NetCrunch combines agentless monitoring of various devices and operating systems: Windows, Linux (kernel 2.4 or newer), Novell OES, Mac OS X, FreeBSD, OpenBSD, NetBSD, Novell NetWare
User Experience Monitors
NetCrunch contains over 65 built-in Network Service monitors and advanced user experience monitors (HTTP/S, POP3, FTP, SMTP, DNS)
Event Management and Alerting
NetCrunch unifies fault management by collecting and alerting on events received from a variety of external sources such as: Windows Event Logs, syslog, SNMP traps
Network Discovery and Mapping
NetCrunch discovers physical connections between switches and nodes and creates physical topology maps automatically updated for new discovered nodes and connection changes
Real Time Performance Monitoring
NetCrunch monitors real time values shown on charts, bars and gauges. Multiple nodes performance can be compared on a single chart
250 Predefined Monitoring Rules
NetCrunch comes with predefined event monitoring and data collection policies applicable to monitoring of popular hardware and software like IIS, Apache, MS SQL and Cisco
Network Services Monitoring - Auto Discovery
NetCrunch automatically (and periodically) discovers TCP/IP nodes in order to create an accurate view of the network and to draw maps of logical and physical topologies. To make the network discovery process complete, the program is shipped with predefined filtered views and pre-configured Monitoring Polices. Discovered devices are automatically classified and added to the relevant views.
Besides finding nodes, NetCrunch also detects network services they are providing. The program currently recognizes more than 65 network services and allows adding custom service definitions to be discovered and monitored.
ICMP & SNMP
The program uses both ICMP & SNMP (v1-3) protocols for discovery. For a more accurate representation of the network, it also scans other network resources like Active Directory, Workgroups, and eDirectory.
Having scanned the network, NetCrunch determines whether the discovered asset is a server, router, switch, printer, or any other device. Version 5 introduces new node classifications to make them more flexible to manage.
After completing the network scan, NetCrunch determines network relations between nodes and intermediate routers to set up monitoring dependencies for each node. Properly setting up dependencies is essential in monitoring large networks spread across distant locations. Dependences play a critical role in avoiding a number of false events caused by router or switch malfunction (event suppression).
Network Views and Network Mapping
All network components we want to deal with are contained in the Network Atlas. Some views can represent group of nodes and can be draw as maps, some other represent real time values of performance counters and they are drawn as charts or gauges.
Views can be dynamic - created by filtering rule (sql like query), or can be created manually by picking up nodes.
Program comes with many predefined views like: IP networks, Routing Map, Physical Segments, Servers, Maps with Issues and others, but of course is not limited to them.
NetCrunch automatically maintains and arranges maps as views of logical IP networks.
NetCrunch discovers and presents physical connections between switches and nodes on the physical topology maps. Program automatically updates physical maps if new nodes or connection changes are discovered.
Routing map details logical connection structure between routers and networks. Program automatically updates and layouts the routing map.
NetCrunch processes events coming from a variety of sources. Some of them may be external like SNMP Traps or Windows Event Log entries and others generated by NetCrunch like Monitoring Events (node state changed) or Atlas Events (like new node discovered).
Alerts = Events + Actions
When an event comes to the NetCrunch Event Manager, it is first written to the Event Database, then the program processes and executes the actions defined for the event. Actions can be defined on different levels - for each node or group of nodes (map, atlas).
Alert Escalation and Correlation
Actions assigned to an event can be performed immediately or after some time if the event has not been cleared.
Most of the built-in events are correlated and when the event condition changes they are automatically cleared.
For example, when a given event is received by NetCrunch, the desktop notification is immediately displayed. If the alert is not acknowledged or cleared within the next 15 minutes, the computer may be restarted.
Basically everything connected to the network we can consider as a service. If there is some device on the network it always suits its purpose which is exactly providing a service. There are only different methods of checking those services availability.
Some of the services (devices) can be checked by a simple PING where some others can be checked more thoroughly by Network Services monitors. We call these monitors intelligent pings because they can check not only connectivity but also response received.
NetCrunch monitors availability of over 65 predefined TCP/UDP network services, including DNS, FTP, HTTP, POP3, SMTP, etc. It can monitor network services performance measured upon number of packets sent and received, response time, and percentage of packets received and lost.
The monitored services can be customized and administrators can add their own definitions.
Advanced Level - User Experience Monitors
Monitoring of some important services can be performed on multiple levels. As the low level checks only basic service answer (it's usually some kind of HELLO), the higher levels of monitoring allow to check more specific things like authentication (HTTP, FTP, POP3, SMTP) or if the service is operating properly (i.e. downloading file, receiving and sending test email).
Network Performance Monitoring
There may be different reasons to monitor performance. First one, may be to check the quality of given service usually measured by response time and availability time. The other might be future expansion planning - we want to identify bottlenecks and fix them.
NetCrunch allows agentless performance monitoring of different network devices (SNMP), operating systems, and applications running on top of Windows or UNIX/Linux. This is realized by monitoring selected performance counters values and triggering alerts. All those values can be collected and stored for later long term trend analysis.
Network Devices Monitoring
Program supports monitoring many hardware devices using SNMP v1-3. It can actively check SNMP counters or passively receive SNMP traps or syslog messages.
Operating Systems Monitoring
Program enables agentless monitoring of servers (Windows, Linux, and NetWare) from unified interface. NetCrunch requires administrator credentials to connect to servers and gather statistics about performance counters.
Program offers performance monitoring of applications running on Windows or other systems (Linux, NetWare, Unix, etc.). For systems like Windows or NetWare, program retrieves performance data using system protocols (RPC, WMI, Win API, NCP). For other systems (Unix/Linux and other) SNMP agent can be used.
Real-time Statistics and Long Term Analysis
Program presents recently collected data on real-time charts showing counters performance within last hours. It is also possible to view counters historical trend with values' distribution.
Threshold Based Monitoring
It is possible to setup thresholds on performance counters, including basic level (counter value exceeds/drops below threshold value), existence (any value received/not received from counter), state (counter value equal to threshold value for specific period), and unexpected change (counter value deviates from average of recently received values by specific percentage).
Pentium 4 2.8 GH; 512 MB RAM; 500 MB Disk Space; IE6/Firefox; Windows XP SP2/Server 2003/Vista