- Manage security baselines and compliance policies using Intune - Mon, Nov 29 2021
- Block the installation of USB devices on Windows PCs using Intune - Tue, Nov 23 2021
- Passwork: An easy-to use password manager for the enterprise - Thu, Nov 18 2021
Monitoring today’s very complex and challenging IT environments generally requires automated solutions that monitor infrastructure and send alerts when needed. However, many products suffer from false positives and alert spam that make it difficult to differentiate between real events and false positives. NetCrunch promises to solve these problems.
The tool has some interesting takes on alerting and monitoring that can reduce false positives and bring real environment issues to the surface. Read on to learn about the features related to monitoring and alerting in NetCrunch 10.8.1. These features include automatic alert correlations, pending alerts, conditional alerts, business status nodes, and rule-based monitoring with packs.
Monitoring packs ^
NetCrunch is agentless. It also has monitoring packs, sets of rules with default monitoring policies and thresholds based on specific device types. For example, all nodes detected as Windows servers are assigned a Windows server monitoring pack.
By default, NetCrunch has recommended values provided by Microsoft for commonly monitored Windows server components. These are included in the Windows server monitoring packs. However, you can create your own with custom values, or you can simply edit the NetCrunch defaults.
Most people will find the pack defaults sufficient for monitoring most—if not all—device types contained in common enterprise environments. Right now, NetCrunch has 222 packs. They’re a unique concept for monitoring and alerting. Conceptually, they’re different from the methods used by other solutions. While the concept may seem strange at first, you can easily pick up the idea in just a few minutes—and once you understand what the packs can do, they’ll save you quite a bit of time setting up monitoring across your environment.
For example, you don’t have to search to find correct thresholds and items so you can monitor your environment for various device types. The monitoring packs take care of this task for you. Plus, default monitoring rules are automatically applied, depending on device types detected across your environment which saves a lot time with. Because of this, I found the packs extremely helpful with efficiently setting up monitoring across a diverse test environment.
Conditional alerts, pending alerts, and alert correlations ^
Defining how alerts need to be triggered and performing actions on those alerts are key tasks that you’ll no doubt want a monitoring solution to handle for you—and in the realm of alerting, this is where NetCrunch really shines. One particular challenge with monitoring is tuning so that false positives are minimized. NetCrunch’s built-in alerting and correlation concepts and capabilities make the process much easier than with other platforms.
One capability you’ll find extremely powerful is the conditional alert. With it, you can define highly customized alerts that allow you to trigger actions, even when there’s no event to trigger from. In fact, you may want to perform an action base in the absence of an event. An example given by NetCrunch is triggering an action based on the absence of a log entry related to your backup operation. If a backup doesn’t run on a specific server, you may want to perform any number of actions. Conditional alerts also allow you to prevent alerts from being sent until various actions have taken place. This is a feature that makes NetCrunch highly efficient and that prevents as many false positives as possible.
NetCrunch also features alert correlations: if an alert is triggered based on a certain condition, and the condition clears, the event is automatically closed. This allows for pending alerts. I found this to be a nice feature that let me quickly pay attention to conditions as they happened. I didn’t waste time sifting through alerts that were potentially invalid.
The platform also allows for specific alert-close actions, whether the alerts are notifications or other actions. External events gathered from an SNMP trap or syslog message can be correlated, so you can add a correlating closing event to any alert. NetCrunch has advanced correlation features for this concept that allow for further correlated alerts; they can be triggered if multiple alerts go off for a group of devices at the same time.
Business status nodes ^
Alerts and monitoring packs aren’t the only benefits of this NetCrunch version. An extra component can be added as well: an advanced monitoring and alerting module. With this add-on, you can take advantage of a feature AdRem Software refers to as a business status node.
If you have a business, this node can take the correlation capabilities of NetCrunch to the next level and helps you group any number of interrelated monitors and alerts into a single virtual node. The node can then help you get an idea of the current statuses of business-critical services and how they’re functioning as a whole. Business status nodes can also comprise many different devices, connections, services, and other monitored nodes, virtually grouped. However, a downside to this is that you have to pay for a license upgrade on top of the regular NetCrunch license.
Subscribe to 4sysops newsletter!
Final thoughts and overall impressions ^
Taking NetCrunch for a spin in my test environment proved to be a really good experience. The platform’s advanced and default settings made everything extremely easy. The product offered very powerful features and capabilities right out of the box, and AdRem Software’s take on monitoring and alerting with monitoring packs, alert correlations, conditional alerts, and pending alerts made NetCrunch truly unique compared to other solutions on the market. It would be nice to see business status nodes in the default license, but the advanced monitoring and alerting module may be worth the extra money for companies looking to monitor business-critical services as a whole.