Network Performance
Monitor controls the response time, availability and uptime of routers, switches and other SNMP-
enabled devices. It has automated network scanning processes that identify new network devices
and monitor the state of all critical equipment. It supports networks and devices from leading
hardware manufacturers. The monitoring process looks for the availability and performance
indicators of network devices and interfaces, such as bandwidth load, delays, responses, packet
loss, CPU and memory for each piece of equipment, with SNMP and WMI support.

You can quickly configure alerts based on events and the conditions of network devices. If
necessary, you can block notifications based on dependencies and topology so you receive alerts
on important network issues only. The solution also includes tools for generating notifications,
reports, manuals and help files in different file formats. The user interface is simple to understand
yet robust enough to provide a comprehensive view of the network. It is easy to see everything
at a glance, and the statistical network baselines provide additional information to help you
optimize network devices and respond to issues quickly. SolarWinds Network Performance
Monitor has a NetPath feature that uses advanced probing to make troubleshooting network
performance problems easier. With this feature, sysadmins can detect the network path from
a source computer and trace it all the way to the destination service. NetPath works even when
traceroute does not.

SolarWinds Network Performance Monitor has a 30-day free trial.

18
 Contents SysAdmin Magazine July 2021

Observium

Observium is a low-maintenance network monitoring platform that automatically discovers and Open-source adepts can also check LibreNMS, a community-based fork of the last GPL-licensed
supports a wide range of device types, platforms and operating systems. It provides a powerful version of Observium.
yet simple and intuitive interface to the health and status of your network.

The tool is capable of discovering, monitoring and managing your network via SNMP, CDP or
LLDP. TrustRadius reviewers highlight that Observium is easy to set up, use and understand, and
that right after its connection to the device, it initiates monitoring and graphic tracing. However,
due to its overall scale, it is mostly suitable for medium to large networks.

The list of supported devices is huge and is not limited to network devices; it includes Cisco,
Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler and NetApp. The main condition
is that the device supports SNMP. But the collected information can be supplemented by other
methods and protocols, such as syslog, rancid, collectd, smokeping and nfsen. Observium
supports monitoring of sensors via IPMI protocol and offers monitoring of services such as
Apache, Nginx, Mysql and Bind through a Unix agent. It also supports monitoring of virtualized
systems.

The paid version has a process for active notifications. It will not replace real-time notification,
since it is limited to 5-minute intervals for polling devices, but it can cover 60% of notification
needs, and for systems with a small (<50) number of devices, it can be a solid choice.

Observium offers a free Community edition and two types of commercial subscriptions.
Additionally, developers offer paid support of product installation, additional feature development
and tech support.

19
 Contents SysAdmin Magazine July 2021

Free and Open-Source Network Monitoring Solutions

Zabbix
Zabbix is a full-scale tool for network and system monitoring that combines several options in Zabbix allows you to customize the dashboard and web interface to focus on the most important
one web console. It can be configured to monitor and collect data from a wide variety of servers components of the network. Notifications can be based on custom actions that apply to a host
and network devices, and it provides service and performance monitoring of each object. Zabbix or host groups. You can configure actions that will run remote commands if certain event
enables you to monitor servers and networks with a wide range of technologies, including criteria are met. The program displays network bandwidth usage and CPU utilization graphs.
virtualization hypervisors and web application stacks. Zabbix supports VMware, Hyper-V and In addition, Zabbix supports custom maps, screens and even slideshows that show the current
other virtualization hypervisors, providing detailed information about the performance and status of monitored devices. Zabbix can be difficult to implement at the initial stage, but the
availability of the hypervisor and its activity. In particular, it can monitor Java application servers, use of automatic detection and various templates can reduce the challenge. In addition to the
web services and databases. New monitoring hosts can be added manually or through an installation package, Zabbix is available as a virtual device for several popular hypervisors.
automatic discovery process. A wide range of templates are applied by default, such as those
for Linux, FreeBSD and Windows Server operating systems and for SMTP, HTTP, ICMP and IPMI The product is free, but complex, so you will likely need paid support.
protocols.

Zabbix must be installed and configured manually, component by component, on a Linux system
or a virtual machine on a hypervisor. The user interface is not very clear and uses complicated
terminology. There is no client program because it is accessed via HTTPS or SSH, but there is a
mobile application available. The network device discovery process does not have the ability to
browse the network and discover existing devices during product installation; this can be done
later using certain protocols.

This solution can work without agents, using the SNMP protocol, but running an agent on each
device makes using Zabbix a bit easier. However, it’s difficult and time-consuming to install agents
on hundreds or even thousands of devices, and there are certain basic devices, like printers,
where installation of agents is impossible.

20
 Contents SysAdmin Magazine July 2021

Cacti

Cacti is a great network monitoring software tool for graphical representation of the network.
Cacti is a free network monitoring solution and is included in the LAMP (Linux, Apache, MySQL,
PHP) suite, which provides a standardized software platform for building graphs based on any
statistical data. If a network device returns numeric data, then most likely it can be integrated
into Cacti. There are templates for network monitoring platforms like Cisco routers and switches.
Basically any network device that communicates with the SNMP (Simple Network Management
Protocol) can be monitored by Cacti. In addition, scripts in Perl or PHP can also be used for
monitoring. Cacti performs availability and performance monitoring of servers, services and
network devices. It also tracks the workload and availability of network channels.

The central link in this system is graphs — all controlled parameters and settings are somehow
tied to the graphs. Graphs of statistics are presented in the form of a tree in which graphs are
grouped by their criteria. All graphs can be quickly created using supplied templates. Templates
are one of the big advantages of Cacti; the user just selects a template and the graph is ready.
Each graph is described by two elements: settings that define the properties of the graph, and
elements that define the data that should be represented on it. Information displayed on the
chart can be refined on the fly; for example, you can quickly view the data for the past few years
to see if the current behavior of the network equipment or server is abnormal. And with the
help of the Network Weathermap, a PHP plug-in for Cacti, you can create real-time maps of your
network that show the load of communication channels between network devices.

In short, Cacti is a toolkit with extensive capabilities for graphical display and analysis of network
performance trends that can be used to monitor almost any monitored metric that can be
represented in a graph. However, this solution supports almost limitless tuning possibilities,
which can make it too difficult for certain apps.

21
 Contents SysAdmin Magazine July 2021

Spiceworks Network Monitor

Spiceworks Network Monitor is extremely flexible and scalable, allowing independent thresholds
per system or device, so it is a great solution for more granular monitoring of memory, disk
activity and more. The software is quick and easy to implement. It runs on a VM or a physical
box. It’s pretty light on resources, though it can eat up a bunch of disk space; if it is co-located
with another app, the drive can fill quickly if you don’t keep up with the logs or automate cleanup.
The software is agentless, so there is little to no impact on the monitored devices. It can even
monitor SNMP traps from switches, printers, copiers and other devices. It does a great job of
monitoring during off hours.

Spiceworks Network Monitor tracks infrastructure devices, such as switches and routers, for
input/output rate, packets per second and packet loss. It also tracks servers for CPU utilization,
disk utilization, network data rate and packet loss, and memory utilization. You can drill down to
display those parameters graphically in expanded views. However, Spiceworks Network Monitor
does not monitor or manage other devices, including, most notably, mobile ones.

You can choose to look at specific devices in significantly more detail with the Critical Device
Widget. You can click a specific parameter in the Critical Device window, and the graph for that
parameter is expanded and additional details show up on the screen, such as exact numbers
for the total switch bandwidth usage with the stats at each point where the numbers changed.

There are a few disadvantages. Spiceworks Network Monitor provides excellent basic monitoring,
but it doesn’t support SNMP version 3. The software does not reconcile systems that are going
down — sometimes when connection links go down, they do not go back up in the software
though physically they are up again, so they must be deleted and re-added. And the user interface
is rather slow. However, the software is no-cost so there is no risk in giving it a try.

22
 Contents SysAdmin Magazine July 2021

Wireshark

Wireshark is a well-known network traffic monitoring tool. It

works with the overwhelming majority of known protocols,
and it has a clear and logical graphical interface based on
GTK + and a powerful filter system. Moreover, it is cross-
platform, working under Linux, Solaris, FreeBSD, NetBSD,
OpenBSD, Mac OS X and, of course, Windows. Basically,
Wireshark is a packet sniffing tool that reveals the smallest
details of network traffic and network protocols. You can
analyze pcap files and TCP connection, see packet contents,
and search for specific packets in the netflow. If you have
the necessary knowledge, you can effectively troubleshoot
and diagnose a variety of problems that arise in the network
using Wireshark.

Like all tools described in this section, Wireshark is free.

23
 Contents SysAdmin Magazine July 2021

Netwrix Auditor Free Community Edition

Every business-critical device and service must be correctly

configured, and its availability, protection and settings
integrity must be constantly monitored. Netwrix Auditor
Free Community Edition is a free monitoring tool that
gives IT administrators regular updates about all important
changes, logon attempts and events on their network
devices. The daily activity summary reports provide the
crucial “what,” “when” and “where” details and before and
after values for changes on your monitored assets, as well
as other necessary event details.

Like the paid version of Netwrix Auditor, Netwrix Auditor

Free Community Edition is not just a network device
monitoring tool. Rather, it’s a platform that covers many
different systems, from Active Directory to Oracle Databases,
and provides a wide variety of actionable reports on your
infrastructure changes and events.

24
 Contents SysAdmin Magazine July 2021

The Dude

The Dude is a network monitor from the Latvian company

MikroTik that can significantly improve the performance
of the network environment. MikroTik products have
found popularity in small and medium businesses due to
their low price tag, wealth of configuration capabilities and
exceptional build quality.

The Dude automatically scans all devices on specific subnets,

draws and assembles a network map, monitors device
services, and alerts you if a service has problems. You can
not only control your devices, but also manage them. You
can mass-update devices on RouterOS and configure them
directly from the client. The software supports SNMP, ICMP,
DNS and TCP monitoring for devices.

The Dude is easy to install, features automatic network

discovery that detects the type or brand of device, allows
you to create your own maps, and enables you to add
custom devices. The solution works in Linux Wine, macOS
Darwine and Windows environments.

25
 Contents SysAdmin Magazine July 2021

Angry IP Scanner

Angry IP Scanner is a fast and lightweight tool that provides

all the features you’d expect from an advanced network
scanner. If a device has ever lost its IP address on your
network, you know the frustration of trying to find that
device remotely. Angry IP makes scanning your LAN simple:
Set the range of IP addresses you’d like to scan and click Start.
In seconds, your list will fill with your network devices, along
with each device’s ping time, open ports, MAC address and
hostname. You can save favorite IP ranges and hostnames
without having to sign in to an online account; your favorite
information will be stored locally and can easily be saved to
your network or cloud drive.

If you’re looking to scan your web server or an external IP

address, you can do so from the exact same interface, and
once you’ve found what you’re looking for, you can export
your results to CSV, TXT or XML format. Angry IP’s open-
source code allows advanced users to analyze the code and
build their own plug-ins to extend the functionality of the
network scanner.

26
 Contents SysAdmin Magazine July 2021

Advanced IP Scanner

Advanced IP Scanner is a free, fast and powerful network scanner with a user-friendly interface.
In a matter of seconds, Advanced IP Scanner can locate all the computers on your wired or
wireless local network and conduct a scan of their ports. The program provides easy access to
various network resources, such as HTTP, HTTPS, FTP and shared folders. It also enables you to
detect all the IP addresses on your Wi-Fi network.

The remote PC shutdown feature lets you shut down any remote computer or group of
computers running Windows. You can also wake these machines up remotely, provided their
network cards support the Wake-On-LAN function. You can scan RDP resources and access
them directly from Advanced IP Scanner, and as well as run ping, tracert, and SSH commands
on a selected computer.

One of the stand-out features of Advanced IP Scanner is its native integration with Radmin
remote control software. IP Scanner lets you scan your network, find all computers running
Radmin Server, and connect to any of them in Full Control, File Transfer or Telnet mode, with
one click. For simpler batch operations on a subset of computers, you can add machines to a list
of favorites, and Advanced IP Scanner will automatically load the list at startup. You can choose
whether to scan your entire network or just the computers in a Favorites list.

27
 Contents SysAdmin Magazine July 2021

Open NMS

OpenNMS (Open Network Monitoring System) is a free,

open-source program for network monitoring and enterprise
network management. It is backed by a community of users
and developers, as well as the OpenNMS Group, which
offers commercial services, training, support and custom
development. The challenge for the OpenNMS community
is to create a truly distributed and scalable application
performance management platform for all aspects of the
FCAPS model, while keeping the program completely free
and open source. The current development focus is on fault
and efficiency management, so the current functional areas
of OpenNMS include Event Management and Notifications,
Discovery and Provisioning, Service Monitoring, and Data
Collection.

OpenNMS provides a comprehensive fault, performance

and traffic monitoring solution that integrates with business
applications and workflows to monitor and visualize
everything in a network. The platform monitors some of the
largest networks in existence, many with tens of thousands
of networked devices, in the healthcare, technology, finance,
government, education, retail and industrial sectors.
According to OpenNMS Group, customers include 3 of the
top 5 companies on the Fortune 100, as well as multiple
large and multi-state health providers and one of the largest
electronic medical record providers in the United States.

28
 Contents SysAdmin Magazine July 2021

Icinga

Icinga is an open-source computer system and network monitoring application. Since it was
originally created as a fork of the Nagios system monitoring application, it fills a very similar
niche. Icinga has acquired a huge fan base amongst monitoring audiences, and it has features
that you might expect to see only in a costly business solution. Icinga offers a free, open and
complete solution for most operation monitoring — in particular, Icinga is great for monitoring
hosts and alerting on basic metrics. After installing the client on a server, you can monitor local
CPU, memory, processes and more without the need for SNMP. Communication between
client and server is TLS encrypted, adding security where typically there is none. Additionally,
the process allows data to continue to be collected in the event of a communication problem,
queuing the data for upload when communication is restored.

Icinga consists of several modules: Icinga Heart, Icinga CLI/UI and the Icinga Web User Interface.
The user interface can be accessed in graphic or command mode. A wealth of community-
developed plug-ins and community support makes it easy to customize the experience to your
needs, whether you want to monitor various devices and systems, use AD or LDAP for logins,
and even integrate Icinga with Nagios to get the best of both systems.

Of course, the open source nature of Icinga has its own drawbacks: Distributed configurations
can be somewhat challenging to deploy, and the centralized configuration system is somewhat
similar to svn or git, so understanding how this works and using it in practice can be something
of a challenge for beginners.

29
 Contents SysAdmin Magazine July 2021

Cisco Network Assistant

Cisco Network Assistant (CNA) is free tool optimized to apply common services across Cisco switches, routers, wireless controllers
and access points. The most common use for CNA is to configure your devices, as many people feel more comfortable using a GUI
interface rather than the CLI. It is the perfect option for anyone operating a network that utilizes Cisco equipment, and the fact
that this program is free makes it even more attractive. However, there are pitfalls: The tool can track only up to 80 network nodes
simultaneously, which will be enough only for a small to medium sized businesses.

Cisco Network Assistant can find all of the routers and servers in your network and will then draw a network topology diagram. FREE GUIDE
The system offers scheduled reports and warnings on situations that may affect the system. One of the most praised features of
this software is the customer support — setup, troubleshooting and health monitoring of your Cisco infrastructure can be done via
single interface. With a couple of clicks, you can install software upgrades, access device via Telnet or get network inventory reports.
However, keep in mind that CNA is limited to Cisco devices.
Network Security
Best Practices
Free Download

30
 Contents SysAdmin Magazine July 2021

Best Server Server Monitoring Software Tools

Monitoring
First, let’s review the best paid network and Windows Server monitoring software solutions, most of which offer a free trial.
These tools are not ranked – you should choose the one that best suits your needs.

Software Tools PRTG

include flexible alert methods, multiple user interfaces
Paessler PRTG is a network monitoring tool suitable both
for small and enterprise environments. More than just a to choose from, failover-tolerant monitoring, distributed
Jeff Melnick server monitoring solution, PRTG it can monitor any IT-re- monitoring, and customizable maps and dashboards. The
IT Security Expert, Blogger
lated resource that connects to your network. The setup tool has a 20-day trial license, and there is a free version
is dynamic; monitoring capabilities can grow or shrink with limited functionality.
with the business requirements of your organization. Plus,
If you don’t know the state of your network and server
it can send email and SMS alerts based on your custom
health every second of the day, you’re like a blind pilot in-
threshold levels, so you can adjust the sensitivity of spe-
evitably headed for disaster. Fortunately, the market now
cific servers in order to get more frequent warnings from
offers many good tools, both commercial and open source,
critical servers and almost no noise from non-critical ones.
for network and Windows Server monitoring.

PRTG can monitor everything that you need to know about

We’ve put together a list of best open source, free and
your server, such as CPU load, hard disk capacity and per-
paid Windows Server monitoring tools that have proven
formance, RAM utilization, and bandwidth. Administrators
their value in networks of many sizes. We detail their func-
can view the entire server environment at a glance, and
tionality, such as discovering devices, monitoring network Image source: https://hlassets.paessler.com/common/files/screenshots/prtg-v17-4/basics/
customizable dashboards and reports enable them to map-data-center.png
equipment and servers, identifying network trends, graph-
easily generate specific graphs and analytics for specific
ically presenting monitoring results, and even backing up
needs. There are predefined templates to speed the in-
switch configurations and routers.
stallation and configuration process. Other key features

31
 Contents SysAdmin Magazine July 2021

Observium

Observium is a tool for monitoring network equipment and servers that has a huge list of
supported devices using the SNMP protocol. Observium has relatively easy installation and
configuration. It is installed as its own server with a dedicated URL. You can enter the graph-
ical interface and start adding hosts and networks, and set ranges for automatic detection
and SNMP data so that Observium can explore the surrounding networks and collect data
for each detected system. Observium can also detect network devices via CDP, LLDP or FDP.
Depending on the device, data can be collected and displayed for every detected port.

The easy-to-use user interface provides advanced capabilities for statistical display of data,
as well as diagrams and graphs. Observium can display information about the state of the
CPU, RAM, data storage, power supply, temperature and so on from the event log. You can
also include data collection and graphical performance counters for services such as Apache,
MySQL, BIND, Memcached and Postfix. Observium works great as a virtual machine, so it can
quickly become the main tool for obtaining information about the status of servers and net-
works. This is a great way to add auto discovery and graphical representation to a network of
any size. A free edition with limited functionality is available.

Image source: https://www.observium.org/images/ss-dev-linux.png

32
 Contents SysAdmin Magazine July 2021

Netwrix Auditor for Windows Server

Even the best infrastructure monitoring tools are not enough. If you detect a Windows Server
performance issue, you need to be able to quickly inspect system settings and analyze the
latest configuration changes to determine the cause of the issue and fix it before business
processes suffer. Therefore, a system monitoring tool is also essential. Netwrix Auditor for
Windows Server provides complete visibility into your system settings and changes. For ex-
ample, you can easily see the current state of your system and review all changes that were
made to your Windows servers, such as installation of software and hardware and changes to
scheduled tasks, services and registry. You can configure alerts to be notified any time there
is a suspicious change or series of changes.

The application is part of the Netwrix Auditor platform, which delivers information in a uni-
fied and consistent way across your infrastructure, thanks to a consolidated audit trail across
a wide variety of IT systems, including Active Directory, Windows Server, Oracle Database
and network devices. Netwrix Auditor is not just a really valuable server administration and
monitoring tool; it’s an enterprise-level software platform that gives you complete visibility
into changes, configurations and access across your cloud and on-premises IT environments.
Product installation is straightforward, and the UI is user friendly and robust. Reports and
alerts are very clear and nicely structured, with detailed data for each reported event, which
makes Netwrix Auditor a great tool for monitoring setup and changes in Windows Server, net-
work devices and other key systems in your infrastructure. Plus, you get file analysis, user be-
havior and blind spot analysis, risk assessment, built-in search of audit data, alerts on threat
patterns, and user activity video recording. There is a 20-day free trial, as well as a free com-
munity edition with limited functionality.

33
 Contents SysAdmin Magazine July 2021

Datadog

Datadog is a surveillance, safety and analytics tool for developers, IT operation teams, securi-
ty engineers and cloud-based business users. It combines and automates infrastructure sur-
veillance, application performance tracking and log management to ensure that your whole
technology stack is tracked uniformly and in real time. It can be an excellent network and
service monitoring service for mid-sized IT shops, thanks to tons of integrations, dashboards
and customizable alerts.

Datadog is highly praised by service providers for its simple cloud-hosted model, customiz-
able views, and ability to seamlessly aggregate metrics and events across your full stack: SaaS
and cloud providers, automation tools, monitoring and instrumentation, source control and
bug tracking, databases and common server components. However, it does not have auto-
matic device detection and requires a lengthy initial setup process. There is a 14-day free trial
that allows you to monitor as many servers as you like.

Image source: https://imgix.datadoghq.com/img/blog/data-driven-notebooks/notebooks_postmortem.png?auto=format&fit=-

max&w=698

34
 Contents SysAdmin Magazine July 2021

Panopta

Fortinet Panopta is a web-based SaaS monitoring solution that helps service providers and
businesses track network and server performance in cloud, on premises and hybrid environ-
ments. The built-in incident handler provides a centralized platform for managing incidents
and resolved issues.

The cloud monitoring functionality of Panopta can perform automatic checks on application
performance, disk space usage, load balancers and many other applications. Utilization of
OpenStack lets you manage servers across Linux, Unix, Windows and Mac operating systems.
Dashboards provide histograms, topology charts and color-coded heat maps to visualize, filter
and segment data. Panopta’s API lets users integrate the system with various third-party ap-
plications and native applications to monitor activities remotely. As a result, this system pro-
vides highly versatile testing, monitoring and automation platform for all major infrastructure
devices including servers, databases, firewalls, routers, and more. The solution lacks SNMP
polling and is limited to ICMP monitoring.

Some users do complain that some of Panopta’s dashboards are difficult to change and some
features can take some time to get used to. Additionally, there is a time investment to learn
and set up the system; however, it is time well spent, since once you understand the system,
it will help you achieve process transparency in your organization. You can request a 30-day
free trial. Image source: https://d2t60rd7vcv5ly.cloudfront.net/latest_screenshots/1561525948234_3_b_50.png

35
 Contents SysAdmin Magazine July 2021

Atera

Atera is an integrated solution that includes everything you need in one place: full remote
monitoring and management, professional services automation, remote access, patch man-
agement, billing, reporting, and more. The pricing model helps managed service providers
grow their business with no extra costs, as plans include unlimited devices with payments
per technician. All of your clients can be accessed through single central location, while patch
management and remote management features save technicians lots of time and increase
their ability to perform preventative maintenance.

Atera’s alerts are versatile and the ability to customize different locations is impressive. Some
users say that the integrations with Splashtop and Teamviewer are major advantages of the
product. Remote task automation, software patch management and automated software in-
stallation are invaluable aids to IT admins. Atera constantly improving their product and add-
ing new features.

However, some users consider Atera’s reporting very basic, highlighting the lack of customiza-
tion — you can create custom fields, but there is no way to show them on any report. Also, the Image source: https://cdn.mos.cms.futurecdn.net/5bhsnY9MwnwJgDNZk5Lxp6.jpg

agents will sometimes go offline, usually requiring to restart of the services, either manually
or via scripting. Altera offers a 30-day free trial.

36
 Contents SysAdmin Magazine July 2021

OpsView Monitor

Opsview Monitor is a comprehensive monitoring solution that is widely used by both IT de-
partments and external partners like service providers. Key features include customizable
dashboards, business service monitoring, alerts, reports and graphs, process maps, and in-
frastructure auto-discovery.

The solution monitors applications, web servers and other resources. It provides complete
monitoring and customization capabilities, and is easy to use. Opsview Monitor integrates
with other Opsview products and add-ons, such as Elastic Stack for workflow automation and
system monitoring. It helps keep track of a variety of infrastructures, from Windows Server
and Active Directory to AWS to container orchestration frameworks and hundreds of stand-
alone applications. This helps international support teams detect issues before their custom-
ers are affected and provide customers with an SLA dashboard. Users emphasize OpsView’s
ease of management, the simplicity of migration from other solutions, the scalable and intu-
itive user experience, and the variety of integration options. According to some commercial
users, it can be quite expensive, built-in cloud monitoring packages need to be improved, and
Image source: https://upload.wikimedia.org/wikipedia/commons/8/8d/Opsview_Monitor_6.0_Dashboard.jpg
some features are missing from the SMB version. Opsview offers a free version with limited
features for organizations with fewer active users.

37
 Contents SysAdmin Magazine July 2021

Free and Open Source Server Monitoring Tools

Now let’s explore the best free and open source tools for monitoring Window Server. Like the commercial
solutions, they are not listed in a ranked order; you should choose the one that best suits your needs.

Cacti

Cacti is an open source network monitoring tool that offers a solid graphical representation
of the network. Cacti is free to download and is included in the LAMP (Linux, Apache, MySQL,
PHP) suite, which provides a standardized software platform for building graphs based on
any statistical data. If a device or service returns numeric data, then most likely it can be inte-
grated into Cacti. There are templates for server application monitoring platforms from Linux
and Windows servers to Cisco routers and switches — basically anything that communicates
with SNMP (Simple Network Management Protocol). Although the standard method for col-
lecting Cacti data is the SNMP protocol, scripts in Perl or PHP can also be used.

Cacti divides data collection and graphic display into discrete instances, which makes it easy
to re-process and reorganize data for various visual representations. For example, you can
quickly view the data for the past few years to see if the current behavior of the network
equipment or server is abnormal. And with the help of the Network Weathermap, a PHP plug-
in for Cacti, you can create real-time maps of your network that show the load of communi-
cation channels between network devices. Thus, Cacti is a toolkit with extensive capabilities
for graphical display and analysis of network performance trends that can be used to monitor
almost any monitored metric that can be represented in a graph. However, this solution sup-
ports almost limitless tuning possibilities, which can make it too difficult for certain apps.

Image source: https://www.cacti.net/images/cacti_promo_main.png

38
 Contents SysAdmin Magazine July 2021

Icinga

Icinga is another great open source network monitoring

tool. Icinga began as a branch of the Nagios monitoring
system (described below) but was recently rewritten into a
stand-alone solution known as Icinga 2. At this point, both
versions of the program are in active development and
are available for use. While Icinga 1.x is compatible with
a large number of Nagios plug-ins and configurations, Ic-
inga 2 was designed to be less cumbersome, have a per-
formance orientation and be more user-friendly. It offers
a modular architecture and multi-threaded design, which
is not true of either Nagios or Icinga 1. There are several
variations of web interface for Icinga.

The Icinga platform is as open and extensible as Nagios.

The main difference is the configuration process: Icinga
can be configured via the web interface, while Nagios uses
configuration files and the command line. For those who
prefer to manage their monitoring software without the
command line, this functionality will be a real gift. Icinga Image source: https://screenshots.debian.net/screenshots/000/013/842/large.png
integrates with many software packages for monitoring,
such as PNP4Nagios, inGraph and Graphite, providing reli-
able visualization of your network.

39
 Contents SysAdmin Magazine July 2021

Nagios
Nagios is a powerful network monitoring tool that has been in active development for many
years. Nagios allows system and network administrators to accomplish almost anything they
might need a monitoring application to do. The web interface is fast and intuitive, and the
server part is extremely reliable. Nagios’s rather complex configuration can be a problem for
beginners, but it is also an advantage, since the tool can be adapted to almost any monitor-
ing task. Like Cacti, Nagios boasts a very active community that supports the tool, so various
plug-ins exist for a huge variety of hardware and software. Nagios enable you to continuously
monitor the status of servers, services, network channels and everything else that the IP net-
work layer protocol understands. For example, you can monitor the use of disk space on the
server, RAM and CPU usage, FLEXlm license usage, server air temperature, WAN and internet
connection latencies, and much more.

Obviously, any monitoring system for servers and networks will not be complete without noti-
fications. The Nagios software platform offers a customizable mechanism for notifications via
e-mail, SMS and instant messaging via the most popular internet messengers, as well as an
escalation scheme that can be used to make reasonable decisions about who should be no-
tified when and in what circumstances. In addition, the display function shows all monitored
devices in the logical representation of their placement on the network, with color coding that
Image source: https://www.nagios.com/wp-content/uploads/2017/10/XI_Home_Dashboard.png
highlights problems as they arise.

The main disadvantage of Nagios is its configuration process — it is mostly done through the
command line, which greatly complicates installation if you’ve never worked with it before.
People familiar with standard Linux/Unix configuration files, however, should not experience
any particular problems. The possibilities of Nagios are huge, but the effort required to use
some of them may not always be worth it. But the advantages of the early warning system
metrics provided by this tool for so many aspects of the network are hard to overstate. Nagios
XI is free for up to 7 nodes after the trial.

40
 Contents SysAdmin Magazine July 2021

Netwrix Auditor Free Community Edition

Every business-critical server and service must be correct-

ly configured, and its availability and protection must be
constantly monitored. Netwrix Auditor Free Community
Edition is a free monitoring tool that gives IT administra-
tors regular updates about all important changes to their
Windows Server. The daily activity summary reports pro-
vide the crucial “what,” “when” and “where” details and be-
fore and after values for changes on your Windows Server
and other monitored assets.

Netwrix Auditor Free Community Edition, like the paid ver-

sion of Netwrix Auditor, is not just a Windows Server mon-
itoring tool. Rather, it’s a platform that covers many differ-
ent systems, from Active Directory to network devices and
Oracle Database.

41
 Contents SysAdmin Magazine July 2021

Ntop

The Ntop project, better known as Ntopng, is a first-class

network monitoring tool with a fast and easy web interface.
This packet analysis tool displays real-time data about net-
work traffic, including information about host data flows
and host connections in real time. Ntop provides good
graphs and tables showing current and past network traf-
fic, including the protocol, source, purpose and history of
specific transactions. In addition, you will find an impres-
sive set of graphs, charts and maps of real-time network
usage.

A modular architecture allows for a huge number of add-

ons. Ntop includes an API for the Lua scripting language,
which can be used to support extensions. Ntop can also
store host data in RRD files for permanent data collection.
One of the most useful applications of Ntopng is traffic
control in a specific location. For example, if some of your
network channels on your network map are highlighted in
Image source: https://screenshots.debian.net/screenshots/000/014/494/large.png
red and you don’t know why, you can use Ntopng to get
a per-minute report about the problematic network seg-
ment and quickly see which hosts are responsible for the
issue. The advantage of such visibility of the network is dif-
ficult to overstate, and it is very easy to get.

42
 Contents SysAdmin Magazine July 2021

NeDi
If you’ve ever had to search for devices on your network to connect through the Telnet proto-
col to your switches and perform a MAC address lookup, or determine the physical location
of certain devices, then you will be interested in NeDi. NeDi constantly looks at the network
infrastructure and catalogs the devices, tracking everything that it detects. Like Cacti, NeDi is
a completely free tool related to LAMP. It regularly scans MAC addresses and ARP tables in
switches of your network, cataloging each detected device in a local database. This tool is not
well known, but it can be very convenient in corporate networks in which devices are con-
stantly changing and moving.

You can use the NeDi web interface to search for a switch, switch port, access point or any
other device by MAC address, IP address or DNS name. NeDi collects all the information pos-
sible from every network device it encounters, pulling out serial numbers, firmware and soft-
ware versions, current time parameters, module configurations, and so on. You can even use
NeDi to mark the MAC addresses of devices that have been lost or stolen; if they reappear in
the network, NeDi will tell you about it.

Configuration management is simple: A single configuration file allows you to significantly

increase the number of settings and skip devices based on regular expressions or specified
network boundaries. NeDi typically uses the Cisco Discovery Protocol or the Link Layer Dis- Image source: https://www.nedi.ch/wp-content/uploads/monhealth.jpg

covery Protocol to discover new switches and routers, and then connects to them to collect
their information.

43
 Contents SysAdmin Magazine July 2021

Spiceworks Network Monitor

Spiceworks Network Monitor is a simple and free server
monitoring software for server and network monitoring.
It is extremely flexible and scalable, allowing independent
thresholds per system or device. Spiceworks Network
Monitor is a great solution for more granular monitoring
of memory, disk activity and more.

The software is quick and easy to implement. It runs on a

VM or a physical box. It’s pretty light on resources, though
it can eat up a bunch of disk space, so if it is co-located with
another app, the drive can fill quickly if you don’t keep on
the logs or automate cleanup. The software is agentless,
so there is little to no impact on the monitored devices.
It can even monitor SNMP traps from switches, printers,
copiers and other devices. It does a great job monitoring
off-hours. The monitoring is done on servers, switches, ap-
pliances — both physical and virtual. Image source: https://3upg5n1ajpdonqkkp34tcif1-wpengine.netdna-ssl.com/wp-content/uploads/2019/12/Monitor-2-ToggleFeature-Zoom-scaled.png

There are a few disadvantages. The software does not rec-

oncile systems that are going down — sometimes when
connection links go down, they do not go back up in the
software even though physically they are up again, so they
must be deleted and re-added. And the user interface is
rather slow. However, the software is no-cost so there is
no risk in giving it a try.

44
 Contents SysAdmin Magazine July 2021

Zabbix

Zabbix is a full-scale tool for network and system monitoring that combines several functions
in one web console. It can be configured to monitor and collect data from a wide variety of
servers and network devices, and it provides service and performance monitoring of each ob-
ject. Zabbix enables you to monitor servers and networks with a wide range of tools, including
monitoring virtualization hypervisors and web application stacks.

Zabbix normally works with software agents running on controlled systems. But it can also
work without agents, using the SNMP protocol. Zabbix supports VMware, Hyper-V and other
virtualization hypervisors, providing detailed information about the performance and avail-
ability of the hypervisor and its activity. In particular, it can monitor Java application servers,
web services and databases. New monitoring hosts can be added manually or through an
automatic discovery process. A wide range of templates are applied by default, such as those
for the Linux, FreeBSD and Windows Server operating systems and the SMTP, HTTP, ICMP and
IPMI protocols.

Zabbix allows you to customize the dashboard and web interface to focus on the most im-
portant components of the network. Notifications can be based on custom actions that apply Image source: https://assets.zabbix.com/img/5.2/screenshots/1-monitoring-dasboards.png

to a host or host groups. You can configure actions that will run remote commands if certain
event criteria are met. The program displays network bandwidth usage and CPU utilization
graphs. In addition, Zabbix supports custom maps, screens and even slideshows that show
the current status of monitored devices.

Zabbix can be difficult to implement at the initial stage, but the use of automatic detection
and various templates can reduce the challenge. In addition to the installation package, Zab-
bix is available as a virtual device for several popular hypervisors.

45
 Contents SysAdmin Magazine July 2021

Netdata

Netdata is a free, open source monitoring tool designed to ty components, or it can be integrated into existing mon-
collect real-time metrics like memory and CPU utilization, itoring tools (Prometheus, Graphite, OpenTSDB, Kafka,
disk activity, bandwidth usage, website visits, etc., and Grafana, etc.). It provides fully responsive HTML5 graphs,
then display them in real-time charts and dashboards. Its bar and pie charts for system performance issues, latency,
real-time alert functions and highlighting of problems on speed, load, load average and many other health-related
the live dashboard are great for proactive and active mon- metrics related to services running on a host where it is
FREE GUIDE
itoring of resources and systems, without the need to per- installed.
form complex SSH checks and use various filters to access
the data of interest. Netdata is powerful, lightweight, and easy to install and
configure. It fast and efficient; it is designed to work con-
Windows Server
The drawback of Netdata is that it is not a specifically Win-
dows performance monitoring tool, so without special
tinuously in all systems (physical devices and virtual serv-
ers, containers, IoT devices) without disrupting their main Security Best
Practices
forks and derivatives from this open source tool, it is im- function. It runs on a wide variety of operating systems,
possible or almost impossible to track all inherent param- including Windows Server, Linux, FreeBSD, macOS and
eters. Therefore, any virtual server systems on Microsoft more.
Hyper V base will not be monitored with this tool, so you
Free Download
need to resort to expensive proprietary tools.

Netdata is a distributed tool for monitoring the perfor-

mance and health of systems and applications in real
time. It has an optimized performance monitoring agent
that you can install on all your systems and containers.
Netdata provides unparalleled real-time insights into ev-
erything that happens on the systems it monitors (includ-
ing web servers, databases, applications) using interactive
Image source: https://i.imgur.com/cC4tkMS.png
web panels. It can work standalone, without any third-par-

46
 Contents SysAdmin Magazine July 2021

Active Directory Getting Started with AD Auditing

Auditing Guidelines Using Audit Policy

To specify which system events and user activity to track, ignored, even if you later turn the Advanced Auditing off.

Jeff Melnick you use the Audit Policy settings in Active Directory Group As such, it is recommended to use Advanced auditing if you
IT Security Expert, Blogger Policy. Basically, you determine which types of events you are not currently performing any auditing.
want to audit and specify the settings for each one. For in-
stance, you can log all events when a user account is dis- ▪ Basic policies can be set by going to Computer
Active Directory and AD Group Policy are foundational el-
abled or a bad password is entered. Configuration > Policies à Windows Settings > Security
ements of any Microsoft Windows environment because
Settings > Local Policies à Audit Policy.
of the critical role they play in account management, au-
Like other Group Policy settings, auditing is configured us- ▪ Advanced policy settings can be found under Computer
thentication, authorization, access management and op-
ing the Group Policy Management Editor (GPME) tool in the Configuration > Policies à Windows Settings > Advanced
erations. Accordingly, proper Active Directory auditing is
Group Policy Management console (GPMC). Note that by Audit Policy Configuration > Audit Policies.
essential for both cybersecurity and regulatory compli-
default for devices that are joined to a domain, audit set-
ance. For example, organizations need to know who creat-
tings for the event categories are set at relatively low min-
ed new accounts and keep a close eye on access rights by Audit policy scope
imum level and should be refined. On domain controllers,
reviewing changes to the membership of user and admin-
auditing is often enhanced but not necessarily to the level
istrative groups. You can define auditing policies for both the entire domain
that you want to track by default.
and individual organizational units (OUs). Note that a set-
However, Active Directory does not audit all security events ting configured at the OU level has higher priority than a
To audit Active Directory, you can use either the basic (lo-
by default — you must explicitly enable auditing of import- domain-level setting and will override it in case of conflicts.
cal) security audit policy settings or the advanced security
ant events so that they are recorded in the Security event You can check the resulting policies using the auditpol com-
audit policy settings, which enable more granularity. Micro-
log. This article provides recommendations for setting up mand-line utility.
soft does not recommend using both, since that can lead to
auditing in your Active Directory environment, using the
“unexpected results in audit reporting.” In most cases, when
Netwrix Audit Policy Best Practices as a reference.
you turn the Advanced auditing on, legacy auditing will be

47
 Contents SysAdmin Magazine July 2021

Configuring the Security log Which AD security log events to track

You’ll also need to specify the maximum size and other The key to effective auditing is knowing which events to log. If you track too many events, your logs will be so full of noise that they’ll
properties of the Security log using the Event Logging policy be hard to analyze and they’ll overwrite themselves quickly. But if you fail to track critical events, you’ll be unable to detect malicious
settings. To change settings via GPME, navigate to Computer activity and investigate security incidents. Here are the recommended events to track to strike the right balance.
Configuration > Policies > Windows Settings > Security Set-
tings > Event Log and double-click the policy name, such as
Audit account logon events Audit logon events
“Maximum security log size policy” or “Retain security log”.
According to Microsoft, the recommended maximum log To detect unauthorized attempts to log in to a domain, it This policy can record all successful and failed attempts to
size for modern OS versions is 4Gb, and the recommended is necessary to audit logon events — both successful and log on or off a local computer, whether by using a domain
maximum total size for all logs is 16Gb. You can view the failed. Audit account logon events provides a way to track account or a local account. This information is useful for
logs with Event Viewer. authentication events, such as NTLM and Kerberos authen- intruder detection and post-incident forensics. Microsoft
tication. It should not be confused with Audit logon events, provides descriptions of the various event IDs that can be
which defines the auditing of every user attempt to log on to logged.
or log off from a computer, as explained in the next section.
The minimum recommended advanced settings are:
Here are the recommended settings for the advanced Audit
account logon events policy: ▪ Audit Account Lockout: Success, Failure
▪ Audit Group Membership: Success
▪ Audit Credential Validation: Failure ▪ Audit Logoff: Success, Failure
▪ Audit Kerberos Authentication Service: Success, Failure ▪ Audit Logon: Success, Failure
▪ Audit Kerberos Service Ticket Operations: Failure ▪ Audit Special Logon: Success, Failure
▪ Audit Other Account Logon Events: Success, Failure

Note that logoff events are not tracked on domain control-

lers, unless you are actually logging into that specific Do-
main Controller.

48
 Contents SysAdmin Magazine July 2021

Account management Object access Privilege use

Carefully monitoring all changes to user accounts helps Audit this only if you need to see when someone used Turn this on only if you want to track each instance of user
minimize the risk of business disruption and system un- privileges to access, copy, distribute, modify or delete files privileges being used. Enabling this policy can generate a
availability. on file servers. Enabling this setting can generate a large large volume of entries in your Security logs, so do so only
volume of Security log entries, so use it only if you have if you have a specific use for that data. To enable this poli-
At a minimum, it is recommended to set the basic Audit a specific use for that data. The recommended advanced cy, configure the following:
Account Management policy to “Success”. If you are using settings are:
Advanced audit policies, set them as following: ▪ Audit Sensitive Privilege Use: Success, Failure
▪ Audit Detailed File Share: Failure
▪ Audit Application Group Management: Success, Failure ▪ Audit File Share: Success, Failure
Process tracking (sometimes called Detailed
▪ Audit Computer Account Management: Success ▪ Audit Other Object Access Events: Success, Failure
Tracking)
▪ Audit Distribution Group Management: Success ▪ Audit Removable Storage: Success, Failure
▪ Audit Other Account Management Events: Success
Available only in advanced audit policy, this setting is fo-
▪ Audit Security Group Management: Success
Policy change cused on process-related audit events, such as process
▪ Audit User Account Management: Success, Failure
creation, process termination, handle duplication and in-
Improper changes to a GPO can lead to security incidents direct object access. It can be useful for incident investiga-
Directory service access and violations of data privacy mandates. To reduce your tions, but it can generate a large volume of entries in your
risk, set up following advanced settings: Security logs, so enable it only if you have a specific use for
Monitor this only if you need to see when someone access- the data. The recommended settings are:
es an AD object that has its own system access control list ▪ Audit Policy Change: Success, Failure
(for example, an OU). In that case, it is recommended to ▪ Audit Authentication Policy Change: Success, Failure ▪ Audit PNP Activity: Success
configure the following settings: ▪ Audit MPSSVC Rule-Level Policy Change: Success, Failure ▪ Audit Process Creation: Success
▪ Audit Other Policy Change Events: Failure
▪ Audit Directory Service Access: Success, Failure
▪ Audit Directory Service Changes: Success, Failure

49
 Contents SysAdmin Magazine July 2021

System Conclusion and next steps

It is wise to log all attempts to start, shut down or restart Setting up the correct audit policies is a great start — but
of a computer, as well as all attempts by a process or pro- it’s only half the battle. You also need to be able to analyze
gram to do something that it does not have permissions the logs. Unfortunately, modern IT environments are so
to do, such as malicious software trying to change settings complex and busy that logs often become too large to sift
FREE GUIDE
on your computer. Recommended advanced settings are: through effectively, and the audit log can even overwrite it-
self. Single-purpose software tools can help with particular
▪ Audit Security State Change: Success, Failure
▪ Audit Other System Events: Success, Failure
tasks, but the resulting patchwork of solutions hurt system
performance without delivering the broad and deep visi-
Audit Policy Best
▪ Audit System Integrity: Success, Failure
▪ Audit Security System Extension: Success
bility you need.
Practices
Netwrix Auditor efficiently monitors Active Directory and
Group Policy changes, logon activity and configuration
states, and puts actionable data about who did what in your Free Download
Active Directory at your fingertips throughout-of-the-box
and custom reports and alerts. The interactive search en-
ables you to find the information you need in an instant,
while the behavior anomaly discovery and risk assessment
capabilities take AD security to the new level. With the two-
tiered data storage, you can retain your audit trail as long
as required in the long-term archive, while keeping recent
audit events readily available for quick access. Netwrix Au-
ditor can even configure proper audit settings automatically
during installation, taking the burden of audit setup off your
shoulders.

50
 Contents SysAdmin Magazine July 2021

[On-Demand Webinar]

[AD & Azure AD: Better Together] Watch this on-demand webinar for proven strategies for making your trusted Active Directo-
ry and your Azure AD tenant work together, enabling a seamless user experience and strong

Getting Maximum Value security.

from Infrastructure Enterprise Mobility MVP Sander Berkouwer shares his expertise:

• The benefits of using Active Directory and Azure AD together

Security Services • How to properly configure infrastructure security services, including Azure AD Conditional
Access, Multi-factor Authentication (MFA), Connect Health, Identity Protection, and Password
Protection
• How to track both on-prem AD logins and Azure AD sign-ins in one dashboard
Sander Berkouwer David Metzgar
• How to quickly detect and report on security changes in AD and Azure AD
Microsoft MVP and MCT Solutions Engineer

Watch Now

51
 Contents SysAdmin Magazine July 2021

How-to for IT Pros "ScheduledTasks"

schtasks.exe /query /V /FO CSV | Con-
USING POWERSHELL TO LIST SCHEDULED TASKS ON vertFrom-Csv | Where { $_.TaskName -ne
WINDOWS MACHINES "TaskName" -and $_.TaskName -like
"*powershell*"}|Select-Object @{ la-
1. Open the PowerShell ISE and create a new file with the bel='Name'; expression={split-path
following PowerShell script, being sure to input the $_.taskname -Leaf} }, Author ,'run as
computer name and output path: user','task to run'| Format-Table -Prop-
erty * -AutoSize| Out-String -Width 4096
# To export to CSV, add this string to
$cred = Get-Credential
the previous command: | Export-Csv c:\
$comp = "PDC"
Out\filename.csv - NoTypeInformation
$session = New-PSSession -ComputerName
}
$comp -Credential $cred
Invoke-Command -Session $session
$script = {
-ScriptBlock $script
"Services:"
Get-WmiObject win32_service -ErrorAc-
tion Stop| where {$_.StartMode -like
'Auto' -and $_.Startname -notlike '*lo- 2. Run the script using the credentials for an account
cal*' -and $_.Startname -notlike '*NT that has administrator rights on the local computer in
AU*'}| Select-Object Name, DisplayName, question.
State, StartMode, StartName | Format-Ta-
ble -Property * -AutoSize| Out-String 3. Review the resulting report:
-Width 4096
# To output to CSV, add this string to
the previous command: | Export-Csv c:\
Out\filename.csv - NoTypeInformation

52
 Contents SysAdmin Magazine July 2021

This is the free Windows Server monitoring solution you’ve been looking for!

FREE TOOL OF THE MONTH The tool provides visibility into what’s happening in your Windows-based server infrastructure. It tracks changes to your Windows
Server configuration, such as the installation of software and hardware, and changes to services, network settings and scheduled
tasks.

Netwrix Auditor
for Windows
Server
Download Free Tool

53
 About Netwrix
What did you think Netwrix is a software company that enables information security and governance professionals to reclaim control over
of this issue? sensitive, regulated and business-critical data, regardless of where it resides.

Over 10,000 organizations worldwide rely on Netwrix solutions to secure sensitive data, realize the full business value of
enterprise content, pass compliance audits with less effort and expense, and increase the productivity of IT teams and
knowledge workers.

For more information visit www.netwrix.com

CORPORATE HEADQUARTER: PHONES: OTHER LOCATIONS:

300 Spectrum Center Drive 1-949-407-5125 Spain: +34 911 982608 Switzerland: +41 43 508 3472 Hong Kong: +852 5808 1306
Suite 200 Irvine, CA 92618 Toll-free (USA): 888-638-9749 Italy: +39 02 947 53539
Netherlands: +31 858 887 804 France: +33 9 75 18 11 19

Sweden: +46 8 525 03487 Germany: +49 711 899 89 187

565 Metro Place S, Suite 400 1-201-490-8840
Dublin, OH 43017

netwrix.com/social
5 New Street Square +44 (0) 203 588 3023 SOCIAL:
London EC4A 3TW