How to monitor network activity using Windows Firewall logs. Network activity of programs Monitoring computers on the enterprise local network

The mantra of the real estate world is Location, Location, Location. For the world of systems administration, this sacred text should read like this: Visibility, Visibility and Visibility. If you don't know exactly what your network and servers are doing every second of the day, you're like a pilot flying blind. A disaster inevitably awaits you. Luckily for you, there are many available on the market now. good programs, both commercial and open source code, capable of establishing your network monitoring.

Because good and free is always more tempting than good and expensive, here's a list of open source software that proves its worth every day on networks of all sizes. From device discovery, monitoring network equipment and servers to identifying trends in the functioning of the network, graphically presenting monitoring results and even creating backup copies switch and router configurations - these seven free utilities will most likely surprise you.

Cacti

First there was MRTG (Multi Router Traffic Grapher) - a program for organizing a network monitoring service and measuring data over time. Back in the 1990s, its author, Tobias Oetiker, saw fit to write a simple graphing tool using a ring database originally used to display router throughput on a local network. So MRTG gave birth to RRDTool, a set of utilities for working with RRD (Round-robin Database, ring database), allowing you to store, process and graphically display dynamic information such as network traffic, processor load, temperature, and so on. RRDTool is now used in a huge number of open source tools. Cacti is the current flagship open source network graphics software and takes MRTG principles to a whole new level.

From disk usage to fan speed in the power supply, if the indicator can be monitored,Cacti will be able to display it and make this data easily accessible.

Cacti is a free program included in the LAMP suite of server software that provides a standardized software platform for plotting virtually any statistical data. If any device or service returns numeric data, then it can most likely be integrated into Cacti. There are templates for monitoring a wide range of equipment - from Linux and Windows servers to Cisco routers and switches - basically anything that communicates using SNMP (Simple Network Management Protocol). There are also collections of third-party templates that further expand the already huge list of Cacti-compatible hardware and software.

Although standard method Cacti data collection is based on the SNMP protocol; Perl or PHP scripts can also be used for this. The software system's framework cleverly separates data collection and graphical display into discrete instances, making it easy to reprocess and reorganize existing data for different visual representations. In addition, you can select specific time frames and individual parts of the charts simply by clicking on them and dragging.

So, for example, you can quickly look at data from several past years to understand whether the current behavior of network equipment or a server is anomalous, or whether similar indicators occur regularly. And using Network Weathermap, a PHP plugin for Cacti, you can easily create real-time maps of your network, showing the congestion of communication channels between network devices, implemented using graphs that appear when you hover your mouse over the image of a network channel. Many organizations using Cacti display these maps 24/7 on wall-mounted 42-inch LCD monitors, allowing IT teams to instantly monitor network congestion and link health information.

In summary, Cacti is a powerful toolkit for graphically displaying and trending network performance that can be used to monitor virtually any monitored metric represented in a graph. This decision also supports practically limitless possibilities to configure, which can make it overly complex for certain applications.

Nagios

Nagios is an established network monitoring software system that has been in active development for many years. Written in C, it does almost everything that system and network administrators would need from a monitoring application package. The web interface of this program is fast and intuitive, while its server part is extremely reliable.

Nagios can be a challenge for beginners, but the fairly complex configuration is also an advantage of this tool, as it can be adapted to almost any monitoring task.

Like Cacti, Nagios has a very active community behind it, so various plugins exist for a huge range of hardware and software. From simple ping checks to integration with complex software solutions, such as, for example, WebInject, a free software toolkit written in Perl for testing web applications and web services. Nagios allows you to continuously monitor the status of servers, services, network channels and everything else that the IP network layer protocol understands. For example, you can monitor the use of disk space on the server, RAM and CPU load, the use of the FLEXlm license, the air temperature at the server outlet, delays in the WAN and Internet channel, and much more.

Obviously, any server and network monitoring system will not be complete without notifications. Nagios has everything in order: the software platform offers a customizable notification mechanism for e-mail, via SMS and instant messages most popular Internet instant messengers, as well as an escalation scheme that can be used to make intelligent decisions about who, how and under what circumstances should be notified, what if correct setting will help you provide many hours of restful sleep. And the web interface can be used to temporarily pause receiving notifications or confirm a problem has occurred, as well as for administrators to make notes.

In addition, the mapping feature shows all monitored devices in a logical, color-coded representation of where they are on the network, allowing problems to be shown as they occur.

The downside to Nagios is the configuration, as it is best done through the command line, making it much more difficult for newbies to learn. Although people familiar with standard Linux/Unix configuration files should not experience any special problems.

The capabilities of Nagios are enormous, but the effort to use some of them may not always be worth the effort. But don't let the complexity intimidate you: the early warning benefits this tool provides for so many aspects of the network can't be overstated.

Icinga

Icinga began as a fork of the Nagios monitoring system, but has recently been rewritten into a standalone solution known as Icinga 2. this moment Both versions of the program are in active development and are available for use, while Icinga 1.x is compatible with a large number of plugins and Nagios configuration. Icinga 2 was designed to be less clunky, more performance oriented, and easier to use. It offers a modular architecture and multi-threaded design that neither Nagios nor Icinga 1 offers.

Icinga offers a complete monitoring and alerting software platform that is designed to be as open and extensible asNagios, but with some differences in the web interface.

Like Nagios, Icinga can be used to monitor anything that speaks IP, as deep as you can using SNMP, as well as custom plugins and add-ons.

There are several variations of the web interface for Icinga, but the main difference between this monitoring software solution and Nagios is the configuration, which can be done through the web interface rather than through configuration files. For those who prefer to manage their configuration outside of the command line, this functionality will be a real treat.

Icinga integrates with a variety of monitoring and graphing software packages such as PNP4Nagios, inGraph and Graphite, providing robust visualization of your network. In addition, Icinga has advanced reporting capabilities.

NeDi

If you've ever had to Telnet into switches and search by MAC address to find devices on your network, or you just want to be able to determine the physical location of certain equipment (or perhaps even more where it was previously located is important), then you might be interested in taking a look at NeDi.

NeDi constantly scans the network infrastructure and catalogs devices, tracking everything it discovers.

NeDi is free software, related to LAMP, which regularly scans the MAC addresses and ARP tables on the switches on your network, cataloging each detected device in a local database. This project is not as well known as some others, but it can be a very handy tool when working with corporate networks, where devices are constantly changing and moving.

You can run a search through the NeDi web interface to identify a switch, switch port, access point, or any other device by MAC address, IP address, or DNS name. NeDi collects all the information it can from every network device it encounters, pulling from them serial numbers, firmware and software versions, current timings, module configurations, etc. You can even use NeDi to mark the MAC addresses of devices that have been lost or stolen. If they reappear online, NeDi will notify you.

Discovery is started by a cron process with at specified intervals. Configuration is simple, with a single configuration file that allows for significantly more customization, including the ability to skip devices based on regular expressions or specified network boundaries. NeDi typically uses the Cisco Discovery Protocol or Link Layer Discovery Protocol to discover new switches and routers and then connects to them to collect their information. Once the initial configuration is established, device discovery will occur quite quickly.

NeDi can integrate with Cacti to a certain level, so it is possible to link device discovery to the corresponding Cacti graphs.

Ntop

The Ntop project—now better known as Ntopng to the “new generation”—has come a long way over the past decade. But call it what you want - Ntop or Ntopng - the result is a top-notch network traffic monitoring tool paired with a fast and simple web interface. It is written in C and is completely self-contained. You start one process configured to a specific network interface, and that's all it needs.

Ntop is a web-based packet analysis tool that shows real-time data about network traffic. Information about the data flow through the host and the connection to the host is also available in real time.

Ntop provides easy-to-digest graphs and tables showing current and historical network traffic, including the protocol, source, destination, and history of specific transactions, as well as the hosts on both ends. Additionally, you'll find an impressive array of real-time network utilization graphs, charts, and maps, as well as a modular architecture for a huge number of add-ons, such as adding NetFlow and sFlow monitors. Here you can even find Nbox, a hardware monitor that is built into Ntop.

In addition, Ntop includes an API for the Lua scripting programming language, which can be used to support extensions. Ntop can also store host data in RRD files to enable continuous data collection.

One of the most useful uses of Ntopng is to control traffic at a specific location. For example, when some network channels are highlighted in red on your network map, but you don’t know why, you can use Ntopng to get a minute-by-minute report on the problematic network segment and immediately find out which hosts are responsible for the problem.

The benefits of such network visibility are difficult to overestimate, and it is very easy to obtain. Essentially, you can run Ntopng on any interface that has been configured at the switch level to monitor a different port or VLAN. That's all.

Zabbix

Zabbix is ​​a full-blown network and system monitoring tool that integrates multiple functions into a single web console. It can be configured to monitor and collect data from a wide variety of servers and network devices, providing maintenance and performance monitoring for each site.

Zabbix allows you to monitor servers and networks using a wide range of tools, including monitoring virtualization hypervisors and web application stacks.

Basically, Zabbix works with software agents running on controlled systems. But this solution can also work without agents, using the SNMP protocol or other monitoring capabilities. Zabbix supports VMware and other virtualization hypervisors, providing detailed data on hypervisor performance and activity. Particular attention is also paid to monitoring Java application servers, web services and databases.

Hosts can be added manually or through an automatic discovery process. A wide range of default templates apply to the most common use cases such as Linux, FreeBSD and Windows servers; Widely used services such as SMTP and HTTP, as well as ICMP and IPMI for detailed monitoring of network hardware. In addition, custom checks written in Perl, Python or almost any other language can be integrated into Zabbix.

Zabbix allows you to customize your dashboards and web interface to focus on the most important network components. Notifications and issue escalations can be based on custom actions that are applied to hosts or groups of hosts. Actions can even be configured to run remote commands, so your script can run on a monitored host if certain event criteria are observed.

The program displays performance data such as network bandwidth and CPU load in graphs and aggregates it for custom display systems. In addition, Zabbix supports customizable maps, screens, and even slideshows that display the current status of monitored devices.

Zabbix can be difficult to implement initially, but judicious use of automatic discovery and various templates can alleviate some of the integration difficulties. In addition to being an installable package, Zabbix is ​​available as a virtual appliance for several popular hypervisors.

Observium

Observium is a program for monitoring network equipment and servers, which has a huge list of supported devices that use the SNMP protocol. As LAMP software, Observium is relatively easy to install and configure, requiring conventional installations Apache, PHP and MySQL, database creation, Apache configurations and the like. It installs as its own server with a dedicated URL.

Observium combines system and network monitoring with performance trend analysis. It can be configured to track almost any metrics.

You can login GUI and begin adding hosts and networks, as well as defining auto-discovery ranges and SNMP data, so that Observium can explore the networks around it and collect data on each system it discovers. Observium can also discover network devices via CDP, LLDP or FDP protocols, and remote host agents can be deployed on Linux systems to assist in data collection.

All of this collected information is available through an easy-to-use user interface that provides advanced capabilities for statistical data display, as well as charts and graphs. You can get anything from ping and SNMP response times to graphs of throughput, fragmentation, number of IP packets, etc. Depending on the device, this data may be available for every detected port.

As for servers, Observium can display information about the state of the central processor, random access memory, data storage, swap, temperature, etc. from the event log. You can also enable data collection and graphical display of performance for various services, including Apache, MySQL, BIND, Memcached, Postfix and others.

Observium works great as virtual machine, so it can quickly become the main tool for obtaining information about the state of servers and networks. This is a great way to add automatic discovery and graphical representation to any size network.

Too often, IT administrators feel limited in what they can do. Regardless of whether we are dealing with a custom software application or an "unsupported" part hardware, many of us believe that if the monitoring system cannot immediately cope with it, then it is impossible to obtain the necessary data in this situation. This is, of course, not true. With a little effort, you can make almost anything more visible, accounted for, and controlled.

An example is a custom application with a database on the server side, for example, an online store. Your management wants to see beautiful graphs and diagrams, designed in one form or another. If you're already using, say, Cacti, you have several options to output the collected data in the required format. You can, for example, write a simple Perl or PHP script to run queries on the database and pass those calculations to Cacti, or you can make an SNMP call to the database server using a private MIB (Management Information Base). One way or another, the task can be completed, and done easily, if you have the necessary tools for this.

Most of the free network equipment monitoring utilities listed in this article shouldn't be difficult to access. They have packaged versions available for download for the most popular ones Linux distributions, unless they are initially included in it. In some cases they may be pre-configured as virtual server. Depending on the size of your infrastructure, these tools can take quite a bit of time to configure and configure, but once they're up and running, they'll be a solid foundation for you. At the very least, it's worth at least testing them.

No matter which of these above systems you use to keep an eye on your infrastructure and equipment, it will provide you with at least functionality another system administrator. Although it can’t fix anything, it will monitor literally everything on your network around the clock, seven days a week. The time spent up front on installation and configuration will pay off in spades. Also, be sure to run a small set of standalone monitoring tools on another server to monitor the main monitoring tool. This is a case where it is always better to watch the observer.

Always in touch, Igor Panov.

Our programs for system administrators will help you keep abreast of everything that happens in the computer park and enterprise network, respond in a timely manner to equipment failures and software problems, and minimize costs and downtime. This page provides tools for monitoring the network, servers and hosts, for PC inventory, accounting for installed programs and licenses, creating reports on computer hardware, for traffic accounting, for studying the LAN topology and creating graphical diagrams.

The system administrator may also find useful utilities for searching files on local networks and auditing user access to file resources on servers. All these tools will help the system administrator improve the performance of network devices and servers and ensure the proper level of security in the enterprise network.

10-Strike software is included in the unified register of Russian computer programs of the Ministry of Communications and can participate in government procurement.

Programs for administrators, network utilities

A program for inventory and accounting of installed software and hardware on an enterprise PC. "Computer Inventory" allows system administrators to keep track of computers, view configurations of remote computers and lists of installed software, and track configuration changes (hardware and software). The program contains a powerful report generator. For example, you can create reports on the presence of certain software on computers and its quantity. At planning upgrades can be created report containing computers with insufficient disk or RAM memory. Windows XP/Vista/7/8.1/10 supported; Server 2003/2008/2012/2016/2019.

- program for administration and visual monitoring of servers and computers on the network, allowing you to observe the current state of devices in graphical form at any given time. LANState monitors devices and signals various events. LANState contains many functions useful for system administrators: sending messages, shutting down remote computers, scanning hosts and ports, obtaining various information from remote computers (registry access, event log, etc.). Windows XP/Vista/7/8.1/10 supported; Server 2003/2008/2012/2016/2019.

- program for monitoring servers and other network devices, monitors the performance of hosts/servers and notifies the administrator of problems. Find out in time about a failure that has occurred (connection loss, server disk space running out, service stop, etc.) and fix the problem with minimal loss of time. The software signals problems using sound, on-screen messages, by e-mail, and can launch external programs, scripts and services, as well as reboot computers and services. Windows XP/Vista/7/8.1/10 supported; Server 2003/2008/2012/2016/2019.

- a program for searching files and documents on local network computers(via NetBios and FTP protocols). Enter a phrase or file masks and search necessary information. When viewing search results, found files can be immediately opened, saved to disk, or generated a report. The search uses multi-threaded technology, which significantly speeds up the work. You can set filters by file size and modification date. Windows XP/Vista/7/8.1/10 supported; Server 2003/2008/2012/2016/2019.

- program for monitoring user access to a shared folder and files, allows you to find out in time about the connections of LAN users to the computer. The program beeps, displays alerts on the screen, and keeps a detailed log of connections, which records information about who connected to the network and when. network folders computer, what files were opened, etc. Windows XP/Vista/7/8.1/10 supported; Server 2003/2008/2012/2016/2019.

3.0 FREE!

- scanner for local networks, IP addresses and hosts. This free program allows you to scan your local network and detect active hosts, computers and servers, as well as find open TCP ports. Supports scanning of IP address ranges and many protocols for discovering network devices (ICMP ping, port search, NetBios, SNMP, UPnP, ...). If you have administrator rights, you can read many useful information. Windows XP/Vista/7/8.1/10 supported; Server 2003/2008/2012/2016/2019.

Sets of network programs for system administrators

Software suites for system administrators allow you to save money when purchasing several of our products or all at once. Get three products for the price of two and so on. For example, when purchasing Full set of administrator programs in option " for the organization"(without restrictions on the number of jobs), consisting of seven of our programs for system administrators, you can save up to 85,000 rubles or 30%!

Other utilities

- CD cataloger (CD, DVD). With its help you will quickly find necessary files on CD and DVD discs your collection. SearchMyDiscs helps you organize your CD and DVD collections, allowing you to find required disk in a few seconds. If you are tired of searching for the right disk for a long time every time, this tool is for you! Windows XP/Vista/7/8.1/10 supported; Server 2003/2008/2012/2016/2019.

- program for analyzing Raw log files of the Apache web server. Creates various reports and histograms on statistics of user access to the website, and counts direct file orders. The analyzer has many settings and filters that will allow you to get accurate information about your site, downloaded files, and who is coming to you and from where. Windows XP/Vista/7/8.1/10 supported; Server 2003/2008/2012/2016/2019.

Payment and delivery

When ordering software legal entities Payment by bank transfer is accepted. Invoices are issued electronically and an agreement is concluded. Electronic delivery: the distribution kit is downloaded from our website, registration keys are sent after payment by e-mail. After payment, the original contract and documents for accounting are sent to the buyer by mail.

Issue an invoice (indicate the required names of programs and types of licenses, your details and the name of the director for the agreement)

All our products and licenses are also presented in the AllSoft online store (follow the "buy" links from our website).

Our clients: small and medium businesses, government and budgetary institutions, hospitals, schools, colleges and institutes, banks, oil industry, telecoms.

A hack employee is a disaster for any enterprise or company. Therefore, the question constantly arises of how to monitor an employee’s work computer and ensure that there are no unauthorized actions.

Let us immediately note that the employee must be informed (in writing, with a signature) that covert surveillance of the computer on the local network is being conducted. Perhaps only this fact will help to avoid violations and put the employee on the path of a “hard worker.” If not, then here is a solution for complete control over computers on your local network.

Local network monitoring program

So, the software is called “Mipko Employe Monitor” - a version specifically for corporate networks.

After installation and launch, and you can run it from the desktop or by pressing “ctrl+alt+shift+k”, you need to configure the user interface - what exactly needs to be monitored and controlled on the local network.

1. 1. At the top left is a section where you select a user from your network whose log is currently being monitored: when expanded, a list of recorded actions will be displayed (depending on the settings).

1. 2. Now directly about the functionality of “Tools” - “Settings”. For each user, the tracking parameters can be configured individually.

Monitoring allows you to track the following actions:

• - keystrokes;
• - screenshots;
• - activity on social networks;
• - messaging on Skype;
• - websites visited;
• - saving the clipboard;
• - program activity;
• - pictures from a webcam;
• - call recording;
• - operations with files.

Quite extensive functionality. The main thing that an employer is usually interested in when monitoring users on a local network is screenshots and websites visited.

In order not to face claims of interference with personal information (for example, if you set up a view of the web pages you visited and saw personal correspondence on social networks), set the blocking of all social networks and chats, as well as a ban on installing third-party software - only what is required for work.

Remote monitoring of a computer on a local network

As a rule, the employer is interested in only two aspects - a screenshot of the local network user’s computer and his viewing of web pages (as mentioned above, employees are familiar with this information).

1. 3. Screenshot settings include the following components:

• - choice of time interval, indicated either in minutes or seconds;
• - take a photo when opening a window;
• - take a photo with a mouse click;
• - do not take a photo when you are not active;
• - snapshot mode (full screen, window);
• - and the quality of the image.

1. 4. In the “visited websites” section, it’s even simpler: select the “interception type” and whether to save a screenshot.

1. 5. Now about where all this will be saved or sent. In the settings section “Sending”:

• - first, set the “Log type” and the pop-up list;
• - set in what format the report “HTML” or archive “ZIP” will be saved;
• - select the sorting type and time interval for sending the report;
• - the most basic thing is where the report will be sent: to email/ftp/folder on your computer.
• - then enter your username and password and click “Apply”.

That’s it, now the employees are, as they say, “Under the hood” - you can monitor the users of the local network.

Built-in OS administration tools are not always convenient or often do not have sufficient functionality, so the system administrator's arsenal is replenished over time with useful utilities, add-ons and scripts that significantly simplify everyday tasks. It is doubly gratifying when the solution found not only helps to cope with a specific problem, but is also distributed free of charge.

Advanced IP Scanner

The system administrator must know everything about the systems running on the network and quickly gain access to them. Advanced IP Scanner, designed for fast multi-threaded scanning of a local network, helps to cope with this task. AIPS is provided completely free of charge, without any reservations. The program is very simple and easy to use. After starting, AIPS checks the IP addresses of the network interfaces of the host on which it is installed and automatically enters the IP range into the scanning parameters; if the IP does not need to be changed, then all that remains is to start the scanning operation. As a result, we get a list of all active network devices. For each, all possible information will be collected: MAC address, network card manufacturer, network name, user registered in the system, available shared resources and services (shared folders, HTTP, HTTPS and FTP). Almost all scanning options can be customized, such as changing the speed or excluding scanning of a certain type of network resource (shared folders, HTTP, HTTPS and FTP). You can connect to any resource with one click; you just need to mark it in the list. AIPS is integrated with the Radmin program and during the scanning process finds all machines with a working Radmin Server. The scan result can be exported to a file (XML, HTML or CSV) or saved in “Favorites” (drag-and-drop supported). In the future, if you need to contact the desired client computer, you do not need to scan the network again. If the remote device supports Wake-on-LAN, you can turn it on and off by selecting the appropriate menu item.

NetWrix, a company specializing in developing solutions for auditing changes in IT infrastructure, offers ten free and very useful utilities designed to significantly simplify the administration of Windows OS. For example, NetWrix Inactive Users Tracker allows you to solve one of the pressing security problems - the presence of inactive accounts that no one uses for some time (fired employees, business trips, job transfers, temporary accounts, etc.). HR personnel rarely warn the IT department about changes, and such an account can easily be used by an attacker. The utility periodically checks all accounts in domains and reports those that have not been accessed certain time. IN Free versions As an action, it is possible to specify only a warning by e-mail (it is enough to set the SMTP parameters), the admin performs all other operations manually, although a warning is sufficient in our case. Available in the paid version: automatic installation random password, deactivation account and moving to another OU, OU filter to search for accounts. A PowerShell cmdlet get-NCInactiveUsers is separately offered, which allows you to get a list of inactive users (the “lastLogon” attribute is checked) and simplify the writing of corresponding scripts.

WinAudit Freeware

WinAudit is a free utility from Parmavex Services that allows you to perform a full system audit. Does not require installation, can be executed in command line mode. The program has a simple and localized interface; it supports launching on all Windows versions, including 64-bit. Data collection takes approximately a minute (process time may vary depending on operating system and computer configuration), the resulting report consists of 30 categories (customizable). As a result, the administrator can receive data about the system, installed software and updates, indicating the version and vendor, connected devices; a list of open network ports (number, service, program, etc.) and open folders; active sessions; security installations; access rights to the periphery; information about accounts and groups; list of tasks/services; startup programs; log entries and system statistics (uptime, memory, disk usage). You can also search certain files by name. For example, to find music and videos on hard drives user, just specify the appropriate extensions (avi, mp3 and the like). The result can be opened as a web page, exported to a file of many popular formats (txt, XML, CSV, PDF) or to a database (using a wizard, all popular ones are supported: MS SQL, MS Access, MySQL, Oracle and others), send by e-mail and print.

Accounting for computers using CheckCfg

The problem of accounting for office equipment and software used is acute in any organization. You can solve it in different ways, one of the options is offered by developer Andrey TatukovCheckCfg. This solution periodically collects data about hardware, OS and programs, including CPU type, amount of RAM, disk space, S.M.A.R.T. status. And so on. At the same time, CheckCfg easily copes with several hundred computers. The result is displayed in a convenient tree form, and local directories are easy to access. Each PC can be assigned an inventory number, and if necessary, it is easy to generate a report in RTF format.

CheckCfg is a whole complex of programs. CheckCfg is responsible for directly collecting data about the computer, which runs when the OS starts and writes the result to a file. Information is managed and archived using the Sklad accounting program, which processes the files created by CheckCfg and saves them into its database, after which reports can be generated. Using the Sklad_w program, you can conveniently view current computer configurations and basic data on office equipment (by IP addresses, CPU, Memory, software). To analyze changes in the PC configuration and notify the administrator about this, another utility is used - Doberman. Perhaps the setup will seem not entirely trivial, since you have to manually create the necessary configuration files, but the detailed description on the site and the available templates allow you to figure everything out without any problems.

MailArchiva Open Source Edition

Some mail servers, like MS Exchange, have mail archiving functions that allow you to find old messages if necessary, including to identify leaks confidential information when investigating incidents. In other cases, you have to provide these functions yourself. A possible solution is the development of MailArchiva, compatible with most modern mail servers(Lotus Domino, MS Exchange, MDaemon, Postfix, Zimbra, Sendmail, Scalix, Google Apps). Archiving via SMTP, IMAP/POP3, WebDAV and through Milter protocols is supported (the program has a built-in SMTP and Milter server, IMAP/POP client). To avoid collecting all mail, you can create any archiving rules. Three levels of access to saved data are implemented - user (only your own mail), administrator (settings and your own mail) and auditor (all mail, can be limited by rules). The Open Source version of MailArchiva also includes intuitive search functions, including attachments (Word, PowerPoint, Excel, OpenOffice, PDF, RTF, ZIP, tar, gz). MailArchiva runs on Windows, Linux, FreeBSD and Mac OS X.

Performance Analysis of Logs

In case of problems with system performance, it is quite difficult to detect the bottleneck using the standard Windows Performance Monitor without experience. In order to figure out what metrics need to be taken and how to correctly interpret the result, you will need to carefully scour the documentation. The PAL (Performance Analysis of Logs, pal.codeplex.com) utility greatly simplifies the search for bottlenecks. Once launched, it looks at logs and analyzes them using built-in templates. Currently there are settings for most popular MS products - IIS, MOSS, SQL Server, BizTalk, Exchange, Active Directory and others. After launch, the administrator in the PAL Wizard activates the necessary counters by simply selecting a template from the list of proposed ones, indicates the current server settings (number of CPUs, etc.), the analysis interval and the directory for saving the result. After some time, a detailed report will be issued in HTML and XML, containing a description, counter name and indicators (Min, Avg, Max and Hourly Trend). The report can then be easily copied into any document. But you will still have to further understand the collected parameters yourself. Although if PAL shows that the characteristic is in the green sector, there is no need to worry. The request itself is saved in PowerShell script PAL.ps1, which can be saved for future use. Templates are XML files; Taking any of them as an example, you can create your own version. The built-in PAL Editor is available for editing parameters in the template.

Officially supported by Win7, but works on all OS from MS, starting with WinXP (32/64). To install you will need PowerShell v2.0+, MS. NET Framework 3.5SP1 and MS Chart Controls for Microsoft .NET Framework 3.5.

Create an access point with Virtual Router

The situation when a computer with a Wi-Fi card needs to be turned into an access point is by no means uncommon today. For example, you need to quickly deploy a WLAN or expand your Wi-Fi coverage area. Initially, the wireless card was designed to operate in only one of two modes: point-to-point, when clients connect to each other, or as an access point. In Win7/2k8 (except Win7 Starter Edition), it became possible to virtualize network connections (Virtual Wi-Fi technology), which allows you to create several Wi-Fi modules with your own settings using one physical Wi-Fi adapter. In this way, the computer can be connected to Wi-Fi and at the same time act as an access point (SAPoint, Software Access Point). The connection to such a virtual hotspot is protected using WPA2. You can turn a PC running Win7/2k8R2 into an access point using the Netsh console utility, through the Network and Sharing Center, or using the Virtual Router application, which has an intuitive GUI and very simple settings. After starting Virtual Router, you just need to specify the SSD and password for the connection, and then activate the access point. If necessary, you can also stop the hotspot by pressing one button. Additionally, the window displays the current connections to the point; for each you can set its own icon and change some parameters.

Managing RDC connections - RDCMan

For remote control Servers and PCs running Windows use the Remote Desktop Connection snap-in. If you need to establish many RDP connections with various settings, then working with her becomes inconvenient. Instead of methodically saving individual settings for each remote computer You can use the free Remote Desktop Connection Manager RDCMan tool to automate this process. After launch, you should specify the RDP connection settings, which will be used by default and inherited by all connections. Here we set general credentials, gateway, screen settings, security settings and much more. Next, we create the required number of system groups (for example, by purpose, location, OS version), for each of them you can specify specific connection settings. And the last step is to populate the groups with systems. To add a server you only need to enter Domain name, if any parameter differs from the group settings, it can be redefined immediately. If necessary, systems can be easily moved between groups by simply dragging and dropping. If there are many systems, it is easier to create a text file, specifying one name per line, and then feed the workpiece to the utility. Now, to connect, just select the desired server and context menu Click the “Connect” item. You can activate multiple connections at the same time and switch between them.

Free Active Directory Tools

Manage Active Directory settings using standard tools not always simple and convenient. In some situations, a set of utilities Free Active Directory Tools, developed by ManageEngine, will help. The kit consists of fourteen utilities launched from one shell. For convenience, they are divided into six groups: AD USer Report, SharePoint Report, User Management, Domain and DC Info, Diagnostic Tools and Session Management. For example, running Empty Password User Report will allow you to get a list of accounts with empty passwords, GetDuplicates - get accounts with the same attributes, CSVGenerator - save data to a CSV file Active accounts Directory. Other features: report last logon time, retrieve data from AD based on a query, report on SharePoint installations, manage local accounts, view and edit domain password policies, get a list of domain controllers and their roles, manage their replication, monitor them work (CPU load, RAM, hard drives, performance, etc.), managing terminal sessions and much more.

Comodo Time Machine

The ability to restore the system using the System Restore component is built into Windows, starting with XP, but its functionality, to put it mildly, is limited, so it is often used for backup third party applications. Free utility Comodo Time Machine(comodo.com) allows you to roll back the OS to any previous state. Moreover, it will work even if the OS has completely stopped loading. During the process, CTM creates restore points (manually or on a schedule), all changed system files, the registry, and user files are entered into them. This is a big advantage over System Restore, which saves and restores only system files and the registry. The first copy has the maximum size; the remaining copies store only changed files. To save free disk space, you should periodically create a new control point, deleting old archives. To make it possible to restore the OS, information about CTM is registered in boot sector; To call the corresponding menu, just press the Home key. You can also restore the state of the OS according to a schedule, for example, configure the behavior of the utility so that every time you reboot, it automatically rolls back to a “clean” version of the system. This will be useful, for example, in an Internet cafe, where users leave a lot of garbage in the system. In addition to a complete OS restore, the utility provides the ability to obtain an earlier version of any file from the archive. Search is implemented, so you can find the necessary data without any problems.

Amanda

The task of centralized Reserve copy data from workstations and servers running Windows and *nix can be resolved using AMANDA Advanced Maryland Automatic Network Disk Archiver). Initially, the program was created to work with tape drives, but over time the developers proposed a mechanism called “virtual tapes” (vtapes), which allows you to save collected data on hard disks and CD/DVD. AMANDA is a convenient add-on to the standard Unix dump/restore programs, GNU tar and some others, so its main characteristics should be considered based on the capabilities of these basic utilities. It works according to a client-server scheme. All available authentication methods are used to access computers: Kerberos 4/5, OpenSSH, rsh, bsdtcp, bsdudp or Samba password. To collect data from Windows systems, a special agent or, alternatively, Samba is used. Compression and encryption (GPG or amcrypt) of information can be performed both directly on the client and on the server. All settings for backup parameters are made exclusively on the server; the delivery includes ready-made templates, so it's pretty easy to figure out.

Core Configurator 2.0 for Server Core

The initial setup of a server running Win2k8/R2 in Server Core mode is done in the console using commands. To simplify the task, OS developers added an interactive script SCONFIG.cmd to R2, which allows you to configure basic system parameters. An alternative is available on Codeplex - the wonderful Core Configurator. For it to work you will need the components NetFx2-ServerCore, NetFx2-ServerCore and PowerShell. After running Start_CoreConfig.wsf we get a menu, in it we find several items that provide access to basic settings that would have to be managed from the command line: product activation, setting screen resolution, clock and time zone, network interface, setting permissions for remote RDP connections, managing local accounts, settings Windows Firewall, enable/disable WinRM, change the computer name, working group or domain, setting up roles, components, Hyper-V and running DCPROMO. If you check the “Load at Windows startup” checkbox, the program will load along with the system.

Exchange 2010 RBAC Manager

Exchange 2010 introduces a new role-based access model that allows you to finely control the level of privileges for users and administrators depending on the tasks performed. The only negative is that built-in management tools using PowerShell cmdlets may not seem convenient and understandable to everyone. More advanced capabilities are available in the free Exchange 2010 RBAC Manager tool (RBAC Editor GUI, rbac.codeplex.com), which offers a clear graphical interface for configuring the properties of all roles. Understanding its features will not be difficult even for a beginner. The program is written in C# and uses PowerShell. To work you will need Exchange 2010 Management Tools installed.

PowerGUI

As soon as it appeared, the PowerShell command shell won the sympathy of Windows admins, who had long been in need of a tool that would automate many tasks. With the first versions of PowerShell, Microsoft developers were unable to offer a more or less functional editor, so several third-party projects filled the niche. The best of them today is PowerGUI, which provides a convenient graphical interface for effectively creating and debugging PowerShell scripts. At the same time, the authors offer ready-made sets of scripts for solving many problems - they can be used in your developments.

Multi-Tabbed PuTTY

The free PuTTY client is well known to administrators who need to connect to remote hosts via SSH, Telnet or rlogin. This is very convenient program, which allows you to save session settings for quick connection to the selected system. The only inconvenience is when large quantities connections, the desktop turns out to be loaded with a lot open windows. This problem is solved by the Multi-Tabbed PuTTY add-on, which implements a tab system.

INFO

PuTTY was originally developed for Windows, but was later ported to Unix.

Conclusion

Often there is no need to rack your brains over solving a certain problem: most likely, other administrators have already encountered it and offered their own option - a specific utility or script for which you don’t even have to pay.

You most likely know that it has a built-in firewall. You may also know how to allow and block access of individual programs to the network in order to control incoming and outgoing traffic. But did you know that the Windows firewall can be used to log all connections passing through it?

Windows Firewall logs can be useful in solving specific problems:

• The program you are using cannot connect to the Internet, although other applications do not experience this problem. In this case, to troubleshoot the problem, you should check whether the system firewall is blocking the connection requests of this program.
• You suspect that the computer is being used to transfer data malware and want to monitor outgoing traffic for suspicious connection requests.
• You have created new rules for allowing and blocking access and want to ensure that the firewall correctly processes the given instructions.

Regardless of the reason for use, enabling event logging can be challenging as it requires a lot of fiddling with the settings. We will give a clear algorithm of actions on how to activate the registration of network activity in the Windows firewall.

Access to firewall settings

First, you need to go to the advanced settings of Windows Firewall. Open the Control Panel (right-click on the Start menu, select “Control Panel”), then click the “Windows Firewall” link if the view mode is small/large icons, or select the “System and Security” section, and then “Windows Firewall” ”, if the viewing mode is category.

In the firewall window, select the option in the left navigation menu “Advanced settings”.

You will see the following settings screen:

This is the internal technical side of the Windows Firewall. This interface allows you to allow or block access of programs to the Internet, configure incoming and outgoing traffic. In addition, this is where you can activate the event logging feature - although it is not immediately clear where this can be done.

Accessing log settings

First, select the option “Windows Firewall in increased security(Local computer)".

Right-click on it and select the “Properties” option.

A window will open that may confuse the user. When you select three tabs (Domain Profile, Private Profile, Public Profile), you will notice that their content is identical, but relates to three different profiles, the name of which is indicated in the tab title. Each profile tab contains a button to configure logging. Each log will correspond to a different profile, but which profile are you using?

Let's look at what each profile means:

• A domain profile is used to connect to wireless network Wi-Fi when the domain is set by a domain controller. If you're not sure what this means, don't use this profile.
• The private profile is used to connect to private networks, including home or personal networks - this is the profile you are most likely to use.
• The public profile is used to connect to public networks, including restaurants, airports, libraries and other institutions.

If you are using a computer in home network, go to the “Private Profile” tab. If you are using a public network, go to the “Public Profile” tab. Click the “Configure” button in the “Logging” section on the correct tab.

Activating the event log

In the window that opens, you can configure the location and maximum size magazine. You can set an easy-to-remember location for the log, but the actual location of the log file doesn't really matter. If you want to start event logging, set both the “Log missed packets” and “Log successful connections” drop-down menus to “Yes” and click the “OK” button. Running this feature all the time can cause performance issues, so only enable it when you really need to monitor connections. To disable the logging feature, set the value to “No (default)” in both drop-down menus.

Studying logs

Now the computer will record network activity controlled by the firewall. To view the logs, go to the “Advanced Settings” window, select the “Monitoring” option in the left list, and then in the “Logging Options” section click the “File Name” link.

The network activity log will then open. The contents of the log may be confusing to an inexperienced user. Let's look at the main contents of the log entries:

1. Date and time of connection.
2. What happened to the connection? The status “ALLOW” means that the firewall allowed the connection, and the status “DROP” indicates that the connection was blocked by the firewall. If you encounter problems connecting to the network of a particular program, you can definitely determine that the cause of the problem is related to the firewall policy.
3. Connection type - TCP or UDP.
4. In order: IP address of the connection source (computer), destination IP address (for example, a web page), and the network port used on the computer. This entry allows you to identify ports that require opening for the software to work. Also watch out for suspicious connections - they could be made by malware.
5. Whether the data packet was successfully sent or received.

The information in the log will help determine the cause of connection problems. The logs can record other activity, such as the target port or TCP acknowledgment number. If you need more details, check out the “#Fields” line at the top of the log to identify the meaning of each metric.

Don't forget to turn off the logging feature when you're done.

Advanced network diagnostics

By using Windows Firewall logging, you can analyze the types of data being processed on your computer. In addition, you can determine the causes of network problems related to the firewall or other objects disrupting connections. The activity log allows you to familiarize yourself with the work of the firewall and get a clear picture of what is happening on the network.