Monitoring network devices with Web Transaction Monitor

Q: Network routers I use come with SNMP interface, but not all the parameters I see in device’ Web interface are visible through SNMP. How do I monitor those parameters without breaching network security? A: SNMP is most often used to control devices and perform network analysis, often used for automated processing (handling data provided for machine processing). Wherever possible, SNMP protocol should be used (version 3 if maximal security should be maintained). However, most devices nowadays, apart from SNMP and other access protocols, do support HTTP/HTTPS, and certain important information can be found via HTTP quicker than by analyzing SNMP. Web interface is for human operators, and most part of it can be easier to find and validate. Simply put, to open certain Web interface page and find string “Enabled” might be simpler than looking up through device’s technical reference and determining, which SNMP variables should be interpreted in which manner. Also, there are cases when SNMP results would require calling a script to interpret them, or might be present in format different from its meaning (such as integer values stored like string variables). IPNetwork Monitor offers another tool to handle this problem. In such a case it might be simpler to open the device’s Web interface with Web Transaction Monitor, navigate to required page(s) and validate the pages contents. Note that every step of Web Transaction Monitor sequence may include content verification; thus, you can “pack” several sanity tests into single monitor (even though it might be tricky to interpret quickly, which page provided wrong validation). If device support HTTPS, the monitoring won’t disrupt network security, if it is not – it is advised to check what can be intercepted by third parties sniffing the traffic. Advantages of using Web Transaction Monitor to watch network device state:

• if HTTPS is supported, the whole interaction is better protected from interception
• Web pages are written for human operators; many important parts displayed can be easily found and put to monitoring, by looking for proper string on the page
• many pages can be checked in single Web Transaction Monitor

Disadvantages of using Web Transaction Monitor in such cases:

• Web Transaction Monitor is resource-consuming; it might work significantly slower than SNMP protocol and other alternatives
• if a page failed validation during Web Transaction Monitor sequence, the rest of pages won’t be checked
• Web monitor isn’t optimal for network analysis (traffic, volume etc)

You should decide on case by case basis, whether using Web Transaction Monitor is simpler (even if it requires more resources).
 

Related links